Azure Synapse RCE Fixed by Microsoft
Microsoft has addressed a critical RCE flaw, tracked as CVE-2022-29972 and named SynLapse, resides in thrid party driver that used by Azure Synapse and Azure Data Factory discovered by researchers from orca…
Posted inAzure Security
Microsoft Purview! Future of Risk and Governance
Microsoft publicized Microsoft Purview, a product that will bring together the Azure Purview data governance service with various Microsoft 365 compliance solutions. Last year it launched Azure Purview in general…
Posted inAzure Security
Cross Tenant bug in PostgreSQL
Microsoft has patched a flaw in Azure PostgreSQL which could have been exploited to execute malicious code described as a cross-account database vulnerability in Azure's infrastructure. According to researchers, a…
CrowdStrike New Product Updates for Cloud
CrowdStrike introduced new features for its Falcon cybersecurity platform aimed at helping enterprises more effectively defend their public cloud environments from hackers. CrowdStrike flagship Falcon platform is used by more…
AWS Database Vulnerabilities lead to End of some versions
Researcher at Lightspin security firm recently explained how she obtained credentials to an internal AWS service using a PostgreSQL extension and exploiting a local file read vulnerability on RDS. AWS confirmed the…
AWS Log4j Update ! Made Resources Vulnerable
AWS has updated its Log4j security patches after it was discovered the original fixes made customer deployments vulnerable to container escape and privilege escalation. The vulnerabilities introduced by Amazon's Log4j…
Verica joins with Prowler Enhancing AWS Security
Verica joined with open-source AWS cloud security tool Prowler to offer a new enterprise-focused paid version of Prowler. Prowler is a tool that assesses AWS accounts to ensure they follow best AWS…
Denonia Malware Targets AWS Lambda
Researchers at Cado Security discovered the first publicly known malware specifically targeted at AWS serverless computing platform Lambda dubbed Denonia the name of the domain that the attackers communicated with…