扫码需谨慎:新型钓鱼攻击正利用“设备代码”劫持微软 365 账户

同时,员工需提高警惕,切勿在未主动发起请求的情况下输入验证代码。为应对此类利用合法机制的漏洞,微软已推出“In Scope by Default”计划,旨在将其安全响应范围扩大,以便未来能更快速地识别并处置此类新型利用手段。

Microsoft 365 Accounts Reportedly Breached After Hackers Exploit Legitimate Microsoft OAuth ...

The surge in attempts to compromise Microsoft 365 accounts has been enabled by readily available phishing tools.

State actors are abusing OAuth device codes to get full M365 account access - here's what ...

Cybercriminals, including state-sponsored threat actors, are increasingly abusing Microsoft’s OAuth 2.0 device code authentication flow to take over Microsoft 365 accounts.
Security Boulevard

Surge of OAuth Device Code Phishing Attacks Targets M365 Accounts

Financially motivated and nation-state threat groups are behind a surge in the use of device code phishing attacks that abuse Microsoft's legitimate OAuth 2.0 device authorization grant flow to trick ...
Technobezz on MSN

Threat groups hijack Microsoft 365 accounts using OAuth device code exploit

Threat Groups Hijack Microsoft 365 Accounts Using OAuth Device Code Exploit Security researchers warn that threat groups are ...
CSOonline

Hackers exploit Microsoft OAuth device codes to hijack enterprise accounts

Cybercriminals and state-sponsored hackers are increasingly exploiting Microsoft’s legitimate OAuth 2.0 device authorization process to hijack enterprise accounts, bypassing multifactor authentication ...