News

IT Business Edge3y
Identify Where Your Information Is Vulnerable Using Data Flow Diagrams
To best support the mitigation of security threats, data flow diagrams should include all risk assessments (corporate governance, external vendors and ancillary systems, and key business processes), ...
If you dread a Microsoft Teams invite, just wait until it turns out to be a Russian phish
Additionally, if you suspect device code phishing, revoke the user's refresh tokens and also consider setting a conditional access policy to force re-authentication for users.
Ars Technica4mon
What is device code phishing, and why are Russian spies so successful at it?
It exploits “device code flow,” a form of authentication formalized in the industry-wide OAuth standard. Authentication through device code flow is designed for logging printers, smart TVs ...
theregister4mon
Suspected Russian spies caught spoofing Teams invites
The campaign uses a technique called "device code phishing" that attempts to trick marks into providing all the details needed to give crooks access to the victim's accounts – usernames, passwords, ...