Security News
Office 365 users are receiving emails purporting to come from cryptocurrency platform Coinbase, which ask them to download updated Terms of Service via an OAuth consent app. Here, attackers are betting that they are targeting Office 365 users who are also Coinbase users, researchers said.
A new phishing campaign uses a Coinbase-themed email to install an Office 365 consent app that gives attackers access to a victim's email. Over the past year, hackers have increasingly used Microsoft Office 365 OAuth apps, otherwise known as consent apps, as part of their attacks.
According to researchers from Proofpoint, targets receive a well-crafted lures asking them to click a link which carries them to the legitimate Microsoft third-party apps consent page. "The ability to perform reconnaissance on an O365 account supplies an actor with valuable information that can later be weaponized in business email compromise attacks or account takeoversThe minimal [read-only] permissions requested by these apps also likely help them appear inconspicuous if an organization's O365 administrator audits connected apps for their users' accounts."
Against the backdrop of widespread remote working and the increased use of collaboration apps, attackers are ramping up application-based attacks that exploit OAuth 2.0, Microsoft is warning. An offensive starts when an attacker registers a malicious app with an OAuth 2.0 provider, such as Microsoft's own Azure Active Directory.
The Microsoft applications are vulnerable to an OAuth authentication flaw that could enable Azure account takeover.
API Fortress, the leader in continuous API testing, announces 3loa Helper, an open source application that automates 3-legged OAuth 2.0 flows from the world’s largest social and search providers....
FireEye on Monday announced the availability of a platform to allow organizations and pentesters check their ability to detect and respond to OAuth abuse attacks. read more
Mitigations put in place by Google in May 2017 to help block phishing attacks such as the recent OAuth worm weren’t enough to completely mitigate the issue, as Google's platform still allowed...