Microsoft Confirms New And Widespread 2FA Code Attacks Ongoing

The Microsoft Defender Security Research Team has confirmed that a pervasive new authentication code attack is compromising ...
IEEE

Radio-Frequency Fingerprint-Tag-Based Device Authentication for Massive Random Access

Abstract: IoT devices possess a radio-frequency fingerprint (RFF) due to inherent variations in manufacturing, making it device-specific and difficult to alter. This unique RFF, derived from RF ...
Microsoft

Inside an AI‑enabled device code phishing campaign

A new wave of device code phishing shows how threat actors are scaling account compromise using AI and end‑to‑end automation.
The New York Times

A Phone-Free Childhood? One Irish Village Is Making It Happen.

Tired of seeing its elementary-school children struggle with online temptations, the town of Greystones proposed a ‘no smart devices’ code. Most everyone bought in. The seaside town of Greystones, ...
The Hacker News

Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse

Cybersecurity researchers are calling attention to an active device code phishing campaign that's targeting Microsoft 365 identities across more than 340 organizations in the U.S., Canada, Australia, ...
AOL

The FBI Says These Smart Home Devices Are Unsafe, And Here's Why

Close-up on a woman controlling the temperature of her smart home using a mobile app on a digital tablet - Andresr/Getty Images Smart home devices are supposed to make residences more efficient, ...
winbuzzer.com

Hackers Hijack Microsoft Entra Accounts via Device Code Phishing

Hackers are hijacking Microsoft enterprise accounts by abusing a legitimate device-code authentication feature, tricking victims into entering attacker-generated codes on Microsoft’s own login portal.
Bleeping Computer

Hackers target Microsoft Entra accounts in device code vishing attacks

Once the user signs in, the device is able to get access tokens and refresh tokens as needed." This authentication flow is similar to what you see when logging into a streaming service, such as ...
CSOonline

New phishing campaign tricks employees into bypassing Microsoft 365 MFA

Unwitting employees register a hacker’s device to their account; the crook then uses the resulting OAuth tokens to maintain persistent access. Another device code phishing campaign that abuses OAuth ...
TechCrunch

Android phones are getting more anti-theft features

Google on Tuesday announced an expanded set of Android theft-protection features, designed to make its mobile devices less of a target for criminals. Building on existing tools like Theft Detection ...
CSOonline

Hackers exploit Microsoft OAuth device codes to hijack enterprise accounts

Cybercriminals and state-sponsored hackers are increasingly exploiting Microsoft’s legitimate OAuth 2.0 device authorization process to hijack enterprise accounts, bypassing multifactor authentication ...