Bleeping Computer

Microsoft: OAuth apps used to automate BEC and cryptomining attacks

Microsoft warns that financially-motivated threat actors are using OAuth applications to automate BEC and phishing attacks, push spam, and deploy VMs for cryptomining. OAuth (short for Open ...
Threat Post

Microsoft OAuth Flaw Opens Azure Accounts to Takeover

Some Microsoft applications are vulnerable to an authentication issue that could enable Azure account takeover. A vulnerability in the way Microsoft applications use OAuth for third-party ...
Dark Reading

Azure AD 'Log in With Microsoft' Authentication Bypass Affects Thousands

Organizations that have implemented the "Log in with Microsoft" feature in their Microsoft Azure Active Directory environments could potentially be vulnerable to an authentication bypass that opens ...
SiliconANGLE

Microsoft details three OAuth-focused hacking campaigns

Microsoft Corp. on Tuesday detailed three hacking campaigns that made use of OAuth, a technology commonly used to let workers log into business applications with their Microsoft and Google accounts.

Hundreds of orgs compromised daily in Microsoft device code phishing attacks

Hundreds of organizations have been compromised daily by a Microsoft device-code phishing campaign that uses AI and automation at nearly every stage of the attack chain to ultimately snoop through ...
Computerworld

OAuth phishers make ‘check where the link points’ advice ineffective

Microsoft has warned that phishers are exploiting a built-in behavior of the OAuth authentication protocol to redirect victims to malware, using links that point to legitimate identity provider ...
Bleeping Computer

Microsoft warns of increasing OAuth Office 365 phishing attacks

Microsoft has warned of an increasing number of consent phishing (aka OAuth phishing) attacks targeting remote workers during recent months, BleepingComputer has learned. These attacks were part of ...