Attackers running account enumeration against Microsoft cloud tenants have added a step that keeps their probing out of the usual telemetry. They spoof the OAuth client ID, the globally unique identifier assigned to an application and passed as client_id in an authentication request. Microsoft Entra ID records that value as the application ID in its sign-in logs, and the way it handles unfamiliar identifiers opens a gap that operators have started to work through. Entra … More →
The post Fake OAuth client IDs are helping attackers slip past sign-in logs appeared first on Help Net Security.
http://news.poseidon-us.com/TTW5wH

