Back Issues This Week → Current Issue → Popular →

Varonis researchers discovered a loophole that made it possible to create malicious applications with deceptive names like "Azure Portal." By bypassing safeguards that prevent the use of reserved names, the vulnerabilities allowed attackers to impersonate Microsoft applications.

When not properly managed, Azure applications can pose serious security risks, such as enabling initial access, persistence, and privilege escalation within a Microsoft 365 tenant. This can result in data loss and reputation damage for organizations.