all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

New Microsoft Azure Vulnerability Uncovered — Experts Warn of RCE Attacks

Add to bookmarks
Jan. 19, 2023, 2:20 p.m. | info@thehackernews.com (The Hacker News)

The Hacker News thehackernews.com

A new critical remote code execution (RCE) flaw discovered impacting multiple services related to Microsoft Azure could be exploited by a malicious actor to completely take control of a targeted application.
"The vulnerability is achieved through CSRF (cross-site request forgery) on the ubiquitous SCM service Kudu," Ermetic researcher Liv Matan said in a report shared with The Hacker News. "By

actor application attacks azure code code execution control critical cross-site cross-site request forgery csrf ermetic experts exploited flaw forgery hacker malicious microsoft microsoft azure rce remote code remote code execution report request researcher scm service services vulnerability

Visit resource

More from thehackernews.com / The Hacker News

Widely-Used PuTTY SSH Client Found Vulnerable to Key Recovery Attack 2 hours ago | thehackernews.com
alerting attack client critical +22
Identity in the Shadows: Shedding Light on Cybersecurity's Unseen Threats 2 hours ago | thehackernews.com
array businesses cloud cloud services +23
FTC Fines Mental Health Startup Cerebral $7 Million for Major Privacy Violations 5 hours ago | thehackernews.com
advertising cerebral charges data +21
Hive RAT Creators and $3.5M Cryptojacking Mastermind Arrested in Global Crackdown 6 hours ago | thehackernews.com
access arrested australia called +19
Intel and Lenovo BMCs Contain Unpatched Lighttpd Server Flaw 21 hours ago | thehackernews.com
august back binarly bmcs +18
AI Copilot: Launching Innovation Rockets, But Beware of the Darkness Ahead 1 day ago | thehackernews.com
ai copilot apps code copilot +13
Muddled Libra Shifts Focus to SaaS and Cloud for Extortion and Data Theft Attacks 1 day ago | thehackernews.com
actor alto applications as-a-service +32
Timing is Everything: The Role of Just-in-Time Privileged Access in Security Evolution 1 day, 3 hours ago | thehackernews.com
access access management everything high +19
Chinese-Linked LightSpy iOS Spyware Targets South Asian iPhone Users 1 day, 5 hours ago | thehackernews.com
aim apple apple ios asia +26

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Cybersecurity Architect III

@ JPMorgan Chase & Co. | Columbus, OH, United States
View on infosec-jobs.com

Senior DevSecOps Engineer

@ Marlabs | Chennai, IN
View on infosec-jobs.com

Consultant Cyber Sécurité H/F

@ Hifield | Lyon, France
View on infosec-jobs.com

Cyber Security Consultant (Remote, US)

@ Crosslake Technologies | Remote (US)
View on infosec-jobs.com

PE Hub- SAP GRC/ IAG Consultant

@ SAP | Bengaluru, IN, 560066
View on infosec-jobs.com
View more jobs