The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three new flaws in its Known Exploited Vulnerabilities (KEV) catalog, including a critical OS command injection impacting Progress Kemp LoadMaster. The flaw,… Source link
Amazon CloudWatch is essential for monitoring AWS resources. Users may want to export metrics to third-party systems for centralized observability. Coralogix offers a solution as an AWS Partner Network technology partner. It allows for real-time analytics, monitoring, and alerting without storage or indexing. Integrating CloudWatch metrics with Coralogix using AWS resource tags in a monitoring … Read more
Tenable discovered a high-severity vulnerability in Microsoft’s Azure Network service tags that could allow attackers to bypass firewall rules. Microsoft, however, rejected the classification of the issue as a vulnerability and instead provided customers with enhanced guidance on mitigating the risk. While Microsoft acknowledged Tenable’s contribution to the Azure community, the company stated that service … Read more
Tenable Research has identified a vulnerability in Microsoft Azure service tags that could potentially lead to attackers bypassing firewall rules and gaining unauthorized access to internal Azure services. Initially discovered in the Azure Application Insights service, the vulnerability was found to affect more than 10 other Azure services. The report emphasizes the importance of adding … Read more
Azure Service Tags, a feature of Microsoft Azure designed to simplify network security management, may be vulnerable to a flaw that could allow threat actors to steal sensitive data. Tenable security researchers have reported that hackers could exploit this flaw to create malicious web requests similar to SSRF attacks, bypassing firewall rules based on Azure … Read more
Tenable security researchers found a high severity vulnerability in multiple Azure services that Microsoft has no plans to patch. The bug allows attackers to bypass Azure firewall rules using service tags. Microsoft claims it’s a client configuration issue and encourages customers to review security measures. Attackers can exploit the vulnerability to impersonate trusted Azure services … Read more