News

Microsoft’s Azure AD, the cloud-based flavor of the on-premises service is an interesting construct. On the surface you think that it has some decent protections enabled by default. The sad truth of the matter is that this is not the case and many options for security are very lacking until you hit much higher security levels. If you add to this equation the likelihood of vulnerabilities and other flaws that can allow an attacker to bypass the security options that are already there it is a bit of a mess. This wonderful thought is what brings us to today’s flaw. According to security researchers, there is a flaw in how Microsoft Azure AD processes its implementation of OAuth (Open Authentication).

There is nothing like hearing about a new information stealer on a Monday. In this case the malware in question goes by the name of Mystic Stealer and was first pushed onto the world in April of 2023. It boasts some pretty impressive features like being able to steal data from 40 different web browsers and over 70 browser extensions. This list of features is on top of targeting crypto wallets, Steam accounts, and Telegram Accounts.

As I have often said, the idea that an operating system, or brand of computer is somehow immune to attack or malware is just a false one. We have seen time and time again where attackers are all too capable of compromising what was once considered “secure”. Now security researchers have found evidence of a sophisticated cross platform toolkit which could indicate an increased focus on macOS.

According to a statement that Microsoft released on Friday, several outrages in their Azure environment were caused by a large-scale Distributed Denial of Service attack. The attack began in early June 2023 when “surges in traffic” began causing availability impacts. Microsoft began an investigation into the incident and are now tracking a potentially new threat group (Storm-1359). The new group is using a somewhat different attack vector although most of the moving parts behind the attack are common.