Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Azure. Show all posts
Phishing Campaigns
Azure Phishing Attacks Phishing Campaigns

Phishing and Cloud Account Takeover Campaign Targeting Microsoft Azure Users

 


In a security breach, several Azure accounts were compromised, which resulted in the loss of important data from the users. A cyberattack was launched against senior executives in several major corporations and affected a variety of environments at the same time. 

In November 2023, Proofpoint, a cybersecurity company, discovered a harmful attack by combining cloud account takeover (ATO) with phishing techniques that would steal credentials from the victim. This attack used the same harmful campaign that was discovered by Proofpoint in November 2023. 

It is alleged that the hackers have used proxy services to get around geographical limitations and conceal their actual location, which would allow them to access both Office Home and Microsoft 365 applications at the same time. It is thought that the attackers used links in the papers that led to phishing websites to execute the attack. 

The anchor text for some of these links was “View document,” which made no sense to me as it did not imply anything about their real location. There was a well-planned attack that targeted both mid-level employees and senior employees, though a greater number of the former employees' accounts were hacked as a result. 

According to Proofpoint, CEOs, presidents, account managers, finance directors, vice presidents of operations, and sales directors were the most common targets. In this way, the attackers were able to gain access to information from all levels and domains of the organization. 

A cybercriminal will often use their own MFA (multifactor authentication) in these types of attacks to extend access to an account that has been compromised by the attackers. To prevent the user from regaining access, attackers add a second mobile number or set up an authentication app. To conceal their traces, attackers also destroy any evidence that suggests questionable behaviour. 

The most targeted positions were mid to senior-level, including sales directors, account managers, financial directors, operations vice presidents, and CEOs, among others. The attackers were able to gain access to a wide variety of organizational information as a result of this. 

As a result, the attackers have also instituted methods to maintain access, such as setting up a multi-factor authentication system and erasing all evidence of their intrusion. Data theft and financial fraud appear to be the primary goals of these attacks. 

It is not yet confirmed who the perpetrators are, although the evidence suggests that they will be located in Russia or Nigeria, and will use ISPs that are located in these countries.
Read more »
Software
Artifical Intelligence Azure Cloud Service cloud storage Cyber Security Encryption Microsoft SentineLabs Software

Microsoft's Rise as a Cybersecurity Powerhouse

Tech titan Microsoft has emerged as an unexpected yet potent competitor in the cybersecurity industry in a time of rapid digital transformation and rising cyber threats. The company has quickly evolved from its conventional position to become a cybersecurity juggernaut, meeting the urgent demands of both consumers and enterprises in terms of digital security thanks to its broad suite of software and cloud services.

Microsoft entered the field of cybersecurity gradually and strategically. A whopping $20 billion in security-related revenue has been produced by the corporation, according to recent reports, underlining its dedication to protecting its clients from an increasingly complicated cyber scenario. This unexpected change was brought on by many strategic acquisitions and a paradigm shift that prioritized security in all of its services.

The business has considerably improved its capacity to deliver cutting-edge threat information and improved security solutions as a result of its acquisition of cybersecurity businesses like RiskIQ and ReFirm Labs. Microsoft has been able to offer a comprehensive package of services that cover threat detection, prevention, and response by incorporating these cutting-edge technologies into its current portfolio.

The Azure cloud platform is one of the main factors contributing to Microsoft's success in the cybersecurity industry. As more companies move their operations to the cloud, it is crucial to protect the cloud infrastructure. Azure has been used by Microsoft to provide strong security solutions that protect networks, programs, and data. For instance, its Azure Sentinel service uses machine learning and artificial intelligence to analyze enormous volumes of data and find anomalies that could point to possible security breaches.

Furthermore, Microsoft's commitment to addressing cybersecurity issues goes beyond its own products. The business has taken the initiative to work with the larger cybersecurity community in order to exchange threat intelligence and best practices. Its participation in efforts like the Cybersecurity Tech Accord, which combines international tech companies to safeguard clients from cyber dangers, is an example of this collaborative approach.

Microsoft's success in the field of cybersecurity is not without its difficulties, though. The broader cybersecurity sector continues to be beset by a chronic spending issue as it works to strengthen digital defenses. Microsoft makes large investments in security, but many other companies find it difficult to set aside enough funding to properly combat attacks that are always developing.



