Lemmy.World

166,339 readers
7,419 users here now

The World's Internet Frontpage Lemmy.World is a general-purpose Lemmy instance of various topics, for the entire world to use.

Be polite and follow the rules ⚖ https://legal.lemmy.world/tos

Get started

See the Getting Started Guide

Donations 💗

If you would like to make a donation to support the cost of running this platform, please do so at the following donation URLs.

If you can, please use / switch to Ko-Fi, it has the lowest fees for us

Join the team 😎

Check out our team page to join

Questions / Issues

Questions/issues post to
To open a ticket
Reporting is to be done via the reporting button under a post/comment.
Additional Report Info HERE
Please note, you will NOT be able to comment or post while on a VPN or Tor connection

More Lemmy.World

Follow us for server news 🐘

Chat 🗨

Alternative UIs

https://a.lemmy.world - Alexandrite UI
https://photon.lemmy.world - Photon UI
https://m.lemmy.world - Voyager mobile UI
https://old.lemmy.world - A familiar UI

Monitoring / Stats 🌐

Service Status 🔥

https://status.lemmy.world

Lemmy.World is part of the FediHosting Foundation

founded 1 year ago

ADMINS

Compromised Microsoft Key: More Impactful Than We Thought (www.wiz.io)

submitted 1 year ago by REdOG to c/sysadmin

1 comments fedilink

According to Microsoft, the compromised key was inactive and therefore any access token signed by this key must be considered suspicious.

Unfortunately, there is a lack of standardized practices when it comes to application-specific logging. Therefore, in most cases, application owners do not have detailed logs containing the raw access token or its signing key. As a result, identifying and investigating such events can prove exceedingly challenging for app owners.

Compromised Microsoft Key: More Impactful Than We Thought (www.wiz.io)

submitted 1 year ago by L4s to c/secops

0 comments fedilink

Compromised Microsoft Key: More Impactful Than We Thought::Our investigation of the security incident disclosed by Microsoft and CISA and attributed to Chinese threat actor Storm-0558, found that this incident seems to have a broader scope than originally assumed. Organizations using Microsoft and Azure services should take steps to assess potential impact.