ToddyCat’s New Hacking Tools Steal Outlook Emails and Microsoft 365 Access Tokens
The Hacker News
Actively Exploited
Summary
ToddyCat, a threat actor, has developed a new tool called TCSectorCopy to steal Outlook emails and Microsoft 365 access tokens by exploiting the OAuth 2.0 authorization protocol through users' browsers. This poses a significant threat to corporate email security, as it allows unauthorized access to sensitive information outside the compromised infrastructure.
Impact
Outlook, Microsoft 365
In the Wild
Yes
Timeline
Newly disclosed
Remediation
Implement strong authentication measures, educate users about phishing attacks, and monitor for unauthorized access to corporate email accounts.