When checking the URL isn’t enough: a Device Code Phishing attack via a Microsoft website


One of the most common pieces of anti-phishing advice is to double-check the website’s domain name before providing your credentials. Typically, a fraudulent domain stands out to the trained eye, differing from the official URL by at least a few characters. Recently, however, Kaspersky encountered a campaign where attackers instruct victims to input data directly into a legitimate, trusted corporate site: the Microsoft Identity Platform, which supports an OAuth 2.0 specification known as the Device Authorization Grant.

This specific protocol extension was designed to simplify the login experience for smart TVs, IoT hardware, printers, and other input-constrained devices that lack a full browser or keyboard. It allows users to use a nearby smartphone or PC for authorizing these devices to access their accounts.

Read more…
Source:  Kaspersky


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • PoC exploit released for Microsoft Exchange bug dicovered by NSA

    May 3, 2021

    Technical documentation and proof-of-concept exploit (PoC) code is available for a high-severity vulnerability in Microsoft Exchange Server that could let remote attackers execute code on unpatched machines. The flaw is for one of the four that the National Security Agency (NSA) reported to Microsoft and received a fix in April. Read more… Source: Bleeping Computer  

  • N3TW0RM ransomware emerges in wave of cyberattacks in Israel

    May 3, 2021

    A new ransomware gang known as ‘N3TW0RM’ is targeting Israeli companies in a wave of cyberattacks starting last week. Israeli media Haaretz reported that at least four Israeli companies and one nonprofit organization had been successfully breached in this wave of attacks. Read more… Source: Bleeping Computer  

  • San Diego: Scripps Health Cyberattack Causes Widespread Hospital Outages

    May 3, 2021

    Scripps Health, a hospital network based in San Diego, was hit by a cyberattack over the weekend, forcing some critical-care patients to be diverted, according to the San Diego Union-Tribune. Scripps acknowledged the attack in a statement but didn’t specify whether it was a ransomware incident. It’s also unknown whether the adversaries compromised any patient records ...

  • New Buer Malware Downloader Rewritten in E-Z Rust Language

    May 3, 2021

    A variant of the Buer malware, which is being distributed in emails disguised as DHL support shipping notices, comes with a fresh code rewrite in the popular Rust language and looks like it may be in the process of prepping for rental to other cybercrooks. Using the increasingly popular, efficient and easy-to-use Rust programming language will ...

  • Hewlett Packard Enterprise Plugs Critical Bug in Edge Platform Tool

    May 3, 2021

    Hewlett Packard Enterprise (HPE) is urging customers to patch one of its premier edge application management tools that could allow an attacker to carry out a remote authentication bypass attack and infiltrate a customer’s cloud infrastructure. Rated critical, with a CVSS score of 9.8, the bug impacts all versions of HPE’s Edgeline Infrastructure Manager (EIM) prior ...

  • Suspected Chinese state hackers target Russian submarine designer

    April 30, 2021

    Hackers suspected to work for the Chinese government have used a new malware called PortDoor to infiltrate the systems of an engineering company that designs submarines for the Russian Navy. They used a spear-phishing email specifically crafted to lure the general director of the company into opening a malicious document. The threat actor targeted Rubin Central Design ...