As businesses are increasingly migrating to the cloud, securing the infrastructure has never been more important.

Now according to the latest research, two security flaws in Microsoft’s Azure App Services could have enabled a bad actor to carry out server-side request forgery (SSRF) attacks or execute arbitrary code and take over the administration server.

"This enables an attacker to quietly take over the App Service’s git server, or implant malicious phishing pages accessible through Azure Portal to target system administrators," cybersecurity firm Intezer said in a report published today and shared with The Hacker News.

Discovered by Paul Litvak of Intezer Labs, the flaws were reported to Microsoft in June, after which the company subsequently addressed them.

https://thehackernews.com/2020/10/microsoft-azure-vulnerability.html

A team of five security researchers analyzed several Apple online services for three months and found as many as 55 vulnerabilities, 11 of which are critical in severity.

The flaws — including 29 high severity, 13 medium severity, and 2 low severity vulnerabilities — could have allowed an attacker to "fully compromise both customer and employee applications, launch a worm capable of automatically taking over a victim’s iCloud account, retrieve source code for internal Apple projects, fully compromise an industrial control warehouse software used by Apple, and take over the sessions of Apple employees with the capability of accessing management tools and sensitive resources."

The flaws meant a bad actor could easily hijack a user’s iCloud account and steal all the photos, calendar information, videos, and documents, in addition to forwarding the same exploit to all of their contacts.

The findings were reported by Sam Curry along with Brett Buerhaus, Ben Sadeghipour, Samuel Erb, and Tanner Barnes over a three month period between July and September.

https://thehackernews.com/2020/10/apple-security.html

Google has changed how a core component of the Chrome browser works in order to add additional privacy protections for its users.

Known as the HTTP Cache or the Shared Cache, this Chrome component works by saving copies of resources loaded on a web page, such as images, CSS files, and JavaScript files.

https://www.zdnet.com/article/chrome-changes-how-its-cache-system-works-to-improve-privacy/