Bleeping Computer

Latest Authentication Tokens news

Device code phishing abuses the OAuth device flow, and Google and Azure produce strikingly different attack surfaces. Register for Huntress Labs' Live Hack to learn about attack techniques, defensive ...
Forbes

2FA Code Attacks Surge As Russian Hackers Target Microsoft Users

Microsoft 365 is under attack, China and Russia afflited hackers suspected. Updated December 23 with advice from a mobile security solutions expert regarding the Russian device code attacks targeting ...
Ars Technica

Russian spies use device code phishing to hijack Microsoft accounts

Overlooked attack method used since last August in a rash of account takeovers. Well, this sucks. But the target list makes sense, from the perspective of an enemy attacking. Ed: trying to be sure the ...
TechRadar

A key Microsoft OneDrive feature has a worrying security flaw which could expose user data

Researchers found a flaw in Microsoft OneDrive File Picker The flaw stems in the lack of fine-grained OAuth permissions Microsoft acknowledges the flaw, but hasn't fixed it yet A vulnerability in ...
Bleeping Computer

Latest Huntress Labs news

Device code phishing abuses the OAuth device flow, and Google and Azure produce strikingly different attack surfaces. Register for Huntress Labs' Live Hack to learn about attack techniques, defensive ...
CSOonline

GitHub repositories compromised by stolen OAuth tokens

Salesforce-owned PaaS vendor Heroku and GitHub have both warned that compromised OAuth user tokens were likely used to download private data from organizations using Heroku and continuous integration ...