Techly NewsGet the app

Get the latest tech news

Azure API vulnerability and roles misconfiguration compromise corporate networks


Token Security researchers have discovered several Azure built-in roles that are misconfigured to be over-privileged - they grant more permissions than intended by Azure.In addition, we discovered another vulnerability in the Azure API that allows attackers to leak VPN keys.

Combined, these two issues create a new attack chain that lets a weak user gain access to both internal cloud assets and on-premises networks. Service-specific- Roles that grant permissions for a specific service or function in the given scope (e.g., Storage Blob Data Reader or Virtual Machine Contributor). But the issues we discussed here are in the gray area: when the cloud provider is giving you a service that is supposed to help you with identities and permissions management, but in fact misleads you into making dangerous decisions, who is to blame?

Get the Android app

Or read this on Hacker News

Read more on:

Photo of corporate networks

corporate networks

Related news:

News photo

SimpleHelp RMM flaws exploited to breach corporate networks

News photo

Fog ransomware targets SonicWall VPNs to breach corporate networks

News photo

Russian indicted for selling access to US corporate networks

« What I learned gathering nootropic ratings (2022)
I'm dialing back my LLM usage »