The Azure B2C service from Microsoft had a cryptographic flaw that allowed an attacker to create an OAuth refresh token with the contents for any user account. This vulnerability was reported to Microsoft by Praetorian in March 2021 and July 2022. Microsoft applied two changes in December 2022 and F.. read more  

This two-part blog series explores how the security of Visual Studio Code (VSCode) extensions can lead to the compromise of a user’s local machine, demonstrating vulnerabilities in Microsoft’s SARIF viewer and Live Preview extensions. The author discovered a high-severity bug in both extensions tha.. read more  

GitHub Code Scanning is a feature that helps identify vulnerabilities in code. To set it up, go to the repository settings and click on "Code security and analysis" and then "Code scanning". After the analysis is complete, any findings will be displayed next to the security link at the top of the .. read more  

Cloud native security is indeed becoming increasingly crucial as more organizations move to the cloud, and open-source software is more widely used. The following three key areas will be vital in 2023, and beyond: eBPF: The programmability of the Linux kernel, made possible by eBPF, has enabled a n.. read more  

In this article, Mark Fairlie provides a comparison of two leading Infrastructure as a Service providers, Amazon Web Services and Microsoft Azure. The article coversa comprehensive list of services offered by both companies, including app modernization, compute, gaming, data analytics, migration, n.. read more  

In this article, Pamela Fox, a Microsoft Cloud Advocate, shares her experience of porting her old Google App Engine apps to Azure and hosting them on a personal Azure account. She compares the costs of hosting two low-traffic websites, pamelafox.org and translationtelephone.com, on Azure Container .. read more  

This blog post discusses how Azure Policy for Kubernetes, deployed as part of Defender for Containers, can be used to manage policies for Kubernetes clusters. The blog explains how the Azure Policy for Kubernetes leverages Gatekeeper with Open Policy Agent (OPA) to ensure that cluster configurations.. read more  

In summary: 1) Azure Files share with SMB and NFS protocols allows you to pay only for what you use, unlike GCP's Filestore which requires provisioning with a minimum size of 1TB for HDD and 2.5TB for SSD, making it expensive for storing few GBs. 2) Azure Policy offers built-in policies for regula.. read more  

David Heinemeier Hansson, co-founder of Basecamp and creator of Ruby on Rails, shared in an article that his company is planning to fully exit the cloud by the end of the summer and expects to save about $7 million in server expenses over the next five years by doing so. He explained thatthey spent.. read more