One of the most common pieces of anti-phishing advice is to double-check the website’s domain name before providing your credentials. Typically, a fraudulent domain stands out to the trained eye, differing from the official URL by at least a few characters. Recently, however, Kaspersky encountered a campaign where attackers instruct victims to input data directly into a legitimate, trusted corporate site: the Microsoft Identity Platform, which supports an OAuth 2.0 specification known as the Device Authorization Grant.
This specific protocol extension was designed to simplify the login experience for smart TVs, IoT hardware, printers, and other input-constrained devices that lack a full browser or keyboard. It allows users to use a nearby smartphone or PC for authorizing these devices to access their accounts.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- SNP MP Stewart McDonald’s emails hacked by Russian group
February 8, 2023
An MP has told the BBC his emails have been stolen and he fears they will be made public. The SNP’s Stewart McDonald said the hack took place in January and he wanted to pre-empt any publication sharing them. Read more… Source: BBC News
- Graphiron: New Russian information stealing malware deployed against Ukraine
February 8, 2023
The Nodaria espionage group (aka UAC-0056) is using a new piece of information stealing malware against targets in Ukraine. The malware (Infostealer.Graphiron) is written in Go and is designed to harvest a wide range of information from the infected computer, including system information, credentials, screenshots, and files. The earliest evidence of Graphiron dates from October 2022. ...
- CISA and FBI Release ESXiArgs Ransomware Recovery Guidance
February 8, 2023
Today, CISA and the Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory, ESXiArgs Ransomware Virtual Machine Recovery Guidance. This advisory describes the ongoing ransomware campaign known as “ESXiArgs.” Malicious cyber actors may be exploiting known vulnerabilities in unpatched and out-of-service or out-of-date versions of VMware ESXi software to gain access to ESXi servers ...
- Blow to Morgan Advanced Materials as cyber-attack to cost millions to deal with
February 7, 2023
Shares in Morgan Advanced Materials tanked 7.5% to 292p this morning after the industrial manufacturer became the latest listed firm to fall victim to a cyber attack which it said would cost millions of pounds to tackle. The 166-year-old firm warned the attack meant some of its IT systems were irrecoverable, and it had been forced ...
- Medusa botnet returns as a Mirai-based variant with ransomware sting
February 7, 2023
A new version of the Medusa DDoS (distributed denial of service) botnet, based on Mirai code, has appeared in the wild, featuring a ransomware module and a Telnet brute-forcer. Medusa is an old malware strain (not to be confused with the same-name Android trojan) being advertised in darknet markets since 2015, which later added HTTP-based DDoS ...
- Hijacking Your Bandwidth: How Proxyware Apps Open You Up to Risk
February 7, 2023
There are many online stories and blog posts teaching people how to make “passive income” by sharing spare computing power and/or unused internet bandwidth. When users willingly or unwillingly install such software on their computers, the systems become agents of a distributed network. The operators of this distributed network might monetize it by selling proxy ...

