New Azure Container Instance Vulnerability — What to do?

Just yesterday, Microsoft disclosed a new (and yet to be clarified) Azure Container Instance vulnerability — From the information shared in the disclosure, it seems like the flaw was fixed on 31st August 2021 and customers were notified by Microsoft. The details are yet to come out so please check back for updates to this blog. What is […]

Protecting against #ChaosDB

Cloud security researchers @sagitz and @nirohfeld who both work at Wiz recently discovered what I think is a major vulnerability that exploits the recent CosmosDB Jupyter notebook feature to escalate access into other customer notebooks, harvest the CosmosDB keys and access their data!! This vulnerability has been tagged “#ChaosDB”. Microsoft has since disabled this feature and notified customers— So […]

Azure Logging/Auditing Series (1) – Activity Logs

Azure logging and auditing series

Azure logging and auditing play a critical role in the security and compliance strategy of any serious organization.  Collecting detailed information on events that happened and changes made to resources is the foundation of areas like security monitoring and digital forensics and the Azure platform is not different in this respect. The Azure platform delivers […]

Blind spot fixed! Azure AD new sign-in logs improvement

azure blind spot

In a previous blog post on Securing Azure Service Bus, I highlighted the blind spot of not being able to audit sign in events when using Azure AD for Service Bus authentication. This is because the authentication is non-interactive and requires the sender or receiver of the brokered message to use either a service principal […]

Infrastructure as Code Security for Azure (Part 1) – Secure DevOps Kit for Azure (AzSK) ARM Template Checker

Infrastructure as code (IaC) is a core component of many modern DevOps adoption. It allows organizations to automate the deployment, scaling, and management of infrastructure, using machine-readable template files. It eliminates manual deployment, configuration, as well as the need to use ad-hoc imperative scripts to automate infrastructure changes. Instead, it allows infrastructure to be managed […]

Azure Blue Team Series: Securing Azure Service Bus

One of the major shifts in application development in recent times is the widespread adoption of microservice-based architecture (message driven or event driven computing). The benefits it offers over a traditional monolithic approach includes flexibility, resilience and scalability. But adopting microservices architecture often creates new risks of its own. The very characteristics that make microservices […]

What?!! Public Blob not allowed on this storage account?!

I was teaching an Azure developer course last week when one of the delegates had issues building some C# code that I tested a few days before. The error message “Public Blob not allowed on this storage account“. My first stop was to review Azure policy and see if there is an offending policy assigned. […]

Microsoft Ignite 2019 Announcements – Day One

Azure ARC Azure has Azure Stack for on-premises DCs; AWS has Outposts to bring AWS services to companies’ own DCs; Google introduced Anthos, to let companies run Google cloud software in their DCs. Azure Stack is available. Neither Outposts nor Anthos is available yet. Now Azure has Azure ARC to extend to other cloud infrastructure.  […]

Azure Hangout Demo Series – Governance 1a – RBAC and Azure Policy

Link Scenario Adatum Corporation wants to use Azure Role Based Access Control and Azure Policy to control provisioning and management of their Azure resources. It also wants to be able to automate and track provisioning and management tasks. Objectives Configure delegation of provisioning and management of Azure resources by using built-in Role-Based Access Control […]