home.social

#azuresecurity — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #azuresecurity, aggregated by home.social.

  1. ConsentFix v3 represents a significant escalation in automated OAuth abuse, specifically targeting Microsoft Azure. It exploits the inherent trust in first-party applications, allowing attackers to bypass MFA and Conditional Access. The attack chain leverages platforms like Pipedream and Cloudflare to capture tokens and achieve full account takeover, exposing a systemic challenge in cloud…

    tpp.blog/227m6j0

    #cybersecurity #consentfixv3 #azuresecurity

    🤖 This post was AI-generated.

  2. Top Azure Architecture Mistakes to Avoid for Better Cloud Performance.

    Many organizations fail in cloud adoption due to poor Azure architecture decisions. Learn how to avoid costly mistakes, enhance system performance, and implement best practices for a secure, scalable, and high-performing cloud strategy.

    #AzureArchitecture #AzureCloud #CloudComputing #AzureSecurity #CloudOptimization

    star-knowledge.com/blog/top-az

  3. You will often hear about identity breaches, password sprays, and phishing attacks — and yet, the most overlooked attack vector remains legacy authentication. Protocols like POP, IMAP, SMTP, and older Office clients were designed decades ago, long before modern identity threats existed. They cannot enforce Multi-Factor Authentication (MFA) or Conditional Access, making them a persistent “side door” for attackers.

    azuretracks.com/?p=2942

  4. Microsoft Defender for Cloud: Best Hybrid Cloud Security Strategy.

    Explore how Microsoft Defender for Cloud secures hybrid environments with advanced threat protection, visibility, and compliance. Learn key strategies to safeguard workloads across on-premises and cloud seamlessly.

    #MicrosoftDefenderforCloud #Hybridcloudsecurity #Cloudsecuritysolutions #Multicloudsecurity #Azuresecurity

    star-knowledge.com/blog/micros

  5. Predictive Shielding FTW! Defender XDR now anticipates attacker moves and hardens paths proactively. Enable it for cross-cloud protection.

  6. Azure's OpenAI from 2021 until almost the end of 2023 was allowed to actually use your data for training, even if they said it wasn't, including in a GCC environment (Government Cloud Computing). So yes, OpenAI effectively has gigabytes worth of classified information that you can just ask for due to companies like Ask Sage. Crazy how OpenAI gets rewarded for this, while whistleblowers get hunted down.

  7. New blog post live for my Sentinel Saturday series! :1000: :apartyblobcat:
    Read the blog 👉 marshsecurity.org/sentinel-sat

    In this post, I explore the power of using Microsoft Sentinel Tasks as part of your automation workflows.

    Most teams aren’t getting the full #value out of Tasks in Microsoft Sentinel. Are you? When you combine Sentinel Tasks with automation, they become a game-changer.

    - Auto-create tasks when automation fails (so nothing slips through the cracks)
    - Auto-complete tasks when automation succeeds
    - Use tasks to verify automation outcomes
    - Build engineering feedback loops and automation #QA

    Read the blog 👉 marshsecurity.org/sentinel-sat

    #MicrosoftSentinel #SentinelAutomation #CyberSecurity #SOCAutomation
    #CloudSecurity #AzureSecurity #SIEM #SecOps #Automation #InfoSec
    #CyberSecurityCommunity #BlueTeam #ThreatDetection #SecurityEngineering #SecurityOperations

  8. New blog post live for my Sentinel Saturday series! :1000: :apartyblobcat:
    Read the blog 👉 marshsecurity.org/sentinel-sat

    In this post, I explore the power of using Microsoft Sentinel Tasks as part of your automation workflows.

    Most teams aren’t getting the full #value out of Tasks in Microsoft Sentinel. Are you? When you combine Sentinel Tasks with automation, they become a game-changer.

    - Auto-create tasks when automation fails (so nothing slips through the cracks)
    - Auto-complete tasks when automation succeeds
    - Use tasks to verify automation outcomes
    - Build engineering feedback loops and automation #QA

    Read the blog 👉 marshsecurity.org/sentinel-sat

    #MicrosoftSentinel #SentinelAutomation #CyberSecurity #SOCAutomation
    #CloudSecurity #AzureSecurity #SIEM #SecOps #Automation #InfoSec
    #CyberSecurityCommunity #BlueTeam #ThreatDetection #SecurityEngineering #SecurityOperations

  9. New blog post live for my Sentinel Saturday series! :1000: :apartyblobcat:
    Read the blog 👉 marshsecurity.org/sentinel-sat

    In this post, I explore the power of using Microsoft Sentinel Tasks as part of your automation workflows.

