OAuth

  • Blog

    Hackers abuse OAuth 2.0 workflows to hijack Microsoft 365 accounts

    Russian threat actors have been abusing legitimate OAuth 2.0 authentication workflows to hijack Microsoft 365 accounts of employees of organizations related to Ukraine and human rights. The adversary is impersonating officials from European countries and contact targets through WhatsApp and Signal messaging platforms. The purpose is to convince potential victims to provide Microsoft authorization codes that give access to accounts, or…

    Read More »
  • Blog

    Phishers abuse Google OAuth to spoof Google in DKIM replay attack

    In a rather clever attack, hackers leveraged a weakness that allowed them to send a fake email that seemed delivered from Google’s systems, passing all verifications but pointing to a fraudulent page that collected logins. The attacker leveraged Google’s infrastructure to trick recipients into accessing a legitimate-looking “support portal” that asks for Google account credentials. The fraudulent message appeared to…

    Read More »
  • Blog

    Fake “Security Alert” issues on GitHub use OAuth app to hijack accounts

    A widespread phishing campaign has targeted nearly 12,000 GitHub repositories with fake “Security Alert” issues, tricking developers into authorizing a malicious OAuth app that grants attackers full control over their accounts and code. “Security Alert: Unusual Access Attempt We have detected a login attempt on your GitHub account that appears to be from a new location or device,” reads the…

    Read More »
  • Blog

    Malicious Adobe, DocuSign OAuth apps target Microsoft 365 accounts

    Cybercriminals are promoting malicious Microsoft OAuth apps that masquerade as Adobe and DocuSign apps to deliver malware and steal Microsoft 365 accounts credentials. The campaigns were discovered by Proofpoint researchers, who characterized them as “highly targeted” in a thread on X. The malicious OAuth apps in this campaign are impersonating Adobe Drive, Adobe Drive X, Adobe Acrobat, and DocuSign. Malicious OAuth…

    Read More »
Back to top button
close