https://safirsoft.com PoC abuse released for Azure AD brute force bugs - what to do here

Microsoft believes this is not a security risk, but it is working to address it. Abuse has been reported by Ars to enable anyone to do both server username and password on vulnerable Azure servers. Although Microsoft initially called the Autologon mechanism a "Design" option, it appears that the company is now working on a solution.

PoC script released on GitHub

READ MORE New massively detectable Azure Active Directory password bug fixes deployed on GitHub in PowerShell script, just over 100 lines of code, based in Predominately to the previous work of Dr. Nestori Sienema, Chief Security Officer at Secureworks.

POC appeared only for SSO spray https://t.co/Ly2AHsR8Mr

- rvrsh3ll (@424f424f) Sep 29, 2021

By Threat Unit (Considered a unit Secureworks' anti-threat (CTU) is very easy to use, such as ruthlessly checking users' passwords, as demonstrated by the PoC.However, organizations that use Conditional Access and Multi-Factor Authentication (MFA) policies may benefit from blocking access to services from During username/password authentication, Syynimaa told Ars in an interview with Ars: “So, even when a threatening actor is able to obtain a user’s password, he [may not] be able to use it to access the organization’s data.”

What can organizations do to protect themselves?

Interestingly enough, I reported this to msftsecresponse in December 2020, and the last I heard was that it was still being developed to fix the issue. Other people vote differently on the issue https://t.co/2EtfEIM5BE

-Dirk-jan (_dirkjan) Sep 28, 2021

Microsoft told Ars that the technology that Secureworks has demonstrated that this is not a vulnerability and that actions are being taken to protect Azure users:

Advertising

The technology described does not include vulnerabilities, and protections are in place to ensure customer safety. A Microsoft spokesperson told Ars. After reviewing the initial writing of Secureworks, Microsoft concluded that protection against malicious attacks is currently in place at the described endpoints, thus protecting users from such attacks.

In addition, Microsoft says, mixed tokens issued by the WS-Trust are in use. The endpoint does not provide access to the data and must be provided to Azure AD to get the real tokens. “All of these access token requests are protected by Conditional Access, Azure AD Multi-Factor Authentication, Azure AD Identity Protection, and Login,” Microsoft said in a statement to Ars. But Secureworks also shared other information it received from Microsoft after releasing its analysis this week, indicating that Microsoft is working on a solution. Syynimaa told Ars.

Security Solutions Architect Nathan McNulty previously reported. View successful login events Login:

Great work from the Azure Identity team!

They have already added a successful audit to the WS-Trust MEX endpoint - login (no problem yet)

Get-AzureADAuditSignI to NLogs doesn't show up in Graph API (good news for SIEM) :) https://t.co/A130Uh7OeY

- NathanMcNulty September 29, 2021

"When locked, the error message is always 'locked', regardless of whether the password is correct or not. Suddenly," Syynimaa shared with Ars. “However, password hacking, as many accounts with passwords are targeted, is unlikely to be blocked by Smart Lockout. Syynimaa advises organizations looking for a solution to this attack to set up a number of failed authentication before setting up Smart Lockout and locking accounts Setting a small amount (such as 3) also helps prevent password hacking, but may lock accounts very easily during normal daily use. Setting the lock time is another option.

PoC abuse released for Azure AD brute force bugs - what to do here
poc-abuse-released-for-azure-ad-brute-force-bugs-what-to.html

https://safirsoft.com How hackers hijacked thousands of important YouTube accounts

How hackers hijacked thousands of important YouTube accounts

The wave of attacks has turned manufacturers' channels into cryptocurrency scams.

At least since 2019, popular YouTube channels have been tak...

https://safirsoft.com Passengers will not be able to travel after the NHS vaccine passport goes offline

Passengers will not be able to travel after the NHS vaccine passport goes offline

The power outage lasted about 4 hours and caused problems with the health program.

Britain's COVID Pass card system was suspended for hours o...

https://safirsoft.com Verizon Visible Wireless Verifies Compromised Customer Accounts

Verizon Visible Wireless Verifies Compromised Customer Accounts

Visible customers are confused when they see hackers from their account.

Several Visible Wireless subscribers reported having their accounts ...

https://safirsoft.com Hacker X - The American Who Created The Pro-Trump Fake News Empire - Disguises

Hacker X - The American Who Created The Pro-Trump Fake News Empire - Disguises

He was set to make fake news but now he wants to fix everything.

This is the story of the mastermind behind one of the largest "fake news" op...

https://safirsoft.com US government sues contractors to cover up abuses

US government sues contractors to cover up abuses

The Civil Internet Fraud Initiative allows data breaches to be reported to government contractors. The latest violation of the Civil Initiative on Cyb...
https://safirsoft.com Twitch admits to a massive leak that reveals source code and manufacturers revenue

Twitch admits to a massive leak that reveals source code and manufacturers revenue

Twitch confirms the information breach but is investigating the matter fully.

Twitch's live video streaming service has been hacked and 125GB...