All news with #microsoft azure tag

⚡ Microsoft announced the public preview of Fireworks AI on Microsoft Foundry, bringing high‑performance, low‑latency inference for open models to Azure. The integration provides day‑zero access to optimized open models (including MiniMax M2.5), serverless and provisioned pricing options, and bring‑your‑own‑weights support for quantized or fine‑tuned models. Foundry supplies a unified control plane for evaluation, deployment, governance, and observability so teams can operationalize open models without assembling bespoke stacks.

🔐 Microsoft introduces a fully localized sovereign stack enabling mission-critical operations in connected, intermittently connected, and fully disconnected environments. Azure Local provides on-premises Azure governance and policy controls even with no external connectivity, while Microsoft 365 Local runs core productivity servers inside customer boundaries. Foundry Local brings large multimodal model inferencing to secured, offline hardware so organizations can run AI locally and retain full data and operational control.

🔧Azure Copilot introduces an agentic cloud operations paradigm that embeds AI-powered agents into everyday cloud workflows. These agents correlate telemetry, understand operational context, and take governed actions across migration, deployment, observability, resiliency, optimization, and troubleshooting. The service centralizes observability, configuration, and governance so teams can move from insight to action within a unified interface. Built-in controls such as BYOS for conversation history, RBAC, and auditability ensure compliance and preserve human oversight.

🔍 New analysis by Ontinue details VoidLink, a Linux-based command-and-control framework that generates implant binaries for credential theft, data exfiltration and stealthy persistence across cloud and enterprise hosts. The agent fingerprints AWS, GCP, Azure, Alibaba and Tencent environments and adapts its behavior, loading modular plugins for container escape and kernel-level stealth. Researchers identified unusual development artefacts — structured "Phase X:" labels, duplicated numbering, verbose debug logs and embedded documentation — that suggest parts of the implant were written or assisted by a large language model coding agent with limited human review.

🔁 Microsoft announces Azure NetApp Files Elastic zone‑redundant storage (ANF Elastic ZRS), a managed multi‑AZ file service that synchronously replicates data across three or more availability zones to deliver high availability and resiliency. The service provides automatic, service‑managed failover while preserving the same mount target and service endpoint to minimize application disruption and ensure zero data loss. ANF Elastic ZRS supports NFS and SMB, ONTAP data management features (snapshots, clones, backup), metadata performance optimizations, and cost‑efficient single‑volume multi‑AZ availability.

⚡ Microsoft has expanded its managed PostgreSQL offerings on Azure to support AI-native workloads by improving performance, scalability, and developer workflows. Azure Database for PostgreSQL now integrates with Microsoft Foundry for in-database LLM calls, offers DiskANN vector indexing for similarity search, and adds Parquet support for direct SQL access to object storage. Developers benefit from VS Code provisioning, Entra ID authentication, GitHub Copilot assistance, and a new Azure HorizonDB service for ultra-low-latency scale-out.

⚠️ A recent Pentera investigation discovered nearly 2,000 intentionally vulnerable security-testing web applications (DVWA, OWASP Juice Shop, Hackazon, bWAPP) exposed on the public internet, often running from overly privileged cloud accounts on AWS, GCP and Azure. Attackers exploited these instances to deploy crypto miners, install webshells and create persistence mechanisms, then pivot to sensitive cloud resources. Affected vendors including Cloudflare, F5 and Palo Alto Networks were notified and remediated issues. Pentera recommends inventories, isolation of test systems, enforcement of least-privilege IAM, and elimination of default credentials.

🔒 Unit 42 researchers discovered an Azure Private Endpoint DNS behavior that can unintentionally or deliberately produce denial-of-service conditions for Azure services. In several scenarios — accidental internal, accidental vendor, and malicious actor — linking a Private DNS zone to a virtual network can force name resolution to the private zone and fail when no A record exists, breaking connectivity to otherwise public endpoints. Microsoft documents a partial mitigation (fallback to internet); alternatives include manually adding DNS records and performing comprehensive discovery with Resource Graph.

🚀 Azure says its long-range datacenter strategy already accommodates NVIDIA Vera Rubin NVL72 racks, enabling rapid, large-scale rollouts across current Fairwater sites and planned AI superfactories. Microsoft highlights prior experience with Ampere, Hopper, GB200 and GB300 generations and claims its power, cooling, networking, and memory upgrades align with Rubin’s NVLink, ConnectX‑9, and HBM4 requirements. The post frames co-design work as reducing deployment risk and accelerating customer access to higher-performance inference and training at scale.

🤖 Microsoft announced a significant set of Azure Storage updates at Ignite 2025 and KubeCon to accelerate AI workloads, cloud-native applications, and migrations. Azure Blob Storage now targets exabyte-scale capacity and multi-tens of Tbps throughput, while Azure Managed Lustre (AMLFS 20 preview) offers 25 PiB namespaces, 512 GBps and HSM with auto-import/export. Additional enhancements — Premium Blob, Smart Tier, Azure Elastic SAN auto-scaling, Ultra Disk latency and cost improvements, Storage Discovery and Copilot, and expanded migration tooling — focus on low-latency inferencing, continuous GPU feeding for training, operational elasticity, and simplified data migrations.

