New ConsentFix attack hijacks Microsoft accounts via Azure CLI

A new variation of the ClickFix attack dubbed 'ConsentFix' abuses the Azure CLI OAuth app to hijack Microsoft accounts without the need for a password or to bypass multi-factor authentication (MFA) ...
Threat Post

Microsoft OAuth Flaw Opens Azure Accounts to Takeover

Some Microsoft applications are vulnerable to an authentication issue that could enable Azure account takeover. A vulnerability in the way Microsoft applications use OAuth for third-party ...

Shut Down And Restart—New Microsoft Attack Beats Passwords, 2FA And Passkeys

Check Point explains that this new technique “tricks people into giving attackers access to their Microsoft accounts. The ...
Threat Post

Microsoft Kills 18 Azure Accounts Tied to Nation-State Attacks

An APT group has started heavily relying on cloud services like Azure Active Directory and OneDrive, as well as open-source tools, to obfuscate its attacks. Microsoft has suspended 18 Azure Active ...
Bleeping Computer

Microsoft shares guidance on securing Azure Cosmos DB accounts

Microsoft issued guidance on securing Azure accounts that may be impacted by a recently addressed Cosmos DB critical vulnerability, giving attackers full admin rights to users' data without ...
MCPmag

Managing Azure Cognitive Service Accounts with PowerShell

Azure Cognitive Services is a suite of APIs provided by Microsoft that allows mere mortals to tap the power of artificial intelligence (AI) in many different ways. Broken out in six different areas ...