{"id":47904,"date":"2026-05-22T15:03:50","date_gmt":"2026-05-22T08:03:50","guid":{"rendered":"https:\/\/antoanthongtinhaiphong.gov.vn\/?p=47904"},"modified":"2026-05-29T15:04:40","modified_gmt":"2026-05-29T08:04:40","slug":"microsoft-365-doi-mat-chieu-thuc-moi-hacker-am-tham-danh-cap-token-qua-oauth","status":"publish","type":"post","link":"https:\/\/antoanthongtinhaiphong.gov.vn\/microsoft-365-doi-mat-chieu-thuc-moi-hacker-am-tham-danh-cap-token-qua-oauth\/","title":{"rendered":"Microsoft 365 \u0111\u1ed1i m\u1eb7t chi\u00eau th\u1ee9c m\u1edbi: Hacker \u00e2m th\u1ea7m \u0111\u00e1nh c\u1eafp token qua OAuth"},"content":{"rendered":"
C\u1ed9ng \u0111\u1ed3ng an ninh m\u1ea1ng c\u1ea7n c\u1ea3nh gi\u00e1c v\u1ec1 s\u1ef1 gia t\u0103ng nhanh ch\u00f3ng c\u1ee7a m\u1ed9t h\u00ecnh th\u1ee9c l\u1eeba \u0111\u1ea3o m\u1edbi nh\u1eafm v\u00e0o ng\u01b0\u1eddi d\u00f9ng Microsoft 365. Thay v\u00ec \u0111\u00e1nh c\u1eafp m\u1eadt kh\u1ea9u ho\u1eb7c v\u01b0\u1ee3t qua l\u1edbp x\u00e1c th\u1ef1c \u0111a y\u1ebfu t\u1ed1 (MFA) b\u1eb1ng c\u00e1c trang \u0111\u0103ng nh\u1eadp gi\u1ea3 m\u1ea1o truy\u1ec1n th\u1ed1ng, tin t\u1eb7c \u0111ang l\u1ee3i d\u1ee5ng ch\u00ednh c\u01a1 ch\u1ebf x\u00e1c th\u1ef1c h\u1ee3p ph\u00e1p c\u1ee7a Microsoft \u0111\u1ec3 chi\u1ebfm \u0111o\u1ea1t t\u00e0i kho\u1ea3n.<\/b>
\n\u200b<\/div>\n
\"46e90cb2-d916-4507-9a79-f595e289b2f9.png\"<\/a>\u200bPh\u01b0\u01a1ng th\u1ee9c t\u1ea5n c\u00f4ng n\u00e0y \u0111\u01b0\u1ee3c g\u1ecdi l\u00e0\u00a0Device Code Phishing<\/b>\u00a0(l\u1eeba \u0111\u1ea3o b\u1eb1ng m\u00e3 thi\u1ebft b\u1ecb), \u0111\u00e2y l\u00e0 m\u1ed9t k\u1ef9 thu\u1eadt \u0111ang lan r\u1ed9ng m\u1ea1nh m\u1ebd nh\u1edd s\u1ef1 xu\u1ea5t hi\u1ec7n c\u1ee7a c\u00e1c b\u1ed9 c\u00f4ng c\u1ee5 t\u1ea5n c\u00f4ng th\u01b0\u01a1ng m\u1ea1i h\u00f3a v\u00e0 c\u00e1c n\u1ec1n t\u1ea3ng \u201cPhishing-as-a-Service\u201d (PhaaS).\u200b<\/div>\n
T\u1eeb \u0111\u00e1nh c\u1eafp m\u1eadt kh\u1ea9u sang \u0111\u00e1nh c\u1eafp phi\u00ean x\u00e1c th\u1ef1c\u200b<\/div>\n
Trong nhi\u1ec1u n\u0103m qua, c\u00e1c doanh nghi\u1ec7p \u0111\u00e3 \u0111\u1ea7u t\u01b0 \u0111\u00e1ng k\u1ec3 v\u00e0o c\u00e1c gi\u1ea3i ph\u00e1p ch\u1ed1ng phishing, b\u1ea3o v\u1ec7 m\u1eadt kh\u1ea9u v\u00e0 tri\u1ec3n khai MFA. \u0110i\u1ec1u n\u00e0y khi\u1ebfn nh\u1eefng chi\u1ebfn d\u1ecbch \u0111\u00e1nh c\u1eafp th\u00f4ng tin \u0111\u0103ng nh\u1eadp truy\u1ec1n th\u1ed1ng tr\u1edf n\u00ean kh\u00f3 th\u00e0nh c\u00f4ng h\u01a1n.<\/p>\n

