#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

OAuth Application | Breaking Cybersecurity News | The Hacker News

Category — OAuth Application
Microsoft Warns of Storm-0539: The Rising Threat Behind Holiday Gift Card Frauds

Microsoft Warns of Storm-0539: The Rising Threat Behind Holiday Gift Card Frauds

Dec 16, 2023 Online Security / Cybercrime
Microsoft is warning of an uptick in malicious activity from an emerging threat cluster it's tracking as  Storm-0539  for orchestrating gift card fraud and theft via highly sophisticated email and SMS phishing attacks against retail entities during the holiday shopping season. The goal of the attacks is to propagate booby-trapped links that direct victims to adversary-in-the-middle (AiTM) phishing pages that are capable of harvesting their credentials and session tokens. "After gaining access to an initial session and token, Storm-0539 registers their own device for subsequent secondary authentication prompts, bypassing MFA protections and persisting in the environment using the fully compromised identity," the tech giant  said  in a series of posts on X (formerly Twitter). The foothold obtained in this manner further acts as a conduit for escalating privileges, moving laterally across the network, and accessing cloud resources in order to grab sensitive informa...
Microsoft Warns of Hackers Exploiting OAuth for Cryptocurrency Mining and Phishing

Microsoft Warns of Hackers Exploiting OAuth for Cryptocurrency Mining and Phishing

Dec 13, 2023 Cryptocurrency / Threat Analysis
Microsoft has warned that adversaries are using OAuth applications as an automation tool to deploy virtual machines (VMs) for cryptocurrency mining and launch phishing attacks. "Threat actors compromise user accounts to create, modify, and grant high privileges to OAuth applications that they can misuse to hide malicious activity," the Microsoft Threat Intelligence team  said  in an analysis. "The misuse of OAuth also enables threat actors to maintain access to applications even if they lose access to the initially compromised account." OAuth , short for Open Authorization, is an  authorization and delegation framework  (as opposed to authentication) that provides applications the ability to securely access information from other websites without handing over passwords. In the attacks detailed by Microsoft, threat actors have been observed launching phishing or password-spraying attacks against poorly secured accounts with permissions to create or modify OAuth...
How AI Is Transforming IAM and Identity Security

How AI Is Transforming IAM and Identity Security

Nov 15, 2024Machine Learning / Identity Security
In recent years, artificial intelligence (AI) has begun revolutionizing Identity Access Management (IAM), reshaping how cybersecurity is approached in this crucial field. Leveraging AI in IAM is about tapping into its analytical capabilities to monitor access patterns and identify anomalies that could signal a potential security breach. The focus has expanded beyond merely managing human identities — now, autonomous systems, APIs, and connected devices also fall within the realm of AI-driven IAM, creating a dynamic security ecosystem that adapts and evolves in response to sophisticated cyber threats. The Role of AI and Machine Learning in IAM AI and machine learning (ML) are creating a more robust, proactive IAM system that continuously learns from the environment to enhance security. Let's explore how AI impacts key IAM components: Intelligent Monitoring and Anomaly Detection AI enables continuous monitoring of both human and non-human identities , including APIs, service acc...
Expert Insights / Articles Videos
Cybersecurity Resources