This alert may not be shared outside your organization, Do Not Repost or send, place on other websites, List servers, or send to others via email, including other associations or parties.  Members and Law enforcement use only. Contact us for any permissions.  To do otherwise will result in the loss of membership.

Complete Story
 

07/01/2025

Microsoft Entra ID vulnerability allows full account takeover – and takes barely any effort

MSN

The vulnerability involves a cross-tenant authentication flaw affecting Entra ID integrations – attackers could execute full account takeover with just access to an Entra tenant and the victim's email.

The report explains that the attack is a low-complexity, low-effort one that bypasses even multi-factor authentication (MFA), conditional access policies and zero-trust security architecture – all things that are generally characteristics of companies with strong cybersecurity postures.

Entra ID vulnerability could have broad effects

Additionally, attackers can get away without leaving much trace, and the Entra ID vulnerability cannot be defended against without vendor-side fixes.

More Info

Printer-Friendly Version


Resources

Alerts

The FRPA alert system distinguishes us from other groups by gathering and providing information to law enforcement, retailers AND financial institutions.

more information
Resources

Resources

Your electronic library to help in fighting financial fraud for all of our partners.

more information