Fake "Security Alert" issues on GitHub use OAuth app to hijack accounts
A widespread phishing campaign has targeted nearly 12,000 GitHub repositories with fake "Security Alert" issues, tricking ...
Hosted on MSN1mon
Microsoft Outlook targeted by new malware attacks allowing sneaky hijacking
It does so by using Outlook email drafts. It proceeds to receive an OAuth token from Microsoft, using a refresh token embedded in its configuration. It stores it in the Windows Registry ...
Bleeping Computer1mon
New FinalDraft malware abuses Outlook mail service for stealthy comms
FinalDraft retrieves an OAuth token from Microsoft using a refresh token embedded in its configuration, and stores it in the Windows Registry for persistent access. Elastic Security Labs also ...