Compromised Microsoft Key: More Impactful Than We Thought (www.wiz.io)

submitted 1 year ago by REdOG@lemmy.world to c/sysadmin@lemmy.world

3 comments fedilink hide all child comments

According to Microsoft, the compromised key was inactive and therefore any access token signed by this key must be considered suspicious.

Unfortunately, there is a lack of standardized practices when it comes to application-specific logging. Therefore, in most cases, application owners do not have detailed logs containing the raw access token or its signing key. As a result, identifying and investigating such events can prove exceedingly challenging for app owners.

you are viewing a single comment's thread
view the rest of the comments

[-] xylogx@lemmy.world 4 points 1 year ago* (last edited 1 year ago)

Great article, thank you for sharing!

So if I understand, Wiz is saying some apps that use Azure AD might not have sufficient logging to identify the IOCs. But MS apps like Exchange Online and Teams do have sufficient logging?

this post was submitted on 22 Jul 2023

27 points (100.0% liked)

Sysadmin

7640 readers

17 users here now

A community dedicated to the profession of IT Systems Administration

No generic Lemmy issue posts please! Posts about Lemmy belong in one of these communities:
!lemmy@lemmy.ml
!lemmyworld@lemmy.world
!lemmy_support@lemmy.ml
!support@lemmy.world

founded 1 year ago

MODERATORS

DarraignTheSane@lemmy.world

00Lemming@lemmy.world

L3s@lemmy.world