FlagThis

A high-severity authorization bypass vulnerability (CVE-2024-51479) has been discovered in Next.js, a widely used React framework. This flaw allows unauthorized access to certain pages directly under the application’s root directory, bypassing middleware-based authorization checks. The vulnerability affects versions from 9.5.5 up to 14.2.14. It requires immediate patching to version 14.2.15 to mitigate the risk.

Attackers are leveraging adversary-in-the-middle (AiTM) attacks to gain unauthorized access to Microsoft networks. This advanced form of business email compromise (BEC) targets user credentials and authentication tokens to bypass multi-factor authentication (MFA). AiTM attacks occur when an attacker intercepts communication between a user and a legitimate service, allowing them to steal credentials and access sensitive information. Once inside, attackers can impersonate legitimate users, access email conversations and documents in the cloud, and divert specific emails. Preventing these attacks requires a layered approach including security defaults, conditional access policies, advanced anti-phishing solutions, and constant monitoring for suspicious activity. Detecting and cleaning up after AiTM attacks requires reviewing logs, interviewing users, and disabling compromised accounts.