Experts Comments: Office365 Accounts Compromised Using OAuth

A recently discovered phishing campaign uses a novel approach to infiltrating Office365 accounts: through the Microsoft OAuth API. This continues a trend of hackers exploiting recognizable software companies in order to convince users to accept malware, including another Microsoft vulnerability that compromised account tokens.

Sudhakar Ramakrishna, CEO,  Pulse Secure
December 11, 2019
Zero Trust is key to countering this tactic.
Targeting OAuth apps demonstrates how well hackers are going after all possible attack vectors, especially ones that imitate known, popular applications to trick users into accepting malware or providing credentials. By focusing on hijacking permission token, rather than directly stealing login credentials, the malware covertly accesses user accounts. Best practice to mitigate this attack is throu ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments

In this article