Hackers Abuse Azure AD Abandoned Reply URLs to Escalate Privilege | allinfosecnews.com

Aug. 30, 2023, 7:03 a.m. | Eswar

GBHackers On Security gbhackers.com

Recent reports indicate that there has been a privilege escalation vulnerability discovered, which arises due to abandoned Active Directory URLs. Threat actors can use this flaw to gain illegal authorization codes that can be used against Microsoft Power Platform API to gain access tokens and escalate their privileges. Microsoft has patched these vulnerabilities as soon […]

The post Hackers Abuse Azure AD Abandoned Reply URLs to Escalate Privilege appeared first on GBHackers - Latest Cyber Security News | Hacker News …

abuse access access tokens active directory api authorization azure azure ad cyber security directory escalation flaw hackers illegal microsoft microsoft power platform platform power power platform privilege privilege escalation privileges reports threat threat actors tokens urls vulnerability

More from gbhackers.com / GBHackers On Security

Sticky Werewolf Weaponizing LNK Files Group Attacking To Attack Organizations 1 day, 12 hours ago | gbhackers.com

act archive attachments attack +30

GoldPickaxe iOS Malware Harvests Facial Recognition Data & Bank Accounts 1 day, 13 hours ago | gbhackers.com

accounts android android malware app +25

Muhstik Malware Attacking Apache RocketMQ To Execute Remote Code 2 days, 15 hours ago | gbhackers.com

access apache apache rocketmq aqua +31

Hacktivist Groups Attacking Industrial Control Systems To Disrupt Services 2 days, 15 hours ago | gbhackers.com

attacks can control control systems +33

North Korean Kimsuky Attacking Arms Manufacturer In Europe 2 days, 15 hours ago | gbhackers.com

arms attack attack vector campaign +19

SPECTR Malware Attacking Defense Forces of Ukraine With a batch script 2 days, 17 hours ago | gbhackers.com

batch campaign center cert +22

300+ Times Downloaded Package from PyPI Contains Wiper Components 2 days, 20 hours ago | gbhackers.com

components cyber security cyber-security-course downloader +16

Tenable Acquires Eureka Security To Provide Data Security Across Infrastructure 2 days, 21 hours ago | gbhackers.com

acquisition agreement bolster capabilities +23

Microsoft Details On Using KQL To Hunt For MFA Manipulations 2 days, 21 hours ago | gbhackers.com

accounts attributes audit logs authentication +30

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland

View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City

View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL

View on infosec-jobs.com

Senior Security Researcher - Linux MacOS EDR (Cortex)

@ Palo Alto Networks | Tel Aviv-Yafo, Israel

View on infosec-jobs.com

Sr. Manager, NetSec GTM Programs

@ Palo Alto Networks | Santa Clara, CA, United States

View on infosec-jobs.com

SOC Analyst I

@ Fortress Security Risk Management | Cleveland, OH, United States

View on infosec-jobs.com