Gaps in Azure Service Fabric\u2019s Security Call for User Vigilance<\/title> <link href=\"https:\/\/fonts.googleapis.com\/css?family=Open+Sans:300,300i,400,400i,600\" rel=\"stylesheet\">\n<link href=\"\/\/customer.cludo.com\/css\/296\/1798\/cludo-search.min.css\" type=\"text\/css\" rel=\"stylesheet\"> <link rel=\"stylesheet\" href=\"\/etc.clientlibs\/trendresearch\/clientlibs\/clientlib-trendresearch.min.css\" type=\"text\/css\">\n<link rel=\"stylesheet\" href=\"\/etc.clientlibs\/trendmicro\/clientlibs\/trendmicro-core-2\/clientlibs\/header-footer.min.css\" type=\"text\/css\"> <meta property=\"og:url\" content=\"https:\/\/www.trendmicro.com\/en_us\/research\/23\/f\/gaps-in-azure-service-fabric-s-security-call-for-user-vigilance.html\"><br \/>\n<meta property=\"og:title\" content=\"Gaps in Azure Service Fabric\u2019s Security Call for User Vigilance\"><br \/>\n<meta property=\"og:site_name\" content=\"Trend Micro\"><br \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/f\/gaps-in-azure-service-fabric%E2%80%99s-security-call-for-user-vigilance\/ServiceFabricSecurity-Header.jpg\"><br \/>\n<meta property=\"og:locale\" content=\"en_US\"> <meta name=\"twitter:card\" content=\"summary_large_image\"><br \/>\n<meta name=\"twitter:site\" content=\"@TrendMicro\"><br \/>\n<meta name=\"twitter:title\" content=\"Gaps in Azure Service Fabric\u2019s Security Call for User Vigilance\"><br \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/f\/gaps-in-azure-service-fabric%E2%80%99s-security-call-for-user-vigilance\/ServiceFabricSecurity-Header.jpg\"> <\/head> <body class=\"articlepage page basicpage context-business\" id=\"readabilityBody\" readability=\"50.139562389119\">  <a id=\"page-scroll\" title=\"VerticalPageScroll\" href=\"javascript:jumpScroll($(this).scrollTop());\"> <span class=\"icon-chevron-up\"><\/span> <\/a>  <\/p>\n<div class=\"root responsivegrid\">\n<div class=\"aem-Grid aem-Grid--12 aem-Grid--default--12 \">\n<div class=\"articleBodyNoHero aem-GridColumn aem-GridColumn--default--12\">\n<div class=\"research-layout article container\" role=\"contentinfo\">\n<article class=\"research-layout--wrapper row\" data-article-pageid=\"1224491497\">\n<div class=\"col-xs-12 col-md-12 one-column\">\n<div class=\"col-xs-12 col-md-12\" readability=\"10.246648793566\">\n<div class=\"article-details\" role=\"heading\" readability=\"40.01072386059\"> <span class=\"article-details__bar\" role=\"img\"><\/span> <\/p>\n<p class=\"article-details__display-tag\">Cloud<\/p>\n<p class=\"article-details__description\">In this blog post, we discuss different configuration scenarios that may lead to security issues with Azure Service Fabric, a distributed platform for deploying, managing, and scaling microservices and container applications. <\/p>\n<p class=\"article-details__author-by\">By: David Fiser <time class=\"article-details__date\">June 21, 2023<\/time> <span>Read time: <\/span><span class=\"eta\"><\/span> (<span class=\"words\"><\/span> words) <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<hr class=\"research-layout-divider\"> <main class=\"main--content col-xs-12 col-lg-8 col-lg-push-2\"> <\/p>\n<div class=\"richText\" readability=\"42.916725476359\">\n<div readability=\"31.570924488356\">\n<p>Besides being known for deployment of containerized applications, many also know Kubernetes for container orchestration. However, it\u2019s not the only platform that offers this service in the market. In this blog post, we will focus on Service Fabric, an orchestrator developed by Microsoft and available as a service inside the Azure cloud. As with our previous <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/virtualization-and-cloud\/the-basics-of-keeping-your-kubernetes-cluster-secure-part-1\" target=\"_blank\" rel=\"noopener\">posts on Kubernetes<\/a>, we will look into different configuration scenarios that may lead to security issues with this service.<\/p>\n<p>Azure Service Fabric is a distributed platform for deploying, managing, and scaling microservices and container applications. It is available for Windows and Linux platforms, providing multiple options for application deployment. Azure offers two types of Service Fabric services: managed and not managed. Service Fabric\u2019s managed service puts the responsibility for the configuration and maintenance of nodes on the cloud service provider. With a traditional cluster, the user must maintain the nodes on their own; they are responsible for its proper configuration and deployment settings.