Get a Pentest and security assessment of your IT network.

Cyber Security

Clever Phishing Attack Bypasses MFA to Nab Microsoft Office 365 Credentials

A new phishing campaign can bypass multi-factor authentication (MFA) on Office 365 to access victims data stored on the cloud. Researchers at Cofense Phishing Defense Center discovered the tactic. The attack leverages the OAuth2 framework and OpenID Connect (OIDC) protocol and uses a malicious SharePoint link to trick users into granting permissions to a rogue application. Attackers can steal sensitive user data stored in the cloud as well as find other victims to target.

Source: https://threatpost.com/phishing-campaign-allows-for-mfa-bypass-on-office-365/155864/

Related posts
Cyber Security

Zip Codes & PII: Are They Personal Data?

Cyber Security

Zero-Day Vulnerabilities: User Defence Guide

Cyber Security

Zero Knowledge Voting with Trusted Server

Cyber Security

ZeroNet: 51% Attack Risks & Mitigation