OAuth
Salt Security Provides Free Scans for XXS Vulnerabilities Involving OAuth Protocol
Salt Security is making available a free scanning tool that it has been using to assess the level of potential risk organizations face from cross-site scripting (XSS) attacks in the wake of ...
Security Boulevard
WTH? Google Auth Bug Lets Hackers Login as You
Richi Jennings | | G Suite, Google Apps, Google Apps for Work, Google Workspace, OAuth, oauth 2.0, oauth abuse, Oauth Application Abuse, SB Blogwatch, securing oauth
G Suite Sours: Domain owners flummoxed as strangers get Google for their domains ...
Security Boulevard
How Workload IAM Can Help Protect Against Auth Secrets Breaches Like Dropbox
3 min read A string of recent compromises involving non-human identity credentials are putting organizations on high alert. Here's what you can do about it. The post How Workload IAM Can Help ...
Google Whistles While OAuth Burns — ‘MultiLogin’ 0-Day is 70+ Days Old
Richi Jennings | | access-token-manipulation, authentication token, Business Associate Agreements, Chrome, chrome 0-day, chrome phishing, Chrome Security, Chromium, Chromium-Based Browsers, Federated Identity, federated sso, google, Google Account, google account security, Google Advanced Protection, infostealer, infostealers, OAuth, oauth 2.0, oauth abuse, Oauth Application Abuse, oauth refresh token, OAuth Token Vunerability, Prisma, Protecting OAuth Tokens, SB Blogwatch, securing oauth
What a Mickey Mouse operation: Infostealer scrotes having a field day with unpatched vulnerability ...
Security Boulevard
OAuth Token: What It Is, How It Works, and Its Vulnerabilities
Tamara Bailey, Content Marketing Specialist @ AppOmni | | Blog, OAuth, SaaS Security, SaaS Security Posture Management
Learn how OAuth works and the risks of improper OAuth implementation that may introduce attack vectors on your SaaS estate. The post OAuth Token: What It Is, How It Works, and Its ...
I’d TAP That Pass
Summary:Given that:Temporary Access Passes (TAP) are enabled in the Azure AD tenantANDYou have an authentication admin role in Azure ADYou can assign users a short lived password called a Temporary Access Pass (TAP) ...
BSides Prishtina 2022 – Armend Gashi’s ‘What Do OAuth And Football Clubs Have In Common?’
Marc Handelman | | BSides Prishtina, BSides Prishtina 2022, cybersecurity education, education, OAuth, Prishtina Kosovo, security, Security BSides, Security Conferences, Security Education
Our sincere thanks to BSides Prishtina for publishing their Presenter’s BSides Prishtina 2022 Information Security Conference videos on the organization’s’ YouTube channel. Permalink ...
Fortnite Attack Allowed Taking Over Player Accounts
Lucian Constantin | | account takeover, cross-site scripting, Fortnite, OAuth, single sign on, SSO vulnerability, XSS attack
Security researchers have found several vulnerabilities in the online game Fortnite that could have allowed hackers to break into player accounts, access their personal information, buy in-game currency with the linked credit ...
Security Boulevard
Privacy: When the Application Exceeds its Brief
The recent imbroglio surrounding Facebook and its Android application exceeding its brief caught the attention of all users. In other words, the application was requesting access to information on your device that ...
Security Boulevard