[HackerNews] New Azure AD Bug Lets Hackers Brute-Force Passwords Without Getting Caught

Cybersecurity researchers have disclosed an unpatched security vulnerability in the protocol used by Microsoft Azure Active Directory that potential adversaries could abuse to stage undetected brute-force attacks.
“This flaw allows threat actors to perform single-factor brute-force attacks against Azure Active Directory (Azure AD) without generating sign-in events in the targeted organization’s

Source: Read More (The Hacker News)

You might be interested in …

[SecurityWeek] Ongoing Bitcoin Scams Demonstrate Power of Social Engineering Triggers

All posts, Security Week

Bitcoin scams have soared over the last seven months. The surge started around October 2020, and the scams are continuing today. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[SecurityWeek] DeadRinger: A Three-Pronged Attack by Chinese Military Actors against Major Telcos

All posts, Security Week

Researchers have discovered three separate Chinese military affiliated advanced threat groups simultaneously targeting and compromising the same Southeast Asian telcos. The attack groups concerned are Soft Cell, Naikon, and a third group, possibly Emissary Panda (also known as APT27). read more Source: Read More (SecurityWeek RSS Feed)

Read More

[SANS ISC] Scanning for Previous Oracle WebLogic Vulnerabilities, (Sat, Oct 9th)

All posts, Sans-ISC

In the past few weeks, I have captured multiple instance of traffic related to some past Oracle vulnerabilities that have already been patched. The first is related to a RCE (CVE-2017-10271) that can be triggered to execute commands remotely by bypassing the CVE-2017-3506 patch’s limitations. The POST contains an init.sh script which doesn’t appear to […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.