Researchers Find 670+ Microsoft Subdomains Vulnerable to Takeover

  /     /     /  
Publicated : 23/11/2024   Category : security


Researchers Find 670+ Microsoft Subdomains Vulnerable to Takeover


The now-fixed flaw could have enabled attackers to trick users into downloading malicious content or sharing credentials.



Security researchers discovered more than 670 Microsoft subdomains vulnerable to account takeover, potentially giving attackers the ability to trick users into sharing their usernames and passwords or downloading malicious files.
Subdomain takeover occurs when a subdomain can be controlled by anyone other than system admins, explain Numan Ozdemir and Ozan Agdepe of security alert service Vullnerability, in a blog post. This can happen due to expired hosting services or DNS misconfigurations, and it can allow an adversary to upload files, create databases, track data traffic, or create a clone of a primary website. If a subdomain seems legitimate, users will likely enter their information.
This discovery means attackers could have potentially accessed the subdomains of hundreds of Microsoft services and used them in phishing and malware campaigns. Victims cant tell whether a subdomain has been compromised. As a result, if they visit a hijacked subdomain and are prompted to enter their credentials or download a malicious file, theyll likely do it.
Ozdemir and Agdepe created an automated system to scan all subdomains of some Microsoft domains and found the vulnerable subdomains. These included identityhelp.microsoft.com, mybrowser.microsoft.com, web.visualstudio.com, and dev.social.microsoft.com, among others. The researchers shared their findings with Microsoft, which fixed the affected subdomains.
Read more details
here
.
Check out
The Edge
, Dark Readings new section for features, threat data, and in-depth perspectives. Todays featured story:
The Perfect Travel Security Policy for a Globe-Trotting Laptop
.

Last News

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Researchers Find 670+ Microsoft Subdomains Vulnerable to Takeover