SS-NEWS-081: Malicious OAuth Apps and Poor Crypto Returns

Episode 81 October 10, 2022 00:29:18
SS-NEWS-081: Malicious OAuth Apps and Poor Crypto Returns
Security Serengeti
SS-NEWS-081: Malicious OAuth Apps and Poor Crypto Returns

Oct 10 2022 | 00:29:18

/

Show Notes

Malicious OAuth apps are coming for your Exchange admins!  Oh noes!  Also, Powerpoint gets in the malware delivery game and it turns out that hackers are not considering the efficiency of spinning up AWS boxes to run cryptominers.  Not very considerate of them.  David has a particularly nasty twist on the Powerpoint one.  

Article 1 - Exchange servers abused for spam through malicious OAuth applications
Supporting Article:
OAuth app policies

Article 2 - Hackers Using PowerPoint Mouseover Trick to Infect Systems with Malware

Article 3 - Cryptominers hijack $53 worth of system resources to earn $1
Supporting Article:
Configure Amazon EC2 Dedicated Hosts

If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

Other Episodes

Episode 1

March 14, 2021 00:53:41
Episode Cover

SS-NEWS-001 - Introducing the Security Serengeti!

Hosted by David Schwendinger and Matthew Keener, welcome to the Security Serengeti! Please join us for our introductory episode where we take a look...

Listen

Episode 151

October 21, 2024 00:37:07
Episode Cover

SS-NEWS-151: AI Companions Hacked

This week we discuss an attempted kidnapping and ransom of the parents of someone connected to a multi million dollar theft, stolen prompts and...

Listen

Episode 126

September 25, 2023 00:49:16
Episode Cover

SS-NEWS-126: Hackers as Insider Traders and AI Study on Effectiveness

Title 1: Russian infosec boss gets nine years for $100M insider-trading caper using stolen dataSummary: Vladislav Klyushin, owner of Russian firm M-13, was sentenced...

Listen