A rising phishing technique is exploiting a legitimate Microsoft authentication flow to hijack corporate accounts without stealing passwords. Attackers are weaponizing the OAuth 2.0 Device Authorization Grant commonly used to sign in input-constrained devices via a one-time user code to trick victims into approving access on Microsoft’s own domain. Because the final authentication occurs on […]
The post Hackers Use Trusted Microsoft Domain and One-Time Codes to Hijack Corporate Accounts appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Mayura Kathir
Source: gbHackers
Source Link: https://gbhackers.com/microsoft-domain-abused/