You're listening to the Cyberwire Network, powered by N2K.

At TALIS, they know cybersecurity can be tough and you can't protect everything,

but with TALIS, you can secure what matters most.

With TALIS's industry-leading platforms, you can protect critical applications, data, and identities, anywhere and at scale with the highest

ROI. That's why the most trusted brands and largest banks, retailers, and healthcare companies in the

world rely on Talis to protect what matters most. Applications, retailers, and healthcare companies in the world rely on Talis to protect what matters most.

Applications, data, and identity.

That's Talis.

T-H-A-L-E-S.

Learn more at Talisgroup.com slash cyber.

Thank you. Hello, everyone, and welcome to the Cyberwires Research Saturday. I'm Dave Bittner, and this is our weekly conversation with researchers and analysts

tracking down the threats and vulnerabilities, solving some of the hard problems and protecting

ourselves in a rapidly evolving cyberspace. Thanks for joining us.

In this particular campaign, it was pretty interesting because the threat actors will impersonate various fake Microsoft Oath applications and ultimately lead to credential theft.

That's Selena Larson, staff threat researcher and lead for intelligence analysis and strategy at ProofPoint.

The research we're discussing today is titled Microsoft OOath App Impersonation Campaign leads to MFAFishing.

So sometimes we see Microsoft Oath app impersonation trying to gain access via the malicious app, various permissions and stuff.

But in this case, it was used more as a vehicle to enable the credential fishing, which was pretty interesting.

Well, let's back up just a step.

Can you describe for us what exactly we're

talking about when we say MFA fishing? Of course. So MFA fishing is multifactor authentication fishing.

So typically, historically, people will have a username and password to log into things.

...