The new policy for Azure Storage, starting in August for new accounts, will be consistent that security precedent. For some reason, Microsoft isn't enforcing such a default change to existing ...

One problem: The link that was provided by Microsoft's AI team gave visitors complete access to the entire Azure storage account. And not only could visitors view everything in the account, they ...

The storage account wasn’t accessible directly, the researchers explained. Instead, Microsoft’s AI team generated a shared access signature token (SAS) that granted too many permissions.

A misconfigured link enabled public access to 38TB of Microsoft's confidential data from two employees' workstations, opening up the potential for injecting malicious code into Microsoft's AI models.

Abuse of shared key authorizations, a default on Azure storage accounts, could allow a threat actor to steal higher privileged access tokens, move laterally throughout the network, and execute ...

The SAS Account token permitted data sharing from Azure Storage accounts. However, rather than being limited to specific files, it was "configured to share the entire storage account," Wiz ...