AzureTracksJan 19
Predictive Shielding FTW! Defender XDR now anticipates attacker moves and hardens paths proactively. Enable it for cross-cloud protection. #ThreatIntelligence #AzureSecurity
SparrowDec 30
Azure's OpenAI from 2021 until almost the end of 2023 was allowed to actually use your data for training, even if they said it wasn't, including in a GCC environment (Government Cloud Computing). So yes, OpenAI effectively has gigabytes worth of classified information that you can just ask for due to companies like Ask Sage. Crazy how OpenAI gets rewarded for this, while whistleblowers get hunted down.
#openai #AI #AzureSecurity #azure
Petrus VaseniusDec 21

I wrote a new blog post based on my talk on #CloudBrew2025.

https://vasenius.fi/how-to-secure-ai-services-to-comply-with-eu-ai-act-in-azure/

#AISecurity #EUAIAct #AzureSecurity

How To Secure AI Services to comply with EU AI Act in Azure - The Security Everywhere

Context: I held a talk with the same topic in CloudBrew 2025 in Belgium, about this subject and now I […]

The Security Everywhere
KatosNov 23

New blog post live for my Sentinel Saturday series!   
Read the blog 👉 https://marshsecurity.org/sentinel-saturday-using-tasks-with-automation/

In this post, I explore the power of using Microsoft Sentinel Tasks as part of your automation workflows.

Most teams aren’t getting the full #value out of Tasks in Microsoft Sentinel. Are you? When you combine Sentinel Tasks with automation, they become a game-changer.

- Auto-create tasks when automation fails (so nothing slips through the cracks)
- Auto-complete tasks when automation succeeds
- Use tasks to verify automation outcomes
- Build engineering feedback loops and automation #QA

Read the blog 👉 https://marshsecurity.org/sentinel-saturday-using-tasks-with-automation/

#MicrosoftSentinel #SentinelAutomation #CyberSecurity #SOCAutomation
#CloudSecurity #AzureSecurity #SIEM #SecOps #Automation #InfoSec
#CyberSecurityCommunity #BlueTeam #ThreatDetection #SecurityEngineering #SecurityOperations

Offensive SequenceOct 30
🛡️ CVE-2025-12479 (CRITICAL, CVSS 10): Azure Access BLU-IC2/IC4 (≤1.19.5) lack CSRF tokens, allowing full remote compromise—no patch yet. Apply WAFs, enforce header checks, and restrict access. https://radar.offseq.com/threat/cve-2025-12479-cwe-352-cross-site-request-forgery--adbd5512 #OffSeq #Vuln #CSRF #AzureSecurity
Offensive SequenceOct 29
🚨 CRITICAL: CVE-2025-12423 (CVSS 10) in Azure BLU-IC2 & IC4 (≤1.19.5) allows remote DoS via protocol manipulation (CWE-248). No patch yet—apply filtering, segment networks, and monitor logs. Stay proactive! https://radar.offseq.com/threat/cve-2025-12423-cwe-248-uncaught-exception-in-azure-9b7c3217 #OffSeq #AzureSecurity #CVE2025 #BlueTeam
Offensive SequenceOct 29
🔴 CVE-2025-12424 (CRITICAL): Azure Access BLU-IC2 & BLU-IC4 (≤1.19.5) affected by SUID-bit privilege escalation flaw. No patch yet — restrict & monitor SUID binaries now to prevent full compromise. Details: https://radar.offseq.com/threat/cve-2025-12424-cwe-269-improper-privilege-manageme-ac110a5f #OffSeq #AzureSecurity #CVE #UnixSec
WinbuzzerOct 23

Microsoft Warns of Escalating Attacks on Azure Blob Storage, Urges Tighter Security

#Azure #Cybersecurity #Microsoft #CloudSecurity #InfoSec #DataBreach #ThreatIntel #Cloud #MicrosoftAzure #DevSecOps #AzureSecurity

https://winbuzzer.com/2025/10/23/microsoft-warns-of-escalating-attacks-on-azure-blob-storage-urges-tighter-security-xcxwbn

Petrus VaseniusMay 20, 2025

I wrote a brief Playbook, how to get started with securing the Azure AI Service's in your environment. Azure AI services provides multiple layers of security that you should consider when implementing a solution, which I present in this blog post:

https://vasenius.fi/example-playbook-to-secure-your-azure-ai-services/

#AISecurity #AzureAIServices #AzureSecurity

Example Playbook to secure your Azure AI Services - The Security Everywhere

AI and AI security are currently hot topics, and I’d like to share some key insights—particularly around securing Azure AI […]

The Security Everywhere
The DefendOps DiariesApr 22, 2025

A seemingly harmless Chrome extension can now hijack your digital keys—stealing Azure session cookies and bypassing MFA. Curious how this stealthy Cookie-Bite attack works and what you can do to stay secure?

https://thedefendopsdiaries.com/understanding-and-mitigating-the-cookie-bite-attack/

#cookiebiteattack
#azuresecurity
#sessioncookies
#cyberthreats
#microsoft365security