Microsoft Warns of Storm-0539: The Rising Threat Behind Holiday Gift Card Frauds

By: Newsroom — December 16^th 2023 at 05:00

Microsoft is warning of an uptick in malicious activity from an emerging threat cluster it's tracking as Storm-0539 for orchestrating gift card fraud and theft via highly sophisticated email and SMS phishing attacks against retail entities during the holiday shopping season. The goal of the attacks is to propagate booby-trapped links that direct victims to adversary-in-the-middle (AiTM

The Hacker News

Microsoft Warns of Hackers Exploiting OAuth for Cryptocurrency Mining and Phishing

By: Newsroom — December 13^th 2023 at 10:55

Microsoft has warned that adversaries are using OAuth applications as an automation tool to deploy virtual machines (VMs) for cryptocurrency mining and launch phishing attacks. "Threat actors compromise user accounts to create, modify, and grant high privileges to OAuth applications that they can misuse to hide malicious activity," the Microsoft Threat Intelligence team said in an

The Hacker News

Design Flaw in Google Workspace Could Let Attackers Gain Unauthorized Access

By: Newsroom — November 28^th 2023 at 12:34

Cybersecurity researchers have detailed a "severe design flaw" in Google Workspace's domain-wide delegation (DWD) feature that could be exploited by threat actors to facilitate privilege escalation and obtain unauthorized access to Workspace APIs without super admin privileges. "Such exploitation could result in theft of emails from Gmail, data exfiltration from Google Drive, or other

The Hacker News

Hackers Could Exploit Google Workspace and Cloud Platform for Ransomware Attacks

By: Newsroom — November 16^th 2023 at 11:18

A set of novel attack methods has been demonstrated against Google Workspace and the Google Cloud Platform that could be potentially leveraged by threat actors to conduct ransomware, data exfiltration, and password recovery attacks. "Starting from a single compromised machine, threat actors could progress in several ways: they could move to other cloned machines with GCPW installed, gain access

The Hacker News

Critical OAuth Flaws Uncovered in Grammarly, Vidio, and Bukalapak Platforms

By: Newsroom — October 25^th 2023 at 13:04

Critical security flaws have been disclosed in the Open Authorization (OAuth) implementation of popular online services such as Grammarly, Vidio, and Bukalapak, building upon previous shortcomings uncovered in Booking[.]com and Expo. The weaknesses, now addressed by the respective companies following responsible disclosure between February and April 2023, could have allowed malicious actors to

The Hacker News

How to Investigate an OAuth Grant for Suspicious Activity or Overly Permissive Scopes

By: The Hacker News — August 21^st 2023 at 11:12

From a user’s perspective, OAuth works like magic. In just a few keystrokes, you can whisk through the account creation process and gain immediate access to whatever new app or integration you’re seeking. Unfortunately, few users understand the implications of the permissions they allow when they create a new OAuth grant, making it easy for malicious actors to manipulate employees into giving

The Hacker News

Critical 'nOAuth' Flaw in Microsoft Azure AD Enabled Complete Account Takeover

By: Ravie Lakshmanan — June 21^st 2023 at 11:38

A security shortcoming in Microsoft Azure Active Directory (AD) Open Authorization (OAuth) process could have been exploited to achieve full account takeover, researchers said. California-based identity and access management service Descope, which discovered and reported the issue in April 2023, dubbed it nOAuth. "nOAuth is an authentication implementation flaw that can affect Microsoft Azure AD

Naked Security

S3 Ep137: 16th century crypto skullduggery

By: Paul Ducklin — June 1^st 2023 at 16:45

Lots to learn, clearly explained in plain English... listen now! (Full transcript inside.)

s3-ep137-feat-1200

Naked Security

Serious Security: Verification is vital – examining an OAUTH login bug

By: Paul Ducklin — May 30^th 2023 at 16:59

What good is a popup asking for your approval if an attacker can bypass it simply by suppressing it?

The Hacker News

Critical OAuth Vulnerability in Expo Framework Allows Account Hijacking

By: Ravie Lakshmanan — May 27^th 2023 at 07:45

A critical security vulnerability has been disclosed in the Open Authorization (OAuth) implementation of the application development framework Expo.io. The shortcoming, assigned the CVE identifier CVE-2023-28131, has a severity rating of 9.6 on the CVSS scoring system. API security firm Salt Labs said the issue rendered services using the framework susceptible to credential leakage, which could

The Hacker News

Uncovering (and Understanding) the Hidden Risks of SaaS Apps

By: The Hacker News — April 19^th 2023 at 10:32

Recent data breaches across CircleCI, LastPass, and Okta underscore a common theme: The enterprise SaaS stacks connected to these industry-leading apps can be at serious risk for compromise. CircleCI, for example, plays an integral, SaaS-to-SaaS role for SaaS app development. Similarly, tens of thousands of organizations rely on Okta and LastPass security roles for SaaS identity and access

Naked Security

Serious Security: OAuth 2 and why Microsoft is finally forcing you into it

By: Paul Ducklin — October 10^th 2022 at 14:02

Microsoft calls it "Modern Auth", though it's a decade old, and is finally forcing Exchange Online customers to switch to it.

Naked Security

GitHub issues final report on supply-chain source code intrusions

By: Paul Ducklin — April 29^th 2022 at 16:15

Learn how to find out which apps you've given access rights to, and how to revoke those rights immediately in an emergency.