Attackers are targeting Microsoft 365 users with device code authorization phishing, a technique that fools users into approving access tokens, Proofpoint warns. The method abuses Microsoft’s OAuth 2.0 device authorization grant flow by presenting users with device codes that, when entered, inadvertently grant attackers control of enterprise accounts. This trend reflects a broader shift away from basic password theft toward abusing modern authentication flows to bypass multi-factor authentication protection. The campaigns and the tools used … More
The post Microsoft 365 users targeted in device code phishing attacks appeared first on Help Net Security.