A rising phishing technique is exploiting a legitimate Microsoft authentication flow to hijack corporate accounts without stealing passwords. Attackers are weaponizing the OAuth 2.0 Device Authorization Grant commonly used to sign in input-constrained devices via a one-time user code to trick victims into approving access on Microsoft’s own domain. Because the final authentication occurs on […]
The post Hackers Use Trusted Microsoft Domain and One-Time Codes to Hijack Corporate Accounts appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
This article has been indexed from GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Read the original article: