all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Experts Uncover How Cybercriminals Could Exploit Microsoft Entra ID for Elevated Privilege

Add to bookmarks
Aug. 28, 2023, 4:05 p.m. | info@thehackernews.com (The Hacker News)

The Hacker News thehackernews.com

Cybersecurity researchers have discovered a case of privilege escalation associated with a Microsoft Entra ID (formerly Azure Active Directory) application by taking advantage of an abandoned reply URL.
"An attacker could leverage this abandoned URL to redirect authorization codes to themselves, exchanging the ill-gotten authorization codes for access tokens," Secureworks Counter Threat Unit (

access active directory application authorization azure azure active directory case cybercriminals cybersecurity directory entra entra id escalation experts exploit microsoft microsoft entra microsoft entra id privilege privilege escalation redirect researchers uncover url

Visit resource

More from thehackernews.com / The Hacker News

Critical Tinyproxy Flaw Opens Over 50,000 Hosts to Remote Code Execution 11 hours ago | thehackernews.com
cisco code code execution critical +21
China-Linked Hackers Suspected in ArcaneDoor Cyberattacks Targeting Network Devices 11 hours ago | thehackernews.com
arcanedoor attack attack surface attack surface management +23
It Costs How Much?!? The Financial Pitfalls of Cyberattacks on SMBs 14 hours ago | thehackernews.com
business cyberattacks cybercriminals financial +8
Xiaomi Android Devices Hit by Multiple Flaws Across Apps and System Components 15 hours ago | thehackernews.com
access account android android devices +20
New 'Cuckoo' Persistent macOS Spyware Targeting Intel and Arm Macs 17 hours ago | thehackernews.com
act apple apple macos arm +19
Microsoft Outlook Flaw Exploited by Russia's APT28 to Hack Czech, German Entities 2 days, 16 hours ago | thehackernews.com
actor apt28 campaign cyber +24
Expert-Led Webinar - Uncovering Latest DDoS Tactics and Learn How to Fight Back 3 days, 12 hours ago | thehackernews.com
address attacks back business +22
Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications 3 days, 12 hours ago | thehackernews.com
abusing aim amp api +25
New Guide Explains How to Eliminate the Risk of Shadow SaaS and Protect Corporate Data 3 days, 14 hours ago | thehackernews.com
address applications business corporate +15

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

IT Security Engineer

@ Timocom GmbH | Erkrath, Germany
View on infosec-jobs.com

Consultant SOC / CERT H/F

@ Hifield | Sèvres, France
View on infosec-jobs.com

Privacy Engineer, Implementation Review

@ Meta | Menlo Park, CA | Seattle, WA
View on infosec-jobs.com

Cybersecurity Specialist (Security Engineering)

@ Triton AI Pte Ltd | Singapore, Singapore, Singapore
View on infosec-jobs.com

SOC Analyst

@ Rubrik | Palo Alto
View on infosec-jobs.com

Consultant Tech Advisory H/F

@ Hifield | Sèvres, France
View on infosec-jobs.com
View more jobs