Pierluigi Paganini December 13, 2023
OAuth apps used in cryptocurrency mining, phishing campaigns, and BEC attacks

Microsoft warns that threat actors are using OAuth applications cryptocurrency mining campaigns and phishing attacks. Threat actors are using OAuth applications such as an automation tool in cryptocurrency mining campaigns and other financially motivated attacks. The attackers compromise user accounts to create, modify, and grant high privileges to OAuth applications to carry out malicious activity […]

Pierluigi Paganini May 19, 2022
Google OAuth client library flaw allowed to deploy of malicious payloads

Google addressed a high-severity flaw in its OAuth client library for Java that could allow attackers with a compromised token to deploy malicious payloads. Google addressed a high-severity authentication bypass flaw in Google OAuth Client Library for Java, tracked as CVE-2021-22573 (CVS Score 8.7), that could be exploited by an attacker with a compromised token […]

Pierluigi Paganini April 17, 2022
Stolen OAuth tokens used to download data from dozens of organizations, GitHub warns

GitHub reported that threat actors used stolen OAuth user tokens to exfiltrate private data from several organizations. GitHub uncovered threat actors using stolen OAuth user tokens to gain access to their repositories and download private data from several organizations. Threat actors abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, […]

Pierluigi Paganini January 30, 2022
Hybrid cloud campaign OiVaVoii targets company executives

A new hacking campaign, tracked as ‘OiVaVoii’, is targeting company executives with malicious OAuth apps. Researchers from Proofpoint have uncovered a new campaign named ‘OiVaVoii’ that is targeting company executives, former board members, Presidents and managers with bogus OAuth apps and cleverly-crafted lures sent from compromised Office 365 accounts. Microsoft has blocked many of the […]

Pierluigi Paganini May 04, 2017
New insidious Google Docs phishing scheme is rapidly spreading on the web

Don’t click Google Docs link! A Google Docs phishing scheme is quickly spreading across the Internet targeting a large number of users. Did you receive an unsolicited Google Doc from someone? First, do not click on that Google Doc link embedded in the email you have received and delete the message, even if it’s from […]

Pierluigi Paganini January 22, 2016
RSA Conference registration page asks Twitter credentials, that’s incredible!

It is hard to believe but the RSA Conference registration page is collecting Twitter credentials sending them back to an RSA server, in-security by design! Security experts from Twitter recently made a singular discovery, the final step of the registration page on the RSA Conference website was requesting user’s Twitter credentials and sending them to the […]

Pierluigi Paganini December 06, 2014
SpoofedMe attacks exploit popular websites social login flaws

The experts at IBM have found several problems in implementation of the social login authentication of several identity providers. The researchers at IBM’s X Force security discovered a way to gain access to Web accounts by exploiting misconfiguration in some social login services. Social login, also known as social single sign-in, is a form of single […]

Pierluigi Paganini July 05, 2014
Facebook SDK flaw exposes smartphone users’ accounts at risk

Experts from MetaIntell have discovered a critical vulnerability in the latest version of Facebook SDK which exposes millions of Facebook accounts at risk. Security experts from MetaIntell have discovered a significant security vulnerability in the latest version of Facebook SDK, which affects numerous iOS and Android apps exposing millions of Facebook user’s Authentication Tokens at risk. The researchers […]

Pierluigi Paganini May 05, 2014
DNS Protocol affected by a serious flaw, Internet users are at risk

Technion students Find a security vulnerability in the Internet DNS protocol which allows the attackers to redirect users to a  website they control. A significant new security vulnerability has been found in the DNS protocol by a group of Israeli students from the Technion’s Department of Computer Sciences. After the Heartbleed case and the assumptions […]

Pierluigi Paganini June 13, 2012
Hacktivist vs Twitter, security of OAuth authorization

There isn’t peace for social network platforms, priority target for cybercrime and governments, they represent a mine of data useful for business and espionage. After the news of the LinkedIN hack, also Twitter have been successfully attacked by a group of hacktivist named LulzSec Reborn that has leaked user credentials of more of 10,000 accounts. […]