Category: Azure
-
Azure Private Endpoint Deployments Exposes Azure Resources to DoS Attack
Azure Private Endpoint Deployments Exposes Azure Resources to DoS Attack A critical architectural flaw in Microsoft Azure’s Private Endpoint implementation that enables denial-of-service (DoS) attacks against production Azure resources. The vulnerability affects over 5% of Azure storage accounts, exposing organizations to service disruptions across Key Vault, CosmosDB, Azure Container Registry, Function Apps, and OpenAI accounts.…
-
AzureHound Penetration Testing Tool Weaponized by Threat Actors to Enumerate Azure and Entra ID
AzureHound Penetration Testing Tool Weaponized by Threat Actors to Enumerate Azure and Entra ID AzureHound, an open-source data collection tool designed for legitimate penetration testing and security research, has become a favored weapon in the hands of sophisticated threat actors. The tool, which is part of the BloodHound suite, was originally created to help security…
-
MasterCard DNS Error Went Unnoticed for Years
MasterCard DNS Error Went Unnoticed for Years The payment card giant MasterCard just fixed a glaring error in its domain name server settings that could have allowed anyone to intercept or divert Internet traffic for the company by registering an unused domain name. The misconfiguration persisted for nearly five years until a security researcher spent…
-
Closer to the Edge: Hyperscaling Have I Been Pwned with Cloudflare Workers and Caching
Closer to the Edge: Hyperscaling Have I Been Pwned with Cloudflare Workers and Caching I’ve spent more than a decade now writing about how to make Have I Been Pwned (HIBP) fast. Really fast. Fast to the extent that sometimes, it was even too fast: The response from each search was coming back so quickly…