Microsoft Azure VMs exploited to infect users with botnet malware

Unsurprisingly, threat actors have started actively exploiting the critical Azure vulnerabilities, not long after they were publicly disclosed and patched by Microsoft in the recent September Patch Tuesday release.

BleepingComputer reports that the first attacks were spotted last week by security researcher Germán Fernández, before being confirmed by cybersecurity vendors GreyNoise and Bad Packets.

The four privilege escalation and remote code execution vulnerabilities were discovered in the Open Management Infrastructure (OMI) software agent, which is automatically deployed inside Linux virtual machines (VM) when users enable certain Azure services.

  • Protect your devices with these best antivirus software
  • Here’s our choice of the best malware removal software on the market
  • These are the best ransomware protection tools

However, in a surprising move, instead of patching all affected Azure services, Microsoft instead released an advisory stating that while it’ll update six of them, seven others must be updated by users themselves.

Capitalizing on laxity

The OMI vulnerabilities were discovered by researchers at Wiz, who estimate that they affect thousands of Azure customers, across millions of endpoints.

“With a single packet, an attacker can become root on a remote machine by simply removing the authentication header. It’s that simple,” shared Wiz researcher Nir Ohfeld, adding that one of the four vulnerabilities (tracked as CVE-2021-38647) could be exploited to target Azure.

No wonder then, GreyNoise is already tracking attackers scanning the internet for exposed Azure Linux VMs vulnerable to CVE-2021-38647 exploits.

Other security researchers, such as Kevin Beaumont have already had their vulnerable honeypots compromised with cryptominers.

In a bizarre twist, while Microsoft has patched the vulnerabilities, the company shared that it’s still in the process of rolling out the update for some of the compromisable services to its cloud customers.

“Customers must update vulnerable extensions for their Cloud and On-Premises deployments as the updates become available per schedule outlined in table below…” read Microsoft’s advisory – much to the chagrin of security researchers.

  • These are our options of the best DDoS protection services

Via BleepingComputer

Internet Explorer Channel Network
News Related

OTHER NEWS

DTAC shareholder Telenor vows to remain in Thailand

Mr Brekke reiterated that Asia is very quickly catching up with digital development. Telenor Group, the major shareholder in Total Access Communication Plc (DTAC), has expressed its commitment to long-term ... Read more »

Measures eyed to prevent 'unusually excessive' gains from land development: finance chief

SEOUL, Oct. 21 (Yonhap) — Finance Minister Hong Nam-ki said Thursday that the government will come up with measures to prevent and redeem what are deemed to be “unusually excessive” ... Read more »

Google is warning YouTube users to be safe from 'Cookie Theft'

Cybersecurity is a big issue that users grapple with and even though tech companies are making their platforms secure, some still fall prey to hackers’ malicious attempts. Phishing is one ... Read more »

Daewoo Shipbuilding grabs W232b order for 1 LNG carrier

This photo provided by Daewoo Shipbuilding & Marine Engineering Co.(DSME) on Sept. 14, 2021, shows a liquefied natural gas carrier built by the shipbuilder. (Shipbuilding & Marine Engineering Co.(DSME))Daewoo Shipbuilding ... Read more »

Daewoo Shipbuilding grabs 232 bln won order for 1 LNG carrier

By Nam Kwang-sik SEOUL, Oct. 21 (Yonhap) — Daewoo Shipbuilding & Marine Engineering Co. (DSME) said Thursday that it has bagged a 232.2 billion won (US$197.6 million) deal to build ... Read more »

These users can now run Android apps on Windows 11

Microsoft has officially announced that Android apps are now available to Windows 11 users who are part of the Windows Insider’s Beta channel. Surprisingly, the update is not available for ... Read more »

Trump's new social media platform, TRUTH Social, has an interface that looks an awful lot like Twitter's

Posts made on TRUTH Social, per its app mockup, appear bear some similarities to Twitter‘s user interface Screengrab/TRUTH Social App Store; Screengrab/Twitter App Store Trump's new social media platform, which ... Read more »

Lenovo launches Yoga Tab 11 ‘Tilt' and ‘Hang' modes at Rs 40,000

Lenovo Tab 11 has launched in the Indian market. The tablet expands Lenovo’s mid-range portfolio in the country. Unveiled in Europe earlier this year, Lenovo tablet runs on Android 11. ... Read more »

