Microsoft warns that financially-motivated threat actors are using OAuth applications to automate BEC and phishing attacks, push spam, and deploy VMs for cryptomining. OAuth (short for Open ...

Microsoft has warned that fraudulent Microsoft Partner Network (MPN) accounts were used in a phishing campaign that featured bogus apps that tricked victims into granting them permissions to access ...

Attackers are increasingly using malicious OAuth 2.0 applications to siphon data and access sensitive information from a wide variety of cloud platforms, and mitigating the risks is proving ...

Attackers are targeting Microsoft Office 365 users with a Coinbase-themed attack, aiming to take control of their inboxes via OAuth. Office 365 users are receiving ...

Threat analysts have observed a new campaign named ‘OiVaVoii’, targeting company executives and general managers with malicious OAuth apps and custom phishing lures sent from hijacked Office 365 ...

Summary: A new scam has come into light, where scammers are sending out phishing emails to targets by abusing the Google OAuth app. Such an email comes from a legit-looking “[email protected]” address ...

Application-based attacks that use the passwordless “log in with…” feature common to cloud services are on the rise. Against the backdrop of widespread remote working and the increased use of ...

Malicious OAuth app enables attackers to send spam through corporate cloud tenants Your email has been sent In this attack, as reported by Microsoft, threat actors start their operation by ...