all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Attackers abuse Microsoft’s 'verified publisher' status to steal data

Add to bookmarks
Feb. 1, 2023, 6:30 a.m. | Jeff Burt

The Register - Security www.theregister.com

Malicious OAuth apps were the tickets into victims' systems

Miscreants using malicious OAuth applications abused Microsoft's "verified publisher" status to gain access to organizations' cloud environments, then steal data and pry into to users' mailboxes, calendars, and meetings.…

abuse access applications apps attackers cloud cloud environments data environments malicious malicious oauth applications microsoft oauth organizations publisher steal systems tickets verified verified publisher

Visit resource

More from www.theregister.com / The Register - Security

Russia, Iran pose most aggressive threat to 2024 elections, say infoseccers 3 hours ago | www.theregister.com
cybercriminals elections experts google +13
What to do in the age of the critical breach 7 hours ago | www.theregister.com
age breach breaches crisis +12
Indian bank’s IT is so shabby it’s been banned from opening new accounts 10 hours ago | www.theregister.com
accounts app bank banned +8
Australia’s spies and cops want ‘accountable encryption’ - aka backdoors 16 hours ago | www.theregister.com
agency assistance attacks australia +21
Governments issue alerts after 'sophisticated' state-backed actor found exploiting flaws in Cisco security boxes 17 hours ago | www.theregister.com
actor alerts cisco cisco security +22
Shouldn't Teams, Zoom, Slack all interoperate securely for the Feds? Wyden is asking 21 hours ago | www.theregister.com
apps asking collaboration collaboration software +17
Microsoft cannot keep its own security in order, so what hope for its add-ons customers? 23 hours ago | www.theregister.com
add-ons breaches charging customers +12
Management company settles for $18.4M after nuclear weapons plant staff fudged their timesheets 1 day, 2 hours ago | www.theregister.com
atomic collect criminal facility +12
Google cools on cookie phase-out while regulators chew on plans 1 day, 2 hours ago | www.theregister.com
authority challenges chrome cma +19

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Cloud Technical Solutions Engineer, Security

@ Google | Mexico City, CDMX, Mexico
View on infosec-jobs.com

Assoc Eng Equipment Engineering

@ GlobalFoundries | SGP - Woodlands
View on infosec-jobs.com

Staff Security Engineer, Cloud Infrastructure

@ Flexport | Bellevue, WA; San Francisco, CA
View on infosec-jobs.com

Software Engineer III, Google Cloud Security and Privacy

@ Google | Sunnyvale, CA, USA
View on infosec-jobs.com

Software Engineering Manager II, Infrastructure, Google Cloud Security and Privacy

@ Google | San Francisco, CA, USA; Sunnyvale, CA, USA
View on infosec-jobs.com
View more jobs