Read more »
Windows Users
Azure Azure Attack Cyber Security Microsoft Windows Users

Microsoft’s Security Practices Under Fire: Is the Azure Platform Safe

Microsoft Azure

Allegations against Microsoft’s security practices

Microsoft has recently come under fire for its security practices, with critics claiming that the Azure platform is “worse than you think.” According to an article on TechSpot, Tenable CEO Amit Yoran has criticized Microsoft for its lax security practices and lack of transparency regarding breaches. He asserts that the Azure platform harbors serious vulnerabilities, about which Microsoft has deliberately kept its customers in the dark.

This is not the first time Microsoft has faced criticism for its security practices. In the past, the company has been accused of failing to protect user data adequately and of not being transparent about data breaches. In this case, Yoran claims that Microsoft needs to be more forthcoming about the extent of the vulnerabilities present in the Azure platform.

Implications for customers

The implications of these allegations are profound. If true, it would mean that Microsoft has knowingly put its customers at risk by failing to disclose vulnerabilities in its platform. This could expose sensitive data to hackers and other malicious actors, putting individuals and organizations at risk.

It is important to note that these allegations have not been proven and that Microsoft has not yet responded. However, if authentic, it would represent a significant breach of trust between Microsoft and its customers. Companies rely on cloud platforms like Azure to store and manage their data, and they expect these platforms to be secure and transparent about any potential risks.

Evaluating cloud security

In light of these allegations, it is essential for companies to evaluate their use of cloud platforms carefully and to ensure that they are taking appropriate measures to protect their data. This may include using additional security measures such as encryption and multi-factor authentication and regularly reviewing their cloud provider’s security practices.

The recent allegations against Microsoft regarding its security practices and the Azure platform are concerning. If true, they represent a significant breach of trust between Microsoft and its customers. It is essential for companies to evaluate their use of cloud platforms carefully and to take appropriate measures to protect their data. 

Read more »
Windows
Azure China CISA Cyber Security MFA Microsoft 365 Sensitive Data Leak User Data Windows

Microsoft Offers Free Security Features Amid Recent Hacks

Microsoft has taken a big step to strengthen the security of its products in response to the growing cybersecurity threats and a number of recent high-profile attacks. The business has declared that it will offer all users essential security features at no cost. Microsoft is making this change in an effort to allay concerns about the security of its platforms and shield its users from potential cyberattacks.

The Messenger, The Register, and Bloomberg all reported that Microsoft made the decision to offer these security capabilities free of charge in response to mounting demand to improve security across its whole portfolio of products. Recent cyberattacks have brought up important issues with data privacy and information security, necessitating the development of stronger protection methods.

A number of allegedly state-sponsored hacks, with China as a particular target, are one of the main drivers behind this tactical approach. Governments, corporations, and individual users all over the world are extremely concerned about these breaches since they target not only crucial infrastructure but also important data.

Improved encryption tools, multi-factor authentication, and cutting-edge threat detection capabilities are among the free security improvements. Users of Microsoft's operating systems, including Windows 10 and Windows 11, as well as cloud-based services like Microsoft 365 and Azure, will have access to these functionalities. Microsoft wants to make these crucial security features available to a broader variety of customers, independent of subscription plans, by removing the financial barrier.

Microsoft responded to the judgment by saying, "We take the security of our customers' data and their privacy extremely seriously. We think it is our duty to provide our users with the best defenses possible as threats continue to evolve. We believe that by making these security features available for free, more people will take advantage of them and improve their overall cybersecurity posture.

Industry professionals applaud Microsoft for choosing to offer these security measures without charge. This is a huge step in the right direction, said Mark Thompson, a cybersecurity analyst with TechDefend. Because these services are free, Microsoft is enabling its users to properly defend themselves against possible attacks as cyber threats become more complex.

The action is also in line with the work of other cybersecurity organizations, including the Cybersecurity and Infrastructure Security Agency (CISA), which has been promoting improved cooperation amongst IT businesses to battle cyber threats.

Although the choice definitely benefits customers, it also poses a challenge for other digital firms in the sector. Customers are expected to demand comparable initiatives from other big players in response to the growing emphasis on data security and privacy, driving the entire sector toward a more secure future.

