tldrdailynews.com logo
Tag

Oauth

All articles tagged with #oauth

OAuth Redirect Attacks Deliver Malware and Bypass MFA
security1 month ago

OAuth Redirect Attacks Deliver Malware and Bypass MFA

Microsoft Defender researchers warn attackers abuse OAuth 2.0 redirect flows to bypass phishing protections by registering malicious OAuth apps and directing users to attacker-controlled redirect URIs, sometimes via PDFs; victims are taken to phishing pages or intermediaries like EvilProxy that can intercept session cookies to bypass MFA. Other campaigns deliver ZIPs with LNK files that launch PowerShell and DLL side-loading to drop payloads. These are identity-based threats exploiting standard OAuth error handling; Microsoft advises tighter OAuth permissions, stronger identity protections, Conditional Access, and cross-domain detection across email, identity, and endpoints.

via BleepingComputer|
#malware#mfa#oauth
OAuth Redirect Abuse Targets Government Agencies With Malware Delivery
security1 month ago

OAuth Redirect Abuse Targets Government Agencies With Malware Delivery

Microsoft warns of phishing campaigns that exploit OAuth redirect flows to bypass email and browser defenses, steering government and public-sector victims to attacker-controlled landing pages. Attackers use a malicious OAuth app with a redirect URL to rogue domains; victims authenticate, triggering ZIP-delivered payloads that execute PowerShell, DLL sideloading, and in-memory malware to reach a remote C2 server. Some campaigns also employ EvilProxy for credential interception. Defenders are advised to limit user consent, review app permissions, and remove unused or overprivileged apps.

via The Hacker News|
#c2#government-targeted#malware
Device-code phishing with vishing redefines MFA in Microsoft Entra
security1 month ago

Device-code phishing with vishing redefines MFA in Microsoft Entra

Threat actors are abusing the OAuth 2.0 device authorization flow combined with voice phishing to hijack Microsoft Entra accounts. By using legitimate Microsoft OAuth client IDs, they trick victims into authenticating on microsoft.com/devicelogin, after which they can grab refresh tokens and issue access tokens, effectively bypassing MFA and accessing the victim's SaaS apps and data. Campaigns have targeted technology, manufacturing, and financial firms and may involve the ShinyHunters group. Security responses include revoking suspicious OAuth consents, auditing device-code sign-in events, disabling device-code flow when not needed, and enforcing conditional access policies to limit exposure.

via BleepingComputer|
#devicecodephishing#mfabypass#microsoftentra