One of the most common pieces of anti-phishing advice is to double-check the website’s domain name before providing your credentials. Typically, a fraudulent domain stands out to the trained eye, differing from the official URL by at least a few characters. Recently, however, Kaspersky encountered a campaign where attackers instruct victims to input data directly into a legitimate, trusted corporate site: the Microsoft Identity Platform, which supports an OAuth 2.0 specification known as the Device Authorization Grant.
This specific protocol extension was designed to simplify the login experience for smart TVs, IoT hardware, printers, and other input-constrained devices that lack a full browser or keyboard. It allows users to use a nearby smartphone or PC for authorizing these devices to access their accounts.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Hackers accessed sensitive health data of Welltok patients
November 20, 2023
Hackers accessed the personal data of more than a million people by exploiting a security vulnerability in a file transfer tool used by Welltok, the healthcare platform owned by Virgin Pulse. Welltok, a Denver-based patient engagement company that works with healthcare plans to provide communications to subscribers about their healthcare, confirmed in a data breach notification ...
- K-12 schools improve protection against online attacks, but many are vulnerable to ransomware gangs
November 19, 2023
Some K-12 public schools are racing to improve protection against the threat of online attacks, but lax cybersecurity means thousands of others are vulnerable to ransomware gangs that can steal confidential data and disrupt operations. Since a White House conference in August on ransomware threats, dozens of school districts have signed up for free cybersecurity services, ...
- Canada: Current and former public service, RCMP, military members affected by data breach
November 18, 2023
The federal government is warning current and former public service employees and members of the RCMP and Canadian Armed Forces their personal and financial information may have been accessed in a data breach that occurred on Oct. 19. The breach affects federal government data held by Brookfield Global Relocation Services (BGRS) and SIRVA Worldwide Relocation & ...
- Toyota finance business confirms ransomware attack, data breach
November 18, 2023
Toyota Financial Services (TFS), a subsidiary of the popular automaker, has confirmed suffering a ransomware attack. In a statement company stated that Toyota Financial Services Europe & Africa “recently identified unauthorized activity on systems in a limited number of its locations.” The company only mentioned unauthorized activity on its endpoints and didn’t discuss if any data ...
- Stately Taurus targets the Philippines as tensions flare in the South Pacific
November 17, 2023
Tensions between China and the Philippines have risen sharply over the past several months. Coinciding with these real-world events, Unit 42 researchers observed three Stately Taurus campaigns during the month of August. These campaigns are assessed to have targeted entities in the South Pacific including the Philippines government. The campaigns leveraged legitimate software including Solid PDF ...
- Into The Trash: Analyzing LitterDrifter
November 17, 2023
Gamaredon, also known as Primitive Bear, ACTINIUM, and Shuckworm, is a unique player in the Russian espionage ecosystem that targets a wide variety of almost exclusively Ukrainian entities. While researchers often struggle to uncover evidence of Russian espionage activities, Gamaredon is notably conspicuous. The group behind it conducts large-scale campaigns while still primarily focusing on regional ...