Read more »
Privacy
Azure Business ChatGPT Cyberattacks Cybersecurity Microsoft OpenAI Privacy

Microsoft's Response to "Privacy-Concerns" of ChatGPT in Business

 


As a response to concerns over using individuals' data to train artificial intelligence models, Microsoft is considering launching a privacy-centric version of ChatGPT. There is a possibility that the decision will be attractive to industries such as healthcare, finance, and banking that have not adopted ChatGPT. This is because they are concerned that sensitive information will be shared with the system by their staff. This is due to the risk of sensitive information being shared. 

The use of ChatGPT has greatly benefited some businesses, especially banks and other corporations. However, these companies have resisted the adoption of the technology due to privacy concerns. They fear that their employees might unintentionally disclose confidential information while using it. 

By adding OpenAI's GPT-4 or ChatGPT to Azure, Microsoft wants to make it easier for enterprises to integrate proprietary data with user queries. In addition, Microsoft wants to see the results of its analytics on this platform. 

A user fires off a query to Azure; Microsoft's cloud determines what data is required to complete that query, so it is returned to the user as soon as possible. Using the question and the retrieving information, an initial query is created, which is then passed on to an OpenAI model of choice hosted in Azure. The model predicts an answer, which is sent back to the user. 

Some businesses have already become interested in the new artificial intelligence-powered chatbot to automate their business processes, but many others, such as banks, have opted against adopting it for fear that the chatbot will inadvertently give them proprietary information when used by their employees. 

According to reports, Microsoft, which holds the rights to resell the startup's technology, has a plan in place to get holdouts on board. 

As part of the AI tool, a separate version will operate on separate cloud servers. This version will be kept apart from other customers' data, to ensure privacy. Dedicated servers will store the data separately from the main ChatGPT system to ensure the privacy of the data stored on these dedicated servers. As a result, customers would have to pay up to 10 times more for private ChatGPT setup compared with the charges they face currently. 

It is also planned for OpenAI to launch an exclusive subscription service for businesses that will focus on privacy by not allowing users' data to be fed into those training models by default. 

Additionally, OpenAI has sold a private ChatGPT service to Morgan Stanley as part of its recent sales activity. A wealth management division of the bank can use this platform to ask questions and analyze thousands of market research documents that have been generated over the years by its wealth management division. Microsoft has already invested multi-year, multibillion-dollar amounts in OpenAI, which means that it can resell its products without violating any terms. 

In response to the voluminous data that ChatGPT gathered from numerous sources in its initial training and continues to collect from its users, there have been numerous privacy and regulatory concerns about ChatGPT since its release. Microsoft seems to have taken the opposite approach. Andy Beatman, senior product marketing manager of Azure AI, said that this enhanced data handover feature is among the most requested features among customers. 

As reported by The Register, the upcoming system, which will undergo a public preview after being released in the spring, operates on Azure for retrieving relevant data. This is so it can best satisfy the worker's request based on its internal data. 

Microsoft also explained that Azure OpenAI delivers insights based on the content and level of information provided by the user. Together with Azure Cognitive Search, this data can be retrieved for the user based on their input and conversation history. 

However, there is a drawback to this type of ChatGPT, which will come with a cost of deployment that will be higher than that of the public version, thus making it a rather high-priced option. Reports suggest that exclusive instances of ChatGPT could have a price tag that is up to 10 times more than what clients are currently paying for using a standard version of the software. 

As part of OpenAI's ongoing efforts to develop a similar offering to Microsoft's 'private' ChatGPT, the company will be releasing it in the "coming months." According to the company, by default, the subscription-based service will not use the input provided by employees and clients when training its language models. 

Since OpenAI was banned in Italy as a result of the chat history being used for training the AI model as part of the search engine results, an option has been added to shut off the chat history. A company spokesperson mentioned that ChatGPT now can turn off chat history and plans to introduce that soon. The conversations started during the period when chat history is disabled will not be used for training or improving their models, and will not appear in the sidebar of the history of the conversation. 

