Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Azure Service Tags Flaw Exposes Data

June 4, 2024
Reading Time: 3 mins read
in Alerts
Azure Service Tags Flaw Exposes Data

Security researchers at Tenable have uncovered a high-severity vulnerability in Azure Service Tags, which could allow attackers to access private data of customers. Azure Service Tags are collections of IP addresses for specific Azure services, used in firewall filtering and IP-based Access Control Lists (ACLs) to ensure network isolation and secure Azure resources. This flaw can enable threat actors to create malicious SSRF-like web requests, impersonating trusted Azure services to bypass firewall rules typically relied upon to protect sensitive data.

Tenable’s Liv Matan highlighted that attackers could exploit the “availability test” feature within the “classic test” or “standard test” functionalities to gain access to internal services and potentially expose internal APIs hosted on ports 80/443. By abusing the Application Insights Availability service’s tests feature, attackers can customize HTTP requests, add custom headers, and modify methods, increasing the threat to internal services. Despite the severity, Microsoft has no plans to issue a patch for this vulnerability, prompting a call for immediate action from Azure customers to review and follow the guidelines provided by MSRC.

The vulnerability’s impact extends beyond Application Insights, affecting at least ten other Azure services such as Azure DevOps, Azure Machine Learning, and Azure Logic Apps. To defend against potential attacks, Tenable recommends Azure customers implement additional authentication and authorization layers on top of the existing network controls based on Service Tags. This approach aims to safeguard assets from exposure, as relying solely on Service Tags for security is inadequate.

Microsoft, however, disagrees with Tenable’s characterization of the issue, stating that Azure Service Tags were not intended to be a security boundary but rather a routing mechanism alongside validation controls. They emphasized that Service Tags alone cannot secure traffic to a customer’s origin and do not replace the need for input validation to prevent web request vulnerabilities. Microsoft advises customers to adopt a layered network security approach, incorporating additional authorization and authentication checks to protect Azure service endpoints from unauthorized access.

Reference:
  • Critical Azure Service Tags Vulnerability Exposes Private Data to Attackers

Tags: AzureCyber AlertCyber Alerts 2024Cyber RiskCyber threatJune 2024MicrosoftTenable
ADVERTISEMENT

Related Posts

FIN6 Uses Fake Resumes To Hack Recruiters

FIN6 Uses Fake Resumes To Hack Recruiters

June 11, 2025
Microsoft Fixes Exploited WebDAV Zero Day

Microsoft Fixes Exploited WebDAV Zero Day

June 11, 2025
Fake Sora AI Lure Installs Infostealer

Fake Sora AI Lure Installs Infostealer

June 11, 2025
New Skitnet Malware Arms Ransomware Gangs

Google Bug Exposed Any User’s Phone Number

June 10, 2025
New Skitnet Malware Arms Ransomware Gangs

Roundcube RCE Flaw Risks 84,000 Servers

June 10, 2025
New Skitnet Malware Arms Ransomware Gangs

New Skitnet Malware Arms Ransomware Gangs

June 10, 2025

Latest Alerts

Fake Sora AI Lure Installs Infostealer

FIN6 Uses Fake Resumes To Hack Recruiters

Microsoft Fixes Exploited WebDAV Zero Day

Google Bug Exposed Any User’s Phone Number

Roundcube RCE Flaw Risks 84,000 Servers

New Skitnet Malware Arms Ransomware Gangs

Subscribe to our newsletter

    Latest Incidents

    BHA Hit By Ransomware But Races Continue

    Sompo Data Breach Puts 17.5M Records At Risk

    DDoS Disrupts Roularta Media In Belgium

    Texas DOT Breach Leaks 300K Crash Reports

    Illinois HFS Employee Phishing Leaks Data

    Cyberattack Disrupts UNFI Food Deliveries

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial