Hackers target Microsoft Entra accounts in device code vishing attacks

Threat actors are targeting technology, manufacturing, and financial organizations in campaigns that combine device code phishing and voice phishing (vishing) to abuse the OAuth 2.0 Device ...
Tech Digest

Microsoft 365 users targeted in sophisticated ‘vishing’ attack

Hackers have launched a massive campaign targeting Microsoft 365 and Entra ID (formerly Azure AD) users in a phishing and vishing attack.

New phishing campaign tricks employees into bypassing Microsoft 365 MFA

Unwitting employees register a hacker’s device to their account; the crook then uses the resulting OAuth tokens to maintain persistent access.
Yahoo Finance

Phishing campaign targets Microsoft device-code authentication flows

This story was originally published on Cybersecurity Dive. To receive daily news and insights, subscribe to our free daily Cybersecurity Dive newsletter. Russia-backed threat actors have attacked a ...
Hosted on MSN

Threat groups hijack Microsoft 365 accounts using OAuth device code exploit

Security researchers warn that threat groups are exploiting Microsoft's OAuth device code authentication to bypass multi-factor protection and hijack enterprise accounts. The technique, with ...
CSOonline

Hackers exploit Microsoft OAuth device codes to hijack enterprise accounts

Cybercriminals and state-sponsored hackers are increasingly exploiting Microsoft’s legitimate OAuth 2.0 device authorization process to hijack enterprise accounts, bypassing multifactor authentication ...
Hosted on MSN

If you dread a Microsoft Teams invite, just wait until it turns out to be a Russian phish

Digital thieves – quite possibly Kremlin-linked baddies – have been emailing out bogus Microsoft Teams meeting invites to trick victims in key government and business sectors into handing over their ...