<\/p>\n<p>Service Fabric uses virtual machines (VMs) as cluster nodes that are running Docker as a container engine, together with Service Fabric-related services (Figure 1). The deployed applications are executed inside a container. In this entry, we will focus on the implementation of Service Fabric on the Linux operating system, Ubuntu 18.04.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div>\n<div class=\"richText\" readability=\"31\">\n<div readability=\"7\">\n<p><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/f\/gaps-in-azure-service-fabric%E2%80%99s-security-call-for-user-vigilance\/ServiceFabricSecurity-Figure1.png\"><br \/><span class=\"rte-icon-component-text\">Figure 1. A simplified diagram of Service Fabric\u2019s cluster deployment<\/span><\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"richText\" readability=\"32\">\n<div readability=\"9\">\n<p>Creating a Service Fabric cluster (Figure 2) requires a username and password, among other fields. These credentials are used to access a node.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"richText\" readability=\"31\">\n<div readability=\"7\">\n<p><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/f\/gaps-in-azure-service-fabric%E2%80%99s-security-call-for-user-vigilance\/ServiceFabricSecurity-Figure2.png\"><br \/><span class=\"rte-icon-component-text\">Figure 2. Cluster creation step<\/span><\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"richText\" readability=\"28.523872679045\">\n<div readability=\"10.2175066313\">\n<h4>Deploying applications<\/h4>\n<p>A script generated using <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/service-fabric\/service-fabric-cli\" target=\"_blank\" rel=\"noopener\">Service Fabric\u2019s official command-line interface (CLI)<\/a> is used for application deployment. The configuration itself is saved inside <i>ServiceManifest<\/i> and <i>ApplicationManifest<\/i> XML files. This could include a repository of credentials for getting data like container images, port exposure settings, and isolation modes (Figure 3). <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"richText\" readability=\"31\">\n<div readability=\"7\">\n<p><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/f\/gaps-in-azure-service-fabric%E2%80%99s-security-call-for-user-vigilance\/ServiceFabricSecurity-Figure3.png\"><br \/><span class=\"rte-icon-component-text\">Figure 3. Registry credentials within the container deployment configuration<\/span><\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"richText\" readability=\"46.548269581056\">\n<div readability=\"39.1985428051\">\n<h4>Client certificate<\/h4>\n<p>To establish communication with the cluster, a user must authenticate using a client certificate that is generated for the cluster. This certificate is used for accessing the dashboard and deploying CLI applications. It is essential to ensure confidentiality of this certificate, as its exposure would compromise the full cluster.<\/p>\n<p>To model threat scenarios, we simulated a user code vulnerability that compromises the container and spawns a reverse shell. This can be considered a simulation of lateral movement that potential attackers could perform. Following a security mindset with <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/definition\/zero-trust\" target=\"_blank\" rel=\"noopener\">Zero Trust<\/a> policies and an Assume Breach paradigm, we should emphasize quoted paragraph from <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/service-fabric\/service-fabric-best-practices-security\" target=\"_blank\" rel=\"noopener\">Azure\u2019s documentation<\/a>:<\/p>\n<p><span class=\"blockquote\">\u201c<i>A Service Fabric cluster is single tenant by design and hosted applications are considered trusted. Applications are, therefore, granted access to the Service Fabric runtime, which manifests in different forms, some of which are: environment variables pointing to file paths on the host corresponding to application and Fabric files, host paths mounted with write access onto container workloads, an inter-process communication endpoint which accepts application-specific requests, and the client certificate which Fabric expects the application to use to authenticate itself.\u201d<\/i><\/span><\/p>\n<p>This, of course, contradicts the Assume Breach paradigm. The presence of sensitive information was confirmed: During our container environment analysis, we noticed the presence of several read-only mounts containing readable information about the cluster, one of which included credentials used to log into the container registry (Figure 4).