Microsoft warns that threat actors are using OAuth applications cryptocurrency mining campaigns and phishing attacks. Threat actors are using OAuth applications such as an automation tool in cryptocurrency mining campaigns and other financially motivated attacks. The attackers compromise user accounts to create, modify, and grant high privileges to OAuth applications to carry out malicious activity […]
Google addressed a high-severity flaw in its OAuth client library for Java that could allow attackers with a compromised token to deploy malicious payloads. Google addressed a high-severity authentication bypass flaw in Google OAuth Client Library for Java, tracked as CVE-2021-22573 (CVS Score 8.7), that could be exploited by an attacker with a compromised token […]
GitHub reported that threat actors used stolen OAuth user tokens to exfiltrate private data from several organizations. GitHub uncovered threat actors using stolen OAuth user tokens to gain access to their repositories and download private data from several organizations. Threat actors abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, […]
A new hacking campaign, tracked as âOiVaVoiiâ, is targeting company executives with malicious OAuth apps. Researchers from Proofpoint have uncovered a new campaign named âOiVaVoiiâ that is targeting company executives, former board members, Presidents and managers with bogus OAuth apps and cleverly-crafted lures sent from compromised Office 365 accounts. Microsoft has blocked many of the […]
Don’t click Google Docs link! A Google Docs phishing scheme is quickly spreading across the Internet targeting a large number of users. Did you receive an unsolicited Google Doc from someone? First, do not click on that Google Doc link embedded in the email you have received and delete the message, even if it’s from […]
It is hard to believe but the RSA Conference registration page is collecting Twitter credentials sending them back to an RSA server, in-security by design! Security experts from Twitter recently made a singular discovery, the final step of the registration page on the RSA Conference website was requesting user’s Twitter credentials and sending them to the […]
The experts at IBM have found several problems in implementation of the social login authentication of several identity providers. The researchers at IBM’s X Force security discovered a way to gain access to Web accounts by exploiting misconfiguration in some social login services. Social login, also known as social single sign-in, is a form of single […]
Experts from MetaIntell have discovered a critical vulnerability in the latest version of Facebook SDK which exposes millions of Facebook accounts at risk. Security experts from MetaIntell have discovered a significant security vulnerability in the latest version of Facebook SDK, which affects numerous iOS and Android apps exposing millions of Facebook user’s Authentication Tokens at risk. The researchers […]
Technion students Find a security vulnerability in the Internet DNS protocol which allows the attackers to redirect users to a  website they control. A significant new security vulnerability has been found in the DNS protocol by a group of Israeli students from the Technionâs Department of Computer Sciences. After the Heartbleed case and the assumptions […]
There isnât peace for social network platforms, priority target for cybercrime and governments, they represent a mine of data useful for business and espionage. After the news of the LinkedIN hack, also Twitter have been successfully attacked by a group of hacktivist named LulzSec Reborn that has leaked user credentials of more of 10,000 accounts. […]