FlagThis

Hackers are utilizing the FastHTTP library in Go to perform high-speed brute-force password attacks against Microsoft 365 accounts globally. The attacks are characterized by generating a large volume of HTTP requests, focusing on Azure Active Directory endpoints. This technique demonstrates how high-performance libraries can be exploited to conduct rapid credential-based attacks.

Users are experiencing a range of issues related to the brute-force protection mechanism in Nextcloud. These problems include being locked out of the server and concerns about the effectiveness and configurability of the brute-force protection system. Some users have reported that the current implementation of brute-force detection locks them out, and there are not enough configuration options to manage this behavior. These reports show that the current brute force handling needs improvement to reduce false positives and offer more granular controls to the end users.