SiliconANGLE

Potential OAuth lapses could have led to significant data breaches, warns Salt Labs

A new report released today by application programming interface security startup Salt Security Inc. warns of significant vulnerabilities in several major online platforms’ social sign-in and Open ...
Dark Reading

Attackers Target Microsoft Accounts to Weaponize OAuth Apps

Threat actors are abusing organizations' weak authentication practices to create and exploit OAuth applications, often for financial gain, in a string of attacks that include various vectors, ...
InfoWorld

Doing authentication right

Any substantial website is going to need to customize itself for individual users. Thus, it is going to have to authenticate those users — that is, let them log in. As a software developer, it is your ...
Dark Reading

Microsoft Previews Feature to Block Malicious OAuth Apps

Threat actors are increasingly including malicious OAuth apps in their campaigns to break into cloud-based systems and applications. To address this growing problem, Microsoft is adding automated ...
CSOonline

Failure to verify OAuth tokens enables account takeover on websites

Report shows the importance of ensuring OAuth implementation is secure to protect against identity theft, financial fraud, and access to personal information ...