• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
hackers have raked in £34.5 million from covid related scams

Microsoft warns of phishing campaign targeting OAuth tokens

You are here: Home / General Cyber Security News / Microsoft warns of phishing campaign targeting OAuth tokens
January 26, 2022

Shutterstock

Hackers have been focusing on Microsoft 365 customers with a bogus app that steals their OAuth authentication token, giving them complete accessibility to the victim’s email, calendar, and contacts.

Microsoft picked up information of the new cybercrime marketing campaign from Twitter person @ffforward. They discovered that the perpetrator has been concentrating on Microsoft 365 people with an application identified as Improve, making use of the publisher name Counseling Solutions Yuma Personal computer.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


The phishing team has been sending email messages to possible victims with an OAuth ask for. OAuth is a type of authentication that works by using application tokens to manage accessibility to an on-line provider these kinds of as Microsoft 365.

When the person has signed into a company, it sends an OAuth token to the shopper machine which is then equipped to obtain the assistance with no a password for an extended period of time.

When a phishing victim clicks on the OAuth URL in the phishing email, the app will produce an OAuth consent prompt. If the target then agrees to give the app access, the attackers get the authorization token and can then accessibility the user’s knowledge. The OAuth token lets them to keep in the victim’s account till the token expires or is revoked.

The app asks the consumer for many permissions. If granted, it is in a position to signal in on the user’s behalf and read through their person profile, although also changing their user mailbox options. That indicates they can generate new mailbox regulations. The application could also entry the user’s email, send mail on their behalf, and harvest data on their contacts.

In a tweet previous week, Microsoft warned that the phishing marketing campaign had qualified hundreds of corporations. “Microsoft Defender for Cloud Applications, Azure Advert, and Defender for Office environment 365 can help defend versus similar attacks by blocking the OAuth consent hyperlinks or flagging strange habits of buyers or cloud applications,” it extra.

Microsoft classifies OAuth-centered attacks as ‘consent phishing’. It encouraged administrators to configure when end users can grant obtain to apps employing Azure Active Directory in an assessment of the challenge past June.


Some sections of this short article are sourced from:
www.itpro.co.uk

Previous Post: «12 year old polkit flaw lets unprivileged linux users gain root access 12-Year-Old Polkit Flaw Lets Unprivileged Linux Users Gain Root Access
Next Post: Google Drops FLoC and Introduces Topics API to Replace Tracking Cookies for Ads google drops floc and introduces topics api to replace tracking»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257)
  • PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution
  • Securing Data in the AI Era
  • Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild
  • Iranian-Backed Pay2Key Ransomware Resurfaces with 80% Profit Share for Cybercriminals
  • CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises
  • Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads
  • Fake Gaming and AI Firms Push Malware on Cryptocurrency Users via Telegram and Discord
  • Four Arrested in £440M Cyber Attack on Marks & Spencer, Co-op, and Harrods
  • What Security Leaders Need to Know About AI Governance for SaaS

Copyright © TheCyberSecurity.News, All Rights Reserved.