One of the most common pieces of anti-phishing advice is to double-check the website’s domain name before providing your credentials. Typically, a fraudulent domain stands out to the trained eye, differing from the official URL by at least a few characters. Recently, however, Kaspersky encountered a campaign where attackers instruct victims to input data directly into a legitimate, trusted corporate site: the Microsoft Identity Platform, which supports an OAuth 2.0 specification known as the Device Authorization Grant.
This specific protocol extension was designed to simplify the login experience for smart TVs, IoT hardware, printers, and other input-constrained devices that lack a full browser or keyboard. It allows users to use a nearby smartphone or PC for authorizing these devices to access their accounts.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Blowing Cobalt Strike Out of the Water With Memory Analysis
December 2, 2022
Unit 42 researchers examine several malware samples that incorporate Cobalt Strike components, and discuss some of the ways that we catch these samples by analyzing artifacts from the deltas in process memory at key points of execution. Unit 42 researchers will also discuss the evasion tactics used by these threats, and other issues that make ...
- Indicators of compromise (IOCs): how to collect and use them
December 2, 2022
It would hardly be an exaggeration to say that the phrase “indicators of compromise” (or IOCs) can be found in every report published on the Securelist. Usually after the phrase there are MD5 hashes, IP addresses and other technical data that should help information security specialists to counter a specific threat. But how exactly can indicators ...
- Industry 4.0: CNC Machine Security Risks – Part 2
December 2, 2022
In part one, Trend Micro researchers discussed what numerical control machines do and their basic concepts. These concepts are important to understand the machines better, offering a wider view of their operations. The researchers also laid out how we evaluated the chosen vendors for Trend Micro research. For this blog, Trend Micro will continue discussing their ...
- Google Chrome emergency update fixes 9th zero-day of the year
December 2, 2022
Google has released Chrome 108.0.5359.94/.95 for Windows, Mac, and Linux users to address a single high-severity security flaw, the ninth Chrome zero-day exploited in the wild patched since the start of the year. “Google is aware of reports that an exploit for CVE-2022-4262 exists in the wild,” the search giant said in a security advisory published ...
- Eufy’s security cameras send data to the cloud without consent, and that’s not the worst part
December 1, 2022
Eufy’s claims to keep “privacy in your own hands” have been rendered null, after a researcher caught the security camera company uploading local-only footage to the cloud without user authorization or knowledge. To top it all off, users have also been made aware that you can watch camera streams using VLC without authentication. Paul Moore, a ...
- #StopRansomware: Cuba Ransomware
December 1, 2022
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint CSA to disseminate known Cuba ransomware IOCs and TTPs associated with Cuba ransomware actors identified through FBI investigations, third-party reporting, and open-source reporting. This advisory updates the December 2021 FBI Flash: Indicators of Compromise Associated with Cuba Ransomware. Note: ...

