CSOonline

Twitter OAuth feature can be abused to hijack accounts, researcher says

The callback feature in Twitter's OAuth implementation can be abused, a researcher said at Hack in the Box A feature in the Twitter API (application programming interface) can be abused by ...
Bleeping Computer

OAuth risks: How to identify, investigate, and mitigate them

We’re now all too familiar with the ubiquitous “Sign in with Google” button we encounter all over the internet. For most of us, it has become the go-to “easy button” for managing the sprawling set of ...
Bleeping Computer

Microsoft: OAuth apps used to automate BEC and cryptomining attacks

Microsoft warns that financially-motivated threat actors are using OAuth applications to automate BEC and phishing attacks, push spam, and deploy VMs for cryptomining. OAuth (short for Open ...
Dark Reading

OAuth+XSS Attack Threatens Millions of Web Users With Account Takeover

Critical API security flaws have put millions of users at risk for account takeover, by using a modern authentication standard to resurrect a longtime vulnerability. The bugs were found in the Hotjar ...
TechRadar

Microsoft warns of OAuth phishing campaigns able to bypass email and browser defenses ...

Microsoft warns hackers are abusing OAuth redirect feature to deliver malware Phishing emails themed around Teams recordings or 365 resets redirect victims to attacker-controlled sites Payloads ...