home.social

#storm2372 — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #storm2372, aggregated by home.social.

  1. Despite my issue with the headline (it isn't bypassing MFA as much as tricking the user into authorizing access), this is a real ATO vector, and many teams don't know they're vulnerable to it. Switching off Device Code Flow if not needed, properly scoping authorization controls, enabling conditional access, and more measures can help. #ATO #Security #Storm2372