    Most teams aren’t getting the full #value out of Tasks in Microsoft Sentinel. Are you? When you combine Sentinel Tasks with automation, they become a game-changer.

    - Auto-create tasks when automation fails (so nothing slips through the cracks)
    - Auto-complete tasks when automation succeeds
    - Use tasks to verify automation outcomes
    - Build engineering feedback loops and automation #QA

    Read the blog 👉 marshsecurity.org/sentinel-sat

    #MicrosoftSentinel #SentinelAutomation #CyberSecurity #SOCAutomation
    #CloudSecurity #AzureSecurity #SIEM #SecOps #Automation #InfoSec
    #CyberSecurityCommunity #BlueTeam #ThreatDetection #SecurityEngineering #SecurityOperations

  10. New blog post live for my Sentinel Saturday series! :1000: :apartyblobcat:
    Read the blog 👉 marshsecurity.org/sentinel-sat

    In this post, I explore the power of using Microsoft Sentinel Tasks as part of your automation workflows.

    Most teams aren’t getting the full #value out of Tasks in Microsoft Sentinel. Are you? When you combine Sentinel Tasks with automation, they become a game-changer.

    - Auto-create tasks when automation fails (so nothing slips through the cracks)
    - Auto-complete tasks when automation succeeds
    - Use tasks to verify automation outcomes
    - Build engineering feedback loops and automation #QA

    Read the blog 👉 marshsecurity.org/sentinel-sat

    #MicrosoftSentinel #SentinelAutomation #CyberSecurity #SOCAutomation
    #CloudSecurity #AzureSecurity #SIEM #SecOps #Automation #InfoSec
    #CyberSecurityCommunity #BlueTeam #ThreatDetection #SecurityEngineering #SecurityOperations

  11. New blog post live for my Sentinel Saturday series! :1000: :apartyblobcat:
    Read the blog 👉 marshsecurity.org/sentinel-sat

    In this post, I explore the power of using Microsoft Sentinel Tasks as part of your automation workflows.

    Most teams aren’t getting the full #value out of Tasks in Microsoft Sentinel. Are you? When you combine Sentinel Tasks with automation, they become a game-changer.

    - Auto-create tasks when automation fails (so nothing slips through the cracks)
    - Auto-complete tasks when automation succeeds
    - Use tasks to verify automation outcomes
    - Build engineering feedback loops and automation #QA

    Read the blog 👉 marshsecurity.org/sentinel-sat

    #MicrosoftSentinel #SentinelAutomation #CyberSecurity #SOCAutomation
    #CloudSecurity #AzureSecurity #SIEM #SecOps #Automation #InfoSec
    #CyberSecurityCommunity #BlueTeam #ThreatDetection #SecurityEngineering #SecurityOperations

  12. 🛡️ CVE-2025-12479 (CRITICAL, CVSS 10): Azure Access BLU-IC2/IC4 (≤1.19.5) lack CSRF tokens, allowing full remote compromise—no patch yet. Apply WAFs, enforce header checks, and restrict access. radar.offseq.com/threat/cve-20 #OffSeq #Vuln #CSRF #AzureSecurity

  13. 🛡️ CVE-2025-12479 (CRITICAL, CVSS 10): Azure Access BLU-IC2/IC4 (≤1.19.5) lack CSRF tokens, allowing full remote compromise—no patch yet. Apply WAFs, enforce header checks, and restrict access. radar.offseq.com/threat/cve-20 #OffSeq #Vuln #CSRF #AzureSecurity

  14. 🛡️ CVE-2025-12479 (CRITICAL, CVSS 10): Azure Access BLU-IC2/IC4 (≤1.19.5) lack CSRF tokens, allowing full remote compromise—no patch yet. Apply WAFs, enforce header checks, and restrict access. radar.offseq.com/threat/cve-20 #OffSeq #Vuln #CSRF #AzureSecurity

  15. 🚨 CRITICAL: CVE-2025-12423 (CVSS 10) in Azure BLU-IC2 & IC4 (≤1.19.5) allows remote DoS via protocol manipulation (CWE-248). No patch yet—apply filtering, segment networks, and monitor logs. Stay proactive! radar.offseq.com/threat/cve-20 #OffSeq #AzureSecurity #CVE2025 #BlueTeam

  16. 🚨 CRITICAL: CVE-2025-12423 (CVSS 10) in Azure BLU-IC2 & IC4 (≤1.19.5) allows remote DoS via protocol manipulation (CWE-248). No patch yet—apply filtering, segment networks, and monitor logs. Stay proactive! radar.offseq.com/threat/cve-20 #OffSeq #AzureSecurity #CVE2025 #BlueTeam

