Tenable Azure Service Tags Risk
Earlier this week, I was asked to comment on the recent disclosure by Tenable and the apparent risk around the usage of Azure Service tags.
Security researchers at Tenable have identified a high-severity vulnerability in Azure Service Tags, affecting over 10 Azure services. This flaw allows attackers to bypass firewall rules by mimicking trusted Azure services, potentially accessing internal APIs and data. Despite acknowledging the issue and awarding a bug bounty, Microsoft claims the tags work as intended and updated documentation instead of issuing a patch. Experts advise Azure users to review network rules, implement strong authentication, and monitor traffic to mitigate risks.
You can read further about this here.