Novel OAuth Client ID Spoofing Technique Targets Cloud Environments
New research reveals cyber-attackers can spoof OAuth Client IDs in Microsoft Entra ID, creating a stealthy path into cloud environments
Spoofing impersonates trusted users, devices, or services to bypass trust and cause fraud; verify identities with strong authentication and signed messages.
Search across headline titles and summaries.
Background for this topic.
Spoofing is the forging of an identity or origin so a message, connection, website, or phone call appears to come from a trusted source. Attackers may impersonate an executive by email, imitate a domain, falsify caller ID, or place packets with a forged source IP address. The goal can be to induce payment or disclosure, deliver malware, bypass trust checks, or obscure the source of traffic. IP spoofing usually prevents a reply from reaching the attacker, but can support reflection attacks; it is not by itself proof of access to the claimed system.
Mitigation depends on the channel. For email, configure and enforce SPF, DKIM, and DMARC, while treating display names and caller ID as untrusted signals. Use phishing-resistant authentication, verify sensitive requests through an independent channel, and validate domains and certificates before users enter credentials. At network boundaries, apply ingress and egress source-address filtering, monitor anomalous traffic, and design services not to trust a claimed address alone.
Weekly headline count for the current query.
New research reveals cyber-attackers can spoof OAuth Client IDs in Microsoft Entra ID, creating a stealthy path into cloud environments
Europol called for action against caller ID spoofing, linking attacks to significant online fraud
The FBI has warned that adversaries have published fake versions of its cybercrime reporting portal IC3
A phishing campaign spoofing Booking.com has been observed targeting hospitality sector, using ClickFix to install malware
EasyDMARC found that just 7.7% of the world’s top 1.8 million email domains have implemented the most stringent DMARC policy
A spoofed Bitdefender site has been used in a malicious campaign distributing VenomRAT and other malware, according to DomainTools
An NTLM hash disclosure spoofing vulnerability that leaks hashes with minimal user interaction has been observed being exploited in the wild
A PhaaS platform, dubbed 'Morphing Meerkat,' uses DNS MX records to spoof over 100 brands and steal credentials, according to Infoblox Threat Intel
A variant of the WikiLoader malware was observed being delivered via SEO poisoning and spoofing Palo Alto Networks’ GlobalProtect VPN software
The US warns that the North Korea-linked Kimsuky group is exploiting poorly configured DMARC protocols to spoof legitimate domains in espionage phishing campaigns
Armorblox uncovers another new tactic used by email fraudsters
The original RatMilad spyware hid behind a VPN and phone number spoofing app called Text Me
Service Could help minimize spoofing and privacy risks