Tag: Azure | SpinSafe

Feds: Androxgh0st Botnet Is Targeting AWS, Office 365, and Azure Credentials

January 18, 2024/in Internet Security

Federal cybersecurity officials are warning server and website owners of a spike in Androxgh0st malware, which is targeting Amazon Web Services (AWS), Microsoft Office 365, SendGrip, and Twilio credentials.

The botnet has been around since late 2022 and is often used to steal credentials for use in spam or crypto-mining. According to FortiGuard Labs, the botnet has control of approximately 30,000 devices as of this week, though that’s down from 50,000 in the first week of January.

The botnet is capable of abusing the Simple Mail Transfer Protocol (SMTP) as well as application programming interfaces (APIs), according to a report from the Cybersecurity and Infrastructure Security Agency (CISA). Bleeping Computer says SendGrip and Twilio credentials can be “used by threat actors to conduct spam campaigns impersonating the breached companies.”

Recommended by Our Editors

This Tweet is currently unavailable. It might be loading or has been removed.

CISA outlines how to check and see if your server is compromised and alternative monikers that you may see instead of Androxgh0st. The FBI and CISA also posted several mitigations that organizations can take to ensure that they stay safe from the botnet. They include:

Keep all operating systems, software, and firmware up to date. Specifically, ensure that Apache servers are not running versions 2.4.49 or 2.4.50.
Verify that the default configuration for all URIs is to deny all requests unless there is a specific need for it.
Ensure that any live Laravel applications are not in “debug” or testing mode. Remove all cloud credentials from ENV files and revoke them.
On a one-time basis for previously stored cloud credentials, and on an ongoing basis for other types of credentials that cannot be removed, review any platforms or services that have credentials listed in the ENV file for unauthorized access or use.
Scan the server’s file system for unrecognized PHP files.
Review outgoing GET requests (via cURL command) to file hosting sites.

Like What You’re Reading?

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links….

Source…

Microsoft finally explains cause of Azure breach: An engineer’s account was hacked

September 6, 2023/in Internet Security

Microsoft said the corporate account of one of its engineers was hacked by a highly skilled threat actor that acquired a signing key used to hack dozens of Azure and Exchange accounts belonging to high-profile users.

The disclosure solves two mysteries at the center of a disclosure Microsoft made in July. The company said that hackers tracked as Storm-0558 had been inside its corporate network for more than a month and had gained access to Azure and Exchange accounts, several of which were later identified as belonging to the US Departments of State and Commerce. Storm-0558 pulled off the feat by obtaining an expired Microsoft account consumer signing key and using it to forge tokens for Microsoft’s supposedly fortified Azure AD cloud service.

The disclosure left two of the most important questions unanswered. Specifically, how was a credential as sensitive as the consumer signing key stolen from Microsoft’s network, and how could it sign tokens for Azure, which is built on an entirely different infrastructure?

On Wednesday, Microsoft finally solved the riddles. The corporate account of one of its engineers had been hacked. Storm-0558 then used the access to steal the key. Such keys, Microsoft said, are entrusted only to employees who have undergone a background check and then only when they are using dedicated workstations protected by multi-factor authentication using hardware token devices. To safeguard this dedicated environment, email, conferencing, web research, and other collaboration tools aren’t allowed because they provide the most common vectors for successful malware and phishing attacks. Further, this environment is segregated from the rest of Microsoft’s network, where workers have access to email and other types of tools.

Those safeguards broke down in April 2021, more than two years before Storm-0558 gained access to Microsoft’s network. When a workstation in the dedicated production environment crashed, Windows performed a standard “crash dump,” in which all data stored in memory is written to disk so engineers can later diagnose the cause. The crash dump was later moved into Microsoft’s…

Source…

Illumio protects against ransomware with Microsoft Azure Firewall

August 10, 2023/in Internet Security

Illumio has announced the general availability of Illumio for Microsoft Azure Firewall. This integrated solution is designed to make it easier to use Azure Firewall as a Zero Trust enforcement point to visualise and secure all traffic between Azure resources connecting through the Azure Firewall.

Illumio for Azure Firewall works to build resilience to ransomware and other cyber attacks while also maximising the impact and value of Azure Firewall as a security investment.

As organisations look to reduce their risk from breaches and build cyber resilience, the Azure Firewall plays a strategic role in securing and protecting enterprise cloud environments by serving as the entry and exit point for data as it traverses the hybrid cloud ecosystem.

Illumio for Azure Firewall allows users to protect different parts of their cloud environment by enabling one-to-one mapping between a resource and its metadata in Azure and its associated workload and labels in Illumio.

According to the company, benefits of Illumio for Azure Firewall include:

Simple policy creation: Organisations no longer need to worry about writing firewall rules tied to an IP address or a host name that will change in a dynamic cloud environment. Illumio for Azure Firewall offers easy authoring of context-based, modern security rules that automatically adapt with Azure deployments and are simple to understand and manage.

Improve application uptime: Organisations can operate and innovate at scale without fear of breaking critical applications once they apply policy. Security teams can test and validate the outcome and impact of their security policies before fully enforcing them using a simulation mode, which protects applications and workloads. Once security teams are confident in the policy, they can deploy it to Azure Firewalls directly from the Illumio for Azure Firewall console.

Zero Trust at scale: Zero Trust Segmentation controls minimise the impact of cyber attacks, reducing organisations risk and increasing their resilience. Illumio for Azure Firewall gives organisations simplified context-based visibility of any communication across Azure Firewall and Azure network security…

Source…

Microsoft applies coat of Rust to Azure Sphere IoT platform • The Register

January 13, 2023/in Internet Security

Developers can now use the Rust programming language when creating applications on Azure Sphere platform for internet-connected devices.

Programmers can apply the performance and security capabilities within Rust to make software for Internet of Things devices and other embedded systems that can be the target of botnets and other malware.

Want to try a null-pointer dereference? Not gonna happen! For embedded systems this is a lifeline…

“Rust and Azure Sphere are a good match – a programming language that can improve safety of code with strict compile time safety checks alongside Azure Sphere’s secure identity, update, and end-to-end encrypted communication services for internet-connected devices should provide greater security to the customer applications,” Akshatha Udayashankar, an embedded software engineer at Microsoft, wrote in a blog post this week.

The move by Microsoft – which previewed the idea in June 2022 – comes the same week Google said it will support third-party Rust libraries in its open-source Chronium project. Like Microsoft, Google touted the security features in the programming language.

As our sister site DevClass wrote at the time, the attraction is not just safety. “Other factors include a greater likelihood of correctness, as a side-effect of safety guarantees, and more reliable concurrency. Rust’s ‘rich type system’ assists in writing expressive code.”

Azure Sphere already includes built-in security features for internet-connected devices and comprises hardware built atop chips from MediaTek and a Linux-based operating system. In addition, it includes the cloud-based Azure Sphere Security Services (AS3) that creates a secure connection between the devices and the internet or cloud.

AS3 ensures a secure boot, device identity authentication, the trust of the software, and certification the devices are running trusted code. It also enables Microsoft to securely download updates to…

Source…

Tag Archive for: Azure

Recommended by Our Editors

Like What You’re Reading?