OAuth Application | Breaking Cybersecurity News | The Hacker News

Microsoft is warning of an uptick in malicious activity from an emerging threat cluster it's tracking as  Storm-0539  for orchestrating gift card fraud and theft via highly sophisticated email and SMS phishing attacks against retail entities during the holiday shopping season. The goal of the attacks is to propagate booby-trapped links that direct victims to adversary-in-the-middle (AiTM) phishing pages that are capable of harvesting their credentials and session tokens. "After gaining access to an initial session and token, Storm-0539 registers their own device for subsequent secondary authentication prompts, bypassing MFA protections and persisting in the environment using the fully compromised identity," the tech giant  said  in a series of posts on X (formerly Twitter). The foothold obtained in this manner further acts as a conduit for escalating privileges, moving laterally across the network, and accessing cloud resources in order to grab sensitive informa...

Microsoft has warned that adversaries are using OAuth applications as an automation tool to deploy virtual machines (VMs) for cryptocurrency mining and launch phishing attacks. "Threat actors compromise user accounts to create, modify, and grant high privileges to OAuth applications that they can misuse to hide malicious activity," the Microsoft Threat Intelligence team  said  in an analysis. "The misuse of OAuth also enables threat actors to maintain access to applications even if they lose access to the initially compromised account." OAuth , short for Open Authorization, is an  authorization and delegation framework  (as opposed to authentication) that provides applications the ability to securely access information from other websites without handing over passwords. In the attacks detailed by Microsoft, threat actors have been observed launching phishing or password-spraying attacks against poorly secured accounts with permissions to create or modify OAuth...