CyberSecurityBoard
Sponsor Register Login

Find hidden malicious OAuth apps in Microsoft 365 using Cazadora

Microsoft 365 environments are increasingly targeted by attackers leveraging malicious OAuth applications to gain unauthorized access and persist within organizations. These hidden OAuth apps can bypass traditional security controls, making detection and mitigation challenging for security teams. To address this threat, security researchers have developed Cazadora, an open-source tool designed to identify and analyze malicious OAuth applications within Microsoft 365 tenants. Cazadora helps organizations uncover hidden OAuth apps that may be used by attackers to maintain persistence or exfiltrate data, providing detailed insights into app permissions, consent types, and associated risks. The tool operates by querying Microsoft Graph API to enumerate all OAuth applications granted access to the tenant, then applies heuristic and behavioral analysis to flag suspicious apps. By leveraging Cazadora, security teams can proactively detect unauthorized OAuth apps, revoke malicious consents, and strengthen their Microsoft 365 security posture. This capability is crucial as OAuth abuse has become a favored attack vector for threat actors aiming to evade detection and maintain long-term access. Implementing Cazadora as part of a comprehensive Microsoft 365 security strategy enables organizations to reduce the attack surface and respond swiftly to OAuth-based threats. The tool's open-source nature allows customization and integration with existing security workflows, enhancing threat hunting and incident response efforts. As cloud adoption grows, tools like Cazadora are vital for securing SaaS environments against sophisticated OAuth abuse attacks. In summary, Cazadora empowers defenders to find and eliminate hidden malicious OAuth apps in Microsoft 365, mitigating risks associated with OAuth consent abuse. Organizations are encouraged to incorporate this tool into their security arsenal to safeguard sensitive data and maintain compliance in the evolving threat landscape.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 20 Oct 2025 14:25:16 +0000


Cyber News related to Find hidden malicious OAuth apps in Microsoft 365 using Cazadora

