Azure
Windows KB5064489 emergency update fixes Azure VM launch issues
Microsoft has released an emergency update to fix a bug that prevents Azure virtual machines from launching when the Trusted Launch setting is disabled and Virtualization-Based Security (VBS) is enabled. The bug impacted Windows Server 2025 and Windows 11 24H2 and was introduced during the July Patch Tuesday security updates. “This update addresses an issue that prevented […]
Microsoft: Windows 11 might fail to start after installing KB5058405
Microsoft has confirmed that some Windows 11 systems might fail to start after installing the KB5058405 cumulative update released during this month’s Patch Tuesday. On affected devices, users see 0xc0000098 recovery errors in ACPI.sys, warning that the device has to be repaired because the operating system couldn’t be loaded. ACPI.sys is the Windows Advanced Configuration […]
Windows Server emergency update fixes Hyper-V VM freezes, restart issues
Microsoft has released an emergency update to address a known issue causing some Hyper-V virtual machines with Windows Server 2022 to freeze or restart unexpectedly. These problems mainly impact Azure confidential VMs, which are designed to protect data while being processed, not just when it’s transmitted or stored. Redmond has addressed this issue with the […]
Commvault says recent breach didn’t impact customer backup data
Commvault, a leading provider of data protection solutions, says a nation-state threat actor who breached its Azure environment didn’t gain access to customer backup data. Listed on NASDAQ since March 2006, Commvault is included in the S&P MidCap 400 Index and provides cyber resilience services to over 100,000 organizations. As the company first revealed on March 7, […]
Cookie-Bite attack PoC uses Chrome extension to steal session tokens
A proof-of-concept attack called “Cookie-Bite” uses a browser extension to steal browser session cookies from Azure Entra ID to bypass multi-factor authentication (MFA) protections and maintain access to cloud services like Microsoft 365, Outlook, and Teams. The attack was devised by Varonis security researchers, who shared a proof-of-concept (PoC) method involving a malicious and a legitimate Chrome […]
Microsoft fixes Entra ID authentication issue caused by DNS change
Microsoft has fixed an issue that caused Entra ID DNS authentication failures when using the company’s Seamless SSO and Microsoft Entra Connect Sync. In an update to its Azure status page, Microsoft says these problems were caused by a recent DNS change that triggered DNS resolution failures for the autologon.microsoftazuread.sso.com domain when customers tried to […]
HubSpot phishing targets 20,000 Microsoft Azure accounts
A phishing campaign targeting automotive, chemical, and industrial manufacturing companies in Germany and the UK is abusing HubSpot to steal Microsoft Azure account credentials. The threat actors use HubSpot Free Form Builder links and DocuSign-mimicking PDFs to redirect victims to credential-harvesting pages. According to Palo Alto Networks’ Unit 42 team of researchers, the campaign, which […]
Microsoft warns Azure Virtual Desktop users of black screen issues
Microsoft warned customers they might experience up to 30 minutes of black screens when logging into Azure Virtual Desktop (AVD) after installing the KB5040525 Windows 10 July 2024 preview update. Additional symptoms include single sign-on (SSO) failures (on Office applications such as Outlook and Teams) blocking connections to backend services or preventing data syncs and […]
AWS, Azure auth keys found in Android and iOS apps used by millions
Multiple popular mobile applications for iOS and Android come with hardcoded, unencrypted credentials for cloud services like Amazon Web Services (AWS) and Microsoft Azure Blob Storage, exposing user data and source code to security breaches. Exposing this type of credentials can easily lead to unauthorized access to storage buckets and databases with sensitive user data. Apart from […]
Microsoft creates fake Azure tenants to pull phishers into honeypots
Microsoft is using deceptive tactics against phishing actors by spawning realistic-looking honeypot tenants with access to Azure and lure cybercriminals in to collect intelligence about them. With the collected data, Microsoft can map malicious infrastructure, gain a deeper understanding of sophisticated phishing operations, disrupt campaigns at scale, identify cybercriminals, and significantly slow down their activity. The […]