Dark Reading

Microsoft Previews Feature to Block Malicious OAuth Apps

Threat actors are increasingly including malicious OAuth apps in their campaigns to break into cloud-based systems and applications. To address this growing problem, Microsoft is adding automated ...

ConsentFix debrief: Insights from the new OAuth phishing attack

ConsentFix is an OAuth phishing technique abusing browser-based authorization flows to hijack Microsoft accounts. Push ...
Threat Post

Microsoft OAuth Flaw Opens Azure Accounts to Takeover

Some Microsoft applications are vulnerable to an authentication issue that could enable Azure account takeover. A vulnerability in the way Microsoft applications use OAuth for third-party ...
Bleeping Computer

Microsoft disables verified partner accounts used for OAuth phishing

Microsoft has disabled multiple fraudulent, verified Microsoft Partner Network accounts for creating malicious OAuth applications that breached organizations' cloud environments to steal email. In a ...
ZDNet

Microsoft warns about this phishing attack that wants to read your emails

Microsoft is warning that Office 365 customers are receiving phishing emails that aim to trick them into giving OAuth permissions to a bogus app that then lets attackers read and write emails.
Dark Reading

Microsoft Shares New Guidance in Wake of 'Midnight Blizzard' Cyberattack

Microsoft has released new guidance for organizations on how to protect against persistent nation-state attacks like the one disclosed a few days ago that infiltrated its own corporate email system. A ...
techtimes

Web Account Manager: The Foundational Enabler of Single Sign-On for Windows Applications within the Microsoft Identity Ecosystem

In today's rapidly evolving identity landscape, organizations are accelerating their adoption of cloud-first strategies (specifically by modernizing identity infrastructure through the adoption of ...