Just as we think we’re getting one step ahead of cybercriminals, they find a new way to evade our defenses. The latest method causing trouble for security teams is that of device code phishing, a ...
Overlooked attack method used since last August in a rash of account takeovers. Well, this sucks. But the target list makes sense, from the perspective of an enemy attacking. Ed: trying to be sure the ...
Hosted on MSN
State actors are abusing OAuth device codes to get full M365 account access - here's what we know
Proofpoint reports phishing surge abusing Microsoft OAuth 2.0 device code flow Victims enter codes on real Microsoft domains, granting attackers access tokens Proofpoint advises blocking device code ...
Multiple Russian nation-state actors are targeting sensitive Microsoft 365 accounts via device code authentication phishing, a new analysis by Volexity has revealed. The firm first observed this ...
In the wake of a major takedown of phishing's biggest brand name, Tycoon 2FA, phishers worldwide have scattered. Some have stuck around, but many have moved to other phishing service providers, and ...
GUEST RESEARCH: Device code phishing has advantages over traditional credential phishing in stealth, persistence and evasion New research from Barracuda provides step-by-step insight into how ...
Unwitting employees register a hacker’s device to their account; the crook then uses the resulting OAuth tokens to maintain persistent access. Another device code phishing campaign that abuses OAuth ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results