#oauth

#oauth

Startups often fail to properly close Google accounts before domain expiration, creating security vulnerabilities.

Buying abandoned startup domains can lead to accessing sensitive information from former employee accounts.

Google Workspace has discontinued support for outdated protocols to enhance account security.

Google Workspace will disable access to less secure apps from September 30, pushing users to adopt OAuth-based authentication.

Google's OAuth login is vulnerable to attacks via former employee email accounts tied to defunct domains.

A security flaw in Hotjar highlighted by Salt Security reveals potential vulnerabilities with OAuth integration and XSS attacks.

API authorization acts as a gatekeeper to ensure only authorized software can access and use APIs.

Token-based authorization, such as JWT and OAuth tokens, is a best practice for secure API interactions.

Consult FHIR server maintainers for the appropriate security mechanisms as Basic Auth and OAuth cannot be used simultaneously.

Authentication on the web has evolved significantly from basic methods to complex protocols ensuring secure user access.

User-friendly OAuth and authentication solution deployable on Cloudflare or self-hosted with minimal configuration.

Microsoft has revealed details of how the Russian state-sponsored hacking group, Nobelium, gained access to its corporate systems.

The hackers initially used a password spray attack and targeted a non-production test tenant account that did not have two-factor authentication enabled.

Nobelium used their initial access to compromise a legacy test OAuth application, which allowed them to create malicious OAuth applications and access Microsoft's corporate environment.

Hackers gained access to Microsoft's network and monitored top executives' emails by exploiting an aging test account with administrative privileges.

The hackers used the OAuth authorization protocol to create a malicious app and gain persistent access to privileged email accounts.