Threat actor deploys malicious OAuth apps on compromised cloud tenants to spread spam
Microsoft has been monitoring a threat actor deploying malicious OAuth apps on compromised cloud tenants to spread spam.
Access Control
Varonis discovers MFA bypass for Box accounts
Varonis Threat Labs has discovered a multi-factor authentication (MFA) bypass vulnerability for Box accounts that use an SMS code for login verification.
NSA and CISA release guidance on securing remote access VPNs
The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have released a joint Cybersecurity Information Sheet selecting and securing remote access VPNs.