Security Boulevard

Azure APIM Signup Bypass: 97.9% of Developer Portals Still Exploitable Anonymously and from the Internet

The Azure APIM signup bypass is a critical vulnerability affecting 97.9% of internet-facing Developer Portals. Azure API ...
CSOonline

Microsoft Entra’s billing roles pose privilege escalation risks in Azure

Guest users with certain billing roles can create and own subscriptions, potentially gaining persistence and privilege escalation within an organization’s Azure environment. Threat actors can abuse ...
CSOonline

Beware of overly permissive Azure AD cross-tenant synchronization policies

A new proof of concept shows that attackers can use Azure AD CTS to leap to Microsoft and non-Microsoft application across tenants. Lateral movement techniques have been a critical component of ...