All news with #defender for cloud tag

🔒 Microsoft Defender research shows AI and agentic applications on cloud-native platforms are frequently deployed with insecure defaults and missing authentication, creating exploitable misconfigurations. Observed exposures include public MCP servers, unsecured Helm chart installs, and unauthenticated agent frameworks that enable remote code execution, credential theft, and access to internal tools. Defender for Cloud can detect exposed Kubernetes services and unsafe deployment patterns to help teams prioritize remediation.

🔒 Microsoft Threat Intelligence reports that financially motivated actor Storm-0501 has shifted from on‑premises endpoint encryption toward cloud‑native ransomware tactics emphasizing rapid data exfiltration, destruction of backups, and extortion. The actor leverages compromised Entra Connect sync accounts, DCSync, and hybrid‑joined devices to escalate to Global Administrator and gain full Azure control. In cloud environments they abuse Azure operations (listing storage keys, AzCopy exfiltration, snapshot and resource deletions) and create malicious federated domains for persistence and impersonation. Microsoft recommends hardening sync configurations, enforcing phishing‑resistant MFA, enabling Defender for Cloud and storage protections, and applying least‑privilege access controls.