Novel OAuth Client ID Spoofing Technique Targets Cloud Environments
New research reveals cyber-attackers can spoof OAuth Client IDs in Microsoft Entra ID, creating a stealthy path into cloud environments
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
New research reveals cyber-attackers can spoof OAuth Client IDs in Microsoft Entra ID, creating a stealthy path into cloud environments
Microsoft observed Storm-0501 pivot to the victim’s cloud environment to exfiltrate data rapidly and prevent the victim’s recovery
Over 29,000 Microsoft Exchange servers remain unpatched against a vulnerability that could allow attackers to seize control of entire domains in hybrid cloud environments
Microsoft Exchange customers have been urged to apply fixes set out in a hybrid deployment security update published in April
Russian military intelligence-linked hackers are using a new malware called “Authentic Antics” to secretly access Microsoft cloud email accounts, the UK's NCSC reports
Microsoft has reported Scattered Spider continues to evolve tactics to compromise both on-premises infrastructure and cloud environments
Microsoft’s Sovereign Cloud solutions are designed to ensure European cloud data is stored and processed in Europe
Microsoft has announced plans to expand cloud and AI infrastructure in the EU, increasing data center capacity by 40% by 2027
The review will also conduct a broader review of issues relating to cloud-based identity and authentication infrastructure
The company said they collaborated closely with CISA to expand cloud logging
Harvesting API keys and secrets from AWS SES, Microsoft Office 365 and other services
Microsoft warns of "permissions gap" security threat