Microsoft’s Azure cloud platform contains a severe security flaw that could allow malware execution, according to researchers from Vectra. The vulnerability exists in Azure Logs, ironically used for identifying malicious activity. Users can inject malicious data into logs, tricking applications into executing malware. Alternatively, CSV Injection could also introduce malware. The vulnerability can be executed unauthenticated, meaning attackers don’t need a cloud account. Fully patched Excel instances are reportedly immune to this issue.
Noodlophile Malware Campaign Expands Global Reach with Copyright Phishing Lures
The threat actors behind the Noodlophile malware are leveraging spear-phishing emails and updated delivery mechanisms to deploy the information stealer in attacks aimed at enterprises
