#cloud
Noch mehr vom #Ziegenblock
#Bunt aber nicht Bunt
Was es damit auf sich hat lest ihr unter
#Microsoft employees exposed internal passwords in #security lapse
source: https://techcrunch.com/2024/04/09/microsoft-employees-exposed-internal-passwords-security-lapse/
Security researchers Can Yoleri, Murat Özfidan and Egemen Koçhisarlı with #SOCRadar, a #cybersecurity company that helps organizations find security weaknesses, discovered an open and public storage server hosted on Microsoft’s #Azure #cloud service that was storing internal information relating to Microsoft’s #Bing search engine.
UK govt office admits ability to negotiate billions in cloud spending curbed by vendor lock-in
It’s one of the points I’ve been making since the beginning of enterprise cloud services. It’s not to say necessarily that a cloud service is bad, but you have no control (and often no easy way out) if prices jump (remember Microsoft changing their SQL database licenses from per CPU to per core – think it was that way around).
Quite often too, cloud providers use their own proprietary formats inside their cloud, so all works wonderfully, but what went out of the window was many governments’ requirements around open data standards. There was one very good reason for open data standards, and that was for easy portability to any other service, e.g. using ODF document standard and then moving from LibreOffice to, or from, FreeOffice.
Combine both of these and you’re in a tightish spot. You may also have very few skilled IT staff left, because all your services now sit in someone else’s cloud.
So, you just want to factor all of this in very carefully when considering whether to go into a cloud or not. We won’t even mention the UK govt’s experiences recently with Oracle…
See https://www.theregister.com/2024/04/04/uk_cddo_admits_cloud_spending_lock_issues_exclusive/
#Blog, #cloud, #technology, #UK, #vendorlockin
Early evening. Textures to float by, reshape, stretch, dissolve. A continuum. // 366skies
#366skies #outerworld #smartphonephotography #dresden #cloud_chasing
#cloud chasing
Nextinpact
Health Data Hub : Clever Cloud et d’autres acteurs saisissent le Conseil d’État
https://mcinformactions.net/health-data-hub-clever-cloud-et-d-autres-acteurs-saisissent-le-conseil-d-etat
#Cloud #Microsoft #Santé #ConseildEtat
#Microsoft #Security Breaches Rile U.S. #Government Customers
source: https://www.theinformation.com/articles/microsoft-security-breaches-rile-u-s-government-customers
Microsoft became the world’s biggest seller of cybersecurity software by bundling it with Office and Teams apps. But after a series of hacks exploited that software in the past year, several of Microsoft’s biggest customers are considering whether their reliance on Microsoft’s #software bundle puts their security at risk.
The clearest sign that Microsoft may face real consequences for its security lapses can be seen in #Washington. After the company disclosed last summer that Chinese hackers had broken into customers’ systems, including the U.S. State Department’s, the agency began to move its stored data into servers of other cloud providers such as #Amazon Web Services and #Google #Cloud, according to a technical adviser to the agency and an executive at one of the rival companies. And the agency has been discussing possible bigger cloud deals with those rivals, these people said.
#Clouds building in the western sky over Ottawa this afternoon, again due to a warm front coming. Rain is expected from this system, which is good as it will help wash all the salt away.
Git-Rotate: Leveraging #GitHub Actions to Bypass #Microsoft Entra Smart lockout
Source: https://research.aurainfosec.io/pentest/git-rotate/
Despite advancements in #cybersecurity, #password #spraying attacks remain a prevalent and effective technique for attackers attempting to gain unauthorised access to #cloud - based infrastructure and web applications by targeting their login portals. Password spraying involves attempting a small number of common passwords against a large number of usernames. This makes it difficult for #security systems to detect and mitigate as they often avoid common protections such as #account lockout policies by avoiding rapid or repeated login attempts for a single account. Attackers can easily obtain lists of commonly used passwords or use automated tools to generate potential passwords, increasing the likelihood of success.
