Security Boulevard

Azure APIM Signup Bypass: 97.9% of Developer Portals Still Exploitable Anonymously and from the Internet

The Azure APIM signup bypass is a critical vulnerability affecting 97.9% of internet-facing Developer Portals. Azure API ...
CSOonline

Microsoft Entra’s billing roles pose privilege escalation risks in Azure

Guest users with certain billing roles can create and own subscriptions, potentially gaining persistence and privilege escalation within an organization’s Azure environment. Threat actors can abuse ...
Redmond Magazine

Azure Active Directory Tenant Restrictions Now Available

Microsoft added a couple of new Azure Active Directory capabilities this week, including a new control capability that's available commercially. Organizations using Azure Active Directory can now ...
Computer Weekly

Windows Azure tutorial Part 1: Set up and manage subscriptions

Windows Azure Platform is the cloud offering from Microsoft that encompasses many independent services for compute, storage, networking, monitoring and reporting among others. IT professionals ...
CSOonline

Beware of overly permissive Azure AD cross-tenant synchronization policies

A new proof of concept shows that attackers can use Azure AD CTS to leap to Microsoft and non-Microsoft application across tenants. Lateral movement techniques have been a critical component of ...