Ars Technica

In major gaffe, hacked Microsoft test account was assigned admin privileges

The hackers who recently broke into Microsoft’s network and monitored top executives’ email for two months did so by gaining access to an aging test account with administrative privileges, a major ...
CRN

Microsoft: Hack By Russian Group Exploited Lack Of MFA

The company said the hackers compromised a ‘legacy’ account that didn’t have multifactor authentication enabled, in an attack that ultimately led to accessing senior Microsoft executive accounts.
Bleeping Computer

Phishing Attack Hijacks Office 365 Accounts Using OAuth Apps

A phishing campaign has been discovered that doesn't target a recipient's username and password, but rather uses the novel approach of gaining access to a recipient's Office 365 account and its data ...
Infosecurity-magazine.com

Microsoft Provides Defense Guidance After Nation-State Compromise

Microsoft has provided new details for responders to the Russian nation-state attack that compromised its systems earlier in January, and issued guidance for users on how to combat this threat. On ...
ZDNet

Heroku fesses up to customer password theft due to OAuth token attack

Heroku has explained why it emailed users with a sudden password reset warning earlier this week, and how it was due to the theft of OAuth tokens from GitHub. "[Our investigation] revealed that the ...
ZDNet

Microsoft warning: These phishing attackers used fake OAuth apps to steal email

Microsoft has warned that fraudulent Microsoft Partner Network (MPN) accounts were used in a phishing campaign that featured bogus apps that tricked victims into granting them permissions to access ...