A newly discovered bug in Microsoft Azure's Active Directory (AD) implementation allows a hacker to have unlimited attempts to guess someone's username and password without getting caught. And, these attempts aren't logged on to the server.
That would make an ideal scenario for a stealthy threat actor—leaving server admins with little to no visibility into the attacker's actions, let alone the possibility of blocking them.
No comments:
Post a Comment