When checking the URL isn’t enough: a Device Code Phishing attack via a Microsoft website

The OAuth 2.0 Device Authorization Grant specification was designed to streamline authentication for Smart TVs, IoT devices, and printers. Today, threat actors are weaponizing it.

This article has been indexed from Securelist

Read the original article: