CSOonline

Beware of overly permissive Azure AD cross-tenant synchronization policies

A new proof of concept shows that attackers can use Azure AD CTS to leap to Microsoft and non-Microsoft application across tenants. Lateral movement techniques have been a critical component of ...
Bleeping Computer

New Microsoft Azure AD CTS feature can be abused for lateral movement

Microsoft's new Azure Active Directory Cross-Tenant Synchronization (CTS) feature, introduced in June 2023, has created a new potential attack surface that might allow threat actors to more easily ...
Bleeping Computer

Grafana warns of critical auth bypass due to Azure AD integration

Grafana has released security fixes for multiple versions of its application, addressing a vulnerability that enables attackers to bypass authentication and take over any Grafana account that uses ...