News

Ars Technica3mon
What is device code phishing, and why are Russian spies so successful at it?
The technique is known as device code phishing. It exploits “device code flow,” a form of authentication formalized in the industry-wide OAuth standard. Authentication through device code flow ...
Yahoo Finance3mon
Phishing campaign targets Microsoft device-code authentication flows
This story was originally published on Cybersecurity Dive. To receive daily news and insights, subscribe to our free daily Cybersecurity Dive newsletter. Russia-backed threat actors have attacked ...
Hosted on MSN2mon
The growing threat of device code phishing and how to defend against It
One of the most effective measures is to disable any unnecessary device code authentication flows. If it isn’t essential for business operations, then it should be removed to eliminate a ...
Bleeping Computer3mon
Microsoft: Hackers steal emails in device code phishing attacks
Input constrained devices - those that lack keyboard or browser support, like smart TVs and some IoTs, rely on a code authentication flow to allow allowing users to sign into an application by ...
Infosecurity-magazine.com3mon
Russian Hackers Target Microsoft 365 Accounts with Device Code Phishing
Device code authentication is a method whereby users can sign ... However, they are often not implemented as most organizations are not aware of this authentication flow or its capacity to be abused.
Bleeping Computer1mon
Hackers abuse OAuth 2.0 workflows to hijack Microsoft 365 accounts
Cybersecurity company Volexity observed this activity since early March, right after a similar operation, reported in February by Volexity and Microsoft, that used Device Code Authentication ...
PC World2y
How to use two-factor authentication to lock down your accounts the right way
This convenience does come with a trade-off: Installing Authy on a new device requires its own authentication code, which Authy can send via text message. But Authy mitigates this in two ways ...