Why using Google OAuth in work applications is unsafe
Credit to Author: Alanna Titterington| Date: Thu, 18 Jan 2024 17:19:06 +0000
A bug in the Google OAuth sign-in mechanism can be exploited by fired employees to retain access to accounts
Read moreCredit to Author: Alanna Titterington| Date: Thu, 18 Jan 2024 17:19:06 +0000
A bug in the Google OAuth sign-in mechanism can be exploited by fired employees to retain access to accounts
Read moreCategories: News Tags: AWIS Tags: weekly blog roundup Tags: week in security Tags: Slack Tags: GitHub Tags: Magecart Tags: Microsoft Tags: Pokemon NFT Tags: Facebook Tags: Instagram Tags: Snapchat Tags: TikTok Tags: YouTube Tags: Google Tags: Meta Tags: identity theft Tags: Maternal & Family Health Services Tags: 2023 predictions Tags: Royal Mail Tags: K-12 security Tags: K-12 Tags: WhatsApp Tags: NSO Group Tags: Department of Interior Tags: weak passwords Tags: Vice Society Tags: ransomware. Vice Society ransomware The most interesting security related news from the week of January 9—15. |
The post A week in security (January 9—15) appeared first on Malwarebytes Labs.
Read moreCategories: News Tags: Slack Tags: GitHub Tags: data breach Tags: Slack breach Tags: compromised tokens Stolen employee tokens gave an attacker access to Slack’s private code repositories. |
The post Slack private code on GitHub stolen appeared first on Malwarebytes Labs.
Read moreCategories: News Tags: Uber Tags: MFA Tags: push notification Tags: Slack Tags: HackerOne Uber was forced to take several systems offline after reports of a serious breach |
The post Uber hacked appeared first on Malwarebytes Labs.
Read moreCredit to Author: BrianKrebs| Date: Fri, 22 Apr 2022 13:09:39 +0000
KrebsOnSecurity recently reviewed a copy of the private chat messages between members of the LAPSUS$ cybercrime group in the week leading up to the arrest of its most active members last month. The logs show LAPSUS$ breached T-Mobile multiple times in March, stealing source code for a range of company projects. T-Mobile says no customer or government information was stolen in the intrusion. LAPSUS$ is known for stealing data and then demanding a ransom not to publish or sell it. But the leaked chats indicate this mercenary activity was of little interest to the tyrannical teenage leader of LAPSUS$, whose obsession with stealing and leaking proprietary computer source code from the world’s largest tech companies ultimately led to the group’s undoing.
Read moreCredit to Author: Matthew Finnegan| Date: Tue, 06 Aug 2019 08:00:00 -0700
Slack today unveiled new security capabilities for Enterprise Grid customers, including tighter controls for admins who oversee mobile device access.
Enterprise Grid was launched in 2017 for Slack’s biggest customers, with additional features to support large-scale deployments. Among the 150 organizations now using Enterprise Grid are Capital One, IBM and Target.
Slack has continued to build out security and compliance features for the software since its introduction, including the addition of enterprise key management last September.
Credit to Author: BrianKrebs| Date: Tue, 30 Jul 2019 13:59:54 +0000
Federal prosecutors this week charged a Seattle woman with stealing data from more than 100 million credit applications made with Capital One Financial Corp. Incredibly, much of this breached played out publicly over several months on social media and other open online platforms. What follows is a closer look at the accused, and what this incident may mean for consumers and businesses.
Read moreCredit to Author: Malwarebytes Labs| Date: Mon, 01 Jul 2019 17:02:56 +0000
A roundup of cybersecurity news from June 24–30, including top malicious web campaigns, updates on the GreenFlash Sundown exploit, a Malwarebytes initiative to double down on stalkerware detection and awareness, and more. Categories: Tags: atm attacksatm fraudatm malware strainsATM scamAzurecryptocurrency scamsfacial recognitionfake jquerygreenflasInternet of ThingsIoTJavaScriptMassachusettesMicrosoft AzurescarewareSlackSlack outageSomervillespywarestalkerwareYandex |
The post A week in security (June 24 – 30) appeared first on Malwarebytes Labs.
Read more