Cofence has discovered an attack that bypasses MFA to nab Microsoft 365 credentials. Researchers at Cofense Phishing Defense Center discovered the tactic, which leverages the OAuth2 framework and OpenID Connect (OIDC) protocol and uses a malicious SharePoint link to trick users into granting permissions to a rogue application, researcher Elmer Hernandez wrote in a blog post published Tuesday.
Experts Comments
Linkedin Message
@Niamh Muldoon, Senior Director of Trust and Security EMEA, provides expert commentary at @Information Security Buzz.
"This new type of attack demonstrates that multi-factor authentication alone is not enough to protect against increasingly sophisticated phishing attacks...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/clever-phishing-attack-bypasses-mfa-to-nab-microsoft-office-365-credentials-expert-reaction
Facebook Message
@Niamh Muldoon, Senior Director of Trust and Security EMEA, provides expert commentary at @Information Security Buzz.
"This new type of attack demonstrates that multi-factor authentication alone is not enough to protect against increasingly sophisticated phishing attacks...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/clever-phishing-attack-bypasses-mfa-to-nab-microsoft-office-365-credentials-expert-reaction
Be part of our growing Information Security Expert Community (1000+), please register here.
Linkedin Message
@Dan Conrad, Field Strategist, provides expert commentary at @Information Security Buzz.
"This is a very well-crafted phish as it “front ends” O365 with a malicious SharePoint site...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/clever-phishing-attack-bypasses-mfa-to-nab-microsoft-office-365-credentials-expert-reaction
Facebook Message
@Dan Conrad, Field Strategist, provides expert commentary at @Information Security Buzz.
"This is a very well-crafted phish as it “front ends” O365 with a malicious SharePoint site...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/clever-phishing-attack-bypasses-mfa-to-nab-microsoft-office-365-credentials-expert-reaction