Microsoftは9月22日(米国時間)、「Malicious OAuth applications used to compromise email servers and spread spam - Microsoft Security ...

Microsoft warns that financially-motivated threat actors are using OAuth applications to automate BEC and phishing attacks, push spam, and deploy VMs for cryptomining. OAuth (short for Open ...

OAuthはユーザーが設定した権限に基づいてアプリケーションがデータやリソースにアクセスできるようにするトークンベースの認証と認可の標準規格。今回確認された攻撃では、ユーザーアカウントを侵害してOAuthアプリケーションを作成または変更し、高い ...

Microsoft Corp. on Tuesday detailed three hacking campaigns that made use of OAuth, a technology commonly used to let workers log into business applications with their Microsoft and Google accounts.

Microsoft says a threat actor gained access to cloud tenants hosting Microsoft Exchange servers in credential stuffing attacks, with the end goal of deploying malicious OAuth applications and sending ...

Microsoft has warned that fraudulent Microsoft Partner Network (MPN) accounts were used in a phishing campaign that featured bogus apps that tricked victims into granting them permissions to access ...

Proofpoint observed campaigns impersonating trusted brands like SharePoint and DocuSign with malicious OAuth applications to get into Microsoft 365 accounts. Threat actors have cooked up a clever way ...

Russian-linked cyber operatives have been leveraging legitimate Microsoft OAuth 2.0 authentication processes to compromise Microsoft 365 accounts of individuals and organisations associated with ...