Threat actors with elevated privileges could leverage the recently introduced Microsoft Azure Active Directory Cross-Tenant Synchronization feature to facilitate lateral movement to other tenants and establish network persistence, BleepingComputer reports.
Already compromised tenants could have their CTS configurations examined to enable the discovery of other tenants that have allowed "Outbound Sync," with threat actors later changing the configuration of the CTS syncing app to include the compromised user to its sync scope and eventually obtain additional tenant network access without having to input new user credentials, a Vectra report revealed.
New malicious CTS policies could also be distributed by attackers to activate "Automatic User Consent" and "Inbound Sync" that would permit tenant access even with the removal of rogue accounts.
Despite the absence of in-the-wild exploitation of Azure AD CTS, organizations have been urged to strengthen their configurations by eschewing default CTA configurations, as well as restricting cloud environment access.
Modern integrated graphics processing units, including those manufactured by AMD, Arm, Apple, Intel, Qualcomm, and Nvidia, could be targeted to expose sensitive data through the new GPU.zip side-channel attack, which exploits graphical data compression, The Hacker News reports.
U.S. critical infrastructure organizations have been noted by the Department of Homeland Security to be at risk of cyberattacks leveraging artificial intelligence, with China and other nation-states exploiting the technology to deploy more advanced malware attacks and influence operations, CyberScoop reports.