<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"richText\" readability=\"31.5\">\n<div readability=\"8\">\n<p><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/f\/gaps-in-azure-service-fabric%E2%80%99s-security-call-for-user-vigilance\/ServiceFabricSecurity-Figure4.png\"> <span class=\"rte-icon-component-text\">Figure 4. Container registry credentials that were among the information leaked when using process isolation<\/span><\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"richText\" readability=\"35.994722955145\">\n<div readability=\"19.891820580475\">\n<p>Notably, the selected isolation used for container deployment was the default process isolation and no mitigation policies were applied, as we were relying on minimal default settings. This credentials leak would provide us with access to the linked private container repository; it would enable us to pull all of the container images present, or update the packages and compromise services. Hence, this scenario will be dependent <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/container-registry\/container-registry-roles?tabs=azure-cli\" target=\"_blank\" rel=\"noopener\">on user roles and permissions settings<\/a> within the linked container registry.<\/p>\n<p>After these initial findings, we switched our focus to the available network, as our container had internet access by default. Further exploration revealed that we had network access to the node, allowing us to perform a port scan on it (Figure 5).<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"richText\" readability=\"31\">\n<div readability=\"7\">\n<p><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/f\/gaps-in-azure-service-fabric%E2%80%99s-security-call-for-user-vigilance\/ServiceFabricSecurity-Figure5.png\"><br \/><span class=\"rte-icon-component-text\">Figure 5. List of open ports on the Service Fabric node<\/span><\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"richText\" readability=\"41.5\">\n<div readability=\"28\">\n<p>We could see that Secure Shell (SSH) port 22 is open, running at the node of our compromised container simulation. The SSH was configured to accept public key and password authentication. The set username and password were the same as the credentials we previously used for cluster creation, allowing us to log in to the cluster node with root permission.<\/p>\n<p>In a real-world scenario, an attacker would likely not know our password. However, because default password authentication is used, they would still be able to run brute-force and dictionary attacks to try to guess the password. At this stage, we would expect that key pair authentication is allowed on the node only. As the user is responsible for managing the cluster, we recommend setting this manually by accessing the node.<\/p>\n<p>This functionality allowed us to access the node from the container, and after further investigation, we found out the Docker is used as a container engine and the default network mode is <u>set to the host<\/u> (Figure 6).<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"richText\" readability=\"31\">\n<div readability=\"7\">\n<p><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/f\/gaps-in-azure-service-fabric%E2%80%99s-security-call-for-user-vigilance\/ServiceFabricSecurity-Figure6.png\"><br \/><span class=\"rte-icon-component-text\">Figure 6. Container settings inspection<\/span><\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"richText\" readability=\"36.337209302326\">\n<div readability=\"19.37984496124\">\n<p>According to official <a href=\"https:\/\/docs.docker.com\/network\/host\/\" target=\"_blank\" rel=\"noopener\">Docker documentation<\/a>: <i>\u201cIf you use the host network mode for a container, that container\u2019s network stack is not isolated from the Docker host (the container shares the host\u2019s networking namespace), and the container does not get its own IP-address allocated.\u201d<\/i><\/p>\n<p>This has implications from a security perspective, as sharing the IP address with the host, together with non-restrictive firewall settings, makes the node (10.0.0.4) reachable from container by default. The node itself contains sensitive cluster information, such as the <u>cluster certificate that allows us to get control over the whole cluster<\/u> (Figure 7).