iX-Workshop: Angriffe auf Entra ID abwehren

Lernen Sie, wie Sie Entra ID einschließlich Azure-Diensten härten und effektiv vor Angriffen schützen.

https://www.heise.de/news/iX-Workshop-Angriffe-auf-Entra-ID-abwehren-11272745.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#EntraID #IT #iXWorkshops #news

Oracle AI Database 26ai 新機能 - Deep Data Security -
https://qiita.com/Western24/items/4c40e95e432883b51f5c?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items

#qiita #oracle #Security #oci #OracleDatabase #EntraID

Microsoft Fixes Entra ID Flaw That Enabled Service Principal Takeovers

Microsoft has patched a vulnerability in Entra ID that allowed hackers to hijack service principals, potentially leading to full takeover of sensitive systems. A security researcher discovered the flaw, which stemmed from overly broad permissions in the Agent ID Administrator role.

https://osintsights.com/microsoft-fixes-entra-id-flaw-that-enabled-service-principal-takeovers?utm_source=mastodon&utm_medium=social

#EntraId #ServicePrincipalTakeover #IdentitySecurity #PrivilegeEscalation #Microsoft

Microsoft patches vulnerability with highest risk rating in Entra ID

Microsoft recently closed a security vulnerability with the highest risk rating in Entra ID.

https://www.heise.de/en/news/Microsoft-patches-vulnerability-with-highest-risk-rating-in-Entra-ID-11274453.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#CloudComputing #EntraID #IT #Microsoft #Security #Sicherheitslücken #Updates #news

Microsoft stopft Lücke mit Risiko-Höchstwertung in Entra ID

Eine Sicherheitslücke mit Höchstwertung beim Risiko hat Microsoft jüngst in Entra ID geschlossen.

https://www.heise.de/news/Microsoft-stopft-Luecke-mit-Risiko-Hoechstwertung-in-Entra-ID-11274360.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#CloudComputing #EntraID #IT #Microsoft #Security #Sicherheitslücken #Updates #news

I've been building out M365 security tooling as a solo IT/Sec engineer and figured it's time to share it publicly

https://github.com/Bluewal/m365-intune-scripts

What's in there:
• Audit-before-block scripts (legacy auth, device code flow, shared mailboxes, admin accounts)
• Conditional Access policy templates (country blocking, device code flow block)
• Defender XDR threat response (axios supply chain attack IOC scan)

Everything is battle-tested in production on a real tenant. Feedback and PRs welcome.

#BlueTeam #M365 #Intune #EntraID #PowerShell #InfoSec

Sicherheitslücke in Microsoft Entra ID: Agent-ID-Administratoren konnten beliebige Dienstprinzipale übernehmen

Angreifer konzentrieren sich in Microsoft-Entra-ID-Umgebungen zunehmend nicht mehr ausschließlich auf menschliche Administratorkonten. Stattdessen rücken Dienstidentitäten und Rollen der mittleren Verwaltungsebene in den Fokus.

https://www.all-about-security.de/sicherheitsluecke-in-microsoft-entra-id-agent-id-administratoren-konnten-beliebige-dienstprinzipale-uebernehmen/

#microsoft #entraid #agentid #MicrosoftEntra