A logo sits illuminated outside the Microsoft booth on day 2 of the GSMA Mobile World Congress 2019 on February 26, 2019 in Barcelona, Spain. Getty Images
Security>Identity Management and Access Control

Researchers Find 670+ Microsoft Subdomains Vulnerable to Takeover

The now-fixed flaw could have enabled attackers to trick users into downloading malicious content or sharing credentials.

Security researchers discovered more than 670 Microsoft subdomains vulnerable to account takeover, potentially giving attackers the ability to trick users into sharing their usernames and passwords or downloading malicious files.

Subdomain takeover occurs when a subdomain can be controlled by anyone other than system admins, explain Numan Ozdemir and Ozan Agdepe of security alert service Vullnerability, in a blog post. This can happen due to expired hosting services or DNS misconfigurations, and it can allow an adversary to upload files, create databases, track data traffic, or create a clone of a primary website. If a subdomain seems legitimate, users will likely enter their information.

Read the full article.

TAGS: Vulnerabilities and Threats
Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
padlock icon on an abstract background
Cisco Duo's Multifactor Authentication Service Breached
Apr 15, 2024
laptop with microsoft logo on the screen
U.S. Warns Agencies of Possible Breach via Microsoft Hack
Apr 11, 2024
3D padlock with glowing keyhole on top of abstract digital background
10 Essential Measures To Secure Access Credentials
Mar 26, 2024
3D illustration of numbers and letters in black
PowerShell: How To Generate a Random Password (Revised Script)
Mar 26, 2024