Tootfinder

Opt-in global Mastodon full text search. Join the index!

@ErikJonker@mastodon.social
2025-09-18 12:48:54

Interesting,
"One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens"
dirkjanm.io/obtaining-global-a

One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens
While preparing for my Black Hat and DEF CON talks in July of this year, I found the most impactful Entra ID vulnerability that I will probably ever find. One that could have allowed me to compromise every Entra ID tenant in the world (except probably those in national cloud deployments). If you are an Entra ID admin reading this, yes that means complete access to your tenant. The vulnerability consisted of two components: undocumented impersonation tokens that Microsoft uses in their backend f…

@publicvoit@graz.social
2025-09-18 06:41:46

"While preparing for my Black Hat and DEF CON talks in July of this year, I found the most impactful #EntraID #vulnerability that I will probably ever find. This vulnerability could have allowed me to compromise every Entra ID tenant in the world (except probably those in national cloud deploymen…

One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens
While preparing for my Black Hat and DEF CON talks in July of this year, I found the most impactful Entra ID vulnerability that I will probably ever find. One that could have allowed me to compromise every Entra ID tenant in the world (except probably those in national cloud deployments). If you are an Entra ID admin reading this, yes that means complete access to your tenant. The vulnerability consisted of two components: undocumented impersonation tokens that Microsoft uses in their backend f…

@thijs_lucas@norden.social
2025-10-22 04:56:49

Interessante Betrachtung: was wäre Eigentum - bei manchen Männern, die die Welt verbrennen, höher im Wert als Benzin oder unsere Verfassung - wert, wenn es nicht durch menschgemachte Klimakatastrophen bedroht wäre.
From: @…

Post by AJ Sadauskas, @aj@gts.sadauskas.id.au
New research shows the economic impact of increased flooding from global warming from fossil fuel pollution. Properties in Australia's flood-prone areas are worth $42 billion less than they would be if they weren't in a flood-prone area. https://www.sbs.com.au/news/article/homeowners-flood-4...

@rene_mobile@infosec.exchange
2025-09-18 11:38:16

Microsoft Azure/Cloud/AD considered harmful (twice, again)...
Context: cyberplace.social/@GossiTheDog and

Kevin Beaumont (@GossiTheDog@cyberplace.social)
Dirk-jan Mollema, who discovered Zerologon (the most impactful on prem Active Directory vulnerability ever), has discovered an Azure Active Directory (EntraID) vulnerability which allowed anybody to take over any tenant - access any Microsoft 365 resource, basically. CVE-2025-55241 https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/ Edit: Tom Tervoort discovered ZeroLogon and Dirk-jan expanded upon it.

@tezoatlipoca@mas.to
2025-10-16 20:42:54

oh stop whining about how #cryptocurrency is a #fraud, its #fake, its a #ponzi scheme. Ill have you know crypto is _perfectly_ safe and _com…

web3 is going just great (@web3isgreat@indieweb.social)
Attached: 1 image Paxos accidentally mints more than twice the global GDP in PayPal stablecoins October 15, 2025 https://www.web3isgoinggreat.com/?id=paxos-accidental-mint