Tag: conditional access policies
-
Cloud Blog: (In)tuned to Takeovers: Abusing Intune Permissions for Lateral Movement and Privilege Escalation in Entra ID Native Environments
Source URL: https://cloud.google.com/blog/topics/threat-intelligence/abusing-intune-permissions-entra-id-environments/ Source: Cloud Blog Title: (In)tuned to Takeovers: Abusing Intune Permissions for Lateral Movement and Privilege Escalation in Entra ID Native Environments Feedly Summary: Written by: Thibault Van Geluwe de Berlaere, Karl Madden, Corné de Jong The Mandiant Red Team recently supported a client to visualize the possible impact of a compromise by…
-
Microsoft Security Blog: Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network
Source URL: https://www.microsoft.com/en-us/security/blog/2024/10/31/chinese-threat-actor-storm-0940-uses-credentials-from-password-spray-attacks-from-a-covert-network/ Source: Microsoft Security Blog Title: Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network Feedly Summary: Since August 2023, Microsoft has observed intrusion activity targeting and successfully stealing credentials from multiple Microsoft customers that is enabled by highly evasive password spray attacks. Microsoft has linked the source…
-
Alerts: Foreign Threat Actor Conducting Large-Scale Spear-Phishing Campaign with RDP Attachments
Source URL: https://www.cisa.gov/news-events/alerts/2024/10/31/foreign-threat-actor-conducting-large-scale-spear-phishing-campaign-rdp-attachments Source: Alerts Title: Foreign Threat Actor Conducting Large-Scale Spear-Phishing Campaign with RDP Attachments Feedly Summary: CISA has received multiple reports of a large-scale spear-phishing campaign targeting organizations in several sectors, including government and information technology (IT). The foreign threat actor, often posing as a trusted entity, is sending spear-phishing emails containing malicious…