10 matches found
A week in security (June 19 - 25)
Last week on Malwarebytes Labs: Microsoft Azure AD flaw can lead to account takeover 5 facts to know about the Royal ransomware gang Malwarebytes only vendor to win every MRG Effitas award in 2022 & 2023 UPS warns customers of phishing attempts after data accessed 6 tips for a cybersecure honeymo...
Microsoft Azure AD flaw can lead to account takeover
Researchers have found that a flaw in Microsoft Azure AD can be used by attackers to take over accounts that rely on pre-established trust. In a nutshell, Microsoft Azure AD allows you to change the email address associated with an account without verification of whether you are in control of tha...
Critical 'nOAuth' Flaw in Microsoft Azure AD Enabled Complete Account Takeover
A security shortcoming in Microsoft Azure Active Directory AD Open Authorization OAuth process could have been exploited to achieve full account takeover, researchers said. California-based identity and access management service Descope, which discovered and reported the issue in April 2023, dubb...
OpenID Connect Microsoft Azure Active Directory client - Moderately critical - Access Bypass - SA-CONTRIB-2021-044
This module enables users to authenticate through their Microsoft Azure AD account. The module does not sufficiently check authorization before updating user profile information in certain non-default configurations. This could lead a user being able to hijack another existing account. This...
New Forrester study shows customers who deploy Microsoft Azure AD benefit from 123% ROI.
Over the past six months, organizations around the world have accelerated digital transformation efforts to rapidly enable a remote workforce. As more employees than ever access apps via their home networks, the corporate network perimeter has truly disappeared, making identity the control plane...
Microsoft Azure AD Connect Detection (Windows SMB Login)
Detects the installed version of Microsoft Azure AD Connect. The script logs in via smb, searches for Microsoft Azure AD Connect in the registry and gets the version from SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyrig...
Microsoft Azure AD Connect Elevation of Privilege Vulnerability - Windows
Microsoft Azure AD Connect is prone to an elevation of privilege vulnerability. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program...
KLA11485 Multiple vulnerabilities in Microsoft Developer Tools
Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to cause denial of service, spoof user interface, gain privileges, bypass security restrictions, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A deni...
Update to Microsoft Entra Connect causes SQL VSS issues
Article Applicability This article is specific to environments where the Azure AD Connect or Microsoft Entra Connect package is installed on the machine where Microsoft SQL Server is installed. Challenge You receive the following error during the guest processing: Unable to release guest. Error:...
Microsoft Entra Connect Installed
Binary data microsoftazureadconnectinstalled.nbin...