app-subdomain-redirection:microsoft-azure

Microsoft fixes a serious vulnerability in one of its AI services

Microsoft has fixed a serious vulnerability in Azure Health Bot Service, an AI-powered tool that allows developers to create and deploy virtual health assistants. This flaw, identified by Tenable, a cybersecurity firm, put the integrity of patients’ confidential data at risk, as it allowed malicious actors to laterally move through the IT infrastructure of healthcare organizations.

Microsoft Azure DOWNLOAD

Azure Health Bot Service is designed to help healthcare organizations reduce costs and improve efficiency, without compromising compliance with regulations. However, when working with a large amount of sensitive information, data security becomes a crucial aspect. Tenable decided to analyze how the chatbot manages the workload and discovered a series of flaws in a function known as “Data Connections,” designed to extract data from other services.

Although this tool has built-in safeguards to block unauthorized access to internal APIs, researchers managed to bypass these protections using a technical approach: they set up an external host controlled by them and used it to issue targeted 301 redirect responses to the Azure Metadata Service (IMDS).

This maneuver allowed them to obtain a valid metadata response, which contained an access token to management.azure.com. With this token, they were able to access a list of all available subscriptions, thus exposing potentially sensitive information.

The experts at Tenable, who reported these findings to Microsoft a few months ago, emphasized that the vulnerability found was not due to flaws in the AI models, but in the underlying architecture of the AI chatbot service. After becoming aware of it, Microsoft acted quickly and patched the vulnerability in all affected regions. So far, no evidence has been found that this vulnerability has been exploited in real environments, suggesting that the corrective measures were effective and timely.

Microsoft Azure DOWNLOAD

Microsoft will use AI to combat phone scams

Microsoft is working on a new service called Azure Operator Call Protection that analyzes real-time conversations and can alert the user if the caller seems suspicious. This technology, which uses AI, could be very useful in preventing phone scams.

Microsoft Azure DOWNLOAD

According to CNET, Microsoft has been testing the program with BT Group and is showcasing how the technology works at the Mobile World Congress conference in Barcelona. The announcement comes at a time when spam calls continue to be a persistent problem. In a study analyzing 98 billion phone calls worldwide, the Hiya platform found that the average user receives about 14 spam calls per month.

Azure Operator Call Protection, which uses AI to detect signals that a call may be fraudulent throughout a conversation, is a service that Microsoft will offer as an option to mobile operators for their subscribers. According to Shawn Hakl, Vice President of 5G Strategy for Microsoft’s Azure for Operators program, these indicators could include language that encourages the recipient to provide confidential information over the phone.

“The good news is that this also reinforces the good practices that people usually overlook,” said Hakl. Among the most common scams are fake calls pretending to be from Amazon, insurance providers, and credit card companies, as well as scammers trying to deceive the user into providing Medicare information, according to Hiya. Hakl also states that the AI model will evolve over time as new types of threats emerge.

Microsoft Azure DOWNLOAD

The introduction of Azure Operator Call Protection could be a major inconvenience for wrongdoers who want to use AI to carry out their phone scams. Recently, the Federal Communications Commission of the United States took strong action against automated calls (robocalls) by considering fraudulent calls made with artificially generated voices to be illegal.

Microsoft Azure suffers the biggest security breach in its history

Hundreds of Azure accounts, Microsoft’s cloud service, would have been compromised in a security breach that has exposed critical user data. The cyberattack, which has affected multiple environments, targeted top executives of large companies.

Microsoft Azure DOWNLOAD

According to the cybersecurity company Proofpoint, the hacking uses the same malicious campaign detected in November 2023, which integrates credential theft through phishing methods and cloud account takeover (CTO). This would help attackers gain access to OfficeHome and, at the same time, to Microsoft 365 applications.

The hackers allegedly used proxy services to bypass geographical restrictions and mask their true location. To carry out the attack, the cybercriminals embedded links in the documents that redirected users to phishing websites. These links often had the anchor text “View document,” which did not raise suspicions.

The attack was meticulously planned and targeted both mid-level and senior employees, although more accounts belonging to the former were compromised. According to Proofpoint, positions such as sales directors, account managers, financial directors, operations vice presidents, financial directors, presidents, and CEOs were the most common targets. This allowed the attackers to access information across the organization’s levels and domains.

In this type of attacks, once the account is compromised, cybercriminals deploy their own MFA (multifactor authentication) to prolong access, for example by adding an alternate mobile number or setting up an authentication app so that the user cannot regain access. In addition, attackers remove all evidence of suspicious activity to erase their tracks.

Microsoft Azure DOWNLOAD

The objective of these cyber attacks is data theft and the commission of financial fraud. Although there is currently no clear evidence to identify the authors of the attacks, it is believed that they originated in Russia and Nigeria, based on the use of local fixed-line ISPs in these regions.