VentureBeat

Major Microsoft Azure cross-tenant vulnerability caught by Orca Security

Join the event trusted by enterprise leaders for nearly two decades. VB Transform brings together the people building real enterprise AI strategy. Learn more Microsoft is reporting that a ...
Bleeping Computer

New Microsoft Azure AD CTS feature can be abused for lateral movement

Microsoft's new Azure Active Directory Cross-Tenant Synchronization (CTS) feature, introduced in June 2023, has created a new potential attack surface that might allow threat actors to more easily ...
CSOonline

Beware of overly permissive Azure AD cross-tenant synchronization policies

A new proof of concept shows that attackers can use Azure AD CTS to leap to Microsoft and non-Microsoft application across tenants. Lateral movement techniques have been a critical component of ...
Dark Reading

Microsoft Azure AI Health Bot Infected With Critical Vulnerabilities

Multiple privilege escalation issues in Microsoft Azure's cloud-based Health Bot service opened the platform to server-side request forgery (SSRF) and could have allowed access to cross-tenant ...
Dark Reading

Critical Azure Entra ID Flaw Highlights Microsoft IAM Issues

A critical Microsoft authentication vulnerability could have allowed a threat actor to compromise virtually every Entra ID tenant in the world. The elevation of privilege (EoP) vulnerability, tracked ...