#oauth

[ follow ]
Raymondcamden
1 week ago
JavaScript

ColdFusion's CFOAUTH Tag

Using ColdFusion's <cfoauth> tag can simplify OAuth flows by handling the redirect flow automatically. [ more ]
blog.bitsrc.io
3 months ago
DevOps

Best-Practices for API Authorization

API authorization acts as a gatekeeper to ensure only authorized software can access and use APIs.
Token-based authorization, such as JWT and OAuth tokens, is a best practice for secure API interactions. [ more ]
Ars Technica
3 months ago
Information security

In major gaffe, hacked Microsoft test account was assigned admin privileges

Hackers gained access to Microsoft's network and monitored top executives' emails by exploiting an aging test account with administrative privileges.
The hackers used the OAuth authorization protocol to create a malicious app and gain persistent access to privileged email accounts. [ more ]
The Verge
3 months ago
Privacy professionals

Microsoft explains how Russian hackers spied on its executives

Microsoft has revealed details of how the Russian state-sponsored hacking group, Nobelium, gained access to its corporate systems.
The hackers initially used a password spray attack and targeted a non-production test tenant account that did not have two-factor authentication enabled.
Nobelium used their initial access to compromise a legacy test OAuth application, which allowed them to create malicious OAuth applications and access Microsoft's corporate environment. [ more ]
Theregister
5 months ago
Privacy professionals

Money-grubbing crooks abuse OAuth apps for BEC, phishing

Miscreants are misusing OAuth for financially motivated cyber crimes such as phishing and crypto mining.
Microsoft warns that compromised accounts without strong authentication are particularly vulnerable to OAuth abuse. [ more ]
[ Load more ]