Microsoft bug that used forged Azure AD tokens allowed hackers to compromise over two dozen organizations.
Microsoft disclosed on Friday that a validation flaw in its source code allowed a malicious actor going by Storm-0558 to compromise two dozen organizations by forging Azure Active Directory (Azure AD) tokens using a Microsoft account (MSA) consumer signing key. In a more detailed campaign analysis, the tech giant stated that “Storm-0558 acquired an inactive […]
Read More