  17. 🚨 CRITICAL: CVE-2025-12423 (CVSS 10) in Azure BLU-IC2 & IC4 (≤1.19.5) allows remote DoS via protocol manipulation (CWE-248). No patch yet—apply filtering, segment networks, and monitor logs. Stay proactive! radar.offseq.com/threat/cve-20 #OffSeq #AzureSecurity #CVE2025 #BlueTeam

  18. 🔴 CVE-2025-12424 (CRITICAL): Azure Access BLU-IC2 & BLU-IC4 (≤1.19.5) affected by SUID-bit privilege escalation flaw. No patch yet — restrict & monitor SUID binaries now to prevent full compromise. Details: radar.offseq.com/threat/cve-20 #OffSeq #AzureSecurity #CVE #UnixSec

  19. 🔴 CVE-2025-12424 (CRITICAL): Azure Access BLU-IC2 & BLU-IC4 (≤1.19.5) affected by SUID-bit privilege escalation flaw. No patch yet — restrict & monitor SUID binaries now to prevent full compromise. Details: radar.offseq.com/threat/cve-20 #OffSeq #AzureSecurity #CVE #UnixSec

  20. 🔴 CVE-2025-12424 (CRITICAL): Azure Access BLU-IC2 & BLU-IC4 (≤1.19.5) affected by SUID-bit privilege escalation flaw. No patch yet — restrict & monitor SUID binaries now to prevent full compromise. Details: radar.offseq.com/threat/cve-20 #OffSeq #AzureSecurity #CVE #UnixSec

  21. Azure Blunder: Microsoft’s Airflow Integration Opens Door to Cyber Mischief!

    Discover the low-severity flaws in Azure Data Factory that could let attackers play secret admin. Are your Kubernetes clusters safe? #AzureSecurity
    thenimblenerd.com/?p=1033097

  22. Oh, nice. With Azure Bastion Premium, that went GA in November, we can now do Session Recording, and most importantly, do private-only deployments that leverage Private Endpoints! 🎉

    #Azure #AzureNetworking #AzureSecurity #AzureBastion

  23. This blog post discusses strategies and methodologies for analyzing logs in Azure subscriptions to enhance threat hunting in cybersecurity. It explores a hypothetical attack scenario involving a breached administrator account and emphasizes the importance of understanding how threat actors maneuver within Azure to... techcommunity.microsoft.com/t5 #AzureSecurity #ThreatHunting #LogAnalysis #softcorpremium

  24. Think "Security Admin" is the only role you need as a cloud security engineer on Azure?

    You might be wrong, this role is limited (you will need more roles!)

    Instead of wasting time with your clients going back and forth asking for roles to perform various operations, let me make your life easier!

    The roles that I have usually asked to be assigned to my Azure user are:

    • Role-Based Access Control Administrator
    • Resource Policy Contributor

    Reason?

    ➡ RBAC Admin role is required if you want to work with managed identities and assign different roles to the identities you implement.
    ➡ Resource Policy Contributor is required if you want to check your cloud against a compliance framework and want to enable some custom GRC policy i.e. SOC 2, PCI DSS, etc.

    Now you might argue that RBAC management is cloud admin's duty, and for enabling a policy you can ask a Contributor 🤔 You're right!

    💡 In my experience, asking the relevant stakeholders and explaining the steps usually takes more time and you are better off just asking for relevant roles as a security engineer. Access can be revoked once you're done!

    We have to do this at least till all the stakeholders become well-versed with Azure (which we know is gonna take time)

    So, note down the above roles, and next time your customer asks you which roles you need to perform security work on Azure, don't just blindly ask for "Security Engineer", rather do proper research on the work assigned and know the limitations of this role. 😊

    P.S. I am not against the Least Privilege Principle 😉

    Tell me in the comments if you came across some other role that was required to get the job done as a cloud security engineer.

    #AzureSecurity #CloudSecurity #RBAC #IAM

  25. Every security engineer has heard of AWS S3 bucket leaks

    But, what's its counterpart in Azure? 🤔

    ↳ Azure Storage Accounts

    They too have similar security issues, so whether you're a penetration tester hunting for loose access controls or a security engineer trying to fix the blob's security, you should know the basics.

    Just like S3, mistakenly providing public access to private data in Azure blobs is very common, hence resulting in data breaches.

