Pen Test Partners

Compromising a multi-cloud environment from a single exposed secret

TL;DR Introduction In practice, it is still hard to keep secrets safe in the cloud. All major cloud service providers have ...
Dark Reading

AWS Cloud Credential Stealing Campaign Spreads to Azure, Google Cloud

A sophisticated cloud-credential stealing and cryptomining campaign targeting Amazon Web Services (AWS) environments for the past several months has now expanded to Azure and Google Cloud Platform ...
Infosecurity-magazine.com

Azure AD Credentials Exposed in Public App Settings File

A cybersecurity assessment has uncovered a serious vulnerability involving Azure Active Directory (Azure AD). Resecurity’s HUNTER Team discovered that application credentials, specifically the ...
Windows Central

Azure credentials at risk due to Windows 365 vulnerability

Windows 365 is Microsoft's new cloud PC service. It contains a big security vulnerability. Using the right program, users can acquire logged-in users' Azure credentials via Windows 365. No more than a ...
Bleeping Computer

Windows 365 exposes Microsoft Azure credentials in plaintext

A security researcher has figured out a way to dump a user's unencrypted plaintext Microsoft Azure credentials from Microsoft's new Windows 365 Cloud PC service using Mimikatz. Mimikatz is an ...