One of the most common pieces of anti-phishing advice is to double-check the website’s domain name before providing your credentials. Typically, a fraudulent domain stands out to the trained eye, differing from the official URL by at least a few characters. Recently, however, Kaspersky encountered a campaign where attackers instruct victims to input data directly into a legitimate, trusted corporate site: the Microsoft Identity Platform, which supports an OAuth 2.0 specification known as the Device Authorization Grant.
This specific protocol extension was designed to simplify the login experience for smart TVs, IoT hardware, printers, and other input-constrained devices that lack a full browser or keyboard. It allows users to use a nearby smartphone or PC for authorizing these devices to access their accounts.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- A cryptor, a stealer and a banking trojan
September 28, 2023
Last month Kaspersky researchers covered a wide range of cybercrime topics. For example, Kaspersky published a private report on a new malware found on underground forums that they call ASMCrypt (related to the DoubleFinger loader). But there’s more going on in the cybercrime landscape, so the researchers also published reports on new versions of the Lumma ...
- phpPgAdmin deserialization vulnerability
September 28, 2023
phpPgAdmin is an open-source, web-based administration tool for managing PostgreSQL, an advanced, enterprise-class, and open-source relational database system. phpPgAdmin is written in PHP and provides a user-friendly interface that allows users to perform various database management tasks. Users can create, modify, and delete databases, tables, and records through this interface, making it a valuable tool ...
- Indian Cyber Force Claims Responsibility for Cyber Attacks on Canadian Websites
September 28, 2023
A group of pro-India hackers on Wednesday claimed responsibility for bringing down the website of the Canadian Armed Forces for two hours. Following a diplomatic winter between India and Canada, the group, which identifies itself as Indian Cyber Force, warned of launching cyber attacks on Canadian websites on September 21. In the last few days, the ...
- Edinburgh Trams website offline following ‘cyber- attack’
September 28, 2023
An Edinburgh transport website has been taken offline after a “cyber attack”. Edinburgh Trams said on Thursday it was the victim of a “cyber crime” which has affected its website. Threat intelligence platform FalconFeeds said that international ransomware group NoName was behind the attack, and also targeted Swiftcard and Mersey Ferries Limited. Read more… Source: STV News
- Russia: Leonardo’s air booking system resumes after cyberattack
September 28, 2023
Russian state conglomerate Rostec said on Thursday it had restored normal operations at its Leonardo air booking system following what it called a “massive cyberattack from abroad”. “The cyberattack has been successfully repelled,” Rostec said in a statement. It described the incident as a Distributed Denial-of-Service (DDoS) Attack”, in which the attacker floods a server with ...
- QR codes in email phishing
September 27, 2023
QR codes are everywhere: you can see them on posters and leaflets, ATM screens, price tags and merchandise, historical buildings and monuments. People use them to share information, promote various online resources, pay for their goodies, and pass verification. And yet you don’t see lots of QR codes in email: users often read messages on ...

