Security News

API Fortress launches open source app, 3loa Helper, to automate 3-legged OAuth 2.0 flows
2019-07-29 03:00

API Fortress, the leader in continuous API testing, announces 3loa Helper, an open source application that automates 3-legged OAuth 2.0 flows from the world’s largest social and search providers....

Phishing Defense: Block OAuth Token Attacks
2018-06-21 10:03

But OAuth Attack Defense Remains Tricky, Warns FireEye's Douglas BienstockJust one click: That's all it takes for a victim to inadvertently grant attackers access to their email account via a...

FireEye Launches OAuth Attack Testing Platform
2018-05-22 11:04

FireEye on Monday announced the availability of a platform to allow organizations and pentesters check their ability to detect and respond to OAuth abuse attacks. read more

Google Takes Second Swing at OAuth Worm (Security Week)
2017-07-26 17:56

Mitigations put in place by Google in May 2017 to help block phishing attacks such as the recent OAuth worm weren’t enough to completely mitigate the issue, as Google's platform still allowed...

Google Tightens OAuth Rules to Combat Phishing (SecurityWeek)
2017-05-09 01:48

Gmail fake Docs attack: Now Google tightens OAuth rules to block phishing (ZDNet)
2017-05-08 13:48

Attackers Unleash OAuth Worm via 'Google Docs' App (InfoRiskToday)
2017-05-04 14:17

Dont trust OAuth: Why the Google Docs worm was so convincing (ArsTechnica)
2017-05-03 23:48

PayPal Fixes OAuth Token Leaking Vulnerability (Threatpost)
2016-11-28 20:52

PayPal fixed an issue that could have allowed an attacker to hijack OAuth tokens associated with any PayPal OAuth application. The vulnerability was publicly disclosed on Monday by Antonio Sanso,...

OAuth 2.0 Hack Exposes 1 Billion Mobile Apps to Account Hijacking (Threatpost)
2016-11-10 14:41

Mobile app developers need to be aware of improper OAuth 2.0 implementations that have put one billion mobile apps at risk to takeover.