Dark Reading

Microsoft Previews Feature to Block Malicious OAuth Apps

Threat actors are increasingly including malicious OAuth apps in their campaigns to break into cloud-based systems and applications. To address this growing problem, Microsoft is adding automated ...
Bleeping Computer

Microsoft disables verified partner accounts used for OAuth phishing

Microsoft has disabled multiple fraudulent, verified Microsoft Partner Network accounts for creating malicious OAuth applications that breached organizations' cloud environments to steal email. In a ...
Threat Post

Microsoft OAuth Flaw Opens Azure Accounts to Takeover

Some Microsoft applications are vulnerable to an authentication issue that could enable Azure account takeover. A vulnerability in the way Microsoft applications use OAuth for third-party ...
Bleeping Computer

Microsoft: Exchange servers hacked via OAuth apps for phishing

Microsoft says a threat actor gained access to cloud tenants hosting Microsoft Exchange servers in credential stuffing attacks, with the end goal of deploying malicious OAuth applications and sending ...
ZDNet

Microsoft warns about this phishing attack that wants to read your emails

Microsoft is warning that Office 365 customers are receiving phishing emails that aim to trick them into giving OAuth permissions to a bogus app that then lets attackers read and write emails.
SiliconANGLE

Malicious OAuth applications used to compromise Microsoft Exchange servers

Microsoft Corp. researchers today detailed a recent attack involving malicious OAuth applications that were deployed on compromised cloud tenants to control Exchange servers and spread spam. The ...
https//fedtechmagazine.com

Federated Identity Management: SAML vs OAuth for Agencies

As identity and access management and single sign-on become more prevalent across government, IT pros should catch up on the differences between different security protocols. In April 2018, the Office ...