Security News

Serious Security: Verification is vital – examining an OAUTH login bug
2023-05-30 18:59

Researchers at web coding security company SALT just published a fascinating description of how they found an authentication bug dubbed CVE-2023-28131 in a popular online app-building coding toolkit known as Expo. Expo itself adds a wrapper around the verification process, so that it handles the authentication and the validation for you, ultimately passing a magic access token for the desired website back to the app or website you're connecting from.

Critical OAuth Vulnerability in Expo Framework Allows Account Hijacking
2023-05-27 07:45

A critical security vulnerability has been disclosed in the Open Authorization implementation of the application development framework Expo.io. API security firm Salt Labs said the issue rendered services using the framework susceptible to credential leakage, which could then be used to hijack accounts and siphon sensitive data.

Week in review: Rail transport cybersecurity, “verified” OAuth apps used to infiltrate organizations
2023-02-05 09:30

Mounting cybersecurity pressure is creating headaches in railway boardroomsIn this Help Net Security interview, Dimitri van Zantvliet is the Cybersecurity Director/CISO of Dutch Railways, and co-chair to the Dutch and European Rail ISAC, talks about cyber attacks on railway systems, build a practical cybersecurity approach, as well as cyber legislation. Attackers used malicious "Verified" OAuth apps to infiltrate organizations' O365 email accountsMalicious third-party OAuth apps with an evident "Publisher identity verified" badge have been used by unknown attackers to target organizations in the UK and Ireland, Microsoft has shared.

Hackers Abused Microsoft's "Verified Publisher" OAuth Apps to Breach Corporate Email Accounts
2023-02-01 05:30

Microsoft on Tuesday said it took steps to disable fake Microsoft Partner Network accounts that were used for creating malicious OAuth applications as part of a malicious campaign designed to breach organizations' cloud environments and steal email.On top of that, Microsoft said it implemented additional security measures to improve the vetting process associated with the Microsoft Cloud Partner Program and minimize the potential for fraud in the future.

Microsoft disables verified partner accounts used for OAuth phishing
2023-01-31 15:13

Microsoft has disabled multiple fraudulent, verified Microsoft Partner Network accounts for creating malicious OAuth applications that breached organizations' cloud environments to steal email. In a joint announcement between Microsoft and Proofpoint, Microsoft says the threat actors posed as legitimate companies to enroll and successfully be verified as that company in the MCPP. The threat actors used these accounts to register verified OAuth apps in Azure AD for consent phishing attacks targeting corporate users in the UK and Ireland.

Attackers used malicious “verified” OAuth apps to infiltrate organizations’ O365 email accounts
2023-01-31 13:49

Malicious third-party OAuth apps with an evident "Publisher identity verified" badge have been used by unknown attackers to target organizations in the UK and Ireland, Microsoft has shared. Targets in these organizations who have fallen for the trick effectively allowed these rogue apps to access to their O365 email accounts and infiltrate organizations' cloud environments.

Serious Security: OAuth 2 and why Microsoft is finally forcing you into it
2022-10-10 18:02

So if we're looking at HTTP Authentication, all we're really talking about is asking you to present a credential ,which is, for most of us, a username and password in order to gain access to something. "We're not going to tell you how to do it. We're going to say you should do one of these strong authentication methods, and then, once you know who you're talking to, we'll use OAuth to grant you a token that's independent of your proof of identity, that says what type of access you should have, and how long you should have it."

Malicious Oauth app enables attackers to send spam through corporate cloud tenants
2022-09-27 15:40

To get successful access to those cloud environments, the attackers have deployed credential stuffing attacks: They attempted to reuse valid credentials they obtained from other services or applications. Once all these steps were done, the attackers could easily access the malicious application, even in the case of a password change from the compromised administrator account.

Hackers Using Malicious OAuth Apps to Take Over Email Servers
2022-09-23 05:14

Microsoft on Thursday warned of a consumer-facing attack that made use of rogue OAuth applications on compromised cloud tenants to ultimately seize control of Exchange servers and spread spam. The unauthorized access to the cloud tenant permitted the adversary to register a malicious OAuth application and grant it elevated permissions, and eventually modify Exchange Server settings to allow inbound emails from specific IP addresses to be routed through the compromised email server.

Microsoft Exchange servers hacked via OAuth apps for phishing
2022-09-22 17:13

Microsoft says a threat actor gained access to cloud tenants hosting Microsoft Exchange servers in credential stuffing attacks, with the end goal of deploying malicious OAuth applications and sending phishing emails. "The unauthorized access to the cloud tenant enabled the actor to create a malicious OAuth application that added a malicious inbound connector in the email server."