Kowatek Solar LTD
50MW CSP pilot in Hami breaks another generation record with 1,167.6 MWh in 24 hours
17:56
50MW CSP pilot in Hami breaks another generation record with 1,167.6 MWh in 24 hours
Oregon’s POWER Act is the first of its kind to protect Oregonians’ utility bills from data center growth
17:54
Oregon’s POWER Act is the first of its kind to protect Oregonians’ utility bills from data center growth
Fox ESS Seems Good Value, But Watch Out For The Shonks
17:52
Fox ESS Seems Good Value, But Watch Out For The Shonks
‘Time to prove its potential’: Gresham House UK BESS fund at a crossroads
17:52
‘Time to prove its potential’: Gresham House UK BESS fund at a crossroads
Hungary’s green reset: what to expect from the post-Orbán era
17:51
Hungary’s green reset: what to expect from the post-Orbán era
California — Lowest Wholesale Electricity Prices in USA
17:48
California — Lowest Wholesale Electricity Prices in USA
Could waste brine from desalination plants help make steel greener?
18:20
Could waste brine from desalination plants help make steel greener?
Australia awards 7.8GW of renewable energy under CIS Tender 7
08:42
Australia awards 7.8GW of renewable energy under CIS Tender 7
Addressing BESS safety and community opposition
04:31
Addressing BESS safety and community opposition
California group completes water-saving pilot for Project Nexus
14:28
California group completes water-saving pilot for Project Nexus

Researchers Uncover XSS Vulnerabilities in Azure Services

Cybersecurity experts at Orca Security have identified two critical cross-site scripting (XSS) vulnerabilities in Microsoft Azure services.

The flaw exploited a weakness in the postMessage iframe that could expose Azure users to a potential security breach.

This vulnerability was found in two commonly used services in the Azure ecosystem: Azure Bastion and Azure Container Registry.

“Despite some security enhancements in Azure to mitigate the postMessage iframe XSS vulnerability, we were able to discover two Azure services that could exploit this vulnerability: Azure Bastion and Azure Container Registry. ,” Orca said in a report released today.

The first was mishandling of the postMessage handler, which allowed the attacker to exploit three different postMessage cases.

By sending a specially crafted postMessage, an attacker could execute malicious script and compromise user sessions or sensitive data.

Meanwhile, a flaw in Azure Container Registry allowed attackers to inject and execute arbitrary scripts within the context of the container registry.

This could be used to manipulate the behavior of the affected web application to steal sensitive information or perform unauthorized operations.

“This vulnerability allows unauthorized access to a victim’s session within a compromised Azure service iframe, potentially leading to serious consequences such as unauthorized data access, unauthorized modification, and disruption of the Azure service iframe. there is,” writes Orca.

XSS Attack Details: ConnectWise fixes XSS vulnerability that could lead to remote code execution

The company immediately reported this vulnerability to Microsoft. “We discovered these vulnerabilities and immediately notified the Microsoft Security Response Center (MSRC), who were able to reproduce the issue.”

“Both vulnerabilities are now fixed and verified, and no further action is required from Azure users,” the report states.

The publication of this document comes three months after Orca Security published information about another flaw in Microsoft’s Azure Service Fabric Explorer (SFX) called “Super FabriXss”.

Editorial image credit: Postmodern Studio / Shutterstock.com

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Address:
 091, Peace Plaza, Asaba, Delta State.
216 DBS Road, Asaba, Delta State.
Start a conversation:

Follow Us Social Media

Facebook Twitter Youtube Instagram

All Rights Reserved. Kowatek Blog by IWUCHI

Home | About Us | Disclaimer | Privacy Policy | Contact Us