When checking the URL isn’t enough: a Device Code Phishing attack via a Microsoft website


One of the most common pieces of anti-phishing advice is to double-check the website’s domain name before providing your credentials. Typically, a fraudulent domain stands out to the trained eye, differing from the official URL by at least a few characters. Recently, however, Kaspersky encountered a campaign where attackers instruct victims to input data directly into a legitimate, trusted corporate site: the Microsoft Identity Platform, which supports an OAuth 2.0 specification known as the Device Authorization Grant.

This specific protocol extension was designed to simplify the login experience for smart TVs, IoT hardware, printers, and other input-constrained devices that lack a full browser or keyboard. It allows users to use a nearby smartphone or PC for authorizing these devices to access their accounts.

Read more…
Source:  Kaspersky


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Magnet Goblin Targets Publicly Facing Servers Using 1-Day Vulnerabilities

    March 8, 2024

    On January 10, 2024, Ivanti published a security advisory regarding two vulnerabilities in Ivanti Connect Secure VPN. These vulnerabilities, which were exploited in the wild, are identified as CVE-2023-46805 and CVE-2023-21887. The exploitation of these vulnerabilities was quickly adopted by a number of threat actors, resulting in a broad range of malicious activities. Check Point Research ...

  • Patch now! VMWare escape flaws are so serious even end-of-life software gets a fix

    March 8, 2024

    VMWare has issued secuity fixes for its VMware ESXi, Workstation, Fusion, and Cloud Foundation products. It has even taken the unusual step of issuing updates for versions of the affected software that have reached thier end-of-life, meaning they would normally no longer be supported. This flaws affect customers who have deployed VMware Workstation, VMware Fusion, and/or ...

  • Belgium’s largest coffee roaster falls victim to cyber attack

    March 8, 2024

    Coffee Beyers from the Belgian town of Puurs-Sint-Amands has fallen victim to a cyber attack. Hackers managed to break into the company’s computer systems on Thursday. Cybercriminals are clearly targeting Belgian beverage producers this week. During the night from Tuesday to Wednesday, brewery Duvel Moortgat found traces of a break-in on its servers. Read more… Source: Techzine  

  • PetSmart warns customers of credential stuffing attack

    March 7, 2024

    Pet retail company PetSmart has emailed customers to alert them to a recent credential stuffing attack. Credential stuffing relies on the re-use of passwords. Take this example: User of Site A uses the same email and password to login to Site B. Site A gets compromised and those login details are exposed. People with access to ...

  • U.S. Army Intelligence Analyst Arrested and Charged with Conspiracy to Obtain and Disclose National Defense Information

    March 7, 2024

    Korbein Schultz, a U.S. Army soldier and intelligence analyst, was arrested today at Fort Campbell following an indictment by a federal grand jury charging him with conspiracy to obtain and disclose national defense information, exporting technical data related to defense articles without a license, conspiracy to export defense articles without a license, and bribery of ...

  • Jersey data breach leaks personal information

    March 7, 2024

    A data breach at Jersey’s Financial Services Commission has allowed access to non-public names and addresses. The organisation confirmed a “vulnerability” was detected in its Registry system on 23 January. It said the leak did not link any individuals to registered entities or roles held and that it had separately written to those whose names and addresses ...