When checking the URL isn’t enough: a Device Code Phishing attack via a Microsoft website


One of the most common pieces of anti-phishing advice is to double-check the website’s domain name before providing your credentials. Typically, a fraudulent domain stands out to the trained eye, differing from the official URL by at least a few characters. Recently, however, Kaspersky encountered a campaign where attackers instruct victims to input data directly into a legitimate, trusted corporate site: the Microsoft Identity Platform, which supports an OAuth 2.0 specification known as the Device Authorization Grant.

This specific protocol extension was designed to simplify the login experience for smart TVs, IoT hardware, printers, and other input-constrained devices that lack a full browser or keyboard. It allows users to use a nearby smartphone or PC for authorizing these devices to access their accounts.

Read more…
Source:  Kaspersky


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Cyber attack hits electronics firm Volex

    October 9, 2023

    A cyber attack has hit electronic manufacturer Volex, opening the door to unauthorised access to some of its IT systems. The AIM-listed British company said it is not expecting any “material” financial impact from the incident but shares dropped over four per cent on Monday morning. After discovering the breach of certain IT systems and data ...

  • India Space Agency fights 100 cyber hacking bids daily

    October 8, 2023

    India’s space agency Isro is facing more than 100 cyber-hacking attempts on a daily basis, disclosed its chairman S Somanath on Sunday. Speaking to TOI, Somanath said, “It is not only Isro, but several other systems (of other organisations) that face hundreds of cyber (hacking) attempts. But such attempts have been stopped by our several ...

  • 23andMe user data breached in credential-stuffing attack

    October 7, 2023

    Biotech company 23andMe, known for its DNA testing kits, said the leak occurred through a credential-stuffing attack. A credential-stuffing attack involves user information that has already been compromised (usernames and passwords, for example) from one organization, which a hacker obtains and attempts to reuse with a second organization — in this case, 23andMe. Because of the ...

  • Qakbot-affiliated actors distribute Ransom Knight malware despite infrastructure takedown

    October 5, 2023

    In a late August 2023 operation involving the FBI and many international partners, law enforcement agencies seized the infrastructure and cryptocurrency assets used by the Qakbot malware, dealing considerable damage to the group’s operations. Many people in the security industry wondered whether this would mean that the Qakbot affiliates were gone forever or just temporarily ...

  • CISA Releases Three Industrial Control Systems Advisories

    October 5, 2023

    CISA released three Industrial Control Systems (ICS) advisories on October 5, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-278-01 Hitachi Energy AFS65x, AFF66x, AFS67x, and AFR67x Series Products ICSA-23-278-02 Qognify NiceVision Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related: CISA Adds Two Known Exploited Vulnerabilities to Catalog, Removes Five KEVs   

  • NSA and CISA Release Advisory on Top Ten Cybersecurity Misconfigurations

    October 5, 2023

    Today, the National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) released a joint cybersecurity advisory (CSA), NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations, which provides the most common cybersecurity misconfigurations in large organizations, and details the tactics, techniques, and procedures (TTPs) actors use to exploit these misconfigurations. The ...