Cyber Security

Threat actors weaponize OAuth redirection logic to deliver malware

Threat actors weaponize OAuth redirection logic to deliver malware

An ongoing phishing campaign is abusing the OAuth authentication redirection mechanism to avoid triggering conventional email and browser defenses, Microsoft researchers have revealed. The attackers are targeting government and public-sector organizations, and redirecting unsuspecting users from trusted login pages to their own infrastructure, to serve malware or capture login credentials. The attack, from the victim’s perspective The OAuth authentication redirection mechanism is a trusted login feature used by Microsoft, Google and others. It allows users … More

The post Threat actors weaponize OAuth redirection logic to deliver malware appeared first on Help Net Security.

Read More

Related Posts

Cloudflare tracked 230 billion daily threats and here is what it found

Cloudflare tracked 230 billion daily threats and here i...

Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication

Starkiller Phishing Suite Uses AitM Reverse Proxy to By...

Building a High-Impact Tier 1: The 3 Steps CISOs Must Follow

Building a High-Impact Tier 1: The 3 Steps CISOs Must F...

Keepnet launches AI incident response agents that redefine post-delivery email threat containment

Keepnet launches AI incident response agents that redef...

Quantum-Resistant Data Diode Secures Sensitive Data on Edge Devices, Critical Systems

Quantum-Resistant Data Diode Secures Sensitive Data on ...

ProcessUnity Risk Index delivers controls-driven vendor risk scoring for TPRM

ProcessUnity Risk Index delivers controls-driven vendor...