    To secure your Azure blobs, make sure to:
    👉 𝐃𝐢𝐬𝐚𝐛𝐥𝐞 𝐁𝐥𝐨𝐛 𝐩𝐮𝐛𝐥𝐢𝐜 𝐚𝐜𝐜𝐞𝐬𝐬: Though it's disabled by default but to err is human.
    👉 𝐈𝐦𝐩𝐥𝐞𝐦𝐞𝐧𝐭 𝐑𝐁𝐀𝐂: Don't give contributor access to everyone on storage accounts, please.
    👉 𝐔𝐭𝐢𝐥𝐢𝐳𝐞 𝐒𝐀𝐒 𝐓𝐨𝐤𝐞𝐧𝐬: For controlled temporary access, generate time-bound SAS tokens with specific permissions.
    👉 𝐔𝐬𝐞 𝐌𝐚𝐧𝐚𝐠𝐞𝐝 𝐈𝐝𝐞𝐧𝐭𝐢𝐭𝐢𝐞𝐬: Don't leak access keys in source code.

    📍 P.S. Let me know if you handle the security of Azure blobs using something else.

    #CloudSecurity #AzureSecurity

  26. 𝐑𝐚𝐭𝐞 𝐋𝐢𝐦𝐢𝐭𝐢𝐧𝐠 𝐅𝐞𝐚𝐭𝐮𝐫𝐞 𝐟𝐨𝐫 𝐀𝐳𝐮𝐫𝐞 𝐖𝐀𝐅 𝐨𝐧 𝐀𝐩𝐩𝐥𝐢𝐜𝐚𝐭𝐢𝐨𝐧 𝐆𝐚𝐭𝐞𝐰𝐚𝐲 𝐧𝐨𝐰 𝐢𝐧 𝐏𝐫𝐞𝐯𝐢𝐞𝐰

    This feature allows you to define custom rules to limit the number of requests from different sources, such as IP addresses, geographies, or user sessions.

    techcommunity.microsoft.com/t5

    #azure #microsoft #azuresecurity #waf #webapplicationgateway #appsecurity #azureapplicationgateway #appsec #webapplicationfirewall #firewall #ddos #azurewaf #cybersecurity #cloud #cloudnative #cloudsecurity #soc

  27. How Microsoft Sentinel Safeguards Your Organization from BEC Attacks

    Our recently released Solution for Business Email Compromise - Financial Fraud provides detection and hunting content to allow you to detect and respond to BEC threats at multiple stages of the attack cycle. In this blog we will discuss each stage of this cycle and how the Solution combines with Microsoft 365 Defender (M365D) to provide comprehensive coverage.

    techcommunity.microsoft.com/t5

    #microsoft #azure #sentinel #microsoftsentinel #bec #businessemailcompromise #m365defender #defender #xdr #cloudsecurity #soc #hunting #fraud #azuresecurity #analyst

  28. 𝗔𝘇𝘂𝗿𝗲 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗡𝗲𝘄𝘀: 𝗔𝘇𝘂𝗿𝗲 𝗗𝗗𝗼𝗦 𝗦𝗲𝗻𝘁𝗶𝗻𝗲𝗹 𝗦𝗼𝗹𝘂𝘁𝗶𝗼𝗻 𝗮𝗻𝗱 𝗪𝗔𝗙 𝗣𝗹𝗮𝘆𝗯𝗼𝗼𝗸 𝗜𝗻𝘁𝗲𝗴𝗿𝗮𝘁𝗶𝗼𝗻

    Learn how to how to integrate the Azure DDoS Sentinel Solution with the Azure WAF Playbook to enable a powerful automated detection and response system.

    With this integration, the Azure DDoS Sentinel Solution and the WAF Playbook work together to prevent attacks with the steps described below:

    1️⃣During the first stage of a multi-vector attack campaign, initiated by a malicious actor, the DDoS attack floods the customer’s application, creating chaos and serving as a diversion for the subsequent attack.

    2️⃣Upon identifying the DDoS attack, Azure DDoS protection mitigates the attack and generates logs that are transmitted to Microsoft Sentinel.

    3️⃣Microsoft Sentinel extracts the source IP addresses of the attackers from the logs and triggers the WAF Playbook.

    4️⃣The WAF Playbook adds the attack IP addresses to a custom WAF rule with a block action. Azure WAF becomes ready to mitigate the forthcoming stages of the adversary's attack cycle.

    5️⃣Having employed the DDoS attack as a smokescreen, the adversary now attempts to breach the application to take the sensitive data.

