OAuth

Attackers are compromising high-privilege Microsoft accounts and abusing OAuth applications to launch a variety of financially-motivated attacks. Abusing OAuth applications …

Malicious third-party OAuth apps with an evident “Publisher identity verified” badge have been used by unknown attackers to target organizations in the UK and …

Attackers are trying out a new technique to widen the reach of their phishing campaigns: by using stolen Office 365 credentials, they try to connect rogue Windows devices to …

The United Kingdom’s Ministry of Defence (MoD) announced the conclusion of its first bug bounty challenge with HackerOne. The Ministry of Defence program was a 30-day, …

Dremio announced its cloud-native SQL-based data lakehouse service, Dremio Cloud. Purpose-built for the cloud, Dremio Cloud makes cloud data lakes 10x easier, while delivering …

High profile data breaches resulting from faulty APIs continue to make headlines. In the last few months alone, T-Mobile’s data breach resulted in hackers stealing personal …

Incorrect OAuth2.0 implementation by third party mobile app developers has opened users of those apps to account compromise, three researchers from the Chinese University of …

OAuth 2.0 is one of the most used single sign-on systems on the web: it is used by Facebook, Google, Microsoft, GitHub and other big Internet companies. A group of researchers …