Researchers Crack Microsoft Azure MFA in an Hour

A critical flaw in the company's rate limit for failed sign-in attempts allowed unauthorized access to a user account, including Outlook emails, OneDrive files, Teams chats, Azure Cloud, and more.

Follow Dark Reading:

December 12, 2024

LATEST SECURITY NEWS & COMMENTARY Researchers Crack Microsoft Azure MFA in an Hour A critical flaw in the company's rate limit for failed sign-in attempts allowed unauthorized access to a user account, including Outlook emails, OneDrive files, Teams chats, Azure Cloud, and more. Krispy Kreme Doughnut Delivery Gets Cooked in Cyberattack Threat actors punch holes in the company's online ordering systems, tripping up doughnut deliveries across the US after a late November breach. Chinese Hacker Pwns 81K Sophos Devices With Zero-Day Bug The US State Department has offered a $10 million reward for Guan Tianfeng, who has been accused of developing and testing a critical SQL injection flaw with a CVSS score of 9.8 used in Sophos attacks. Symmetrical Cryptography Pioneer Targets the Post-Quantum Era Researchers at Cavero have created a correlating numbers mechanism, adding a layer of privacy that even threat actors can't gain enough information to breach. Tips for Preventing Breaches in 2025 Hackers are constantly evolving, and so too should our security protocols. (Sponsored Article) We Need CI/CD for Data Security To handle the modern data environment, we need an approach to data security that integrates continuous visibility and control. MORE NEWS / MORE COMMENTARY HOT TOPICS 'Termite' Ransomware Likely Behind Cleo Zero-Day Attacks The threat actor group recently took credit for a similar attack on Blue Yonder that affected multiple organizations, including Starbucks. Lessons From the Largest Software Supply Chain Incidents The software supply chain is a growing target, and organizations need to take special care to safeguard it. Cybercrime Gangs Abscond With Thousands of Orgs' AWS Credentials The Nemesis and ShinyHunters attackers scanned millions of IP addresses to find exploitable cloud-based flaws, though their operation ironically was discovered due to a cloud misconfiguration of their own doing. Large-Scale Incidents & the Art of Vulnerability Prioritization We can anticipate a growing number of emerging vulnerabilities in the near future, emphasizing the need for an effective prioritization strategy. MORE PRODUCTS & RELEASES Compromised Software Code Poses New Systemic Risk to U.S. Critical Infrastructure Genetec Physical Security Report Shows Accelerating Hybrid Cloud Adoption Onapsis Expands Code Security Capabilities to Accelerate and De-Risk SAP BTP Development Projects KnowBe4 Releases the Latest Phishing Trends in Q3 2024 Phishing Report MORE PRODUCTS & RELEASES EDITORS' CHOICE Actively Exploited Zero-Day, Critical RCEs Lead Microsoft Patch Tuesday The zero-day (CVE-2024-49138), plus a worryingly critical unauthenticated RCE security vulnerability (CVE-2024-49112), are unwanted gifts for security admins this season. LATEST FROM THE EDGE Cybersecurity Lessons From 3 Public Breaches High-profile security incidents provide examples of how common vulnerabilities can be exploited. If you pay attention, you can learn from others' mistakes. LATEST FROM DR TECHNOLOGY Snowflake Rolls Out Mandatory MFA Plan As part of the commitment to CISA's Secure by Design pledge, Snowflake will begin blocking sign-ins using single-factor authentication next year. LATEST FROM DR GLOBAL Governments, Telcos Ward Off China's Hacking Typhoons Infiltrating other nations' telecom networks is a cornerstone of China's geopolitical strategy, and it's having the unintended consequence of driving the uptake of encrypted communications. WEBINARS Identifying the Cybersecurity Metrics that Actually Matter Social Engineering: New Tricks, New Threats, New Defenses View More Dark Reading Webinars >> WHITE PAPERS From security alert to action: Accelerating incident response with automated investigations Enhancing Cybersecurity: The Critical Role Of Software Security Training The Definitive Guide to Container Security Frost Radar: Cloud Security Posture Management, 2024 6 Key Requirements of Multicloud Security Purple AI Datasheet Generative AI Gifts View More White Papers >> FEATURED REPORTS IDC Analyst Brief: Enhancing Incident Response with Automated Investigation Workflows Managing Third-Party Risk Through Situational Awareness 2024 InformationWeek US IT Salary Report View More Dark Reading Reports >>

Dark Reading Daily -- Published By Dark Reading Operated by TechTarget, Inc. and its subsidiaries, 275 Grove Street, Newton, Massachusetts, 02466 US To opt-out of any future Dark Reading Daily Newsletter emails, please respond here. Thoughts about this newsletter? Give us feedback. Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our Privacy Statement.

© 2024 | TechTarget, Inc. | Privacy Statement | Terms & Conditions | Contact Us