When checking the URL isn’t enough: a Device Code Phishing attack via a Microsoft website


One of the most common pieces of anti-phishing advice is to double-check the website’s domain name before providing your credentials. Typically, a fraudulent domain stands out to the trained eye, differing from the official URL by at least a few characters. Recently, however, Kaspersky encountered a campaign where attackers instruct victims to input data directly into a legitimate, trusted corporate site: the Microsoft Identity Platform, which supports an OAuth 2.0 specification known as the Device Authorization Grant.

This specific protocol extension was designed to simplify the login experience for smart TVs, IoT hardware, printers, and other input-constrained devices that lack a full browser or keyboard. It allows users to use a nearby smartphone or PC for authorizing these devices to access their accounts.

Read more…
Source:  Kaspersky


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • More than 100,000 hackers have details exposed through malware on cyber crime forums

    August 15, 2023

    Researchers have revealed that more than 100,000 hackers could be operating on compromised devices due to their involvement on cyber crime forums. A study from Hudson Rock identified around 120,000 devices infected with malware that contained login credentials for cyber crime forums. The firm said that many of the individuals operating with compromised machines may have ...

  • Discord.io gets taken down after massive data breach

    August 15, 2023

    Discord.io, a third-party service that helps people generate custom invites for their Discord channels, has been hacked, and information on some 760,000 members stolen. The service has since suspended its operations, and the attacker explained that this is actually a ransom attack – with a twist. As seen on BleepingComputer, a user going by the name ...

  • New widespread IoT compromise could affect millions of logic controller chips

    August 15, 2023

    Microsoft security researcher Vladimir Tokarev demonstrated an interesting attack on the industrial internet of things automation software called Codesys. Tokarev, who showed the exploit last week at the annual BlackHat security conference in Las Vegas, used a miniature elevator model to demonstrate how the attack could crash its cab. The software – and more importantly, its ...

  • UK: Victims and witnesses personal data leaked by Norfolk and Suffolk police

    August 15, 2023

    A total of 1,230 people, including victims of crime and witnesses, have had their data breached by Norfolk and Suffolk police forces. The constabularies said the personal information was included in Freedom of Information (FOI) responses due to a “technical issue”. They said the data was hidden from anyone opening the files but should not have ...

  • CISA Releases Two Industrial Control Systems Advisories

    August 15, 2023

    CISA released two Industrial Control Systems (ICS) advisories on August 15, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-227-01 Schneider Electric EcoStruxure Control Expert, Process Expert, Modicon Read more… Source:  U.S. Cybersecurity and Infrastructure Security Agency  

  • Clorox says certain business operations disrupted in cyber attack

    August 14, 2023

    Clorox said on Monday it had taken certain systems offline after unauthorized activity disrupted some business operations. It said it was implementing workarounds for certain offline operations in order to continue servicing its customers and had engaged third-party cybersecurity experts to support its investigation and recovery efforts. Read more… Source: MSN News