News

Bleeping Computer1mon
Hackers abuse OAuth 2.0 workflows to hijack Microsoft 365 accounts
Russian threat actors have been abusing legitimate OAuth 2.0 authentication workflows ... The researchers simplified in the following diagram the attack flow targeting users by relying on a ...
Bleeping Computer3y
Microsoft, Google OAuth flaws can be abused in phishing attacks
The relevant campaigns were detected by Proofpoint, and target Outlook Web Access, PayPal, Microsoft ... OAuth apps, developers are given the freedom to select among various available flow types ...
TechRadar1y
Microsoft says criminals are misusing OAuth apps to launch scam attacks
Microsoft says its Threat Intelligence team has been observing financially motivated attacks and scams using OAuth apps as automation tools. In a new post, the team explained how threat actors ...
ZDNet2y
Microsoft warning: These phishing attackers used fake OAuth apps to steal email
Microsoft classifies the attack as "consent phishing" because the attackers use the bogus apps and Azure AD-based OAuth consent prompts (pictured below) to trick targets to grant permissions to ...
Ars Technica4mon
What is device code phishing, and why are Russian spies so successful at it?
Researchers have uncovered a sustained and ongoing campaign by Russian spies that uses a clever phishing technique to hijack Microsoft ... OAuth standard. Authentication through device code flow ...
Hosted on MSN1mon
Russian Cyber Actors Exploit Microsoft OAuth to Breach Ukraine-Linked Organisations
Russian-linked cyber operatives have been leveraging legitimate Microsoft OAuth 2.0 authentication processes to compromise Microsoft 365 accounts of individuals and organisations associated with ...