When checking the URL isn’t enough: a Device Code Phishing attack via a Microsoft website


One of the most common pieces of anti-phishing advice is to double-check the website’s domain name before providing your credentials. Typically, a fraudulent domain stands out to the trained eye, differing from the official URL by at least a few characters. Recently, however, Kaspersky encountered a campaign where attackers instruct victims to input data directly into a legitimate, trusted corporate site: the Microsoft Identity Platform, which supports an OAuth 2.0 specification known as the Device Authorization Grant.

This specific protocol extension was designed to simplify the login experience for smart TVs, IoT hardware, printers, and other input-constrained devices that lack a full browser or keyboard. It allows users to use a nearby smartphone or PC for authorizing these devices to access their accounts.

Read more…
Source:  Kaspersky


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Multiple Internet to Baseband Remote Code Execution Vulnerabilities in Exynos Modems

    April 16, 2023

    In late 2022 and early 2023, Project Zero reported eighteen 0-day vulnerabilities in Exynos Modems produced by Samsung Semiconductor. The four most severe of these eighteen vulnerabilities (CVE-2023-24033, CVE-2023-26496, CVE-2023-26497 and CVE-2023-26498) allowed for Internet-to-baseband remote code execution. Tests conducted by Project Zero confirm that those four vulnerabilities allow an attacker to remotely compromise a phone ...

  • Rheinmetall suffers cyber attack, military business unaffected, spokesperson says

    April 14, 2023

    Rheinmetall (RHMG.DE), suffered a cyber attack to the division of its business dealing with industrial customers, mostly in the automotive sector, the company said on Friday, adding its military division was unaffected. “Rheinmetall is currently investigating the extent of the damages and is in close contact with the relevant authorities,” a spokesperson said. Read more… Source: Reuters  

  • Linux kernel logic allowed Spectre attack on ‘major cloud provider’

    April 13, 2023

    The Spectre vulnerability that has haunted hardware and software makers since 2018 continues to defy efforts to bury it. On Thursday, Eduardo (sirdarckcat) Vela Nava, from Google’s product security response team, disclosed a Spectre-related flaw in version 6.2 of the Linux kernel. Read more… Source: The Register  

  • CISA Releases Sixteen Industrial Control Systems Advisories

    April 13, 2023

    CISA released sixteen Industrial Control Systems (ICS) advisories on April 13, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSMA-23-103-01 B. Braun Battery Pack SP with Wi-Fi ICSA-23-103-01 Siemens Adaptec maxView Application ICSA-23-103-02 Siemens JT Open and JT Utilities ICSA-23-103-03 Siemens in OPC Foundation Local Discovery Server Read more… Source: U.S. Cybersecurity and Infrastructure ...

  • Uncommon infection methods – part 2

    April 13, 2023

    Although ransomware is still a hot topic on which Kaspersky will keep on publishing, they also investigate and publish about other threats. Recently we explored the topic of infection methods, including malvertising and malicious downloads. In this blog post, Kaspersky researchers provide excerpts from the recent reports that focus on uncommon infection methods and describe ...

  • Supply chain security for Go, Part 1: Vulnerability management

    April 13, 2023

    High profile open source vulnerabilities have made it clear that securing the supply chains underpinning modern software is an urgent, yet enormous, undertaking. As supply chains get more complicated, enterprise developers need to manage the tidal wave of vulnerabilities that propagate up through dependency trees. Open source maintainers need streamlined ways to vet proposed dependencies ...