I'm Heaps Into This Silly Mouse With A Fan

Who needs a fan inside their mouse? No-one I would argue. And yet, I’ve become weirdly attached to Marsback’s bizarre creation. That’s the central hook of the Marsback Zephyr Pro, ... Read more »

Amazon app quiz October 21, 2021: Get answers to these five questions to win Rs 40,000 in Amazon Pay balance

Body: Win Rs 40,000 in your Amazon Pay balance today! You just have to answer 5 questions and a bit of luck. Amazon is back with its daily dose of ... Read more »

Samsung Heavy wins approval for storage tank, carrier for hydrogen transport

By Nam Kwang-sik SEOUL, Oct. 21 (Yonhap) — Samsung Heavy Industries Co. said Thursday it has won an approval in principle (AIP) for the conceptual design of a storage tank ... Read more »

S. Korea releases photo book on Dokdo's maritime ecosystem

SEOUL, Oct. 21 (Yonhap) — South Korea has published a pictorial book of the maritime ecosystem on and around Dokdo in the latest campaign to boost public awareness about the ... Read more »

How Season 3 of Succession Accurately Portrays ‘Real-Life Logan Roys'

Will Logan Roy be brought down after his son Kendall publicly blamed him for covering up a litany of rapes and sexual assaults in Waystar Royco’s cruise-ships division? That’s the ... Read more »

TRUTH Social: Donald Trump to launch social network, saying 'your favourite president has been silenced'

The former US president - who was banned from Twitter and Facebook earlier this year - says he plans to share his thoughts with the world on TRUTH Social. Read more »

Breakthrough Discovery Shows Vikings Were Active in North America 1,000 Years Ago

© Glenn Nagel Photography Reconstruction of a Viking building near L’Anse aux Meadows. New archaeological evidence has allowed scientists to refine the timeline for the Viking presence in North America. ... Read more »

S. Korea, Kazakhstan vow active push for economic cooperation projects

SEOUL, Oct. 21 (Yonhap) — South Korean Industry Minister Moon Sung-wook met with Kazakhstani Deputy Prime Minister Roman Sklyar on Thursday and discussed ways to push forward various joint economic ... Read more »

Doosan Heavy signs maintenance deal for UAE nuclear plant

By Nam Kwang-sik SEOUL, Oct. 21 (Yonhap) — South Korean power plant builder Doosan Heavy Industries & Construction Co. said Thursday it has signed a maintenance service deal for a ... Read more »

Posco Chemical Q3 net income up 496.6% to W40.9b

Posco (Yonhap)POSCO Chemical Co. on Thursday reported its third-quarter net income of 40.9 billion won ($34.8 million), up 496.6 percent from a year earlier. The company said in a regulatory ... Read more »

Is the Forza Horizon 5 Expansions Bundle DLC worth it?

© Provided by Windows Central Best answer: No, not for most Forza Horizon 5 players. Until FH5’s expansions are revealed, there’s just no way to tell whether or not the ... Read more »

POSCO Chemical Q3 net income up 496.6 pct. to 40.9 bln won

SEOUL, Oct. 21 (Yonhap) — POSCO Chemical Co. on Thursday reported its third-quarter net income of 40.9 billion won (US$34.8 million), up 496.6 percent from a year earlier. The company ... Read more »

Ask LH: Is Coffee Becoming More Expensive?

There has been some talk around the coffee community recently about the potential increase in coffee prices and this, understandably, has caffeine addicts spooked. Sorry to be the bearer of ... Read more »

NASA's Lucy asteroid probe settles into Earth-orbiting cruise as engineers tackle solar array glitch

Days after NASA’s new mission to a mysterious group of asteroids launched, spacecraft personnel continue battling an issue with one of the vehicle’s two massive solar arrays. © Provided by ... Read more »

Three spreadsheet tips to make beginners feel like pros

Let’s all come together and face it: spreadsheets can be scary. Sure, adding borders and painting cells different colors is easy, and maybe you even know how to use basic ... Read more »

Work It Out: What It's Really Like to Be a TV Writer in Australia

We all love watching TV, so doesn’t it sound like a dream to land a gig as a writer for your favourite show? The film and television industry is a ... Read more »

Naver's Q3 net up nearly 40% on pandemic-driven biz

Naver’s headquarters in Pangyo, Gyeonggi Province (Korea Herald DB)Naver Corp. said Thursday its net profit jumped 37.1 percent in the third quarter from a year earlier largely due to a ... Read more »

Exports rise 36 percent in first 20 days of Oct.