\u0110\u1ec3 th\u00edch nghi, t\u1ed9i ph\u1ea1m m\u1ea1ng \u0111ang chuy\u1ec3n sang khai th\u00e1c nh\u1eefng \u0111i\u1ec3m y\u1ebfu trong quy tr\u00ecnh x\u00e1c th\u1ef1c h\u1ee3p ph\u00e1p thay v\u00ec c\u1ed1 g\u1eafng l\u1ea5y tr\u1ef1c ti\u1ebfp m\u1eadt kh\u1ea9u c\u1ee7a n\u1ea1n nh\u00e2n. Thay v\u00ec y\u00eau c\u1ea7u ng\u01b0\u1eddi d\u00f9ng nh\u1eadp t\u00ean \u0111\u0103ng nh\u1eadp v\u00e0 m\u1eadt kh\u1ea9u v\u00e0o m\u1ed9t website gi\u1ea3 m\u1ea1o, k\u1ebb t\u1ea5n c\u00f4ng t\u00ecm c\u00e1ch l\u1eeba h\u1ecd c\u1ea5p quy\u1ec1n truy c\u1eadp cho m\u1ed9t \u1ee9ng d\u1ee5ng \u0111\u1ed9c h\u1ea1i. Khi \u0111i\u1ec1u \u0111\u00f3 x\u1ea3y ra, tin t\u1eb7c c\u00f3 th\u1ec3 nh\u1eadn \u0111\u01b0\u1ee3c c\u00e1c m\u00e3 th\u00f4ng b\u00e1o x\u00e1c th\u1ef1c (OAuth Token) h\u1ee3p l\u1ec7 v\u00e0 duy tr\u00ec quy\u1ec1n truy c\u1eadp v\u00e0o t\u00e0i kho\u1ea3n m\u00e0 kh\u00f4ng c\u1ea7n bi\u1ebft m\u1eadt kh\u1ea9u th\u1ef1c t\u1ebf.<\/p>\n

Theo c\u00e1c nh\u00e0 nghi\u00ean c\u1ee9u b\u1ea3o m\u1eadt c\u1ee7a Proofpoint, h\u00ecnh th\u1ee9c t\u1ea5n c\u00f4ng n\u00e0y \u0111ang \u0111\u01b0\u1ee3c nhi\u1ec1u nh\u00f3m t\u1ed9i ph\u1ea1m m\u1ea1ng s\u1eed d\u1ee5ng \u0111\u1ec3 chi\u1ebfm quy\u1ec1n truy c\u1eadp v\u00e0o t\u00e0i kho\u1ea3n Microsoft 365, \u0111\u1ed3ng th\u1eddi v\u01b0\u1ee3t qua nhi\u1ec1u c\u01a1 ch\u1ebf ph\u00f2ng th\u1ee7 ch\u1ed1ng phishing hi\u1ec7n nay.\u200b<\/p><\/div>\n

Ng\u01b0\u1eddi d\u00f9ng b\u1ecb l\u1eeba \u0111\u0103ng nh\u1eadp v\u00e0o ch\u00ednh h\u1ec7 th\u1ed1ng th\u1eadt c\u1ee7a Microsoft\u200b<\/div>\n
K\u1ecbch b\u1ea3n t\u1ea5n c\u00f4ng th\u01b0\u1eddng b\u1eaft \u0111\u1ea7u b\u1eb1ng m\u1ed9t email l\u1eeba \u0111\u1ea3o c\u00f3 ch\u1ee9a li\u00ean k\u1ebft, t\u1ec7p PDF ho\u1eb7c m\u00e3 QR. \u0110\u1ec3 t\u0103ng \u0111\u1ed9 tin c\u1eady, c\u00e1c email n\u00e0y th\u01b0\u1eddng gi\u1ea3 m\u1ea1o nh\u1eefng th\u01b0\u01a1ng hi\u1ec7u quen thu\u1ed9c nh\u01b0 Microsoft, DocuSign ho\u1eb7c Adobe. Khi ng\u01b0\u1eddi d\u00f9ng nh\u1ea5p v\u00e0o li\u00ean k\u1ebft, h\u1ecd kh\u00f4ng \u0111\u01b0\u1ee3c chuy\u1ec3n t\u1edbi m\u1ed9t website gi\u1ea3 m\u1ea1o nh\u01b0 c\u00e1c chi\u1ebfn d\u1ecbch phishing th\u00f4ng th\u01b0\u1eddng. Thay v\u00e0o \u0111\u00f3, n\u1ea1n nh\u00e2n \u0111\u01b0\u1ee3c d\u1eabn t\u1edbi quy tr\u00ecnh \u0111\u0103ng nh\u1eadp thi\u1ebft b\u1ecb h\u1ee3p ph\u00e1p c\u1ee7a Microsoft.<\/p>\n

