Tag

Oauth Tokens

All articles tagged with #oauth tokens

Kali365 Phishing Kit Bypasses MFA to Target Microsoft 365 Accounts
technology17 days ago

Kali365 Phishing Kit Bypasses MFA to Target Microsoft 365 Accounts

The FBI warns of Kali365, a phishing-as-a-service kit that bypasses multi-factor authentication by tricking victims into approving a device-code sign-in, enabling attackers to harvest OAuth tokens and access Outlook, Teams, and OneDrive; security guidance includes never entering unsolicited device codes, navigating directly to Microsoft rather than using links, monitoring sign-ins and devices, revoking suspicious sessions, keeping MFA enabled, and reporting incidents.

Multiple Cyberattacks Expose Vulnerabilities in Major Tech Firms
data-breach10 months ago

Multiple Cyberattacks Expose Vulnerabilities in Major Tech Firms

Salesloft has temporarily taken Drift offline after a widespread supply chain attack led to the theft of OAuth tokens, impacting over 700 organizations including major companies like Cloudflare and Google Workspace. The breach exploited compromised OAuth tokens associated with Drift's integration with Salesforce, prompting Salesforce to disable all related integrations as a precaution. The incident is linked to the threat cluster UNC6395, and the affected companies are working with cybersecurity firms to enhance security and prevent further attacks.