Consent-Phishing Attack Passed Microsoft's 'Verified Publisher' Checks

Found 54 days ago at

Cybersecurity company Proofpoint on Tuesday described attacks that lulled users into authorizing permissions for malicious cloud apps because they may have trusted Microsoft Verified Publisher screening. The attackers used a malicious OAuth app to gain user consent. It deceived users via fake domain names and spoofing, Proofpoint threat research team explained, via e mail: The threat actors...

Read the article at

More Office News