T\u1ea1i \u0111\u00e2y, h\u1ec7 th\u1ed1ng hi\u1ec3n th\u1ecb m\u1ed9t m\u00e3 x\u00e1c th\u1ef1c thi\u1ebft b\u1ecb (Device Code) v\u00e0 y\u00eau c\u1ea7u ng\u01b0\u1eddi d\u00f9ng nh\u1eadp m\u00e3 n\u00e0y v\u00e0o trang \u0111\u0103ng nh\u1eadp ch\u00ednh th\u1ee9c c\u1ee7a Microsoft. Do to\u00e0n b\u1ed9 qu\u00e1 tr\u00ecnh \u0111\u1ec1u di\u1ec5n ra tr\u00ean h\u1ea1 t\u1ea7ng th\u1eadt c\u1ee7a Microsoft n\u00ean nhi\u1ec1u ng\u01b0\u1eddi tin r\u1eb1ng \u0111\u00e2y ch\u1ec9 l\u00e0 m\u1ed9t b\u01b0\u1edbc x\u00e1c minh th\u00f4ng th\u01b0\u1eddng v\u00e0 kh\u00f4ng nh\u1eadn ra m\u00ecnh \u0111ang b\u1ecb l\u1eeba.<\/p>\n

Sau khi ng\u01b0\u1eddi d\u00f9ng ho\u00e0n t\u1ea5t x\u00e1c th\u1ef1c, Microsoft s\u1ebd c\u1ea5p OAuth Token h\u1ee3p l\u1ec7 cho phi\u00ean \u0111\u0103ng nh\u1eadp. Tin t\u1eb7c s\u1ebd thu th\u1eadp token n\u00e0y v\u00e0 s\u1eed d\u1ee5ng \u0111\u1ec3 truy c\u1eadp email, d\u1eef li\u1ec7u \u0111\u00e1m m\u00e2y, t\u00e0i li\u1ec7u doanh nghi\u1ec7p c\u00f9ng nhi\u1ec1u d\u1ecbch v\u1ee5 li\u00ean k\u1ebft kh\u00e1c.\u200b<\/p><\/div>\n

C\u00f4ng c\u1ee5 t\u1ea5n c\u00f4ng m\u1edbi khi\u1ebfn nguy c\u01a1 b\u00f9ng n\u1ed5\u200b<\/div>\n
M\u1ed9t trong nh\u1eefng nguy\u00ean nh\u00e2n khi\u1ebfn Device Code Phishing gia t\u0103ng m\u1ea1nh trong n\u0103m 2026 l\u00e0 s\u1ef1 xu\u1ea5t hi\u1ec7n c\u1ee7a c\u00e1c b\u1ed9 c\u00f4ng c\u1ee5 t\u1ef1 \u0111\u1ed9ng h\u00f3a. Tr\u01b0\u1edbc \u0111\u00e2y, c\u00e1c chi\u1ebfn d\u1ecbch ki\u1ec3u n\u00e0y g\u1eb7p h\u1ea1n ch\u1ebf v\u00ec m\u00e3 thi\u1ebft b\u1ecb ph\u1ea3i \u0111\u01b0\u1ee3c t\u1ea1o s\u1eb5n v\u00e0 th\u01b0\u1eddng h\u1ebft h\u1ea1n sau kho\u1ea3ng 15 ph\u00fat. \u0110i\u1ec1u \u0111\u00f3 bu\u1ed9c k\u1ebb t\u1ea5n c\u00f4ng ph\u1ea3i tri\u1ec3n khai chi\u1ebfn d\u1ecbch trong th\u1eddi gian r\u1ea5t ng\u1eafn.<\/p>\n

