Microsoft Entra ID - Security Ticks

Attackers abuse OAuth apps to initiate large-scale cryptomining and spam campaigns

account hijacking, BEC scams, cryptojacking, Don't miss, Hot stuff, Microsoft, Microsoft 365, Microsoft Azure, Microsoft Entra ID, News, OAuth, phishing, spam / SecurityTicks

Attackers abuse OAuth apps to initiate large-scale cryptomining and spam campaigns 13/12/2023 at 16:46 By Helga Labus Attackers are compromising high-privilege Microsoft accounts and abusing OAuth applications to launch a variety of financially-motivated attacks. Abusing OAuth applications OAuth is an open standard authentication protocol that uses tokens to grant applications access to server resources without […]

React to this headline:

Attackers abuse OAuth apps to initiate large-scale cryptomining and spam campaigns Read More »

Microsoft introduces new access policies in Entra to boost MFA usage

access management, Don't miss, enterprise, Hot stuff, identity protection, MFA, Microsoft, Microsoft Entra ID, News, policy / SecurityTicks

Microsoft introduces new access policies in Entra to boost MFA usage 07/11/2023 at 18:17 By Helga Labus As part of a broader initiative to strengthen security, Microsoft is rolling out Microsoft-managed Conditional Access policies in Entra ID (formerly Azure Active Directory) to increase the use of multifactor authentication (MFA) for enterprise accounts. Microsoft Entra Conditional

React to this headline:

Microsoft introduces new access policies in Entra to boost MFA usage Read More »

Assess multi-cloud security with the open-source CNAPPgoat project

AWS, Ermetic, GitHub, Microsoft Azure, Microsoft Entra ID, News, open source, penetration testing, software / SecurityTicks

Assess multi-cloud security with the open-source CNAPPgoat project 03/08/2023 at 07:31 By Help Net Security Ermetic released CNAPPgoat, an open-source project that allows organizations to test their cloud security skills, processes, tools, and posture in interactive sandbox environments that are easy to deploy and destroy. It is available on GitHub. CNAPPgoat supports AWS, Azure (Microsoft

React to this headline:

Assess multi-cloud security with the open-source CNAPPgoat project Read More »

Open-source penetration testing tool BloodHound CE released

Active Directory, Azure, cybersecurity, Don't miss, GitHub, Microsoft Azure, Microsoft Entra ID, News, open source, penetration testing, software, SpecterOps / SecurityTicks

Open-source penetration testing tool BloodHound CE released 02/08/2023 at 06:32 By Mirko Zorz SpecterOps released version 5.0 of BloodHound Community Edition (CE), a free and open-source penetration testing solution that maps attack paths in Microsoft Active Directory (AD) and Azure (including Azure AD/Entra ID) environments. It is available for free on GitHub. Identifying simple Attack

React to this headline:

Open-source penetration testing tool BloodHound CE released Read More »