Bleeping Computer

Microsoft: OAuth apps used to automate BEC and cryptomining attacks

Microsoft warns that financially-motivated threat actors are using OAuth applications to automate BEC and phishing attacks, push spam, and deploy VMs for cryptomining. OAuth (short for Open ...
CSOonline

Cybercrooks faked Microsoft OAuth apps for MFA phishing

Proofpoint observed campaigns impersonating trusted brands like SharePoint and DocuSign with malicious OAuth applications to get into Microsoft 365 accounts. Threat actors have cooked up a clever way ...

Find hidden malicious OAuth apps in Microsoft 365 using Cazadora

Malicious OAuth apps can hide inside Microsoft 365 tenants. Huntress Labs' Cazadora script helps uncover rogue apps before they lead to a breach. Dive deeper in their Tradecraft Tuesday sessions.