Tuy nhi\u00ean, c\u00e1c b\u1ed9 c\u00f4ng c\u1ee5 hi\u1ec7n \u0111\u1ea1i \u0111\u00e3 kh\u1eafc ph\u1ee5c ho\u00e0n to\u00e0n tr\u1edf ng\u1ea1i n\u00e0y b\u1eb1ng c\u00e1ch t\u1ea1o m\u00e3 thi\u1ebft b\u1ecb theo th\u1eddi gian th\u1ef1c ngay khi n\u1ea1n nh\u00e2n nh\u1ea5p v\u00e0o li\u00ean k\u1ebft. Nh\u1edd \u0111\u00f3, k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 ph\u00e1t \u0111\u1ed9ng chi\u1ebfn d\u1ecbch \u1edf b\u1ea5t k\u1ef3 th\u1eddi \u0111i\u1ec3m n\u00e0o m\u00e0 kh\u00f4ng lo m\u00e3 x\u00e1c th\u1ef1c b\u1ecb h\u1ebft h\u1ea1n.<\/p>\n

\u0110\u00e1ng ch\u00fa \u00fd, c\u00e1c n\u1ec1n t\u1ea3ng nh\u01b0 EvilTokens, xu\u1ea5t hi\u1ec7n tr\u00ean c\u00e1c k\u00eanh Telegram t\u1eeb \u0111\u1ea7u n\u0103m 2026, \u0111\u00e3 th\u01b0\u01a1ng m\u1ea1i h\u00f3a to\u00e0n b\u1ed9 quy tr\u00ecnh n\u00e0y. Ng\u01b0\u1eddi s\u1eed d\u1ee5ng ch\u1ec9 c\u1ea7n tr\u1ea3 ph\u00ed l\u00e0 c\u00f3 th\u1ec3 s\u1edf h\u1eefu:\u200b<\/p><\/div>\n

    \n
  • \n
    Trang phishing d\u1ef1ng s\u1eb5n;\u200b<\/div>\n<\/li>\n
  • \n
    H\u1ec7 th\u1ed1ng l\u01b0u tr\u1eef v\u00e0 v\u1eadn h\u00e0nh chi\u1ebfn d\u1ecbch;\u200b<\/div>\n<\/li>\n
  • \n
    C\u00f4ng c\u1ee5 t\u1ea1o m\u00e3 thi\u1ebft b\u1ecb t\u1ef1 \u0111\u1ed9ng;\u200b<\/div>\n<\/li>\n
  • \n
    Dashboard qu\u1ea3n l\u00fd nhi\u1ec1u t\u00e0i kho\u1ea3n Microsoft 365 b\u1ecb x\u00e2m nh\u1eadp;\u200b<\/div>\n<\/li>\n
  • \n
    C\u00f4ng c\u1ee5 ph\u1ee5c v\u1ee5 c\u00e1c chi\u1ebfn d\u1ecbch l\u1eeba \u0111\u1ea3o doanh nghi\u1ec7p (BEC).\u200b<\/div>\n<\/li>\n<\/ul>\n
    Nhi\u1ec1u chuy\u00ean gia nh\u1eadn \u0111\u1ecbnh vi\u1ec7c ph\u1ed5 bi\u1ebfn c\u00e1c b\u1ed9 c\u00f4ng c\u1ee5 d\u1ea1ng d\u1ecbch v\u1ee5 \u0111ang khi\u1ebfn r\u00e0o c\u1ea3n k\u1ef9 thu\u1eadt \u0111\u1ed1i v\u1edbi t\u1ed9i ph\u1ea1m m\u1ea1ng gi\u1ea3m \u0111\u00e1ng k\u1ec3, cho ph\u00e9p ngay c\u1ea3 nh\u1eefng \u0111\u1ed1i t\u01b0\u1ee3ng c\u00f3 tr\u00ecnh \u0111\u1ed9 h\u1ea1n ch\u1ebf c\u0169ng c\u00f3 th\u1ec3 tri\u1ec3n khai c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng quy m\u00f4 l\u1edbn.\u200b<\/div>\n
    AI \u0111ang g\u00f3p ph\u1ea7n nh\u00e2n r\u1ed9ng c\u00e1c chi\u1ebfn d\u1ecbch phishing\u200b<\/div>\n
    C\u00e1c nh\u00e0 nghi\u00ean c\u1ee9u cho bi\u1ebft g\u1ea7n nh\u01b0 m\u1ed7i tu\u1ea7n \u0111\u1ec1u xu\u1ea5t hi\u1ec7n th\u00eam nh\u1eefng b\u1ed9 c\u00f4ng c\u1ee5 m\u1edbi ph\u1ee5c v\u1ee5 Device Code Phishing. Nhi\u1ec1u m\u1eabu c\u00f3 d\u1ea5u hi\u1ec7u \u0111\u01b0\u1ee3c ph\u00e1t tri\u1ec3n ho\u1eb7c ch\u1ec9nh s\u1eeda b\u1eb1ng c\u00f4ng c\u1ee5 AI t\u1ea1o m\u00e3 ngu\u1ed3n, cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng nhanh ch\u00f3ng sao ch\u00e9p c\u00e1c b\u1ed9 c\u00f4ng c\u1ee5 hi\u1ec7n c\u00f3 r\u1ed3i t\u00f9y bi\u1ebfn th\u00e0nh nh\u1eefng phi\u00ean b\u1ea3n m\u1edbi v\u1edbi chi ph\u00ed th\u1ea5p.<\/p>\n