Find hidden malicious OAuth apps in Microsoft 365 using Cazadora - Microsoft 365 environments are increasingly targeted by attackers leveraging malicious OAuth applications to gain unauthorized access and persist within organizations. These hidden OAuth apps can bypass traditional security controls, making detection ...
1 month ago Bleepingcomputer.com
Threat actors misuse OAuth applications to automate financially driven attacks - Threat actors are misusing OAuth applications as an automation tool in financially motivated attacks. Threat actors compromise user accounts to create, modify, and grant high privileges to OAuth applications that they can misuse to hide malicious ...
1 year ago Microsoft.com
Microsoft Disables Verified Partner Accounts Used for OAuth Phishing - Microsoft has disabled multiple fraudulent, verified Microsoft Partner Network accounts for creating malicious OAuth applications that breached organizations cloud environments to steal email. In a joint announcement between Microsoft and Proofpoint, ...
2 years ago Bleepingcomputer.com
Attackers Target Microsoft Accounts to Weaponize OAuth Apps - Threat actors are abusing organizations' weak authentication practices to create and exploit OAuth applications, often for financial gain, in a string of attacks that include various vectors, including cryptomining, phishing, and password spraying. ...
1 year ago Darkreading.com
Data thieves abuse Microsoft's 'verified publisher' status The Register - Miscreants using malicious OAuth applications abused Microsoft's "Verified publisher" status to gain access to organizations' cloud environments, then steal data and pry into to users' mailboxes, calendars, and meetings. According to researchers with ...
2 years ago Packetstormsecurity.com Lazarus Group
CVE-2022-48826 - In the Linux kernel, the following vulnerability has been resolved: ...
11 months ago
Malicious Adobe, DocuSign OAuth apps target Microsoft 365 accounts - Cybercriminals are promoting malicious Microsoft OAuth apps that masquerade as Adobe and DocuSign apps to deliver malware and steal Microsoft 365 accounts credentials. The attacks are similar to those reported years ago, indicating that OAuth apps ...
8 months ago Bleepingcomputer.com
Veeam adds BaaS capabilities for Veeam Backup for Microsoft 365 - Veeam Software has expanded its relationship with Microsoft. Veeam is making it easier for customers to protect Microsoft 365 with Cirrus by Veeam which brings the ease and flexibility of Backup-as-a-Service for Microsoft 365. Utilizing the power and ...
1 year ago Helpnetsecurity.com
Hackers Abuse OAuth Applications to Automated Finacial Attacks - OAuth is an industry-standard protocol that allows third-party applications to access a user's data without exposing login credentials. This standard protocol facilitates secure authorization and authentication, commonly used to access resources on ...
1 year ago Cybersecuritynews.com
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
1 year ago Microsoft.com
New Microsoft Incident Response guides help security teams analyze suspicious activity - Today Microsoft Incident Response are proud to introduce two one-page guides to help security teams investigate suspicious activity in Microsoft 365 and Microsoft Entra. These guides contain the artifacts that Microsoft Incident Response hunts for ...
1 year ago Microsoft.com
Microsoft: OAuth apps used to automate BEC and cryptomining attacks - Microsoft warns that financially-motivated threat actors are using OAuth applications to automate BEC and phishing attacks, push spam, and deploy VMs for cryptomining. OAuth is an open standard for granting apps secure delegated access to server ...
1 year ago Bleepingcomputer.com
Hackers Abused Microsoft's "Verified Publisher" OAuth Apps to Hack Corporate Email Accounts - Microsoft on Tuesday said it took steps to disable fake Microsoft Partner Network accounts that were used for creating malicious OAuth applications as part of a malicious campaign designed to breach organizations' cloud environments and steal email. ...
2 years ago Thehackernews.com
Attackers abuse OAuth apps to initiate large-scale cryptomining and spam campaigns - Attackers are compromising high-privilege Microsoft accounts and abusing OAuth applications to launch a variety of financially-motivated attacks. OAuth is an open standard authentication protocol that uses tokens to grant applications access to ...
1 year ago Helpnetsecurity.com Hunters
Microsoft Shares New Guidance in the Wake of 'Midnight Blizzard' Cyberattack - Microsoft has released new guidance for organizations on how to protect against persistent nation-state attacks like the one disclosed a few days ago that infiltrated its own corporate email system. A key focus of the guidance is on what ...
1 year ago Darkreading.com Cozy Bear
Microsoft: Office 2016 and Office 2019 reach end of support in October - You can also switch to Office 2024, a standalone Office version released in October 2024 for small businesses and consumers without a Microsoft 365 subscription. This version includes locked-in-time versions of Word, Excel, PowerPoint, ...
7 months ago Bleepingcomputer.com
Microsoft reveals how hackers breached its Exchange Online accounts - Microsoft confirmed that the Russian Foreign Intelligence Service hacking group, which hacked into its executives' email accounts in November 2023, also breached other organizations as part of this malicious campaign. On January 12, 2024, Microsoft ...
1 year ago Bleepingcomputer.com APT29
Money-grubbing crooks abuse OAuth apps for BEC, phishing The Register - Multiple miscreants are misusing OAuth to automate financially motivated cyber crimes - such as business email compromise, phishing, large-scale spamming campaigns - and deploying virtual machines to illicitly mine for cryptocurrencies, according to ...
1 year ago Go.theregister.com
Malicious Android 'Vapor' apps on Google Play installed 60 million times - Although all of these apps have since been removed from Google Play, there's a significant risk that Vapor will return through new apps as the threat actors have already demonstrated the ability to bypass Google's review process. Bitdefender ...
8 months ago Bleepingcomputer.com
What Is OAuth 2.0? - Scope of Access: Before OAuth, the meal planning app might have access to data that the user did not actually wish to share. No Way to Revoke Access: Before OAuth, the user could not easily restrict or revoke the meal planning app's access to their ...
1 year ago Feeds.dzone.com
ChatGPT Clone Apps Collecting Personal Data on iOS, Play Store - On Android devices, one of the apps analyzed by researchers has more than 100,000 downloads, tracks, and shares location data with ByteDance and Amazon, etc. ChatGPT, the AI software, has already taken the Internet by storm, and that is why ...
2 years ago Hackread.com Everest
Microsoft fixes Outlook Desktop crashes when sending emails - Microsoft has fixed a known issue causing Outlook Desktop clients to crash when sending emails from Outlook.com accounts. These problems were first reported on Microsoft's community website and other social networks by customers saying they were ...
2 years ago Bleepingcomputer.com
Microsoft: Legacy account hacked by Russian APT had no MFA - Microsoft said the legacy test tenant account hacked by Russian nation-state threat actors this month did not have MFA enabled. According to the initial disclosure, the account compromised was a legacy, non-production test tenant account that threat ...
1 year ago Techtarget.com
Microsoft launches ad-supported Office apps for Windows users - Microsoft has released ad-supported versions of its Office desktop apps, which have limited features but allow Windows users to edit their documents for free. While Microsoft allows customers to use Word, Excel, PowerPoint, and other Microsoft ...
9 months ago Bleepingcomputer.com
Data Insecurity: Experts Sound the Alarm on 4 Apps Putting User Privacy at Risk - Even though many of us rely on apps to entertain us, guide us, manage our exercise, and connect with family and friends, they are notoriously hard to trust. In an age when technology is constantly evolving, it is almost impossible to tell if a ...
1 year ago Cysecurity.news

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)