One of the most common pieces of anti-phishing advice is to double-check the website’s domain name before providing your credentials. Typically, a fraudulent domain stands out to the trained eye, differing from the official URL by at least a few characters. Recently, however, Kaspersky encountered a campaign where attackers instruct victims to input data directly into a legitimate, trusted corporate site: the Microsoft Identity Platform, which supports an OAuth 2.0 specification known as the Device Authorization Grant.
This specific protocol extension was designed to simplify the login experience for smart TVs, IoT hardware, printers, and other input-constrained devices that lack a full browser or keyboard. It allows users to use a nearby smartphone or PC for authorizing these devices to access their accounts.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Web trust dies in darkness: Hidden Certificate Authorities undermine public crypto infrastructure
November 19, 2021
Security researchers have checked the web’s public key infrastructure and have measured a long-known but little-analyzed security threat: hidden root Certificate Authorities. Certificate Authorities, or CAs, vouch for the digital certificates we use to establish trust online. You can be reasonably confident that your bank website is actually your bank website when it presents your browser ...
- RedCurl corporate espionage hackers resume attacks with updated tools
November 18, 2021
A crew of highly-skilled hackers specialized in corporate espionage has resumed activity, one of their victims this year being a large wholesale company in Russia. Tracked as RedCurl, the group attacked the Russian business twice this year, each time using carefully constructed spear-phishing emails with initial-stage malware. Active since 2018, RedCurl is responsible for at least 30 ...
- Iranian targeting of IT sector on the rise
November 18, 2021
Iranian threat actors are increasing attacks against IT services companies as a way to access their customers’ networks. This activity is notable because targeting third parties has the potential to exploit more sensitive organizations by taking advantage of trust and access in a supply chain. Microsoft has observed multiple Iranian threat actors targeting the IT ...
- Spear-Phishing Campaign Exploits Glitch Platform to Steal Credentials
November 18, 2021
A long-term spear-phishing campaign is targeting employees of major corporations with emails containing PDFs that link to short-lived Glitch apps hosting credential-harvesting SharePoint phishing pages, researchers have found. Researchers from DomainTools discovered the suspicious PDFs – which themselves do not include malicious content – back in July, wrote Senior Security Researcher Chad Anderson, in a report ...
- Android malware BrazKing returns as a stealthier banking trojan
November 18, 2021
The BrazKing Android banking trojan has returned with dynamic banking overlays and a new implementation trick that enables it to operate without requesting risky permissions. A new malware sample was analyzed by IBM Trusteer researchers who found it outside the Play Store, on sites where people end up after receiving smishing (SMS) messages. These HTTPS sites warn ...
- Hackers deploy Linux malware, web skimmer on e-commerce servers
November 18, 2021
Security researchers discovered that attackers are also deploying a Linux backdoor on compromised e-commerce servers after injecting a credit card skimmer into online shops’ websites. The PHP-coded web skimmer (a script designed to steal and exfiltrate customers’ payment and personal info) is added and camouflaged as a .JPG image file in the /app/design/frontend/ folder. The attackers use ...

