When checking the URL isn’t enough: a Device Code Phishing attack via a Microsoft website


One of the most common pieces of anti-phishing advice is to double-check the website’s domain name before providing your credentials. Typically, a fraudulent domain stands out to the trained eye, differing from the official URL by at least a few characters. Recently, however, Kaspersky encountered a campaign where attackers instruct victims to input data directly into a legitimate, trusted corporate site: the Microsoft Identity Platform, which supports an OAuth 2.0 specification known as the Device Authorization Grant.

This specific protocol extension was designed to simplify the login experience for smart TVs, IoT hardware, printers, and other input-constrained devices that lack a full browser or keyboard. It allows users to use a nearby smartphone or PC for authorizing these devices to access their accounts.

Read more…
Source:  Kaspersky


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Mystic Stealer: The new kid on the block

    June 15, 2023

    Mystic Stealer is a new information stealer that was first advertised in April 2023. Mystic steals credentials from nearly 40 web browsers and more than 70 browser extensions. The malware also targets cryptocurrency wallets, Steam, and Telegram. The code is heavily obfuscated making use of polymorphic string obfuscation, hash-based import resolution, and runtime calculation of constants. Read more… Source: ...

  • Cyber attacks against APAC commerce sector surpass 1.1 billion

    June 14, 2023

    Over 1.15 billion cyber attacks were launched against retailers, hotels and travel-related organisations in Asia-Pacific (APAC) last year, underscoring the security risks that come with growing digitisation efforts in the commerce sector. According to Akamai’s Entering through the gift shop: attacks on commerce report, retailers in India and China were the most targeted due to the ...

  • Cadet Blizzard emerges as a novel and distinct Russian threat actor

    June 14, 2023

    As Russia’s invasion of Ukraine continues into its second year and Microsoft continues to collaborate with global partners in response, the exposure of destructive cyber capabilities and information operations provide greater clarity into the tools and techniques used by Russian state-sponsored threat actors. Throughout the conflict, Russian threat actors have deployed a variety of destructive capabilities ...

  • CISA and Partners Release Joint Advisory on Understanding Ransomware Threat Actors: LockBit

    June 14, 2023

    Today, CISA, the Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and international partners released Understanding Ransomware Threat Actors: LockBit, a joint Cybersecurity Advisory (CSA) to help organizations understand and defend against threat actors using LockBit, the most globally used and prolific Ransomware-as-a-Service (RaaS) in 2022 and 2023. This guide is ...

  • Australia’s privacy monitor hit by cyber attack

    June 14, 2023

    Australia’s peak privacy body that monitors potential breaches has fallen victim to a cyber attack. The Office of the Australian Information Commissioner has confirmed data belonging to law firm HWL Ebsworth has been stolen by Russian criminal ransomware hackers. Read more… Source: MSN News  

  • “.Zip” top-level domains draw potential for information leaks

    June 13, 2023

    As a result of Google’s announced sale of new TLDs that are also popular file extension formats, there is an increased risk with the deployment of the “.zip” domain that threat actors will develop new vectors for compromising victims. In early May 2023, Google released eight new TLDs, marketing the “.zip” domain as a way ...