    \u0110i\u1ec1u n\u00e0y khi\u1ebfn s\u1ed1 l\u01b0\u1ee3ng chi\u1ebfn d\u1ecbch t\u0103ng m\u1ea1nh v\u00e0 t\u1ea1o ra h\u00e0ng lo\u1ea1t chu\u1ed7i t\u1ea5n c\u00f4ng g\u1ea7n nh\u01b0 gi\u1ed1ng h\u1ec7t nhau tr\u00ean quy m\u00f4 to\u00e0n c\u1ea7u. Tuy nhi\u00ean, s\u1ef1 ph\u1ee5 thu\u1ed9c qu\u00e1 m\u1ee9c v\u00e0o t\u1ef1 \u0111\u1ed9ng h\u00f3a c\u0169ng \u0111\u1ec3 l\u1ed9 nhi\u1ec1u sai s\u00f3t. Trong m\u1ed9t s\u1ed1 chi\u1ebfn d\u1ecbch g\u1ea7n \u0111\u00e2y, c\u00e1c nh\u00e0 nghi\u00ean c\u1ee9u ph\u00e1t hi\u1ec7n email l\u1eeba \u0111\u1ea3o kh\u00f4ng ch\u1ee9a n\u1ed9i dung ho\u1eb7c v\u00f4 t\u00ecnh l\u00e0m l\u1ed9 c\u00e1c chi ti\u1ebft h\u1ea1 t\u1ea7ng ph\u00eda sau, cho th\u1ea5y nhi\u1ec1u \u0111\u1ed1i t\u01b0\u1ee3ng \u0111ang s\u1eed d\u1ee5ng c\u00f4ng c\u1ee5 m\u00e0 kh\u00f4ng th\u1ef1c s\u1ef1 hi\u1ec3u c\u00e1ch ch\u00fang ho\u1ea1t \u0111\u1ed9ng.\u200b<\/p><\/div>\n

    Nh\u00f3m tin t\u1eb7c li\u00ean t\u1ee5c \u0111\u1ed5i chi\u1ebfn thu\u1eadt\u200b<\/div>\n
    M\u1ed9t nh\u00f3m \u0111e d\u1ecda \u0111\u01b0\u1ee3c theo d\u00f5i v\u1edbi m\u00e3 \u0111\u1ecbnh danh TA4903 \u0111\u01b0\u1ee3c cho l\u00e0 \u0111\u00e3 g\u1ea7n nh\u01b0 chuy\u1ec3n ho\u00e0n to\u00e0n sang Device Code Phishing trong n\u0103m 2026. Trong c\u00e1c chi\u1ebfn d\u1ecbch g\u1ea7n \u0111\u00e2y, nh\u00f3m n\u00e0y gi\u1ea3 m\u1ea1o c\u01a1 quan ch\u00ednh ph\u1ee7 ho\u1eb7c b\u1ed9 ph\u1eadn nh\u00e2n s\u1ef1 doanh nghi\u1ec7p \u0111\u1ec3 g\u1eedi c\u00e1c t\u1ec7p PDF ch\u1ee9a m\u00e3 QR \u0111\u1ed9c h\u1ea1i.<\/p>\n

