Microsoft’s Azure cloud platform contains a severe security flaw that could allow malware execution, according to researchers from Vectra. The vulnerability exists in Azure Logs, ironically used for identifying malicious activity. Users can inject malicious data into logs, tricking applications into executing malware. Alternatively, CSV Injection could also introduce malware. The vulnerability can be executed unauthenticated, meaning attackers don’t need a cloud account. Fully patched Excel instances are reportedly immune to this issue.
T-Mobile pays $16 million fine for three years’ worth of data breaches
T-Mobile has agreed to pay a $15.75 million fine and improve its security in a settlement over a series of data breaches over three years