Azure This Week

Malicious npm Attack & Azure Bastion Native Client

Episode description

David Tucker is back to bring you all this week’s Azure news. First up, an important story for developers, with a large-scale targeted attack involving more than 200 data-stealing npm packages! Other Azure updates include the Azure Bastion Native Client now in GA; Azure Machine Learning integration with Stream Analytics; and a new Azure region in South Central India! Try our new DP-203 course:

0:00 Introduction
0:35 Azure developers targeted by malicious npm packages
2:12 Azure Bastion Native Client in GA
2:52 Azure ML user-defined functions for Stream Analytics
3:30 New Azure region in Hyderabad

Save 33% on a Personal Plus Annual Plan:
Offer applies only to customers who purchase, upgrade, or renew to a Personal Plus Annual plan. Offer valid for 7 days after the event. Offer may not be combined with any other offers. Offer includes access to the A Cloud Guru Platform only. Purchases made in connection with this offer do not include a free trial period and are subject to the Terms of Use.

Join us in the Discord channel:

Series description

Azure This Week is your weekly news roundup for all things Azure. Join our expert hosts as they cover everything you need to know about the past week’s developments, keeping it short, fun and informative. Whether you’re just beginning your cloud journey, or you know your stuff, there’s something for everyone!

Hello, this is David Tucker and welcome to Azure This Week. The cloud never seems to slow down. So I've got several items I'll be covering this week, including a potential vulnerability you need to watch out for on npm, the general availability of the Azure Bastion Native Client, the general availability of Azure ML, user-defined functions with Stream Analytics, and a new region coming to South Central India in the future. We got a lot to get to. So let's jump right to the news.

First up, if you are a JavaScript or TypeScript developer building solutions for Azure, you will want to pay attention. There has been an attempt to target Azure developers that are leveraging the npm package repository. Now, while none of the official packages published by Microsoft are affected, rogue developers have published packages that look similar to the official ones in hopes that developers will not notice the difference. As pointed out by researchers from JFrog, developers can become susceptible to this by forgetting to put the npm scope for the official packages when installing them. This means that instead of installing ‘@azure/core-tracing’, you simply try to install core-tracing.

Now, these fake packages are designed to leak information about the systems that have installed them, potentially for a future attack. Now, what should you do about it? Just make sure all Azure packages you have installed are using the '@Azure' scope. The problematic packages have been removed, but if you made this mistake, you still could be leveraging the rogue packages after they were downloaded locally. Now check out the link in the notes to get all the details about out this potential security issue with npm. Are you keen to start your cloud journey? Well we've just launched a new limited time offer for our Personal Plus annual plan, giving you a savings of 33%.

That's a ton. Now this Personal Plus plan gives you access to great course features like hands-on labs, and practice exams, making it easier to kickstart your cloud career. If you're interested, scan the QR code on the screen or click the link in the description. Next up, if you want to ease the process of connecting to your Windows and Linux virtual machines, and also eliminate the risk of having ports open to the world, you will be glad to hear that the Azure Bastion Native Client is now generally available. With this you can use the Azure CLI to connect to those virtual machines, using a native client on your machine, even if you aren't on Windows.

You also gain the ability to leverage your Active Directory credentials for the virtual machines joined to your AD domain. Now, while this has been available in different forms via preview, this release makes it generally available. Check out the link in the notes to get started with this new capability. Next, one of the ways that we leverage data in today's digital landscape is to utilize machine learning models to predict, or infer, things from our data without having to leverage a human to analyze every piece of data. Now this is especially critical when you're dealing with large amounts of streaming data.

Microsoft is helping to solve this by enabling you to easily integrate machine learning models that you have created with Azure ML. Now, as long as you have a deployed endpoint in Azure ML with a swagger definition, you can now easily integrate that model into your streaming pipelinesc with Azure Stream Analytics. This feature is now generally available. Finally, a new Azure region is coming to South Central India in Hyderabad. Now this one will launch with availability zones as well.

This makes the third India region for Azure joining Pune and Chennai. Well, that's all the data I could cram into a single episode of Azure This Week, but if you're interested in data, we've just published the new Microsoft Certified: Azure Data Engineer Associate, or DP-203, course. So feel free to check it out at the link below. If you have any comments or questions at all, let us know in the comments. See you next week and keep being awesome Cloud Gurus.

Oh and while you’re here, if you want to keep up to date with that news, hit that subscribe button below.

More videos in this series

Is AI the real Web 3.0?

Have you heard our TECHnically Possible Podcast: In Azure news this week, Lars takes a look at the general availability of Azure OpenAI, Microsoft’s…

Master the Cloud with ACG

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?