Threat Post

Microsoft OAuth Flaw Opens Azure Accounts to Takeover

Some Microsoft applications are vulnerable to an authentication issue that could enable Azure account takeover. A vulnerability in the way Microsoft applications use OAuth for third-party ...
Dark Reading

Azure AD 'Log in With Microsoft' Authentication Bypass Affects Thousands

Organizations that have implemented the "Log in with Microsoft" feature in their Microsoft Azure Active Directory environments could potentially be vulnerable to an authentication bypass that opens ...
Bleeping Computer

OAuth Device Code Phishing: Azure vs. Google Compared

Come along with me on a journey as we delve into the swirling, echoing madness of identity attacks. Today, I present a case study on how different implementations of OAuth 2.0, the core authentication ...
Bleeping Computer

Microsoft fixes Azure AD auth flaw enabling account takeover

Microsoft has addressed an Azure Active Directory (Azure AD) authentication flaw that could allow threat actors to escalate privileges and potentially fully take over the target's account. This ...
Dark Reading

JSON Config File Leaks Azure ActiveDirectory Credentials

A publicly accessible configuration file for ASP.NET Core applications has been leaking credentials for Azure ActiveDirectory (AD), potentially allowing cyberattackers to authenticate directly via ...