#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Azure HDInsight | Breaking Cybersecurity News | The Hacker News

Experts Detail New Flaws in Azure HDInsight Spark, Kafka, and Hadoop Services

Experts Detail New Flaws in Azure HDInsight Spark, Kafka, and Hadoop Services

Feb 06, 2024 Vulnerability / Cloud Security
Three new security vulnerabilities have been discovered in Azure HDInsight's Apache  Hadoop ,  Kafka , and  Spark  services that could be exploited to achieve privilege escalation and a regular expression denial-of-service ( ReDoS ) condition. "The new vulnerabilities affect any authenticated user of Azure HDInsight services such as Apache Ambari and Apache Oozie," Orca security researcher Lidor Ben Shitrit  said  in a technical report shared with The Hacker News. The list of flaws is as follows - CVE-2023-36419  (CVSS score: 8.8) - Azure HDInsight Apache Oozie Workflow Scheduler XML External Entity (XXE) Injection Elevation of Privilege Vulnerability CVE-2023-38156  (CVSS score: 7.2) - Azure HDInsight Apache Ambari Java Database Connectivity (JDBC) Injection Elevation of Privilege Vulnerability Azure HDInsight Apache Oozie Regular Expression Denial-of-Service (ReDoS) Vulnerability (no CVE) The two privilege escalation flaws could be exploited by an authenticate
Microsoft Chooses Ubuntu Linux for their Cloud-based Azure HDInsight Big Data Solution

Microsoft Chooses Ubuntu Linux for their Cloud-based Azure HDInsight Big Data Solution

Sep 30, 2015
Earlier this month, Microsoft surprised us all with the announcement that they built a Linux kernel-based operating system, Azure Cloud Switch (ACS) , for developing software products for Network Devices. Now, Microsoft just announced that they have selected Ubuntu as the operating system for their Cloud-based Big Data services. Yes, Microsoft needs Linux. To expand its Azure Data Lake project, that makes Big Data processing and Analytics simpler and more accessible, Microsoft has partnered with Hortonworks and Canonical to launch " Azure HDInsight " for Linux users. Azure HDInsight is a Hadoop-based Big Data solution powered by Cloud that is now also available for Ubuntu, along with Windows OS. By offering both Windows and Linux clusters, Microsoft's fulfills its aim to enhance its own cross-platform aspirations that will accelerate a move towards Hybrid Cloud Computing . " The collaboration between Microsoft and Canonical to create the option to run Azur
SaaS Compliance through the NIST Cybersecurity Framework

SaaS Compliance through the NIST Cybersecurity Framework

Feb 20, 2024Cybersecurity Framework / SaaS Security
The US National Institute of Standards and Technology (NIST) cybersecurity framework is one of the world's most important guidelines for securing networks. It can be applied to any number of applications, including SaaS.  One of the challenges facing those tasked with securing SaaS applications is the different settings found in each application. It makes it difficult to develop a configuration policy that will apply to an HR app that manages employees, a marketing app that manages content, and an R&D app that manages software versions, all while aligning with NIST compliance standards.  However, there are several settings that can be applied to nearly every app in the SaaS stack. In this article, we'll explore some universal configurations, explain why they are important, and guide you in setting them in a way that improves your SaaS apps' security posture.  Start with Admins Role-based access control (RBAC) is a key to NIST adherence and should be applied to every SaaS a
Cybersecurity Resources