<u><\/u><\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"richText\" readability=\"31\">\n<div readability=\"7\">\n<p><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/f\/gaps-in-azure-service-fabric%E2%80%99s-security-call-for-user-vigilance\/ServiceFabricSecurity-Figure7.png\"><br \/><span class=\"rte-icon-component-text\">Figure 7. Cluster-related certificates found on the node<\/span><\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"richText\" readability=\"41.5\">\n<div readability=\"28\">\n<h4>Mitigation and security hardening<\/h4>\n<p>Mitigating attacks and limiting the attack vectors of bad actors are the foundations of securing IT systems, so encrypting communication and forcing authorization for accessing sensitive content are a must. However, as our research has shown, applications can be poorly configured and default deployments may not be inherently secure by default. Knowing this, users should be especially careful when securing application deployments.<\/p>\n<p>Fortunately, Service Fabric allows us to address some of these issues using appropriate policies, which are defined within the <i>ApplicationManifest <\/i>file<i>. <\/i>For instance, setting <i>ServiceFabricRuntimeAcessPolicy<\/i> with the attribute <i>RemoveServiceFabricRuntimeAccess<\/i> to \u2018true\u2019<b> <\/b>removes the <i>\/mnt\/sfroot\/<\/i> mount from the deployed application container; this prevents sensitive information that\u2019s stored there from leaking in the event of compromise.<\/p>\n<p>On the other hand, we were unable to use networking policies to limit network access to the node from the container. It is worth mentioning that some of the settings are also not available on Linux hosts, as shown in Figure 8.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"richText\" readability=\"31\">\n<div readability=\"7\">\n<p><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/f\/gaps-in-azure-service-fabric%E2%80%99s-security-call-for-user-vigilance\/ServiceFabricSecurity-Figure8.png\"><br \/><span class=\"rte-icon-component-text\">Figure 8. Example of a setting not supported in Linux<\/span><\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"richText\" readability=\"43.780187284377\">\n<div readability=\"36.328240512568\">\n<p>We were also unable to set Hyper-V process isolation for containers running on Linux hosts. Our most significant finding, in which we demonstrated how we were able to guess credentials and gain access to the node, may be mitigated by manually configuring public key cryptography access only and generating appropriate key pairs.<\/p>\n<p>Given these facts, we began to explore scenarios with more serious implications, such as container escape. We evaluated the possibility of:<\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">Exploiting unpatched container engine vulnerabilities (like <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2019-5736\">CVE-2019-5736<\/a>)<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Exploiting unpatched Service Fabric vulnerabilities (like <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-30137\">CVE-2022-30137<\/a>)<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Exploiting isolation vulnerabilities, like:<\/span>\n<ul>\n<li><span class=\"rte-circle-bullet\">Kernel vulnerabilities, in case of process isolation<\/span><\/li>\n<li><span class=\"rte-circle-bullet\">Hypervisor vulnerabilities, in case of virtualization<\/span><\/li>\n<\/ul>\n<\/li>\n<li><span class=\"rte-red-bullet\">Exploiting a misconfiguration or a design flaw<\/span><\/li>\n<\/ul>\n<p>As most of our options seemed unlikely, and given the previous access to the node, we switched our focus to analysis of the node. This led to our <a href=\"https:\/\/www.zerodayinitiative.com\/advisories\/ZDI-23-002\/\" target=\"_blank\" rel=\"noopener\">discovery<\/a> of <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-21531\" target=\"_blank\" rel=\"noopener\">CVE-2023-21531<\/a>, allowing us to gain cluster access from a container.<\/p>\n<h4>Conclusion<\/h4>\n<p>Users should realize that their usage of cloud services doesn\u2019t delegate security fully to their cloud service provider (CSP): Depending on the service, some configuration is necessary on the user\u2019s end, leaving room for misconfigurations and unprotected deployments. Security comes with a price that doesn\u2019t end with paying for CSPs; it also calls for a proactive security mindset and enforcing security practices, such as:<\/p>\n<p>Following best practices that are specific to <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/service-fabric\/service-fabric-best-practices-security\" target=\"_blank\" rel=\"noopener\">Service Fabric<\/a> and <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/container-registry\/container-registry-best-practices\" target=\"_blank\" rel=\"noopener\">container registries<\/a> will help mitigate any emerging security issues. However, some applications might not be designed with Zero Trust policies in mind, so additional manual configuration and security hardening from the user may be required.