    6️⃣Azure WAF acts by blocking access from the source IP addresses of the attacker, thereby preventing them from reaching the data.

    techcommunity.microsoft.com/t5

    #azure #azuresecurity #azurenetworksecurity #ddos #azureddos #waf #azurewaf #sentinel #microsoftsentinel #microsoft #soc #automation #soar #siem #playbook #cybersecurity #microsoft #microsoftsecurity #cloudsecurity

  29. 𝐒𝐢𝐦𝐮𝐥𝐚𝐭𝐢𝐨𝐧 𝐓𝐞𝐬𝐭𝐢𝐧𝐠 𝐟𝐨𝐫 𝐀𝐳𝐮𝐫𝐞 𝐃𝐃𝐨𝐒 𝐏𝐫𝐨𝐭𝐞𝐜𝐭𝐢𝐨𝐧

    Azure DDoS Protection is a comprehensive security solution offered by Microsoft Azure to protect applications and resources from Distributed Denial of Service (DDoS) attacks.

    Discover how simulation testing can fortify your defenses and enable you to confidently withstand DDoS attacks.

    techcommunity.microsoft.com/t5

    Approved Simulation Partners:

    ➡️BreakingPoint Cloud

    ➡️Red Button

    ➡️RedWolf

    Benefits of Azure DDoS Simulation Testing:

    1️⃣Azure DDoS Protection Validation

    2️⃣ Gap Identification

    3️⃣ Incident Response Optimization

    4️⃣ DDoS Compliance Documentation

    5️⃣Team Training

    #ddos #azureddos #BreakingPoint #redbutton #redwolf #cybersecurity #azure #cloudsecurity #soc #azuresecurity #cloudnative #networking #cloud

  30. 🔒 𝗣𝗿𝗼𝘁𝗲𝗰𝘁𝗶𝗻𝗴 𝗬𝗼𝘂𝗿 𝗪𝗲𝗯 𝗥𝗲𝘀𝗼𝘂𝗿𝗰𝗲𝘀 𝗳𝗿𝗼𝗺 𝗨𝗻𝗲𝘁𝗵𝗶𝗰𝗮𝗹 𝗕𝗼𝘁 𝗔𝗰𝘁𝗶𝘃𝗶𝘁𝗶𝗲𝘀 🔒

    The continuous integration of bots to simulate human engagement, especially for unethical activities in web applications, poses security risks and diverts engagement with web resources. With the emergence of new AI projects and Large Language Models (LLMs), vulnerabilities such as prompt injections, data leakage, training data poisoning, and unauthorized code execution have become more prevalent.

    To mitigate these risks, it is crucial to grant appropriate access to bots on your websites. Microsoft Bot Manager Ruleset, in combination with a Web Application Firewall, offers effective measures to reduce illegitimate non-human access. These measures include verified labels, static analysis (rate limiting), and behavioral analysis.

    Find out more details: techcommunity.microsoft.com/t5

    #microsoft #security #ai #bot #waf #webapplicationfirewall #bot #llm #seo #azure #azuresecurity #microsoftsecurity #soc #siem #soar #badbot #goodbot #applicationsecurity #azurenetworking #networksecurity #behavioralanalysis

  31. Whether you're fresh to #Azure or #AzureAD, or have been around the block for a while, understanding the tenant to subscription relationship can be a tricky thing.

    In this post we'll try to gain a better understanding with a mix of analogies and visuals.

    #mvpbuzz #aad #azureactivedirectory #azuresecurity #entra #identity

    ericonidentity.com/2023/01/29/

  32. Azure Advisor is a tool which helps organizations and individuals optimize their Azure environment, reduce attack surface area, and cut costs. It offers guidance on cost, security, reliability, operational excellence and performance, with quick fixes and automation options to help make the process easier. techcommunity.microsoft.com/t5 #AzureAdvisor #AzureEnvironment #AzureSecurity

  33. I recently activated my Azure OpenAI playground and I noticed new security recommendations in Defender for Cloud.
    It's important to consider security aspects when using enterprise AI services.

    I point out the following resources:
    - Azure Cognitive Services security: lnkd.in/dM-NbD9g
    - Azure security baseline for Cognitive Services: lnkd.in/dCNmeYEs

    Interesting insights about: TLS, Auth options, key rotation, customer managed keys, virtual networks, DLP, bring-your-own-storage...

    I'll write a blog post about monitoring AI services, stay tuned :)

    #openai #ai #aisecurity #security #cybersecurity #cognitiveservices #azure #azuresecurity #defenderforcloud #dfc #xdr #cloud #cspm #cwp #cnapp #multicloud #cloudsecurity #authentication #keyrotation #dlp #byos #virtualnetworks #tls #networksecurity #openaiplayground #chatgpt #gpt #artificialintelligence #microsoft #microsoftsecurity