☁️ Microsoft is expanding its U.S. cloud footprint with a new East US 3 region in the Greater Atlanta Metro, scheduled to open in early 2027, and by adding capacity and Availability Zones across multiple existing U.S. regions. The East US 3 region is designed for resilience with Availability Zones, support for advanced AI workloads, and sustainability goals including LEED Gold and water conservation. Microsoft is also increasing zone redundancy in North Central US, West Central US, and the US Government Arizona region to boost capacity, compliance, and mission readiness.

🔒 Microsoft is expanding Azure with on‑premises, edge, and hybrid options to deliver AI, resilience, and operational sovereignty. Azure Local provides integrated compute, storage, and networking on customer premises with GA features like Microsoft 365 Local and NVIDIA Blackwell GPUs, plus previews for disconnected operations and multi‑rack scale. Coupled with Azure IoT, Microsoft Fabric, and Azure Arc management enhancements, the updates enable near‑real‑time analytics, secure device identity, and a unified control plane for distributed estates. The goal is to accelerate AI and analytics while preserving data residency, continuity, and compliance for regulated or mission‑critical environments.

🔐 Frenetik, a Maryland cybersecurity startup, emerged from stealth with a patented approach called Deception In-Use that continuously rotates real identities and resources across Microsoft Entra (M365), AWS, Google Cloud and on-prem environments. By routing critical change details through out-of-band channels accessible only to trusted parties, defenders retain accurate visibility while attackers operate on stale intelligence and are more likely to be funneled into decoys and honeypots.

☁️ Azure announces networking enhancements focused on security, resiliency, and AI-scale infrastructure. The update highlights zone-redundant NAT Gateway V2, expanded throughput options including ExpressRoute 400G and higher-performance VPN gateways, and advanced security features such as DNS Security Policy with Threat Intel and JWT validation in Application Gateway. Improvements to AKS container networking, Private Link Direct Connect, and Virtual WAN forced tunneling aim to simplify secure hybrid and AI deployments.

🛡️ Microsoft Azure said it blocked a record 15.72 Tbps DDoS attack tied to the Aisuru IoT botnet that surged to roughly 3.64 billion packets per second and targeted a single cloud endpoint in Australia. The attacker launched extremely high-rate UDP floods from over 500,000 source IPs with minimal spoofing and random source ports. Azure DDoS Protection automatically detected and mitigated the traffic without disrupting customer workloads, and Microsoft urged organizations to validate internet-facing protections ahead of peak periods, noting systemic IoT security gaps.

🛡 Microsoft automatically detected and mitigated a massive DDoS attack that peaked at 15.72 Tbps and roughly 3.64 billion packets per second against a single Australian endpoint. The traffic was attributed to a TurboMirai-class IoT botnet called AISURU, sourced from hundreds of thousands of compromised routers, cameras, and DVRs and launched from over 500,000 source IPs across multiple regions. Attackers used high-rate UDP floods with minimal source spoofing and random source ports, factors Microsoft said helped simplify traceback and provider enforcement. The incident underscores rising DDoS baselines as broadband speeds increase and IoT devices become more capable.

🔍 Microsoft researchers disclosed "Whisper Leak", a new side-channel that can infer conversation topics from encrypted, streamed language model responses by analyzing packet sizes and timings. The study demonstrates high classifier accuracy on a proof-of-concept sensitive topic and shows risk increases with more training data or repeated interactions. Industry partners including OpenAI, Mistral, Microsoft Azure, and xAI implemented streaming obfuscation mitigations that Microsoft validated as substantially reducing practical risk.

🔒 Enterprises continue to struggle with cloud misconfigurations that expose sensitive data, according to recent industry reporting and a Qualys study. The report cites a 28% breach rate tied to cloud or SaaS services over the past year and high misconfiguration rates across AWS (45%), GCP (63%) and Azure (70%). Experts blame permissive provider defaults, shadow IT and rapid business-driven deployments, and recommend controls such as MFA everywhere, private networking, encryption, least-privilege and infrastructure-as-code.

🔐 Matt Kiely of Huntress examines how the OAuth 2.0 device code flow enables phishing and highlights stark differences between Microsoft and Google. He walks through the device-code attack chain — generating a device code, social-engineering a user to enter it on a legitimate site, and polling the token endpoint to harvest access and refresh tokens. The analysis shows Azure’s implementation lets attackers control client_id and resource parameters to obtain powerful tokens, while Google’s implementation restricts device-code scopes and requires app controls that significantly limit abuse. Practical examples, cURL/Python snippets, and mitigation advice are included for defenders.

🔒 Amazon S3 Access Grants are now available in the AWS Asia Pacific (Thailand) and AWS Mexico (Central) Regions. The feature maps corporate identities—such as Microsoft Entra ID or AWS IAM principals—to S3 datasets, enabling administrators to automate and scale dataset access. This reduces manual policy overhead and helps ensure consistent, auditable permissions. Check the AWS Region Table and product page for regional availability and details.