Bleeping Computer

Fake "Security Alert" issues on GitHub use OAuth app to hijack accounts

A widespread phishing campaign has targeted nearly 12,000 GitHub repositories with fake "Security Alert" issues, tricking developers into authorizing a malicious OAuth app that grants attackers full ...
IT News For Australia Business

Russian threat group crafted malicious OAuth apps to breach Microsoft

Microsoft has identified how Russian attackers used rogue OAuth applications to breach its corporate email system, stealing messages and attachments. Last year, the NSA and FBI identified Midnight ...
CRN

Microsoft: Hack By Russian Group Exploited Lack Of MFA

The company said the hackers compromised a ‘legacy’ account that didn’t have multifactor authentication enabled, in an attack that ultimately led to accessing senior Microsoft executive accounts.
Bleeping Computer

Microsoft reveals how hackers breached its Exchange Online accounts

Microsoft confirmed that the Russian Foreign Intelligence Service hacking group, which hacked into its executives’ email accounts in November 2023, also breached other organizations as part of this ...
CSOonline

What is OAuth? How the open authorization framework works

Since the beginning of distributed personal computer networks, one of the toughest computer security nuts to crack has been to provide a seamless, single sign-on (SSO) access experience among multiple ...
Infosecurity-magazine.com

Microsoft Provides Defense Guidance After Nation-State Compromise

Microsoft has provided new details for responders to the Russian nation-state attack that compromised its systems earlier in January, and issued guidance for users on how to combat this threat. On ...
The Financial

Russian hackers accessed Microsoft source code

Microsoft warned Friday that the Russian government hackers it had blamed for hacking its executives’ email last month have been leveraging what they stole to try to break into customers’ computer ...