PT-2026-44842

FreePBX is an open source IP PBX. Prior to 17.0.8, the FreePBX api module's OAuth2 implementation does not sufficiently validate client credentials during token issuance. Knowledge of a valid client id is required. The validateClient method in ClientRepository.php unconditionally returns true,...

Microsoft Teams Phishing Attack Targets Office 365 Users

Researchers are warning of a phishing campaign that pretends to be an automated message from Microsoft Teams. In reality, the attack aims to steal Office 365 recipients’ login credentials. Teams is Microsoft’s popular collaboration tool, which has particularly risen in popularity among remote...

OAuth Consent Phishing Ramps Up with Microsoft Office 365 Attacks

An APT known as TA2552 has been spotted using OAuth2 or other token-based authorization methods to access Office 365 accounts, in order to steal users’ contacts and mail. OAuth is an open standard for access delegation, commonly used as a way for people to sign into services without entering a...

Security breach at OAuth based applications can cause Social Media Disaster

With all the popular social networking websites there on the web, managing them from several different internet browser tabs or windows can get frustrated very quickly. Besides our own Facebook Page, Twitter account, and Google+ profile, I also manage several others and, YES, I feel the "time...