Dark Reading

Rogue Azure AD Guests Can Steal Data via Power Apps

Guest accounts in Azure AD (AAD) are meant to provide limited access to corporate resources for external third parties — the idea is to enable collaboration without risking too much exposure. But ...
Dark Reading

Azure AD 'Log in With Microsoft' Authentication Bypass Affects Thousands

Organizations that have implemented the "Log in with Microsoft" feature in their Microsoft Azure Active Directory environments could potentially be vulnerable to an authentication bypass that opens ...
Bleeping Computer

Microsoft to start enforcing Azure multi-factor authentication in July

Starting in July, Microsoft will begin gradually enforcing multi-factor authentication (MFA) for all users signing into Azure to administer resources. After first completing the rollout for the Azure ...
Infosecurity-magazine.com

Azure AD Credentials Exposed in Public App Settings File

A cybersecurity assessment has uncovered a serious vulnerability involving Azure Active Directory (Azure AD). Resecurity’s HUNTER Team discovered that application credentials, specifically the ...
Computer Weekly

Users warned over Azure Active Directory authentication flaw

Researchers at Secureworks’ Counter Threat Unit (CTU) have warned of a new and potentially serious vulnerability affecting the pass-through authentication (PTA) hybrid identity authentication method ...