One of the most common pieces of anti-phishing advice is to double-check the website’s domain name before providing your credentials. Typically, a fraudulent domain stands out to the trained eye, differing from the official URL by at least a few characters. Recently, however, Kaspersky encountered a campaign where attackers instruct victims to input data directly into a legitimate, trusted corporate site: the Microsoft Identity Platform, which supports an OAuth 2.0 specification known as the Device Authorization Grant.
This specific protocol extension was designed to simplify the login experience for smart TVs, IoT hardware, printers, and other input-constrained devices that lack a full browser or keyboard. It allows users to use a nearby smartphone or PC for authorizing these devices to access their accounts.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Earth Estries Targets Government, Tech for Cyberespionage
August 30, 2023
Earlier this year, Trend Micro researchers discovered a new cyberespionage campaign by a hacker group we named Earth Estries. Based on their observations, Earth Estries has been active since at least 2020. The researchers also found some overlaps between the tactics, techniques, and procedures (TTPs) used by Earth Estries and those used by another advanced ...
- Exploring the Inner Workings of DuckTail
August 30, 2023
In their persistent quest to decode DuckTail’s maneuvers, Zscaler ThreatLabz began an intelligence collection operation in May 2023. Through an intensive three-month period of monitoring, Zscaler researchers obtained critical details about DuckTail’s operational framework. This expedition granted them unprecedented visibility into DuckTail’s end-to-end operations, spanning the entire kill chain from reconnaissance to post-compromise. Zscaler team yielded valuable ...
- Multiple Threats Target Adobe ColdFusion Vulnerabilities
August 30, 2023
This past July, Adobe responded to reports of exploits targeting pre-authentication remote code execution (RCE) vulnerabilities in their ColdFusion solution by releasing a series of security updates: APSB23-40, APSB23-41, and APSB23-47. An in-depth analysis of those exploits has been documented by Project Discovery, including a significant vulnerability in the WDDX deserialization process within Adobe ColdFusion ...
- Diving Deep into UNC4841 Operations Following Barracuda ESG Zero-Day Remediation (CVE-2023-2868)
August 29, 2023
On June 15, 2023, Mandiant released a blog post detailing an 8-month-long global espionage campaign conducted by a Chinese-nexus threat group tracked as UNC4841. Over the course of this follow up blog post, Mandiant researchers will detail how UNC4841 has continued to show sophistication and adaptability in response to remediation efforts. Specifically, UNC4841 deployed new and ...
- For the win? Offensive research contests on criminal forums
August 29, 2023
If you’re a security researcher who wants to share your innovations and insights with the wider community (and gain some peer recognition into the bargain), you’ve got a few options: present at conferences; write papers, blogs etc. The legitimate side of the house is awash with opportunities. But what if you’re a threat actor, whose research ...
- CISA Releases IOCs Associated with Malicious Barracuda Activity
August 29, 2023
CISA has released additional indicators of compromise (IOCs) associated with exploitation of CVE-2023-2868. CVE-2023-2868 is a remote command injection vulnerability affecting Barracuda Email Security Gateway (ESG) Appliance, versions 5.1.3.001-9.2.0.006. Malicious threat actors exploited this vulnerability as a zero day as early as October 2022 to gain access to ESG appliances. Read more… Source: U.S. Cybersecurity and Infrastructure ...

