Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source – subscribe here!

Please turn on your JavaScript for this page to function normally.
Sign in with Apple
Apple debuts privacy-minded “Sign in with Apple” SSO

Among the many news shared during Apple’s annual developer conference there’s one that stands out: the introduction of “Sign in with Apple”. About the …

Dislike
The ultimate fallout from the Facebook data breach could be massive

Less than a week ago, Facebook announced that unknown attackers have managed to string together three bugs affecting the social media platform, which allowed them to steal …

users
The single sign-on account hijacking threat and what can we do about it?

Single sign-on (SSO) lets users avoid creating and managing accounts across different services, but what happens when that main, identity-providing account gets compromised? …

Microsoft Azure
Azure AD Connect vulnerability allows attackers to reset admin passwords

A vulnerability in Azure AD Connect could be exploited by attackers to reset passwords and gain unauthorized access to on-premises AD privileged user accounts, Microsoft …

OneLogin
OneLogin suffers data breach, again

OneLogin, a popular single sign-on service that allows users to access thousands of popular cloud-based apps with just one password, has suffered what seems to be a serious …

mobile device
Microsoft users can ditch password-based logins for phone sign-in 2FA

Microsoft added a new feature to its authenticator app, allowing users to sign into their Microsoft account without having to enter their password. “With phone sign-in, …

Broken glass
OAuth2.0 implementation flaw allows attackers to pop Android users’ accounts

Incorrect OAuth2.0 implementation by third party mobile app developers has opened users of those apps to account compromise, three researchers from the Chinese University of …

OneLogin
OneLogin breached, customers’ Secure Notes compromised

San Francisco-based OneLogin, which offers single sign-on and identity management for cloud-based applications and claims 1400+ enterprise customers in 44 countries, has …

QRLJacking: A new attack vector for hijacking online accounts

We all know that scanning random QR codes is a risky proposition, but a newly detailed social engineering attack vector dubbed QRLJacking adds another risk layer to their use. …

Don't miss

Cybersecurity news