Azure HDInsight | Breaking Cybersecurity News | The Hacker News

Three new security vulnerabilities have been discovered in Azure HDInsight's Apache  Hadoop ,  Kafka , and  Spark  services that could be exploited to achieve privilege escalation and a regular expression denial-of-service ( ReDoS ) condition. "The new vulnerabilities affect any authenticated user of Azure HDInsight services such as Apache Ambari and Apache Oozie," Orca security researcher Lidor Ben Shitrit  said  in a technical report shared with The Hacker News. The list of flaws is as follows - CVE-2023-36419  (CVSS score: 8.8) - Azure HDInsight Apache Oozie Workflow Scheduler XML External Entity (XXE) Injection Elevation of Privilege Vulnerability CVE-2023-38156  (CVSS score: 7.2) - Azure HDInsight Apache Ambari Java Database Connectivity (JDBC) Injection Elevation of Privilege Vulnerability Azure HDInsight Apache Oozie Regular Expression Denial-of-Service (ReDoS) Vulnerability (no CVE) The two privilege escalation flaws could be exp...

Earlier this month, Microsoft surprised us all with the announcement that they built a Linux kernel-based operating system, Azure Cloud Switch (ACS) , for developing software products for Network Devices. Now, Microsoft just announced that they have selected Ubuntu as the operating system for their Cloud-based Big Data services. Yes, Microsoft needs Linux. To expand its Azure Data Lake project, that makes Big Data processing and Analytics simpler and more accessible, Microsoft has partnered with Hortonworks and Canonical to launch " Azure HDInsight " for Linux users. Azure HDInsight is a Hadoop-based Big Data solution powered by Cloud that is now also available for Ubuntu, along with Windows OS. By offering both Windows and Linux clusters, Microsoft's fulfills its aim to enhance its own cross-platform aspirations that will accelerate a move towards Hybrid Cloud Computing . " The collaboration between Microsoft and Canonical to create the option to run Azur...

Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...