Novel OAuth Client ID Spoofing Technique Targets Cloud Environments
New research reveals cyber-attackers can spoof OAuth Client IDs in Microsoft Entra ID, creating a stealthy path into cloud environments
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
New research reveals cyber-attackers can spoof OAuth Client IDs in Microsoft Entra ID, creating a stealthy path into cloud environments
The Kali365 phishing-as-a-service platform lowers the barrier of entry for cybercriminals, said the FBI
A surge in phishing attacks exploiting Microsoft’s OAuth device code flow has been identified by Proofpoint
A new wave of phishing attacks exploiting Microsoft 365 OAuth tools has been observed impersonating diplomats to steal access codes
A flaw in OneDrive File Picker has exposed millions to data overreach through excessive OAuth permissions
Volexity highlighted how Russian nation-state actors are stealing Microsoft device authentication codes to compromise accounts
Microsoft confirmed an outage of its multi-factor authentication system impacting access to Microsoft 365, causing login failures and service disruption
Microsoft said the Russian nation-state group Midnight Blizzard obfuscated its attack through the use of an OAuth application
Blackwing researchers bypass the authentication system
The review will also conduct a broader review of issues relating to cloud-based identity and authentication infrastructure
The attack bypassed both SPF and DMARC email authentication checks
A large-scale phishing campaign stole passwords, hijacked a user’s sign-in session and skipped the authentication process even if MFA was enabled