Tootfinder

Opt-in global Mastodon full text search. Join the index!

@ErikJonker@mastodon.social
2025-09-18 12:48:54

Interesting,
"One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens"
dirkjanm.io/obtaining-global-a

One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens
While preparing for my Black Hat and DEF CON talks in July of this year, I found the most impactful Entra ID vulnerability that I will probably ever find. One that could have allowed me to compromise every Entra ID tenant in the world (except probably those in national cloud deployments). If you are an Entra ID admin reading this, yes that means complete access to your tenant. The vulnerability consisted of two components: undocumented impersonation tokens that Microsoft uses in their backend f…

@publicvoit@graz.social
2025-09-18 06:41:46

"While preparing for my Black Hat and DEF CON talks in July of this year, I found the most impactful #EntraID #vulnerability that I will probably ever find. This vulnerability could have allowed me to compromise every Entra ID tenant in the world (except probably those in national cloud deploymen…

One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens
While preparing for my Black Hat and DEF CON talks in July of this year, I found the most impactful Entra ID vulnerability that I will probably ever find. One that could have allowed me to compromise every Entra ID tenant in the world (except probably those in national cloud deployments). If you are an Entra ID admin reading this, yes that means complete access to your tenant. The vulnerability consisted of two components: undocumented impersonation tokens that Microsoft uses in their backend f…

@rene_mobile@infosec.exchange
2025-09-18 11:38:16

Microsoft Azure/Cloud/AD considered harmful (twice, again)...
Context: cyberplace.social/@GossiTheDog and

Kevin Beaumont (@GossiTheDog@cyberplace.social)
Dirk-jan Mollema, who discovered Zerologon (the most impactful on prem Active Directory vulnerability ever), has discovered an Azure Active Directory (EntraID) vulnerability which allowed anybody to take over any tenant - access any Microsoft 365 resource, basically. CVE-2025-55241 https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/ Edit: Tom Tervoort discovered ZeroLogon and Dirk-jan expanded upon it.

@adulau@infosec.exchange
2025-11-11 06:57:02

GCVE-BCP-05 - GCVE Vulnerability Format (Updated CVE Record Format) has been published as DRAFT and ready for public review.
The standard is similar to the @… record format with some extensions (via the X_ prefixes) for GCVE format and the reference implementation vulnerability-lookup. This allows some flexibility and innovation in GNA - GCVE space w…

GCVE-BCP-05 - GCVE Vulnerability Format (Updated CVE Record Format)
GCVE Vulnerability Format (Modified CVE Record Format) Version: 1.3 Status: Draft (for Public Review) Date: 2025-11-11 Authors: GCVE Working Group BCP ID: BCP-05 This guide is distributed and available under CC-BY-4.0. Copyright (C) 2025 GCVE Initiative. Introduction The Global Common Vulnerabilities and Exposures (GCVE) project aims to provide a decentralized, flexible, and transparent approach to vulnerability identification and publication. A key component of this effort is the definit…

@thijs_lucas@norden.social
2025-10-22 04:56:49

Interessante Betrachtung: was wäre Eigentum - bei manchen Männern, die die Welt verbrennen, höher im Wert als Benzin oder unsere Verfassung - wert, wenn es nicht durch menschgemachte Klimakatastrophen bedroht wäre.
From: @…

Post by AJ Sadauskas, @aj@gts.sadauskas.id.au
New research shows the economic impact of increased flooding from global warming from fossil fuel pollution. Properties in Australia's flood-prone areas are worth $42 billion less than they would be if they weren't in a flood-prone area. https://www.sbs.com.au/news/article/homeowners-flood-4...

@tezoatlipoca@mas.to
2025-10-16 20:42:54

oh stop whining about how #cryptocurrency is a #fraud, its #fake, its a #ponzi scheme. Ill have you know crypto is _perfectly_ safe and _com…

web3 is going just great (@web3isgreat@indieweb.social)
Attached: 1 image Paxos accidentally mints more than twice the global GDP in PayPal stablecoins October 15, 2025 https://www.web3isgoinggreat.com/?id=paxos-accidental-mint