OAuth is a great way to sidestep the dilemma of having to hand over passwords to third party sites and apps to access user data. This is the primary reason the authentication method is fast becoming a ...

Attackers are increasingly using malicious OAuth 2.0 applications to siphon data and access sensitive information from a wide variety of cloud platforms, and mitigating the risks is proving ...

Google today unveiled a new G Suite security feature to improve data access controls and enhance phishing prevention: OAuth apps whitelisting. The feature is designed to help companies control how ...

A recent UNC6395 Salesloft Drift breach reveals Salesforce SaaS risks. Learn how to simplify breach detection, prevention, ...

Google announced Monday that it has embraced OAuth for Google Apps, replacing a less secure system for developers. "Until today, Google Apps administrators had to sign requests for calls to Google ...

A phishing campaign has been discovered that doesn't target a recipient's username and password, but rather uses the novel approach of gaining access to a recipient's Office 365 account and its data ...

The Russian hacking group blamed for targeting U.S. and European elections has been breaking into email accounts, not only by tricking victims into giving up passwords, but by stealing access tokens ...

It came across my Twitter feed in the early morning, a sea of users all sending the same message: “Want to know whos stalking you on twitter!?: http://TwitViewer ...

Multiple threat actors are compromising Microsoft 365 accounts in phishing attacks that leverage the OAuth device code ...

Mobile app developers need to be aware of improper OAuth 2.0 implementations that have put one billion mobile apps at risk to takeover. Third-party applications that allow single sign-on via Facebook ...