    Khi ng\u01b0\u1eddi d\u00f9ng qu\u00e9t m\u00e3, h\u1ecd \u0111\u01b0\u1ee3c chuy\u1ec3n h\u01b0\u1edbng qua c\u00e1c h\u1ea1 t\u1ea7ng \u0111\u00e1m m\u00e2y trung gian t\u1edbi nh\u1eefng trang web \u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf tinh vi nh\u1eb1m h\u01b0\u1edbng d\u1eabn ho\u00e0n t\u1ea5t qu\u00e1 tr\u00ecnh x\u00e1c th\u1ef1c thi\u1ebft b\u1ecb. Ngo\u00e0i ra, tin t\u1eb7c c\u00f2n \u00e1p d\u1ee5ng chi\u1ebfn thu\u1eadt “account-hopping” – s\u1eed d\u1ee5ng m\u1ed9t t\u00e0i kho\u1ea3n email \u0111\u00e3 b\u1ecb x\u00e2m nh\u1eadp \u0111\u1ec3 ti\u1ebfp t\u1ee5c g\u1eedi th\u01b0 l\u1eeba \u0111\u1ea3o t\u1edbi \u0111\u1ed3ng nghi\u1ec7p ho\u1eb7c c\u00e1c \u0111\u1ed1i t\u00e1c \u0111\u00e1ng tin c\u1eady c\u1ee7a n\u1ea1n nh\u00e2n. Do email \u0111\u1ebfn t\u1eeb \u0111\u1ecba ch\u1ec9 quen thu\u1ed9c n\u00ean t\u1ef7 l\u1ec7 th\u00e0nh c\u00f4ng c\u1ee7a c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng th\u01b0\u1eddng cao h\u01a1n \u0111\u00e1ng k\u1ec3 so v\u1edbi phishing truy\u1ec1n th\u1ed1ng.\u200b<\/p><\/div>\n