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<section class=\"tag--list\">\n<p>Tags<\/p>\n<\/section>\n<p> <\/main> <\/article>\n<\/div>\n<\/div><\/div>\n<\/div>\n<p>   <\/p>\n<p> <span>sXpIBdPeKzI9PC2p0SWMpUSM2NSxWzPyXTMLlbXmYa0R20xk<\/span> <\/p>\n<p>   <\/body> Read More <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/23\/f\/gaps-in-azure-service-fabric-s-security-call-for-user-vigilance.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this blog post, we discuss different configuration scenarios that may lead to security issues with Azure Service Fabric, a distributed platform for deploying, managing, and scaling microservices and container applications. Read More HERE…<\/p>\n","protected":false},"author":2,"featured_media":52428,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9510,9520,9534,9509],"class_list":["post-52427","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-research-articles-news-reports","tag-trend-micro-research-cloud","tag-trend-micro-research-latest-news","tag-trend-micro-research-research"],"yoast_head":"\n<title>Gaps in Azure Service Fabric\u2019s Security Call for User Vigilance 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/gaps-in-azure-service-fabrics-security-call-for-user-vigilance\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Gaps in Azure Service Fabric\u2019s Security Call for User Vigilance 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/gaps-in-azure-service-fabrics-security-call-for-user-vigilance\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-06-21T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/f\/gaps-in-azure-service-fabric%E2%80%99s-security-call-for-user-vigilance\/ServiceFabricSecurity-Header.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/gaps-in-azure-service-fabrics-security-call-for-user-vigilance\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/gaps-in-azure-service-fabrics-security-call-for-user-vigilance\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Gaps in Azure Service Fabric\u2019s Security Call for User Vigilance\",\"datePublished\":\"2023-06-21T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/gaps-in-azure-service-fabrics-security-call-for-user-vigilance\\\/\"},\"wordCount\":1466,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/gaps-in-azure-service-fabrics-security-call-for-user-vigilance\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/06\\\/gaps-in-azure-service-fabrics-security-call-for-user-vigilance.png\",\"keywords\":[\"Trend Micro Research : Articles, News, Reports\",\"Trend Micro Research : Cloud\",\"Trend Micro Research : Latest News\",\"Trend Micro Research : Research\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/gaps-in-azure-service-fabrics-security-call-for-user-vigilance\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/gaps-in-azure-service-fabrics-security-call-for-user-vigilance\\\/\",\"name\":\"Gaps in Azure Service Fabric\u2019s Security Call for User Vigilance 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/gaps-in-azure-service-fabrics-security-call-for-user-vigilance\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/gaps-in-azure-service-fabrics-security-call-for-user-vigilance\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/06\\\/gaps-in-azure-service-fabrics-security-call-for-user-vigilance.png\",\"datePublished\":\"2023-06-21T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/gaps-in-azure-service-fabrics-security-call-for-user-vigilance\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/gaps-in-azure-service-fabrics-security-call-for-user-vigilance\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/gaps-in-azure-service-fabrics-security-call-for-user-vigilance\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/06\\\/gaps-in-azure-service-fabrics-security-call-for-user-vigilance.