Found 16 bookmarks
Custom sorting
Microsoft moves to disrupt hacking-as-a-service scheme that’s bypassing AI safety measures
Microsoft moves to disrupt hacking-as-a-service scheme that’s bypassing AI safety measures
The defendants used stolen API keys to gain access to devices and accounts with Microsoft’s Azure OpenAI service, which they then used to generate “thousands” of images that violated content restrictions.
#cyberscoop#EN#2025#Microsoft#hacking-as-a-service#stolen#API#keys#images#Azure#OpenAI
·cyberscoop.com·
Microsoft moves to disrupt hacking-as-a-service scheme that’s bypassing AI safety measures
Effective Phishing Campaign Targeting European Companies and Organizations
Effective Phishing Campaign Targeting European Companies and Organizations
A phishing campaign targeting European companies used fake forms made with HubSpot's Free Form Builder, leading to credential harvesting and Azure account takeover. A phishing campaign targeting European companies used fake forms made with HubSpot's Free Form Builder, leading to credential harvesting and Azure account takeover.
#unit42#EN#2024#Phishing#Campaign#EU#Azure#takeover#HubSpot#analysis
·unit42.paloaltonetworks.com·
Effective Phishing Campaign Targeting European Companies and Organizations
'Error' in Microsoft's DDoS defenses amplified Azure outage
'Error' in Microsoft's DDoS defenses amplified Azure outage
o you have problems configuring Microsoft's Defender? You might not be alone: Microsoft admitted that whatever it's using for its defensive implementation exacerbated yesterday's Azure instability. No one has blamed the actual product named "Windows Defender," we must note. According to Microsoft, the initial trigger event for yesterday's outage, which took out great swathes of the web, was a distributed denial-of-service (DDoS) attack. Such attacks are hardly unheard of, and an industry has sprung up around warding them off.
#theregister#EN#2024#Microsoft#DDoS#Azure#outage
·theregister.com·
'Error' in Microsoft's DDoS defenses amplified Azure outage
Microsoft employees exposed internal passwords in security lapse
Microsoft employees exposed internal passwords in security lapse
Microsoft has resolved a security lapse that exposed internal company files and credentials to the open internet. Security researchers Can Yoleri, Murat Özfidan and Egemen Koçhisarlı with SOCRadar, a cybersecurity company that helps organizations find security weaknesses, discovered an open and public storage server hosted on Microsoft’s Azure cloud service that was storing internal information relating to Microsoft’s Bing search engine. The Azure storage server housed code, scripts and configuration files containing passwords, keys and credentials used by the Microsoft employees for accessing other internal databases and systems.
#techcrunch#EN#socradar#Azure#data-leack#bing#storage#scripts#configuration#passwords
·techcrunch.com·
Microsoft employees exposed internal passwords in security lapse
Untitled Goose Tool Aids Hunt and Incident Response in Azure, Azure Active Directory, and Microsoft 365 Environments
Untitled Goose Tool Aids Hunt and Incident Response in Azure, Azure Active Directory, and Microsoft 365 Environments
Today, CISA released the Untitled Goose Tool to help network defenders detect potentially malicious activity in Microsoft Azure, Azure Active Directory (AAD), and Microsoft 365 (M365) environments. The Untitled Goose Tool offers novel authentication and data gathering methods for network defenders to use as they interrogate and analyze their Microsoft cloud services. The tool enables users to:
#cisa#EN#2023#tool#AD#Azure#M365#hunting#blueteam#check
·cisa.gov·
Untitled Goose Tool Aids Hunt and Incident Response in Azure, Azure Active Directory, and Microsoft 365 Environments
Untitled Goose Tool Aids Hunt and Incident Response in Azure, Azure Active Directory, and Microsoft 365 Environments
Untitled Goose Tool Aids Hunt and Incident Response in Azure, Azure Active Directory, and Microsoft 365 Environments
Today, CISA released the Untitled Goose Tool to help network defenders detect potentially malicious activity in Microsoft Azure, Azure Active Directory (AAD), and Microsoft 365 (M365) environments. The Untitled Goose Tool offers novel authentication and data gathering methods for network defenders to use as they interrogate and analyze their Microsoft cloud services. The tool enables users to:
#cisa#EN#2023#tool#AD#Azure#M365#hunting#blueteam#check
·cisa.gov·
Untitled Goose Tool Aids Hunt and Incident Response in Azure, Azure Active Directory, and Microsoft 365 Environments