Modular "AlienFox" Toolkit Used to Steal Cloud Service Credentials
Harvesting API keys and secrets from AWS SES, Microsoft Office 365 and other services
Office 365 is Microsoft's cloud productivity suite, whose identity, email, and data controls make its vulnerabilities and security advisories consequential.
Search across headline titles and summaries.
Background for this topic.
Office 365 is Microsoft’s cloud-hosted productivity and collaboration service, encompassing Exchange Online email, SharePoint, OneDrive, Teams, and web and desktop Office applications. Because these services store communications and business documents in a shared cloud environment, the tag includes both attacks against the platform and security issues arising from tenant configuration, identity, and connected applications.
Material risks include phishing or stolen credentials leading to account takeover, malicious OAuth applications gaining delegated access, mailbox forwarding rules, and excessive external sharing of files. Effective defenses include phishing-resistant multifactor authentication, conditional-access policies, least-privilege administration, controlled app consent, data-loss prevention, and review of audit and sign-in logs. Security teams must also track Microsoft advisories and client vulnerabilities, preserve cloud evidence for investigations, and apply retention, privacy, and compliance controls appropriate to the data stored in the tenant.
Harvesting API keys and secrets from AWS SES, Microsoft Office 365 and other services
Malicious toolkit targets misconfigured hosts in AWS and Office 365 A fast-evolving toolkit that can be used to compromise email and web hosting services represents a disturbing evolution of attacks in the cloud, which for the most part have previously been confined to mining cryptocurrencies.…
A misconfigured Microsoft application allowed anyone to log in and modify Bing.com search results in real-time, as well as inject XSS attacks to potentially breach the accounts of Office 365 users. [...]
If you need extra time to dump RPS, OK, but email from unsupported Exchange servers is blocked till they’re up to date Some Exchange Online users who have the RPS feature turned off by Microsoft can now have it re-enabled – at least until September when the tool is retired.…
Microsoft is introducing a new Exchange Online security feature that will automatically start throttling and eventually block all emails sent from "persistently vulnerable Exchange servers" 90 days after the admins are pinged to secure them. [...]