    H\u1eadu qu\u1ea3 kh\u00f4ng ch\u1ec9 d\u1eebng \u1edf vi\u1ec7c m\u1ea5t email\u200b<\/div>\n
    Khi chi\u1ebfm \u0111\u01b0\u1ee3c OAuth Token h\u1ee3p l\u1ec7, tin t\u1eb7c c\u00f3 th\u1ec3 truy c\u1eadp tr\u1ef1c ti\u1ebfp v\u00e0o h\u1ec7 sinh th\u00e1i Microsoft 365 c\u1ee7a doanh nghi\u1ec7p. \u0110i\u1ec1u n\u00e0y m\u1edf \u0111\u01b0\u1eddng cho h\u00e0ng lo\u1ea1t ho\u1ea1t \u0111\u1ed9ng nguy hi\u1ec3m nh\u01b0:\u200b<\/div>\n
      \n
    • \n
      \u0110\u00e1nh c\u1eafp d\u1eef li\u1ec7u n\u1ed9i b\u1ed9;\u200b<\/div>\n<\/li>\n
    • \n
      Gian l\u1eadn t\u00e0i ch\u00ednh v\u00e0 l\u1eeba \u0111\u1ea3o chuy\u1ec3n kho\u1ea3n;\u200b<\/div>\n<\/li>\n
    • \n
      Theo d\u00f5i th\u01b0 \u0111i\u1ec7n t\u1eed trong th\u1eddi gian d\u00e0i;\u200b<\/div>\n<\/li>\n
    • \n
      Di chuy\u1ec3n ngang trong m\u1ea1ng doanh nghi\u1ec7p;\u200b<\/div>\n<\/li>\n
    • \n
      Thu th\u1eadp th\u00f4ng tin ph\u1ee5c v\u1ee5 gi\u00e1n \u0111i\u1ec7p m\u1ea1ng;\u200b<\/div>\n<\/li>\n
    • \n
      Tri\u1ec3n khai m\u00e3 \u0111\u1ed9c m\u00e3 h\u00f3a d\u1eef li\u1ec7u v\u00e0 t\u1ea5n c\u00f4ng ransomware.\u200b<\/div>\n<\/li>\n<\/ul>\n
      M\u1ed9t s\u1ed1 v\u1ee5 vi\u1ec7c \u0111\u01b0\u1ee3c ghi nh\u1eadn cho th\u1ea5y quy\u1ec1n truy c\u1eadp thu \u0111\u01b0\u1ee3c t\u1eeb c\u00e1c token b\u1ecb \u0111\u00e1nh c\u1eafp \u0111\u00e3 \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng l\u00e0m b\u00e0n \u0111\u1ea1p cho c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng t\u1ed1ng ti\u1ec1n ho\u1eb7c ho\u1ea1t \u0111\u1ed9ng gi\u00e1n \u0111i\u1ec7p k\u00e9o d\u00e0i nhi\u1ec1u th\u00e1ng tr\u01b0\u1edbc khi b\u1ecb ph\u00e1t hi\u1ec7n.\u200b<\/div>\n
      Doanh nghi\u1ec7p c\u1ea7n l\u00e0m g\u00ec \u0111\u1ec3 t\u1ef1 b\u1ea3o v\u1ec7?\u200b<\/div>\n
      C\u00e1c chuy\u00ean gia khuy\u1ebfn ngh\u1ecb t\u1ed5 ch\u1ee9c kh\u00f4ng n\u00ean ch\u1ec9 t\u1eadp trung v\u00e0o b\u1ea3o v\u1ec7 m\u1eadt kh\u1ea9u m\u00e0 c\u1ea7n ki\u1ec3m so\u00e1t ch\u1eb7t ch\u1ebd to\u00e0n b\u1ed9 quy tr\u00ecnh x\u00e1c th\u1ef1c. M\u1ed9t s\u1ed1 bi\u1ec7n ph\u00e1p gi\u1ea3m thi\u1ec3u r\u1ee7i ro bao g\u1ed3m:\u200b<\/div>\n
        \n
      • \n
        H\u1ea1n ch\u1ebf ho\u1eb7c v\u00f4 hi\u1ec7u h\u00f3a Device Code Flow n\u1ebfu kh\u00f4ng th\u1ef1c s\u1ef1 c\u1ea7n thi\u1ebft;\u200b<\/div>\n<\/li>\n
      • \n
        \u00c1p d\u1ee5ng ch\u00ednh s\u00e1ch truy c\u1eadp c\u00f3 \u0111i\u1ec1u ki\u1ec7n;\u200b<\/div>\n<\/li>\n
      • \n
        Ch\u1ec9 cho ph\u00e9p x\u00e1c th\u1ef1c t\u1eeb thi\u1ebft b\u1ecb v\u00e0 v\u1ecb tr\u00ed m\u1ea1ng \u0111\u00e1ng tin c\u1eady;\u200b<\/div>\n<\/li>\n
      • \n
        Gi\u00e1m s\u00e1t ho\u1ea1t \u0111\u1ed9ng c\u1ea5p ph\u00e1t OAuth Token b\u1ea5t th\u01b0\u1eddng;\u200b<\/div>\n<\/li>\n
      • \n
        \u0110\u00e0o t\u1ea1o nh\u00e2n vi\u00ean nh\u1eadn di\u1ec7n c\u00e1c y\u00eau c\u1ea7u nh\u1eadp m\u00e3 thi\u1ebft b\u1ecb \u0111\u00e1ng ng\u1edd;\u200b<\/div>\n<\/li>\n
      • \n
        Ki\u1ec3m tra th\u01b0\u1eddng xuy\u00ean c\u00e1c \u1ee9ng d\u1ee5ng \u0111\u01b0\u1ee3c c\u1ea5p quy\u1ec1n truy c\u1eadp v\u00e0o Microsoft 365;\u200b<\/div>\n<\/li>\n
      • \n
        Tri\u1ec3n khai c\u01a1 ch\u1ebf ph\u00e1t hi\u1ec7n h\u00e0nh vi \u0111\u0103ng nh\u1eadp b\u1ea5t th\u01b0\u1eddng sau x\u00e1c th\u1ef1c.\u200b<\/div>\n<\/li>\n<\/ul>\n
        Khi quy tr\u00ecnh h\u1ee3p ph\u00e1p tr\u1edf th\u00e0nh c\u00f4ng c\u1ee5 c\u1ee7a t\u1ed9i ph\u1ea1m m\u1ea1ng\u200b<\/div>\n
        S\u1ef1 b\u00f9ng n\u1ed5 c\u1ee7a Device Code Phishing cho th\u1ea5y xu h\u01b0\u1edbng \u0111\u00e1ng lo ng\u1ea1i trong th\u1ebf gi\u1edbi an ninh m\u1ea1ng hi\u1ec7n \u0111\u1ea1i: thay v\u00ec ph\u00e1 v\u1ee1 c\u01a1 ch\u1ebf b\u1ea3o m\u1eadt, k\u1ebb t\u1ea5n c\u00f4ng ng\u00e0y c\u00e0ng t\u1eadn d\u1ee5ng ch\u00ednh nh\u1eefng t\u00ednh n\u0103ng h\u1ee3p ph\u00e1p \u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf \u0111\u1ec3 t\u1ea1o thu\u1eadn ti\u1ec7n cho ng\u01b0\u1eddi d\u00f9ng.<\/p>\n

