One of the most common pieces of anti-phishing advice is to double-check the website’s domain name before providing your credentials. Typically, a fraudulent domain stands out to the trained eye, differing from the official URL by at least a few characters. Recently, however, Kaspersky encountered a campaign where attackers instruct victims to input data directly into a legitimate, trusted corporate site: the Microsoft Identity Platform, which supports an OAuth 2.0 specification known as the Device Authorization Grant.
This specific protocol extension was designed to simplify the login experience for smart TVs, IoT hardware, printers, and other input-constrained devices that lack a full browser or keyboard. It allows users to use a nearby smartphone or PC for authorizing these devices to access their accounts.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Apria Healthcare says potentially 2M people caught up in IT security breach
May 23, 2023
Personal and financial data describing almost 1.9 million Apria Healthcare patients and employees may have been accessed by crooks who breached the company’s networks over a series of months in 2019 and 2021. The home healthcare equipment provider, which says it serves about two million patients from 280 locations across America, said it discovered the intrusion ...
- Meet the GoldenJackal APT group. Don’t expect any howls
May 23, 2023
GoldenJackal is an APT group, active since 2019, that usually targets government and diplomatic entities in the Middle East and South Asia. Despite the fact that they began their activities years ago, this group is generally unknown and, as far as Kaspersky understands, has not been publicly described. Their researchers started monitoring the group in mid-2020 ...
- CISA Releases Four Industrial Control Systems Advisories
May 23, 2023
CISA released four Industrial Control Systems (ICS) advisories on May 23, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-143-01 Hitachi Energy AFS65x, AFS67x, AFR67x and AFF66x Products ICSA-23-143-02 Hitachi Energy RTU500 Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related story: CISA Adds Three Known Exploited Vulnerabilities to Catalog
- Dorchester school IT system held to ransom in cyber attack
May 23, 2023
A school has been left unable to use email or accept payments following a cyber attack. Thomas Hardye School in Dorchester said its screens and systems had been locked since being targeted on Sunday. It said the attack was accompanied by a ransom demand, payable on the dark web. Read more… Source: BBC News
- Don’t @ Me: URL Obfuscation Through Schema Abuse
May 22, 2023
A technique is being used in the distribution of multiple families of malware that obfuscates the end destination of a URL by abusing the URL schema. Mandiant tracks this adversary methodology as “URL Schema Obfuscation”. The technique could increase the likelihood of a successful phishing attack, and could cause domain extraction errors in logging or security ...
- More UK councils caught by Capita’s open AWS bucket blunder
May 22, 2023
The bad news train keeps rolling for Capita, with more local British councils surfacing to say their data was put on the line by an unsecured AWS bucket, and, separately, pension clients warning of possible data theft in March’s mega breach. Colchester City Council was the first to step forward last week to claim that tech ...

