News
It exploits “device code flow,” a form of authentication formalized in the industry-wide OAuth standard. Authentication through device code flow is designed for logging printers, smart TVs ...
To counter device code phishing attacks used by Storm-2372, Microsoft proposes blocking device code flow where possible and enforcing Conditional Access policies in Microsoft Entra ID to limit its ...
Device codes are numeric or alphanumeric codes that are used to authenticate an account on a device that cannot complete the interactive authentication web flow. In device-code phishing attacks, ...
Hosted on MSN4mon
If you dread a Microsoft Teams invite, just wait until it turns out to be a Russian phishFinally, in an update on Friday, Microsoft said it had just "observed Storm-2372 shifting to using the specific client ID for Microsoft Authentication Broker in the device code sign-in flow," and ...
In one case, a different device code phishing technique was used. Rather than the email link taking the target to the Microsoft Device Code authentication page, they were instead taken to a website ...
A new phishing campaign has been spotted using ‘device code phishing’ through Microsoft Teams to target governments, NGOs, and other industries across Europe, North America, Africa, and the ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback