Microsoft issues new guidance on OMI vulnerabilities within Azure VM Management extensions

Post published:September 18, 2021
Post category:Cloud Security Security Updates & Patches Vulnerabilities & Exploits

Microsoft has published new guidance on Open Management Infrastructure (OMI) vulnerabilities within Azure virtual management (VM) Management extensions.

Pro-Ocean cryptojacking malware targets cloud applications

Post published:February 1, 2021
Post category:Cloud Security Cybersecurity Attacks Vulnerabilities & Exploits

A new Pro-Ocean cryptojacking malware targets popular cloud applications including ApacheMQ, Oracle Weblogic and Redis. The malware contains four modules that execute to hide, mine cryptocurrency, watchdog and infect systems.

SQL Server malware “MrbMiner” attacks

Post published:January 25, 2021
Post category:Cloud Security Cybersecurity Attacks Malware Network Security

Security researchers have identified the source of a SQL Server malware “MrbMiner” attacks allegedly tied to an Iranian software firm.

FireEye publishes Microsoft 365 tools and hardening strategies to defend against SolarWinds attackers

Post published:January 21, 2021
Post category:Cloud Security Cybersecurity Attacks Security Monitoring

Security firm FireEye has published new Microsoft 365 tools and hardening strategies to defend against SolarWinds attackers, also known as UNC2452.

CISA: Threat actors behind SolarWinds hack pose ‘grave risk’ (updated)

Post published:December 19, 2020
Post category:Cloud Security Configuration Management Cybersecurity Attacks Data Breach Malware Security Updates & Patches Third-Party Security Vulnerabilities & Exploits

The Cybersecurity and Infrastructure Security Agency (CISA) has warned the recent compromise by threat actors of SolarWinds poses a 'grave risk' to critical infrastructure, government and private sector organizations.

GADOLINIUM threat actors use cloud services and open source tools in cyberattacks

Post published:October 2, 2020
Post category:Cloud Security Cybersecurity Articles Cybersecurity Attacks Malware

Security experts from Microsoft have observed a cyber threat actor dubbed GADOLINIUM that uses new attack techniques via cloud services and open source tools.

NIST SP 800-210: General Access Control Guidance for Cloud Systems

Post published:July 31, 2020
Post category:Cloud Security Identity & Access Management Standards & Guidelines

The National Institute of Standards and Technology (NIST) has issued the NIST SP 800-210 General Access Control Guidance for Cloud Systems.

Doki malware targets exposed Docker servers in the cloud

Post published:July 29, 2020
Post category:Cloud Security Configuration Management Cybersecurity Attacks

Security researchers at Intezer Labs detected a new Linux malware dubbed "Doki" and cyber attack that uses blockchain wallet for generating command and control (C2) domain names.

Microsoft releases Zero Trust guidance for Azure AD

Post published:May 3, 2020
Post category:Cloud Security Cybersecurity Articles Identity & Access Management

Microsoft has released new Zero Trust guidance for Azure Active Directory (Azure AD). The guidance is part of a broader "Zero Trust Security Strategy" to help organizations provide more secure access to corporate resources.

Guidance for CISOs to improve remote worker security, free access to small business online collaboration tools

Post published:March 16, 2020
Post category:Cloud Security Identity & Access Management

In the wake of Coronavirus / COVID-19 pandemic, Microsoft has issued sound guidance for security leaders to improve remote worker security. Tech companies are also offering small businesses free access to online collaboration tools during the outbreak.