Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.

Administered by:

Server stats:

290
active users

shakedown.social: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.4

#authcode

0 posts0 participants0 posts today
Replied in thread
Public *
Kevin Karhan :verified:

@GossiTheDog the sheer fact that #MSPs & #CSPs can access clients' setups without proper #authorization [including #KYC / #KYB, #AuthCode|s and proper authorization via contract] is already sickening.

Such fundamental #ITsec fuckups are reasons alone not to use #Azure or any #Microsoft products & services at all...

  • I mean, it doesn't require #Mitnick-level skills to pull this off, since it doesn't necessitate #Lapsus-Style #SIMswap or other means to gain access...
CyberplaceKevin Beaumont (@GossiTheDog@cyberplace.social)Attached: 3 images This is the partner.microsoft.com portal, it allows CSPs - Cloud Solution Providers - to gain access to their customer's environments. CVE-2024-49035 was around improper privilege management, i.e. being able to access things you shouldn't. It being in CISA KEV says it was being exploited in the wild. That portal allows a huge footprint of access by design.
#mitnick#lapsus#simswap
ExploreLive feeds
About