Skip to content
View in the app

A better way to browse. Learn more.

hosang I.T.

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

One-time codes used to hack corporate accounts

Security firm Proofpoint has discovered that hackers have found a clever way to bypass multi-factor authentication (MFA) and thereby get their hands on accounts belonging to corporate users.

In a nutshell, the hackers are using one-time codes from OAuth 2.0, an open standard that is supposed to be used to authenticate smart TVs and the like.

Typically, the scammers pretend that a particular device needs a one-time code and get users to type the code into Microsoft’s authentication link. Once users do so, the hackers gain full access to their Microsoft 365 accounts with all their content.

Both Russian and Chinese hackers have used this method, so there’s every reason for companies to tighten up their procedures.

For additional reporting, see Hackers exploit Microsoft OAuth device codes to hijack enterprise accounts.

View the full article

User Feedback

Recommended Comments

There are no comments to display.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Add a comment...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.