When checking the URL isn’t enough: a Device Code Phishing attack via a Microsoft website


One of the most common pieces of anti-phishing advice is to double-check the website’s domain name before providing your credentials. Typically, a fraudulent domain stands out to the trained eye, differing from the official URL by at least a few characters. Recently, however, Kaspersky encountered a campaign where attackers instruct victims to input data directly into a legitimate, trusted corporate site: the Microsoft Identity Platform, which supports an OAuth 2.0 specification known as the Device Authorization Grant.

This specific protocol extension was designed to simplify the login experience for smart TVs, IoT hardware, printers, and other input-constrained devices that lack a full browser or keyboard. It allows users to use a nearby smartphone or PC for authorizing these devices to access their accounts.

Read more…
Source:  Kaspersky


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Keytronic confirms data breach after Black Basta ransomware gang strikes again

    June 17, 2024

    Hardware firm Keytronic has confirmed a significant data breach weeks after the Black Basta ransomware group leaked over 500GB of the company’s stolen data around two weeks ago. The company, known for its printed circuit board assembly (PCBA), reported the cyberattack in an SEC filing over a month ago on May 6 – the attack was ...

  • Malvertising Campaign Leads to Execution of Oyster Backdoor

    June 17, 2024

    Rapid7 has observed a recent malvertising campaign that lures users into downloading malicious installers for popular software such as Google Chrome and Microsoft Teams. The installers were being used to drop a backdoor identified as Oyster, aka Broomstick. Following execution of the backdoor, we have observed enumeration commands indicative of hands-on-keyboard activity as well as the ...

  • Philippines Maritime Industry Authority web-based systems hit by cyber attack

    June 17, 2024

    Four web-based systems belonging to the Maritime Industry Authority (MARINA) were “attacked and compromised” on Sunday, MARINA said Monday. MARINA said it deployed its concerned officials and employees to its Central Office to “to implement expeditious measure to ensure the protection of the integrity of the systems.” Read more… Source: MSN News Sign up for our Newsletter Related:

  • UK: King Charles military badge rollout delayed over fears China could ‘use them for spying’

    June 15, 2024

    The introduction of military badges specially redesigned to mark King Charles’s accession to the throne has been delayed, with claims British Army chiefs fear the insignia could be made in China, enabling Beijing to insert tracking devices into them. Regiments which have a royal crest on their berets are changing “cap badges” from a design with ...

  • London Hospitals Knew of Cyber Vulnerabilities Years Before Hack

    June 14, 2024

    A group of London hospitals struggling to contain the fallout from a cyberattack against a critical supplier had known for years about weaknesses that left them vulnerable to hacks, according to documents reviewed by Bloomberg News. The Guy’s and St Thomas’ NHS Foundation Trust, which runs five major hospitals in the London area, has failed to ...

  • Europol-coordinated operation tackles the threat of terrorist-operated websites

    June 14, 2024

    Ten countries joined forces with Europol to disrupt the online propaganda activities of religious and politically motivated terrorist organisations across the ideological spectrum. This joint effort, known as Operation HOPPER II, targeted key assets in the online dissemination of terrorist propaganda, including those of the so-called Islamic State, al-Qaeda and its affiliates, and Hay’at Tahrir al-Sham. ...