News

Bleeping Computer3y
Microsoft, Google OAuth flaws can be abused in phishing attacks
Microsoft's OAuth flow Source: Proofpoint. These flows require app developers to define specific parameters, such as a unique client ID, scope, and a redirect URL is opened after successful ...
Threat Post5y
Microsoft OAuth Flaw Opens Azure Accounts to Takeover
The vulnerability exists because when Microsoft applications undergo the OAuth 2.0 (the next generation of OAuth) authorization flow, they trust certain third-party domains and sub-domains that ...
Bleeping Computer4y
Microsoft warns of increasing OAuth Office 365 phishing attacks
Microsoft has warned of an increasing number of consent phishing (aka OAuth phishing) attacks targeting remote workers during recent months, BleepingComputer has learned.
TechRadar1y
Microsoft says criminals are misusing OAuth apps to launch ... - TechRadar
Microsoft says its Threat Intelligence team has been observing financially motivated attacks and scams using OAuth apps as automation tools. In a new post, the team explained how threat actors ...
ZDNet2y
Microsoft warning: These phishing attackers used fake OAuth ... - ZDNET
Microsoft classifies the attack as "consent phishing" because the attackers use the bogus apps and Azure AD-based OAuth consent prompts (pictured below) to trick targets to grant permissions to ...
Ars Technica5mon
What is device code phishing, and why are Russian spies so successful ...
It exploits “device code flow,” a form of authentication formalized in the industry-wide OAuth standard. Authentication through device code flow is designed for logging printers, smart TVs ...