13 matches found
GHSA-W879-237Q-WC7R vulnerabilities
Vulnerabilities for packages: apko-fips, grype, splunk-otel-collector, chisel-fips, clickhouse-backup-fips, crossplane-provider-azure-policyinsights, flux-kustomize-controller, cg, rootlesskit, opentelemetry-collector, trivy-operator-fips, flux-image-automation-controller, buildah-fips, mattermos...
GHSA-89GR-R52H-F8RX vulnerabilities
Vulnerabilities for packages: apko-fips, grype, splunk-otel-collector, chisel-fips, clickhouse-backup-fips, crossplane-provider-azure-policyinsights, flux-kustomize-controller, cg, rootlesskit, opentelemetry-collector, trivy-operator-fips, flux-image-automation-controller, buildah-fips, mattermos...
How Storm-2949 turned a compromised identity into a cloud-wide breach
In this article 1. Attack chain overview 1. Cloud compromise: Microsoft Entra ID and Microsoft 365 2. Initial access and persistence through targeted social engineering and SSPR abuse 3. Directory discovery and persistence 4. Microsoft 365 discovery and exfiltration 5. Cloud compromise: Microsoft...
CVE-2026-41483
OpenTelemetry.Resources.Azure is the .NET resource detector for Azure environments. In versions 1.15.0-beta.1 and earlier, the AzureVmMetaDataRequestor class makes HTTP requests to the Azure VM instance metadata service and reads the response body into memory without any size limit. An attacker w...
Allocation of Resources Without Limits or Throttling
Overview OpenTelemetry.Resources.Azure is a package contains Resource Detectors for applications running in Azure environment. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the AzureVmMetaDataRequestor in the Azure resource metada...
Efficiently manage orphaned Azure resources with Citrix
Orphaned resources are unused resources present in the system and they can lead to unnecessary expenses. Citrix provides a detailed scanning functionality to identify orphaned resources present in the system offering administrators better ways for resource management. This feature helps in cost...
AzureRT - A Powershell Module Implementing Various Azure Red Team Tactics
Powershell module implementing various cmdlets to interact with Azure and Azure AD from an offensive perspective. Helpful utilities dealing with access token based authentication, switching from Az to AzureAD and az cli interfaces, easy to use pre-made attacks such as Runbook-based command...
Automating security assessments using Cloud Katana
Today, we are open sourcing Cloud Katana, a cloud-native serverless application built on the top of Azure Functions to assess security controls in the cloud and hybrid cloud environments. We are currently covering only use cases in Azure, but we are working on extending it to other cloud provider...
Microsoft OneFuzz 授权问题漏洞
Microsoft OneFuzz is a cross-platform, free and open source fuzz testing framework from Microsoft Corporation Microsoft.A security vulnerability exists in Microsoft OneFuzz versions 2.12.0 through 2.31.0, which stems from an incomplete authorization check in the affected product versions, which c...
Protecting multi-cloud environments with Azure Security Center
We’ve heard from many of you that multi-cloud adoption is becoming a standard operating model for your organization and that it’s challenging to have the right security controls and posture across your environment. Historically, security teams have not had effective tools to secure multi-cloud...
Azure Policies
Welcome back to Part Two of our four-part Blueprint Series. Today's post covers the use of Azure Policies within a Blueprint deployment along with ARM templates and permissions management. Azure Policies are the critical component of Azure Blueprints. Policies, like ARM Templates, are JSON...
New cloud-native breadth threat protection capabilities in Azure Defender
As the world adapts to working remotely, the threat landscape is constantly evolving, and security teams struggle to protect workloads with multiple solutions that are often not well integrated nor comprehensive enough. This results in serious threats avoiding detection, as well as security teams...
VM-Series on Microsoft Azure: Inadvertent collection of credentials in Tech support files on HA configured VMs
TechSupport files generated on Palo Alto Networks VM Series firewalls for Microsoft Azure platform configured with high availability HA inadvertently collect Azure dashboard service account credentials. These credentials are equivalent to the credentials associated with the Contributor role in...