        Khi c\u00e1c b\u1ed9 c\u00f4ng c\u1ee5 t\u1ea5n c\u00f4ng \u0111\u01b0\u1ee3c th\u01b0\u01a1ng m\u1ea1i h\u00f3a v\u00e0 AI gi\u00fap t\u1ef1 \u0111\u1ed9ng h\u00f3a qu\u00e1 tr\u00ecnh tri\u1ec3n khai chi\u1ebfn d\u1ecbch, ranh gi\u1edbi gi\u1eefa m\u1ed9t cu\u1ed9c \u0111\u0103ng nh\u1eadp b\u00ecnh th\u01b0\u1eddng v\u00e0 m\u1ed9t cu\u1ed9c t\u1ea5n c\u00f4ng m\u1ea1ng ng\u00e0y c\u00e0ng kh\u00f3 nh\u1eadn bi\u1ebft h\u01a1n. Trong b\u1ed1i c\u1ea3nh \u0111\u00f3, hi\u1ec3u r\u00f5 c\u00e1ch ho\u1ea1t \u0111\u1ed9ng c\u1ee7a c\u00e1c c\u01a1 ch\u1ebf x\u00e1c th\u1ef1c v\u00e0 ki\u1ec3m so\u00e1t ch\u1eb7t quy\u1ec1n truy c\u1eadp tr\u1edf th\u00e0nh y\u1ebfu t\u1ed1 then ch\u1ed1t \u0111\u1ec3 b\u1ea3o v\u1ec7 m\u00f4i tr\u01b0\u1eddng \u0111\u00e1m m\u00e2y tr\u01b0\u1edbc c\u00e1c m\u1ed1i \u0111e d\u1ecda m\u1edbi n\u1ed5i.\u200b<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"

        C\u1ed9ng \u0111\u1ed3ng an ninh m\u1ea1ng c\u1ea7n c\u1ea3nh gi\u00e1c v\u1ec1 s\u1ef1 gia t\u0103ng nhanh ch\u00f3ng c\u1ee7a m\u1ed9t h\u00ecnh th\u1ee9c l\u1eeba \u0111\u1ea3o m\u1edbi nh\u1eafm v\u00e0o ng\u01b0\u1eddi d\u00f9ng Microsoft 365. Thay v\u00ec \u0111\u00e1nh c\u1eafp m\u1eadt kh\u1ea9u ho\u1eb7c v\u01b0\u1ee3t qua l\u1edbp x\u00e1c th\u1ef1c \u0111a y\u1ebfu t\u1ed1 (MFA) b\u1eb1ng c\u00e1c trang \u0111\u0103ng nh\u1eadp gi\u1ea3 m\u1ea1o truy\u1ec1n th\u1ed1ng, tin t\u1eb7c \u0111ang […]<\/p>\n","protected":false},"author":20,"featured_media":47905,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"tdm_status":"","tdm_grid_status":"","footnotes":""},"categories":[3,24,35],"tags":[],"class_list":["post-47904","post","type-post","status-publish","format-standard","has-post-thumbnail","category-canh-bao-khuyen-nghi","category-tin-noi-bat","category-tin-tuc-su-kien"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/47904","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/comments?post=47904"}],"version-history":[{"count":1,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/47904\/revisions"}],"predecessor-version":[{"id":47906,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/47904\/revisions\/47906"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/media\/47905"}],"wp:attachment":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/media?parent=47904"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/categories?post=47904"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/tags?post=47904"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}