Lemmy.World

166,321 readers
6,879 users here now

The World's Internet Frontpage Lemmy.World is a general-purpose Lemmy instance of various topics, for the entire world to use.

Be polite and follow the rules ⚖ https://legal.lemmy.world/tos

Get started

See the Getting Started Guide

Donations 💗

If you would like to make a donation to support the cost of running this platform, please do so at the following donation URLs.

If you can, please use / switch to Ko-Fi, it has the lowest fees for us

Join the team 😎

Check out our team page to join

Questions / Issues

Questions/issues post to
To open a ticket
Reporting is to be done via the reporting button under a post/comment.
Additional Report Info HERE
Please note, you will NOT be able to comment or post while on a VPN or Tor connection

More Lemmy.World

Follow us for server news 🐘

Chat 🗨

Alternative UIs

https://a.lemmy.world - Alexandrite UI
https://photon.lemmy.world - Photon UI
https://m.lemmy.world - Voyager mobile UI
https://old.lemmy.world - A familiar UI

Monitoring / Stats 🌐

Service Status 🔥

https://status.lemmy.world

Lemmy.World is part of the FediHosting Foundation

founded 1 year ago

ADMINS

Compromised Microsoft Key: More Impactful Than We Thought | Wiz Blog (www.wiz.io)

submitted 1 year ago by [email protected] to c/[email protected]

3 comments fedilink

Compromised Microsoft Key: More Impactful Than We Thought (www.wiz.io)

submitted 1 year ago by REdOG to c/sysadmin

1 comments fedilink

According to Microsoft, the compromised key was inactive and therefore any access token signed by this key must be considered suspicious.

Unfortunately, there is a lack of standardized practices when it comes to application-specific logging. Therefore, in most cases, application owners do not have detailed logs containing the raw access token or its signing key. As a result, identifying and investigating such events can prove exceedingly challenging for app owners.

Compromised Microsoft Key: More Impactful Than We Thought (www.wiz.io)

submitted 1 year ago by [email protected] to c/[email protected]

0 comments fedilink

HN Discussion

Compromised Microsoft Key: More Impactful Than We Thought (www.wiz.io)

submitted 1 year ago by [email protected] to c/[email protected]

0 comments fedilink

There is a discussion on Hacker News, but feel free to comment here as well.

Compromised Microsoft Key: More Impactful Than We Thought (www.wiz.io)

submitted 1 year ago by L4s to c/secops

0 comments fedilink

Compromised Microsoft Key: More Impactful Than We Thought::Our investigation of the security incident disclosed by Microsoft and CISA and attributed to Chinese threat actor Storm-0558, found that this incident seems to have a broader scope than originally assumed. Organizations using Microsoft and Azure services should take steps to assess potential impact.

Compromised Microsoft Key: More Impactful Than We Thought | Wiz Blog (www.wiz.io)

submitted 1 year ago by [email protected] to c/[email protected]

1 comments fedilink

This really doesn't make me love cloud identity management. It's exactly the scenario (kind of nightmare one) where you attack the cloud infrastructure and get access to many different customers and apps... potentially in a way completely undetectable by you. At least with local identity providers they have to compromise you, and you might have logs.