One of the most common pieces of anti-phishing advice is to double-check the website’s domain name before providing your credentials. Typically, a fraudulent domain stands out to the trained eye, differing from the official URL by at least a few characters. Recently, however, Kaspersky encountered a campaign where attackers instruct victims to input data directly into a legitimate, trusted corporate site: the Microsoft Identity Platform, which supports an OAuth 2.0 specification known as the Device Authorization Grant.
This specific protocol extension was designed to simplify the login experience for smart TVs, IoT hardware, printers, and other input-constrained devices that lack a full browser or keyboard. It allows users to use a nearby smartphone or PC for authorizing these devices to access their accounts.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Stayin’ Alive – targeted attacks against telecoms and government ministries in Asia
October 11, 2023
In the last few months, Check Point Research has been tracking “Stayin’ Alive”, an ongoing campaign that has been active since at least 2021. The campaign operates in Asia, primarily targeting the Telecom industry, as well as government organizations. The “Stayin’ Alive” campaign consists of mostly downloaders and loaders, some of which are used as ...
- 10 zero-day vulnerabilities in industrial cell router could lead to code execution, buffer overflows
October 11, 2023
Cisco Talos recently disclosed 11 vulnerabilities, 10 of which are zero-days without a patch in an industrial cellular router. Attackers could exploit these vulnerabilities in the Yifan YF325 to carry out a variety of attacks, in some cases gaining the ability to execute arbitrary shell commands on the targeted device. The one other security issue Talos ...
- CISA catalog passes 1,000 known-to-be-exploited vulnerabilities. Celebration time, or is it?
October 11, 2023
On September 18, 2023, the Cybersecurity & Infrastructure Security Agency (CISA) announced that its Known Exploited Vulnerabilities (KEV) catalog has reached the milestone of covering more than 1,000 vulnerabilities since its launch in November 2021. This may seem like a lot, but with over 25,000 new vulnerabilities released in 2022 alone, it helps organizations to ...
- Assessed Cyber Structure and Alignments of North Korea in 2023
October 10, 2023
Historically Mandiant has made assessments on the Democratic People’s Republic of Korea’s (DPRK) cyber program based on Mandiant responses to intrusions, defector accounts, and OSINT reporting, in conjunction with government disclosures of DPRK units and motivation information. These assessments were generalizations and as new activity, such as cryptocurrency-focused units, emerged it blended the efforts from DPRK ...
- How it works: The novel HTTP/2 ‘Rapid Reset’ DDoS attack
October 10, 2023
A number of Google services and Cloud customers have been targeted with a novel HTTP/2-based DDoS attack which peaked in August. These attacks were significantly larger than any previously-reported Layer 7 attacks, with the largest attack surpassing 398 million requests per second. The attacks were largely stopped at the edge of our network by Google’s ...
- Grayling: Previously unseen threat actor targets multiple organizations in Taiwan
October 10, 2023
A previously unknown advanced persistent threat (APT) group used custom malware and multiple publicly available tools to target a number of organizations in the manufacturing, IT, and biomedical sectors in Taiwan. A government agency located in the Pacific Islands, as well as organizations in Vietnam and the U.S., also appear to have been hit as ...

