boB Rudis πŸ‡ΊπŸ‡¦ πŸ‡¬πŸ‡± πŸ‡¨πŸ‡¦Jun 28

O_O Synology's middleware service was inadvertently exposing a master credential during every setup process, and this credential belonged to Synology's global app registration, giving attackers broad read-only access to organizational data including Teams messages, group information, and Microsoft 365 content.

https://modzero.com/en/blog/when-backups-open-backdoors-synology-active-backup-m365/

When Backups Open Backdoors: Accessing Sensitive Cloud Data via "Synology Active Backup for Microsoft 365"

Show threadSraars
@hrbrmstr Whoops?
Jun 29 at 6:32pmWeb