all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Microsoft validation error allowed state actor to access user email of government agencies and others

Add to bookmarks
July 19, 2023, 1 a.m. |

Malwarebytes Labs blog.malwarebytes.com

Categories: News

Tags: Microsoft. MSA


Tags: OWA


Tags: validation token


Tags: signing key


Tags: Storm-0556


Tags: GetAccessTokensForResource


Due to a validation error in Microsoft code, a suspected Chinese attacker was able to access user email from approximately 25 organizations, including government agencies.



(Read more...)



The post Microsoft validation error allowed state actor to access user email of government agencies and others appeared first on Malwarebytes Labs.

access actor chinese code email error government key microsoft organizations owa signing signing key state storm tags token validation

Visit resource

More from blog.malwarebytes.com / Malwarebytes Labs

Wireless carriers fined $200 million after illegally sharing customer location data 23 hours ago | blog.malwarebytes.com
access carriers consent customer +10
Malwarebytes Premium Security earns “Product of the Year” from AVLab 1 day, 19 hours ago | blog.malwarebytes.com
avlab avlab assessment avlab cybersecurity foundation blocking +11
FBI warns online daters to avoid “free” online verification schemes that prove costly 1 day, 21 hours ago | blog.malwarebytes.com
dating fbi fraudsters free +7
Kaiser health insurance leaked patient data to advertisers 2 days, 22 hours ago | blog.malwarebytes.com
advertisers data data leak giant +11
A week in security (April 22 – April 28) 3 days, 1 hour ago | blog.malwarebytes.com
april a week in security list security +3
Ring agrees to pay $5.6 million after cameras were used to spy on customers 6 days, 18 hours ago | blog.malwarebytes.com
access cameras charges customers +9
TikTok comes one step closer to a US ban 1 week ago | blog.malwarebytes.com
ban ban tiktok bill bytedance +6
Google ad for Facebook redirects to scam 1 week, 1 day ago | blog.malwarebytes.com
blog campaign facebook google +8
“Substantial proportion” of Americans may have had health and personal data stolen in Change Healthcare … 1 week, 1 day ago | blog.malwarebytes.com
alphv announcement attack breach +16

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Application Security Engineer - Remote Friendly

@ Unit21 | San Francisco,CA; New York City; Remote USA;
View on infosec-jobs.com

Cloud Security Specialist

@ AppsFlyer | Herzliya
View on infosec-jobs.com

Malware Analysis Engineer - Canberra, Australia

@ Apple | Canberra, Australian Capital Territory, Australia
View on infosec-jobs.com

Product CISO

@ Fortinet | Sunnyvale, CA, United States
View on infosec-jobs.com

Manager, Security Engineering

@ Thrive | United States - Remote
View on infosec-jobs.com
View more jobs