all InfoSec news
Forged Azure Access Tokens Exploited by Storm-0558: A Cloud Vulnerability Transparency Gap
Security Boulevard securityboulevard.com
Starting May 15, 2023, threat actor Storm-0558 illicitly employed forged Azure Access tokens tokens to gain unauthorized access to user emails in around 25 organizations, encompassing government agencies and various consumer accounts hosted on the public cloud. By June 2023, a Federal Civilian Executive Branch (FCEB) agency noticed unusual MailItemsAccessed events in M365 Audit Logs, ... Forged Azure Access Tokens Exploited by Storm-0558: A Cloud Vulnerability Transparency Gap
The post Forged Azure Access Tokens Exploited by Storm-0558: A Cloud Vulnerability …
access access tokens accounts actor agency azure civilian cloud consumer emails executive exploited fceb federal gap government june june 2023 may microsoft microsoft security organizations public public cloud sbn news storm storm-0558 storm-0588 threat threat actor tokens transparency unauthorized access vulnerabilities vulnerability vulnerability management