Dropbox Sign customer data accessed in breach
After a breach in the Dropbox Sign environment, customer information may have been stolen and API users have restricted functionality
Read moreAfter a breach in the Dropbox Sign environment, customer information may have been stolen and API users have restricted functionality
Read moreCategories: Exploits and vulnerabilities Categories: News Tags: OAuth Tags: nOAuth Tags: IdP Tags: Azure Tags: Microsoft Tags: login with Researchers have found a flaw in Microsoft Azure AD which they claim can be used to take over accounts that rely on pre-established trust. |
The post Microsoft Azure AD flaw can lead to account takeover appeared first on Malwarebytes Labs.
Read moreCredit to Author: Paul Ducklin| Date: Thu, 01 Jun 2023 16:45:58 +0000
Lots to learn, clearly explained in plain English… listen now! (Full transcript inside.)
Read moreCredit to Author: Paul Ducklin| Date: Tue, 30 May 2023 16:59:21 +0000
What good is a popup asking for your approval if an attacker can bypass it simply by suppressing it?
Read moreCredit to Author: Paul Ducklin| Date: Mon, 10 Oct 2022 14:02:13 +0000
Microsoft calls it “Modern Auth”, though it’s a decade old, and is finally forcing Exchange Online customers to switch to it.
Read moreCategories: News Tags: Exchange Tags: OAuth Tags: spam Tags: MFA Tags: Transport rules Tags: connector Threat actors have been using malicious OAuth applications to abuse Microsoft Exchange servers for their spam campaign. |
The post Exchange servers abused for spam through malicious OAuth applications appeared first on Malwarebytes Labs.
Read moreCategories: News Tags: Basic Auth Tags: Exchange online Tags: modern authentication Tags: MFA Tags: SAML Tags: CBA Tags: smart card Tags: OAuth The end of Basic authentication for Exchange Online is almost upon us. Are you ready? |
The post Microsoft will disable Basic authentication for Exchange Online in less than a month appeared first on Malwarebytes Labs.
Read moreCredit to Author: Pieter Arntz| Date: Tue, 17 May 2022 19:37:25 +0000
A researcher has combined a chain of bugs into an attack method that makes it possible to take over Facebook accounts linked to Gmail.
The post Gmail-linked Facebook accounts vulnerable to attack using a chain of bugs—now fixed appeared first on Malwarebytes Labs.
Read moreCredit to Author: Paul Ducklin| Date: Fri, 29 Apr 2022 16:15:20 +0000
Learn how to find out which apps you’ve given access rights to, and how to revoke those rights immediately in an emergency.
Read moreCredit to Author: Danny Bradbury| Date: Wed, 18 Dec 2019 10:50:20 +0000
If you’re entering a username and password to give an app access to a G Suite account, beware: you won’t be able to do it for much longer.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/cmm98FFm0vQ” height=”1″ width=”1″ alt=””/>
Read more