New ConsentFix attack hijacks Microsoft accounts via Azure CLI

A new variation of the ClickFix attack dubbed 'ConsentFix' abuses the Azure CLI OAuth app to hijack Microsoft accounts without the need for a password or to bypass multi-factor authentication (MFA) ...
Bleeping Computer

Microsoft shares guidance on securing Azure Cosmos DB accounts

Microsoft issued guidance on securing Azure accounts that may be impacted by a recently addressed Cosmos DB critical vulnerability, giving attackers full admin rights to users' data without ...
Redmond Magazine

Microsoft Bringing Inactive Account Removals and Default Security to Azure Active Directory Users

Microsoft announced a couple of Azure Active Directory security enhancements this week. Microsoft is previewing the ability to allow IT pros to remove inactive user accounts for organizations that use ...
Dark Reading

Attackers Target Microsoft Accounts to Weaponize OAuth Apps

Threat actors are abusing organizations' weak authentication practices to create and exploit OAuth applications, often for financial gain, in a string of attacks that include various vectors, ...
CSOonline

Attack campaign targeting Azure environments compromised hundreds of accounts

The attack targeted people with senior-level titles through a phishing campaign enabled by other compromised accounts within the organizations. Security researchers warn that an ongoing cloud account ...
TWCN Tech News

Your account has been locked – Microsoft

This post explains how to fix Microsoft Account error Your account has been locked. Several users have reported that Microsoft has locked their accounts without any ...