TCP/IP

Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability

Since early October 2023, Microsoft has observed two North Korean nation-state threat actors – Diamond Sleet and Onyx Sleet – exploiting CVE-2023-42793, a remote-code execution vulnerability affecting multiple versions of JetBrains TeamCity server. TeamCity is a continuous integration/continuous deployment (CI/CD) application used by organizations for DevOps and other software development activities. In past operations, Diamond …

Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability Continue Reading

Microsoft Entra Internet Access: An Identity-Centric Secure Web Gateway Solution

In our previous blog, we introduced Microsoft’s identity-centric security service edge (SSE) solution and two new services: Microsoft Entra Private Access and Microsoft Entra Internet Access. This blog continues the series around Microsoft’s new SSE solution, where we’ll take a deeper look into the Microsoft Entra Internet Access, currently in public preview for Microsoft 365 …

Microsoft Entra Internet Access: An Identity-Centric Secure Web Gateway Solution Continue Reading

AKS Egress Traffic demystified

AKS Egress Traffic with Load Balancer, NAT Gateway, and User Defined Route Introduction Welcome to this lab where we will explore the different outbound types in Azure Kubernetes Service (AKS). Outbound traffic refers to the network traffic that originates from a pod or node in a cluster and is destined for external destinations. Outbound traffic …

AKS Egress Traffic demystified Continue Reading

Microsoft Entra Private Access: An Identity-Centric Zero Trust Network Access Solution

On July 11, 2023, we introduced Microsoft’s identity-centric security service edge (SSE) solution and two new services: Microsoft Entra Private Access and Microsoft Entra Internet Access, which are now in public preview. In this blog, we take a deeper look into Microsoft Entra Private Access.  Figure 1: Traditional network security stacks and legacy VPNs are …

Microsoft Entra Private Access: An Identity-Centric Zero Trust Network Access Solution Continue Reading

Flax Typhoon using legitimate software to quietly access Taiwanese organizations

Summary Microsoft has identified a nation-state activity group tracked as Flax Typhoon, based in China, that is targeting dozens of organizations in Taiwan with the likely intention of performing espionage. Flax Typhoon gains and maintains long-term access to Taiwanese organizations’ networks with minimal use of malware, relying on tools built into the operating system, along …

Flax Typhoon using legitimate software to quietly access Taiwanese organizations Continue Reading

Multiple high severity vulnerabilities in CODESYS V3 SDK could lead to RCE or DoS 

Microsoft’s cyberphysical system researchers recently identified multiple high-severity vulnerabilities in the CODESYS V3 software development kit (SDK), a software development environment widely used to program and engineer programmable logic controllers (PLCs). Exploitation of the discovered vulnerabilities, which affect all versions of CODESYS V3 prior to version 3.5.19.0, could put operational technology (OT) infrastructure at risk …

Multiple high severity vulnerabilities in CODESYS V3 SDK could lead to RCE or DoS  Continue Reading

Common Network Device Enrollment Service (NDES) configuration wizard failures

Hey all! Rob Greene here. We see cases around Network Device Enrollment Service (NDES) failing to successfully complete. Please keep in mind that you can get these error messages outside of NDES installation, however we are not going to be covering those errors within this blog.  This blog is going to concentrate on the assumption …

Common Network Device Enrollment Service (NDES) configuration wizard failures Continue Reading

Microsoft Entra Expands into Security Service Edge with Two New Offerings

Flexible work arrangements and accelerating digital transformation changed the way we secure access. Traditional network security approaches just don’t scale to modern demands. They not only hurt end user experience but also grant each user excessive access to the entire corporate network. All it takes is one compromised user account, infected device, or open port …

Microsoft Entra Expands into Security Service Edge with Two New Offerings Continue Reading