There is no doubt that Microsoft's AI-based privacy-centric service can be a game changer for businesses that receive and manage sensitive and important data. When Samsung found out that some of its employees were uploading company source code to the devices they use in the workplace, they banned them from using generational AI chatbots at work or on devices they use for their work. Several Microsoft representatives are already contacting organizations who could be interested in this upcoming product since many existing customers have contracts with Azure that could prove to be beneficial in securely managing data in the coming years.
Read more »
OpenID
Azure Azure AD Cyber Attacks Log in with Microsoft nOAuth OAuth OpenID

Azure AD 'Log in With Microsoft' Authentication Bypass at Risk


Organizations that have adopted the “Log in with Microsoft” feature to their Microsoft Azure Active Directory setups may be exposed to an authentication bypass, which might lead to account takeovers of online and cloud-based accounts.

Descope researchers have labeled the attack as “nOAuth”. The campaign, according to them is an authentication implementation flaw that affects multitenant OAuth apps in Azure AD, Microsoft's cloud-based identity and access management service. If the attack is successful, the threat actor could then take over their victim’s accounts, enabling them to create persistence, exfiltrate data, determine whether lateral movement is feasible, and other activities.

According to Omer Cohen, CISO at Descope ”OAuth and OpenID Connect are open, popular standards which millions of Web properties already use[…]If 'Log in with Microsoft' is improperly implemented, several of these apps could be vulnerable to account takeover. Small businesses with fewer developer resources could especially be impacted.”

About nOAuth Cyberattack Threat

OAuth is an open source, token-based authorization framework that enables users to log into applications automatically based on prior authentication to another reputable app. Most consumers are already familiar with this thanks to the "Log in with Facebook" or "Log in with Google" choices seen on numerous e-commerce websites.

OAuth is used in the Azure AD environment to control user access to outside resources including Microsoft 365, the Azure portal, and thousands of other SaaS applications that support OAuth apps.

According to Descope analysis "Azure Active Directory also manages internal resources like apps on your corporate intranet and any cloud apps developed by your own organization by providing authentications via OAuth, OIDC, and other standard protocols."

As per an issue of Descope analysis, published this week, the flaw allows malicious actors to do cross-platform spoofing by only needing an unknowing victim's email address to mimic them. The email attribute under "Contact Information" in an Azure AD account can therefore be changed at will to control the email authentication claim by anyone with malicious intent and a reasonable level of platform expertise.

"[This] allows the attacker to use 'Log in with Microsoft' with the email address of any victim they want to impersonate[…]They can take over victims' accounts on any app that uses 'email' claim as the unique identifier for Microsoft OAuth and does not validate that email address, completely bypassing authentication," the researchers noted.

Incorrect Implementation of OAuth

Incorrect implementation of OAuth has apparently turned into a business, urging organizations to shut down this potentially harmful attack vector.

Some recent cases of the attack include vulnerabilities in the authorization system of the Booking.com website. The attack could have allowed attackers to access user accounts and acquire their personal or payment-card data, as well as log in to accounts on the website's sister platform, Kayak.com.

Another case came to highlight when a bug, tracked as CVE-2023-28131 was discovered in the OAuth implementation of Expo, an open-source framework for developing native mobile apps for iOS, Android, and other Web platforms which was apparently utilizing a single codebase. This vulnerability was the reason why online users were at risk, those who logged in to an online service that employs the framework using different social media accounts.

Cohen notes that the OAuth standard and other such standards are reliable and strong authentication approaches. However, organizations must ensure to collaborate with cybersecurity and authentication professionals when adopting them.

"These standards are extremely complicated to work with[…]Authentication isn’t something you can just add on and check a box. Implementing these standards correctly is critical to the security of the application," says Cohen. He adds, "If businesses chose to implement these standards in-house, then they must have regular pen testing and review of the implementation, or they can use an authentication platform that is built by security experts".

Moreover, he emphasized its importance, since threat actors are constantly on a lookout for these types of vulnerabilities.  

Read more »
Personal Data
Azure Credential Stuffing Credentials Leak Dark Web Data Breach Disney Mozilla Mozilla Firefox Personal Data

Mozilla: Maximum Breached Accounts had Superhero and Disney Princes Names as Passwords

 

The passwords that we make for our accounts are very similar to a house key used to lock the house. The password protects the online home (account) of personal information, thus possessing an extremely strong password is just like employing a superhero in a battle of heroes and villains. 

