all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Securing Your Microsoft Environment After the Midnight Blizzard Attack

Add to bookmarks
c
Feb. 16, 2024, 12:28 a.m. |

Cloud Security Alliance cloudsecurityalliance.org

Originally published by Reco. Written by Oz Wasserman. IntroductionThe attack on Microsoft's SaaS-based Entra environment by Midnight Blizzard (aka Nobelium, Cozy Bear or APT29) was notably one of the most sophisticated attacks seen on similar platforms. This incident, spanning from November 2023 to January 2024, targeted Microsoft's corporate email through a vulnerable Entra test tenant. The lack of Multi-Factor Authentication (MFA) was a key weakness that allowed the attackers unparalleled ...

apt29 attack attacks bear blizzard corporate corporate email cozy bear email entra environment incident january january 2024 microsoft midnight midnight blizzard nobelium november november 2023 platforms reco saas spanning written

Visit resource

More from cloudsecurityalliance.org / Cloud Security Alliance

Cl
The Risk and Impact of Unauthorized Access to Enterprise Environments 1 day, 22 hours ago | cloudsecurityalliance.org
access advanced api api security +28
Cl
Automated Cloud Remediation – Empty Hype, Viable Strategy, or Something in Between? 1 day, 22 hours ago | cloudsecurityalliance.org
amp automated automation cloud +15
Cl
Cloud Security Alliance and SAFECode Release Sixth and Final White Paper in Its Six Pillars … 4 days, 4 hours ago | cloudsecurityalliance.org
alliance best practices certifications clear +19
Cl
Apple's New iMessage, Signal, and Post-Quantum Cryptography 4 days, 6 hours ago | cloudsecurityalliance.org
apple application attack computers +25
Cl
2024 State of SaaS Security Report Shows A Gap Between Security Team Confidence And Complexity … 4 days, 7 hours ago | cloudsecurityalliance.org
applications complexity data enterprise +18
Cl
Navigating Cloud Security Best Practices: A Strategic Guide 1 week, 2 days ago | cloudsecurityalliance.org
best practices blog cloud cloud computing +25
Cl
Building Trust Through Vendor Risk Management 1 week, 2 days ago | cloudsecurityalliance.org
advisory barr advisory building building trust +19
Cl
New SEC Rules: Material Incident Reporting Through Cybersecurity Disclosures 1 week, 3 days ago | cloudsecurityalliance.org
aim companies cybersecurity cybersecurity risks +22
Cl
A Risk-Based Approach to Vulnerability Management 1 week, 4 days ago | cloudsecurityalliance.org
armorcode attacks events impact +13

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada
View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA
View on infosec-jobs.com

COMM Penetration Tester (PenTest-2), Chantilly, VA OS&CI Job #368

@ Allen Integrated Solutions | Chantilly, Virginia, United States
View on infosec-jobs.com

Consultant Sécurité SI H/F Gouvernance - Risques - Conformité

@ Hifield | Sèvres, France
View on infosec-jobs.com

Infrastructure Consultant

@ Telefonica Tech | Belfast, United Kingdom
View on infosec-jobs.com