Clever Phishing Attack Bypasses MFA to Nab Microsoft Office 365 Credentials

19 May 2020

A new phishing campaign can bypass multi-factor authentication (MFA) on Office 365 to access victims’ data stored on the cloud and use it to extort a Bitcoin ransom or even find new victims to target, security researchers have found. Researchers at Cofense Phishing Defense Center discovered the tactic, which leverages the OAuth2 framework and OpenID Connect (OIDC) protocol and uses a malicious SharePoint link to trick users into granting permissions to a rogue application, researcher Elmer Hernandez wrote in a blog post published Tuesday.

Read full article on Threat Post

Date:

19 May 2020

Categorie(s):

NEWS

Tag(s):

Clever, Cloud Security, Cloud Software, Credential Theft, Credentials

5 Top Cybersecurity Books You Must Read27 April 2024
How To Secure Your Instagram Page27 April 2024
School Employee Allegedly Framed a Principal With Racist Deepfake Rant27 April 2024
Russia Vetoed a UN Resolution to Ban Space Nukes27 April 2024
Cybersecurity firm Darktrace sold to Thoma Bravo for $5.3 billion27 April 2024