Microsoft Account
New ConsentFix attack hijacks Microsoft accounts via Azure CLI
A new variation of the ClickFix attack dubbed ‘ConsentFix’ abuses the Azure CLI OAuth app to hijack Microsoft accounts without the need for a password or to bypass multi-factor authentication (MFA) verifications. A ClickFix attack is a social engineering technique that attempts to trick users into running commands on their computer to install malware or steal data. […]
Microsoft kills more Microsoft Account bypasses in Windows 11
Microsoft is removing more methods that help users create local Windows accounts and bypass the Microsoft account requirement when installing Windows 11. The change was introduced in the Windows 11 Insider Preview Build 26220.6772 (KB5065797) for Insiders in the Dev Channel, indicating that it will likely be included in future production builds. The company claimed […]
Microsoft Authenticator on iOS moves backups fully to iCloud
Microsoft is rolling out a new backup system in September for its Authenticator app on iOS, removing the requirement to use a Microsoft personal account to back up TOTP secrets and account names. Previously, the Microsoft Authenticator app required iOS users to sign in with a personal Microsoft Account to enable backups, regardless of whether they […]
New Windows 11 trick lets you bypass Microsoft Account requirement
A previously unknown trick lets you easily bypass using a Microsoft Account in Windows 11, just as Microsoft tries to make it harder to use local accounts. Since the release of Windows 11, Microsoft has been increasingly closing loopholes and making it harder to use a local account in the operating system. Instead, the company […]
Microsoft’s killing script used to avoid Microsoft Account in Windows 11
Microsoft has removed the ‘BypassNRO.cmd’ script from Windows 11 preview builds, which allowed users to bypass the requirement to use a Microsoft Account when installing the operating system. This change was introduced in the latest Windows 11 Insider Dev preview build, which means it will likely be coming to production builds. “We’re removing the bypassnro.cmd […]
Novel phishing campaign uses corrupted Word documents to evade security
A novel phishing attack abuses Microsoft’s Word file recovery feature by sending corrupted Word documents as email attachments, allowing them to bypass security software due to their damaged state but still be recoverable by the application. Threat actors constantly look for new ways to bypass email security software and land their phishing emails in targets’ […]