Dropbox Sign customer data accessed in breach
After a breach in the Dropbox Sign environment, customer information may have been stolen and API users have restricted functionality
Read moreoauth
Microsoft Azure AD flaw can lead to account takeover
Categories: Exploits and vulnerabilities Categories: News Tags: OAuth Tags: nOAuth Tags: IdP Tags: Azure Tags: Microsoft Tags: login with Researchers have found a flaw in Microsoft Azure AD which they claim can be used to take over accounts that rely on pre-established trust. |
The post Microsoft Azure AD flaw can lead to account takeover appeared first on Malwarebytes Labs.
Read moreS3 Ep137: 16th century crypto skullduggery
Credit to Author: Paul Ducklin| Date: Thu, 01 Jun 2023 16:45:58 +0000
Lots to learn, clearly explained in plain English… listen now! (Full transcript inside.)
Read moreSerious Security: Verification is vital – examining an OAUTH login bug
Credit to Author: Paul Ducklin| Date: Tue, 30 May 2023 16:59:21 +0000
What good is a popup asking for your approval if an attacker can bypass it simply by suppressing it?
Read moreSerious Security: OAuth 2 and why Microsoft is finally forcing you into it
Credit to Author: Paul Ducklin| Date: Mon, 10 Oct 2022 14:02:13 +0000
Microsoft calls it “Modern Auth”, though it’s a decade old, and is finally forcing Exchange Online customers to switch to it.
Read moreExchange servers abused for spam through malicious OAuth applications
Categories: News Tags: Exchange Tags: OAuth Tags: spam Tags: MFA Tags: Transport rules Tags: connector Threat actors have been using malicious OAuth applications to abuse Microsoft Exchange servers for their spam campaign. |
The post Exchange servers abused for spam through malicious OAuth applications appeared first on Malwarebytes Labs.
Read moreMicrosoft will disable Basic authentication for Exchange Online in less than a month
Categories: News Tags: Basic Auth Tags: Exchange online Tags: modern authentication Tags: MFA Tags: SAML Tags: CBA Tags: smart card Tags: OAuth The end of Basic authentication for Exchange Online is almost upon us. Are you ready? |
The post Microsoft will disable Basic authentication for Exchange Online in less than a month appeared first on Malwarebytes Labs.
Read moreGmail-linked Facebook accounts vulnerable to attack using a chain of bugs—now fixed
Credit to Author: Pieter Arntz| Date: Tue, 17 May 2022 19:37:25 +0000
A researcher has combined a chain of bugs into an attack method that makes it possible to take over Facebook accounts linked to Gmail.
The post Gmail-linked Facebook accounts vulnerable to attack using a chain of bugs—now fixed appeared first on Malwarebytes Labs.
Read moreGitHub issues final report on supply-chain source code intrusions
Credit to Author: Paul Ducklin| Date: Fri, 29 Apr 2022 16:15:20 +0000
Learn how to find out which apps you’ve given access rights to, and how to revoke those rights immediately in an emergency.
Read moreGoogle to choke off ‘less secure applications’
Credit to Author: Danny Bradbury| Date: Wed, 18 Dec 2019 10:50:20 +0000
If you’re entering a username and password to give an app access to a G Suite account, beware: you won’t be able to do it for much longer.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/cmm98FFm0vQ” height=”1″ width=”1″ alt=””/>
Read more