cloud authentication

Microsoft’s cloud ecosystem continues to underpin enterprise digital transformation—yet the discovery and persistence of the nOAuth vulnerability within Entra-integrated applications shines a harsh light on lingering risks at the intersection of identity management, software-as-a-service, and...

Microsoft Active Directory Federation Services (AD FS) has been a cornerstone for organizations seeking to provide single sign-on (SSO) and secure access to a range of web applications—both on-premises and in the cloud. With the explosion of SaaS adoption, the importance of strong authentication...

Reliable authentication is the bedrock of digital trust, especially in enterprise environments reliant on Microsoft 365. In recent weeks, organizations across the EMEA (Europe, Middle East, and Africa) and Asia Pacific regions have faced significant disruptions stemming from issues with...

A new chapter in the ongoing battle for cloud security unfolded recently, as researchers disclosed a brazen and remarkably methodical campaign that has compromised over 80,000 user accounts spanning hundreds of organizations. The abuse of penetration testing tools—originally intended as shields...

Azure Managed Identities (MIs) have revolutionized the way applications authenticate to Azure services by eliminating the need for developers to manage credentials directly. This innovation enhances security by reducing the risk of credential leakage. However, recent research has illuminated...

A new browser-based threat dubbed the “Cookie-Bite” attack is capturing the cybersecurity community’s attention, raising major concerns over the integrity of authentication within cloud environments like Microsoft Azure, Microsoft 365, Google Workspace, AWS, and others. The discovery, recently...

A newly surfaced cybersecurity threat has put over 130,000 devices under the control of a sophisticated botnet, leveraging these compromised endpoints to mount large-scale password spraying attacks against Microsoft 365 accounts. This troubling development, uncovered by SecurityScorecard’s...

If you run a major chunk of your business on Microsoft 365, you might want to put that celebratory “we passed another compliance audit” cake back in the fridge, at least until you hear about the latest episode of Authentication Drama Theatre: the “Cookie Bite” attack. This newly publicized trick...

The End of an Era: Microsoft Entra ID’s Move Away from Service Principal-Less Authentication In a rapidly evolving digital landscape, Microsoft’s approach to identity and access management has been a compass for the industry. With the news that Microsoft Entra ID will officially retire service...

Microsoft is kicking off the year with a bang, unveiling a major feature in its security ecosystem that is bound to make software developers and IT administrators breathe a little easier. Say hello to Managed Identities as Federated Identity Credentials (FICs), now available as a Public Preview...

Another new Windows 8 feature was revealed yesterday, likely as a result of “playing around” with the leaked Windows 8 Milestone release. Roaming options are integrated into the operating system, which apparently are only available for users who have linked the operating system to an online...