DevOps Articles

Curated articles, resources, tips and trends from the DevOps World.

SaaS RootKit: Attack to Create Hidden Rules in Office 365

2 years ago thenewstack.io
SaaS RootKit: Attack to Create Hidden Rules in Office 365

Summary: This is a summary of an article originally published by The New Stack. Read the full original article here →

Bad actors are always on the search for new methods of attack, making it our job to always stay two steps ahead of them. Adaptive Shield security researchers have discovered a new attack vector due to a vulnerability within Microsoft’s OAuth application registration. Through this vulnerability, an attack can use Exchange’s legacy API to create hidden forwarding rules in Microsoft 365 mailboxes.

Third-party app access combined with hidden forwarding rules creates a sort of SaaS rootkit.

An attack through these hidden forwarding rules should not be mistaken for a one-off, but rather the start of a new attack method through SaaS apps.

Read More
Oh Dear
Oh Dear
The all-in-one monitoring tool for your entire website
Fathom
Fathom
Fathom Analytics: A Better Google Analytics Alternative
Namecheap
Namecheap
DevOpsChat Logo Your DevOps Community
Product
Useful Links

Made with pure grit © 2024 Jetpack Labs Inc. All rights reserved. www.jetpacklabs.com