Microsoft warns about this phishing attack that wants to read your emails
Microsoft has warned that Office 365 customers are receiving phishing emails that aim to trick unsuspecting users into giving OAuth permissions to an app that allows attackers to read and write emails. The OAuth phishing emails were delivered to hundreds of Office 365 customers, warned the Microsoft Security Intelligence team. The malicious app has been named “Upgrade,” and prompts users to grant it OAuth permissions. The permissions allowance subsequently permits attackers to create inbox rules, read emails, write emails, update calendar items, and read contracts.
Individuals targeted by the operation receive a notification that asks them to grant the app various permissions. The OAuth standard is supported by cloud and identity providers such as Google, Facebook, Twitter, and Microsoft, as a way for users to allow third party apps to access certain account information and data. OAuth has been abused and leveraged by attackers in the past, prompting Google to introduce stricter verification requirements.
OODA Loop provides actionable intelligence, analysis, and insight on global security, technology, and business issues. Our members are global leaders, technologists, and intelligence and security professionals looking to inform their decision making process to understand and navigate global risks and opportunities.
You can chose to be an OODA Loop Subscriber or an OODA Network Member. Subscribers get access to all site content, while Members get all site content plus additional Member benefits such as participation in our Monthly meetings, exclusive OODA Unlocked Discounts, discounted training and conference attendance, job opportunities, our Weekly Research Report, and other great benefits. Join Here.
For more information please click here. Thanks!
Already a member? Sign in to your account.
Black Swans and Gray Rhinos
Now more than ever, organizations need to apply rigorous thought to business risks and opportunities. In doing so it is useful to understand the concepts embodied in the terms Black Swan and Gray Rhino. See: Potential Future Opportunities, Risks and Mitigation Strategies in the Age of Continuous Crisis
Explore OODA Research and Analysis
Use OODA Loop to improve your decision making in any competitive endeavor. Explore OODA Loop
The greatest determinant of your success will be the quality of your decisions. We examine frameworks for understanding and reducing risk while enabling opportunities. Topics include Black Swans, Gray Rhinos, Foresight, Strategy, Stratigames, Business Intelligence and Intelligent Enterprises. Leadership in the modern age is also a key topic in this domain. Explore Decision Intelligence
We track the rapidly changing world of technology with a focus on what leaders need to know to improve decision-making. The future of tech is being created now and we provide insights that enable optimized action based on the future of tech. We provide deep insights into Artificial Intelligence, Machine Learning, Cloud Computing, Quantum Computing, Security Technology, Space Technology. Explore Disruptive/Exponential Tech
Security and Resiliency
Security and resiliency topics include geopolitical and cyber risk, cyber conflict, cyber diplomacy, cybersecurity, nation state conflict, non-nation state conflict, global health, international crime, supply chain and terrorism. Explore Security and Resiliency
The OODA community includes a broad group of decision-makers, analysts, entrepreneurs, government leaders and tech creators. Interact with and learn from your peers via online monthly meetings, OODA Salons, the OODAcast, in-person conferences and an online forum. For the most sensitive discussions interact with executive leaders via a closed Wickr channel. The community also has access to a member only video library. Explore The OODA Community