OAuth – Computer Security Articles

Kaspersky Security

Why using Google OAuth in work applications is unsafe

January 18, 2024 admin accounts, authentication, Business, enterprise, google, OAuth, risks, slack, SMB, zoom

Credit to Author: Alanna Titterington| Date: Thu, 18 Jan 2024 17:19:06 +0000

A bug in the Google OAuth sign-in mechanism can be exploited by fired employees to retain access to accounts

MalwareBytes Security

Microsoft Azure AD flaw can lead to account takeover

June 23, 2023 admin Azure, Exploits and vulnerabilities, idp, login with, microsoft, news, noauth, OAuth

Categories: Exploits and vulnerabilities

Categories: News

Tags: OAuth

Tags: nOAuth

Tags: IdP

Tags: Azure

Tags: Microsoft

Tags: login with

Researchers have found a flaw in Microsoft Azure AD which they claim can be used to take over accounts that rely on pre-established trust.

(Read more…)

The post Microsoft Azure AD flaw can lead to account takeover appeared first on Malwarebytes Labs.

MalwareBytes Security

Exchange servers abused for spam through malicious OAuth applications

September 27, 2022 admin connector, Exchange, mfa, news, OAuth, spam, transport rules

Categories: News

Tags: Exchange

Tags: OAuth

Tags: spam

Tags: MFA

Tags: Transport rules

Tags: connector

Threat actors have been using malicious OAuth applications to abuse Microsoft Exchange servers for their spam campaign.

(Read more…)

The post Exchange servers abused for spam through malicious OAuth applications appeared first on Malwarebytes Labs.

MalwareBytes Security

Microsoft will disable Basic authentication for Exchange Online in less than a month

September 5, 2022 admin basic auth, cba, exchange online, mfa, modern authentication, news, OAuth, saml, smart card

Categories: News

Tags: Basic Auth

Tags: Exchange online

Tags: modern authentication

Tags: MFA

Tags: SAML

Tags: CBA

Tags: smart card

Tags: OAuth

The end of Basic authentication for Exchange Online is almost upon us. Are you ready?

(Read more…)

The post Microsoft will disable Basic authentication for Exchange Online in less than a month appeared first on Malwarebytes Labs.

MalwareBytes Security

Gmail-linked Facebook accounts vulnerable to attack using a chain of bugs—now fixed

May 17, 2022 admin CAPTCHA, csrf, Exploits and vulnerabilities, Facebook, Gmail, iframe, linked accounts, myopenid, OAuth, sandbox, sop, unlink, XSS, youssef sammouda

Credit to Author: Pieter Arntz| Date: Tue, 17 May 2022 19:37:25 +0000

A researcher has combined a chain of bugs into an attack method that makes it possible to take over Facebook accounts linked to Gmail.

The post Gmail-linked Facebook accounts vulnerable to attack using a chain of bugs—now fixed appeared first on Malwarebytes Labs.

Independent Krebs

Should SaaS Companies Publish Customers Lists?

May 22, 2017 admin cxotalk.com, Google Docs phishing, Michael Krigsman, OAuth, Other, Workday.com

Credit to Author: BrianKrebs| Date: Mon, 22 May 2017 20:53:32 +0000

A few weeks back, HR and financial management firm Workday.com sent a security advisory to customers warning that crooks were sending targeted malware phishing attacks at customers. At the same time, Workday is publishing on its site a list of more than 800 companies that use its services, making it relatively simple for attackers to chose their […]