Why using Google OAuth in work applications is unsafe
Credit to Author: Alanna Titterington| Date: Thu, 18 Jan 2024 17:19:06 +0000
A bug in the Google OAuth sign-in mechanism can be exploited by fired employees to retain access to accounts
Read moreCredit to Author: Alanna Titterington| Date: Thu, 18 Jan 2024 17:19:06 +0000
A bug in the Google OAuth sign-in mechanism can be exploited by fired employees to retain access to accounts
Read moreCategories: Exploits and vulnerabilities Categories: News Tags: OAuth Tags: nOAuth Tags: IdP Tags: Azure Tags: Microsoft Tags: login with Researchers have found a flaw in Microsoft Azure AD which they claim can be used to take over accounts that rely on pre-established trust. |
The post Microsoft Azure AD flaw can lead to account takeover appeared first on Malwarebytes Labs.
Read moreCategories: News Tags: Exchange Tags: OAuth Tags: spam Tags: MFA Tags: Transport rules Tags: connector Threat actors have been using malicious OAuth applications to abuse Microsoft Exchange servers for their spam campaign. |
The post Exchange servers abused for spam through malicious OAuth applications appeared first on Malwarebytes Labs.
Read moreCategories: News Tags: Basic Auth Tags: Exchange online Tags: modern authentication Tags: MFA Tags: SAML Tags: CBA Tags: smart card Tags: OAuth The end of Basic authentication for Exchange Online is almost upon us. Are you ready? |
The post Microsoft will disable Basic authentication for Exchange Online in less than a month appeared first on Malwarebytes Labs.
Read moreCredit to Author: Pieter Arntz| Date: Tue, 17 May 2022 19:37:25 +0000
A researcher has combined a chain of bugs into an attack method that makes it possible to take over Facebook accounts linked to Gmail.
The post Gmail-linked Facebook accounts vulnerable to attack using a chain of bugs—now fixed appeared first on Malwarebytes Labs.
Read moreCredit to Author: BrianKrebs| Date: Mon, 22 May 2017 20:53:32 +0000
A few weeks back, HR and financial management firm Workday.com sent a security advisory to customers warning that crooks were sending targeted malware phishing attacks at customers. At the same time, Workday is publishing on its site a list of more than 800 companies that use its services, making it relatively simple for attackers to chose their […]
Read more