#oauth

[ follow ]

No new Azure DevOps OAuth apps beginning February 2025 - Azure DevOps Blog

Azure DevOps OAuth app registrations end February 3, 2025, urging a shift to Microsoft Identity platform.
#security

Google's new Workspace password policy starts today: How to know if you're affected

Google Workspace has discontinued support for outdated protocols to enhance account security.

Best-Practices for API Authorization

API authorization acts as a gatekeeper to ensure only authorized software can access and use APIs.
Token-based authorization, such as JWT and OAuth tokens, is a best practice for secure API interactions.

HL7 FHIR Security

Consult FHIR server maintainers for the appropriate security mechanisms as Basic Auth and OAuth cannot be used simultaneously.

Google's new Workspace password policy starts today: How to know if you're affected

Google Workspace has discontinued support for outdated protocols to enhance account security.

Best-Practices for API Authorization

API authorization acts as a gatekeeper to ensure only authorized software can access and use APIs.
Token-based authorization, such as JWT and OAuth tokens, is a best practice for secure API interactions.

HL7 FHIR Security

Consult FHIR server maintainers for the appropriate security mechanisms as Basic Auth and OAuth cannot be used simultaneously.
moresecurity
#authentication

Understanding JWT, OAuth, and Bearer tokens - LogRocket Blog

Authentication on the web has evolved significantly from basic methods to complex protocols ensuring secure user access.

GitHub - ValueMelody/melody-auth: A turnkey OAuth & authentication system, designed for both Cloudflare Workers and Node.js

User-friendly OAuth and authentication solution deployable on Cloudflare or self-hosted with minimal configuration.

Understanding JWT, OAuth, and Bearer tokens - LogRocket Blog

Authentication on the web has evolved significantly from basic methods to complex protocols ensuring secure user access.

GitHub - ValueMelody/melody-auth: A turnkey OAuth & authentication system, designed for both Cloudflare Workers and Node.js

User-friendly OAuth and authentication solution deployable on Cloudflare or self-hosted with minimal configuration.
moreauthentication

Google Workspace going OAuth exclusive on Sept 30

Google Workspace will disable access to less secure apps from September 30, pushing users to adopt OAuth-based authentication.

How Data Encryption Can Simplify Infrastructure Architecture | HackerNoon

Align security solutions with business value to enhance collaboration between teams.

Security flaws discovered in a popular web analytics provider

A security flaw in Hotjar highlighted by Salt Security reveals potential vulnerabilities with OAuth integration and XSS attacks.

ColdFusion's CFOAUTH Tag

Using ColdFusion's <cfoauth> tag can simplify OAuth flows by handling the redirect flow automatically.
#microsoft

Microsoft explains how Russian hackers spied on its executives

Microsoft has revealed details of how the Russian state-sponsored hacking group, Nobelium, gained access to its corporate systems.
The hackers initially used a password spray attack and targeted a non-production test tenant account that did not have two-factor authentication enabled.
Nobelium used their initial access to compromise a legacy test OAuth application, which allowed them to create malicious OAuth applications and access Microsoft's corporate environment.

In major gaffe, hacked Microsoft test account was assigned admin privileges

Hackers gained access to Microsoft's network and monitored top executives' emails by exploiting an aging test account with administrative privileges.
The hackers used the OAuth authorization protocol to create a malicious app and gain persistent access to privileged email accounts.

Microsoft explains how Russian hackers spied on its executives

Microsoft has revealed details of how the Russian state-sponsored hacking group, Nobelium, gained access to its corporate systems.
The hackers initially used a password spray attack and targeted a non-production test tenant account that did not have two-factor authentication enabled.
Nobelium used their initial access to compromise a legacy test OAuth application, which allowed them to create malicious OAuth applications and access Microsoft's corporate environment.

In major gaffe, hacked Microsoft test account was assigned admin privileges

Hackers gained access to Microsoft's network and monitored top executives' emails by exploiting an aging test account with administrative privileges.
The hackers used the OAuth authorization protocol to create a malicious app and gain persistent access to privileged email accounts.
moremicrosoft

Money-grubbing crooks abuse OAuth apps for BEC, phishing

Miscreants are misusing OAuth for financially motivated cyber crimes such as phishing and crypto mining.
Microsoft warns that compromised accounts without strong authentication are particularly vulnerable to OAuth abuse.

Using OAuth in API Integrations

OAuth can secure connections between integration middleware and backend systems without human interaction.
[ Load more ]