However, according to a new blog post by Mozilla, superhero-themed passwords are progressively popping up in data breaches. Though it may sound absurd - following the research done by Mozilla using the data from haveibeenpwned.com, it was evident that most frequent passwords discovered in data breaches were created on either the names of superheroes or Disney princesses. Such obvious passwords make it easier for hackers to attack and hijack any account or system. 

While analyzing the data it was seen that 368,397 breaches included Superman, 226,327 breaches included Batman, and 160,030 breaches had Spider-Man as their passwords. Further, thousands of breaches featured Wolverine and Ironman as well. And not only this research from 2019 showed that 192,023 breached included Jasmine and 49,763 breached included Aurora as their password.

There were 484,4765 breached that had password as ‘princess’ and some Disney + accounts had password as ‘Disney’. This is one of the biggest reasons that support data breaches by hackers and boost their confidence.

With the increasing frequency of compromised account credentials on the dark web, a growing number of businesses are turning to password-less solutions. Microsoft has expanded its password-less sign-in option from Azure Active Directory (AAD) commercial clients to use Microsoft accounts on Windows 10 and Windows 11 PCs. 

Almost all of Microsoft's employees are passwordless, according to Vasu Jakkal, corporate vice president of the Microsoft Security, Compliance, Identity, and Management group.

"We use Windows Hello and biometrics. Microsoft already has 200 million passwords fewer customers across consumer and enterprise," Jakkal said. "We are going completely passwordless for Microsoft accounts. So you don't need a password at all," he further added. 

Though it's common to reuse passwords, it is highly dangerous, yet it's all too frequently because it's simple and people aren't aware of the consequences. Credential stuffing exploits take advantage of repeated passwords by automating login attempts targeting systems utilizing well-known email addresses and password pairings. One must keep changing their passwords from time to time and try to create a strong yet not so obvious password.
Read more »
Vulnerability and Exploits
Azure Microsoft Vulnerability and Exploits

Bot Protection Available in Azure Web App Firewall

Microsoft recently announced that WAF (Web Application Firewall) bot safety tool has attained general availability status on Azure Application Gateway from this week. Azure WAF is a cloud based feature built to safeguard client web applications from bot attacks, general web vulnerabilities and common exploits, including SQL injection, cross site scripting, security misconfigurations, and broken authority and more. Azure WAF can be planted within minutes with Azure Application gateway, Azure Content Delivery Network (CDN) and Azure front door. Microsoft on Friday said that it is announcing the general availability of the Web Application Firewall (WAF) bot protection feature on Application Gateway. 

The feature lets customers to control bot protection rule set for WAF to log requests or restrict them from known harmful IP addresses. "Roughly 20% of all Internet traffic comes from bad bots. They do things like scraping, scanning, and looking for vulnerabilities in your web application. When these bots are stopped at the Web Application Firewall (WAF), they can’t attack you. They also can’t use up your resources and services, such as your backends and other underlying infrastructure," reports Microsoft.

The new bot protection rule can be used with OWASP CRS (Core Rules Set) to give extra safety for web applications. Because of this new rule that blocks bad bots, criminals can usi ot for different malicious tasks which are resource consuming like scanning, scraping, and looking out for exploits in web apps. When the bot protection rule is implemented on Azure WAF via Application Gateway, bots that use known malicious IPs retrieved from Microsoft Threat Intelligence feed are get automatically restricted from accessing customer server resources or verifying them on potential vulnerability gaps. "The bot mitigation ruleset list of known bad IP addresses updates multiple times per day from the Microsoft Threat Intelligence feed to stay in sync with the bots," Microsoft said. 

"Your web applications are continuously protected even as the bot attack vectors change," reports Bleeping Computers. You can get more information on WAF on Microsoft's Azure Product Website. Bleeping Computers reports "the steps required to configure a bot protection rule set include: Creating a basic WAF policy for Application Gateway by following the instructions described in Create Web Application Firewall policies for Application Gateway. In the Basic policy page that you created previously, under Settings, select Rules. On the details page, under the Manage rules section, from the drop-down menu, select the check box for the bot Protection rule, and then select Save."

Read more »
Subscribe to: Posts (Atom)