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/06\\\/gaps-in-azure-service-fabrics-security-call-for-user-vigilance.png\",\"width\":2084,\"height\":1459},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/gaps-in-azure-service-fabrics-security-call-for-user-vigilance\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro Research : Articles, News, Reports\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/trend-micro-research-articles-news-reports\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Gaps in Azure Service Fabric\u2019s Security Call for User Vigilance\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n","yoast_head_json":{"title":"Gaps in Azure Service Fabric\u2019s Security Call for User Vigilance 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/gaps-in-azure-service-fabrics-security-call-for-user-vigilance\/","og_locale":"en_US","og_type":"article","og_title":"Gaps in Azure Service Fabric\u2019s Security Call for User Vigilance 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/gaps-in-azure-service-fabrics-security-call-for-user-vigilance\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-06-21T00:00:00+00:00","og_image":[{"url":"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/23\/f\/gaps-in-azure-service-fabric%E2%80%99s-security-call-for-user-vigilance\/ServiceFabricSecurity-Header.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/gaps-in-azure-service-fabrics-security-call-for-user-vigilance\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/gaps-in-azure-service-fabrics-security-call-for-user-vigilance\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Gaps in Azure Service Fabric\u2019s Security Call for User Vigilance","datePublished":"2023-06-21T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/gaps-in-azure-service-fabrics-security-call-for-user-vigilance\/"},"wordCount":1466,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/gaps-in-azure-service-fabrics-security-call-for-user-vigilance\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/06\/gaps-in-azure-service-fabrics-security-call-for-user-vigilance.png","keywords":["Trend Micro Research : Articles, News, Reports","Trend Micro Research : Cloud","Trend Micro Research : Latest News","Trend Micro Research : Research"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/gaps-in-azure-service-fabrics-security-call-for-user-vigilance\/","url":"https:\/\/www.threatshub.org\/blog\/gaps-in-azure-service-fabrics-security-call-for-user-vigilance\/","name":"Gaps in Azure Service Fabric\u2019s Security Call for User Vigilance 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/gaps-in-azure-service-fabrics-security-call-for-user-vigilance\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/gaps-in-azure-service-fabrics-security-call-for-user-vigilance\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/06\/gaps-in-azure-service-fabrics-security-call-for-user-vigilance.png","datePublished":"2023-06-21T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/gaps-in-azure-service-fabrics-security-call-for-user-vigilance\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/gaps-in-azure-service-fabrics-security-call-for-user-vigilance\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/gaps-in-azure-service-fabrics-security-call-for-user-vigilance\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/06\/gaps-in-azure-service-fabrics-security-call-for-user-vigilance.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/06\/gaps-in-azure-service-fabrics-security-call-for-user-vigilance.png","width":2084,"height":1459},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/gaps-in-azure-service-fabrics-security-call-for-user-vigilance\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro Research : Articles, News, Reports","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-research-articles-news-reports\/"},{"@type":"ListItem","position":3,"name":"Gaps in Azure Service Fabric\u2019s Security Call for User Vigilance"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/52427","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=52427"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/52427\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/52428"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=52427"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=52427"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=52427"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":52427,"date":"2023-06-21T00:00:00","date_gmt":"2023-06-21T00:00:00","guid":{"rendered":"urn:uuid:092da598-3107-ecd2-2792-b2d3222a0b60"},"modified":"2023-06-21T00:00:00","modified_gmt":"2023-06-21T00:00:00","slug":"gaps-in-azure-service-fabrics-security-call-for-user-vigilance","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/gaps-in-azure-service-fabrics-security-call-for-user-vigilance\/","title":{"rendered":"Gaps in Azure Service Fabric\u2019s Security Call for User Vigilance"},"content":{"rendered":"