Microsoft

OAuth redirection abuse enables phishing and malware delivery

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users ...

Microsoft: Hackers abuse OAuth error flows to spread malware

Hackers are abusing the legitimate OAuth redirection mechanism to bypass phishing protections in email and browsers to take ...
Bleeping Computer

Over One Billion Android Users Susceptible to App Hijacking via OAuth 2.0 Attack

Three researchers from the Chinese University of Hong Kong discovered a flaw in how app developers and identity providers support Single-Sign-On (SSO) via the OAuth 2.0 protocol, a flaw that allows an ...
Security Boulevard

SPIFFE vs. OAuth: Access Control for Nonhuman Identities

SPIFFE focuses on who a workload is. It issues cryptographic identities to services and workloads so they can prove their authenticity to each other without relying on stored secrets. OAuth focuses on ...
InfoQ

Securing OAuth 2.0 Resources in Spring Security 5

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
Dark Reading

Azure OAuth 2.0 Vulnerability Grabs Tokens

Omer Tsarfati and his team at security firm CyberArk are now finally able to discuss a major OAuth 2.0 vulnerability that affects Microsoft Azure web services which they have been sitting on since ...
ZDNet

Nginx adds OAuth 2 authentication, other tools to its application delivery platform

Nginx on Tuesday released its latest product offering, the Plus R8, which includes an initial release of OAuth 2-based authentication. Nginx CEO Gus Robertson said that many of today's most popular ...