SEOUL, Oct. 21 (Yonhap) — South Korea’s exports rose 36.1 percent on-year in the first 20 days of October on the back of robust demand for chips, petroleum products and ... Read more »

New Relic appoints ex-Dell CTO as Chief Architect for APJ

Marelas has held senior roles at EMC, Telstra, Symantec, VERITAS Software and Storage Technologies. Read more »

STEPHEN GLOVER: How I pine for a Tory government

© Provided by Daily Mail MailOnline logo Wouldn’t it be wonderful if we had a real Tory government rather than the neo-Blairite confection that has been served up by Boris ... Read more »

The Google Pixel 6 release date is October 25 but its new wireless charger will be late

If you’ve been eager to pair your pre-ordered Google Pixel 6 or Google Pixel 6 Pro with the rumored revised Google Pixel Stand, rejoice: a listing for the 2nd Generation ... Read more »

Is the Forza Horizon 5 Welcome Pack DLC worth it?

© Provided by Windows Central Best answer: Yes, the Forza Horizon 5 Welcome Pack DLC is worth it as an affordable boost to your game start. This simple DLC provides ... Read more »

E-sports partnership formed to boost Thai tournaments

Tourism and Sports Minister Phiphat Ratchakitprakarn (centre) and Sports Authority of Thailand (SAT) governor Kongsak Yodmanee (the first from left) at the memorandum of understanding (MoU) signing ceremony with Garena ... Read more »

Assembly audit to have little impact on big tech firms' march into banking industry

Kakao CEO Yeo Min-soo, right, and Yoo Bong-seok, head of Naver’s media platform center, sit side by side as witnesses during an audit run by the National Assembly’s Agriculture, Food, ... Read more »

(LEAD) Naver's Q3 net up nearly 40 pct on pandemic-driven biz

(ATTN: RECASTS throughout with details; CHANGES headline; ADDS byline, photo)By Kim Han-joo SEOUL, Oct. 21 (Yonhap) — Naver Corp. said Thursday its net profit jumped 37.1 percent in the third ... Read more »

Extreme heat is a growing concern for doctors around the world

Extreme heat is a huge worry for doctors and public health experts around the world, and it’s steadily become a bigger problem over time, according to a sweeping new climate ... Read more »

You can now test a handful of Android apps on Windows 11

One of Windows 11‘s biggest features was omitted from the OS’ initial launch: the ability to run Android apps that you can install right from the Microsoft Store. That highly ... Read more »

The Orionid Meteor Shower Peaks Tonight, and Up to 20 Meteors Will Be Visible Per Hour

© Haitong Yu – Getty Images Look up—or you just might miss the peak of October’s meteor shower. The annual Orionid meteor shower is well underway and will be visible ... Read more »

All The Changes In FIFA 22's Ultimate Team

There are those who like to jump straight into a game of FIFA 22, and there are those who like to tinker. Arguably the most Ultimate form of tinkering comes ... Read more »

Two SIM swappers phished a phone company so they could steal $16K in crypto

Twenty-year-old Kyell Bryan of Pennsylvania has pleaded guilty to aggravated identity theft for a SIM swapping and cryptocurrency theft scheme, according to the United States Attorney’s Office of the District ... Read more »

Half of Britons ask questions online first over fear of judgment – poll

Half of Britons search online first for answers on certain topics before asking another person directly over fears of judgment or causing offence, according to a poll. Sexuality, gender identity ... Read more »

Smart speaker makers could face new rules to protect listener access to radio

Smart speaker makers such as Amazon and Apple could face new rules aimed at protecting listeners’ access to radio services, according to a Government report. The Government’s Digital Radio and ... Read more »
On free-english-test.com you will find lots of free English exam practice materials to help you improve your English skills: grammar, listening, reading, writing, ielts, toeic