Azure Data Factory Bugs Expose Cloud Infrastructure

Three vulnerabilities in the service's Apache Airflow integration could have allowed attackers to take shadow administrative control over an enterprise cloud infrastructure, gain access to and exfiltrate data, and deploy malware.

Follow Dark Reading:

December 18, 2024

LATEST SECURITY NEWS & COMMENTARY Azure Data Factory Bugs Expose Cloud Infrastructure Three vulnerabilities in the service's Apache Airflow integration could have allowed attackers to take shadow administrative control over an enterprise cloud infrastructure, gain access to and exfiltrate data, and deploy malware. Texas Tech Fumbles Medical Data in Massive Breach The cyberattack impacts at least 1.4 million patients, as tranches of highly sensitive personal, medical, and financial data fall into the hands of cyber crooks who have everything they need to carry out convincing social engineering and fraud attacks. Thai Police Systems Under Fire From 'Yokai' Backdoor Hackers are abusing legitimate Windows utilities to target Thai law enforcement with a novel malware that is a mix of sophistication and amateurishness. To Defeat Cybercriminals, Understand How They Think Getting inside the mind of a threat actor can help security pros understand how they operate and what they're looking for — in essence, what makes a soft target. MORE NEWS / MORE COMMENTARY HOT TOPICS Does Desktop AI Come With a Side of Risk? Artificial intelligence capabilities are coming to a desktop near you — with Microsoft 365 Copilot, Google Gemini with Project Jarvis, and Apple Intelligence all arriving (or having arrived). But what are the risks? Microsoft Teams Vishing Spreads DarkGate RAT A thwarted attack demonstrates that threat actors using yet another delivery method for the malware, which already has been spread using phishing emails, malvertising, hijacking of instant messages, and SEO poisoning. Cultivating a Hacker Mindset in Cybersecurity Defense Security isn't just about tools — it's about understanding how the enemy thinks and why they make certain choices. The Education Industry: Why Its Data Must Be Protected The sector must prioritize comprehensive data protection strategies to safeguard PII in an aggressive threat environment. Cleo MFT Zero-Day Exploits Are About to Escalate, Analysts Warn Defenders running the Cleo managed file transfer are urged to be on the lookout for the Cleopatra backdoor and other indicators of an ongoing ransomware campaign, as patching details remain foggy, and no CVE has been issued. MORE PRODUCTS & RELEASES CISA Directs Federal Agencies to Secure Cloud Environments Delinea Joins CVE Numbering Authority Program CompTIA Xpert Series Expands With SecurityX Professional Certification MORE PRODUCTS & RELEASES EDITORS' CHOICE Does Desktop AI Come With a Side of Risk? Artificial intelligence capabilities are coming to a desktop near you — with Microsoft 365 Copilot, Google Gemini with Project Jarvis, and Apple Intelligence all arriving (or having arrived). But what are the risks? LATEST FROM THE EDGE Test Your Cyber Skills With the SANS Holiday Hack Challenge Open to players of all skill levels, the "Snow-mageddon" cybersecurity competition takes place in the world of Santa, elves, and Christmas mayhem. LATEST FROM DR TECHNOLOGY Generative AI Security Tools Go Open Source Businesses deploying large language models and other GenAI systems have a growing collection of open source tools for testing AI security. LATEST FROM DR GLOBAL Governments, Telcos Ward Off China's Hacking Typhoons Infiltrating other nations' telecom networks is a cornerstone of China's geopolitical strategy, and it's having the unintended consequence of driving the uptake of encrypted communications. WEBINARS The Dirt on ROT Data Social Engineering: New Tricks, New Threats, New Defenses View More Dark Reading Webinars >> WHITE PAPERS Enhancing Cybersecurity: The Critical Role Of Software Security Training The State of Asset Security: Uncovering Alarming Gaps & Unexpected Exposures Full Content Inspection: The New Standard in Network Security and Why It's Necessary The State of Cloud Native Security Report 2024 Insider Risk Programs: 3 Truths and a Lie Purple AI Datasheet 5 Essential Insights into Generative AI for Security Leaders View More White Papers >> FEATURED REPORTS Managing Third-Party Risk Through Situational Awareness 2024 InformationWeek US IT Salary Report View More Dark Reading Reports >>

Dark Reading Daily -- Published By Dark Reading Operated by TechTarget, Inc. and its subsidiaries, 275 Grove Street, Newton, Massachusetts, 02466 US To opt-out of any future Dark Reading Daily Newsletter emails, please respond here. Thoughts about this newsletter? Give us feedback. Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our Privacy Statement.

© 2024 | TechTarget, Inc. | Privacy Statement | Terms & Conditions | Contact Us