New ConsentFix attack hijacks Microsoft accounts via Azure CLI

A new variation of the ClickFix attack dubbed 'ConsentFix' abuses the Azure CLI OAuth app to hijack Microsoft accounts without the need for a password or to bypass multi-factor authentication (MFA) ...

Shut Down And Restart—New Microsoft Attack Beats Passwords, 2FA And Passkeys

Check Point explains that this new technique “tricks people into giving attackers access to their Microsoft accounts. The ...
Redmond Magazine

Microsoft Bringing Inactive Account Removals and Default Security to Azure Active Directory Users

Microsoft announced a couple of Azure Active Directory security enhancements this week. Microsoft is previewing the ability to allow IT pros to remove inactive user accounts for organizations that use ...
Bleeping Computer

Microsoft shares guidance on securing Azure Cosmos DB accounts

Microsoft issued guidance on securing Azure accounts that may be impacted by a recently addressed Cosmos DB critical vulnerability, giving attackers full admin rights to users' data without ...
ZDNet

Microsoft is rolling out these security settings to protect millions of accounts. Here's what's changing

To thwart password and phishing attacks, Microsoft is rolling out security defaults to a massive number of Azure Active Directory (AD) users. Microsoft began rolling out security defaults to customers ...
CSOonline

Attack campaign targeting Azure environments compromised hundreds of accounts

The attack targeted people with senior-level titles through a phishing campaign enabled by other compromised accounts within the organizations. Security researchers warn that an ongoing cloud account ...
TWCN Tech News

Your account has been locked – Microsoft

This post explains how to fix Microsoft Account error Your account has been locked. Several users have reported that Microsoft has locked their accounts without any ...