Compromised Microsoft Key: More Impactful Than We Thought (www.wiz.io)

submitted 1 year ago by REdOG@lemmy.world to c/sysadmin@lemmy.world

1 comments fedilink hide all child comments

According to Microsoft, the compromised key was inactive and therefore any access token signed by this key must be considered suspicious.

Unfortunately, there is a lack of standardized practices when it comes to application-specific logging. Therefore, in most cases, application owners do not have detailed logs containing the raw access token or its signing key. As a result, identifying and investigating such events can prove exceedingly challenging for app owners.

top 1 comments

sorted by: hot top controversial new old

[-] xylogx@lemmy.world 1 points 1 year ago* (last edited 1 year ago)

Great article, thank you for sharing!

So if I understand, Wiz is saying some apps that use Azure AD might not have sufficient logging to identify the IOCs. But MS apps like Exchange Online and Teams do have sufficient logging?

this post was submitted on 22 Jul 2023

7 points (100.0% liked)

Sysadmin

7542 readers

1 users here now

A community dedicated to the profession of IT Systems Administration

No generic Lemmy issue posts please! Posts about Lemmy belong in one of these communities:
!lemmy@lemmy.ml
!lemmyworld@lemmy.world
!lemmy_support@lemmy.ml
!support@lemmy.world

founded 1 year ago

MODERATORS

DarraignTheSane@lemmy.world

00Lemming@lemmy.world

L3s@lemmy.world