Microsoft: Hackers abuse OAuth error flows to spread malware

Hackers are abusing the legitimate OAuth redirection mechanism to bypass phishing protections in email and browsers to take ...
Microsoft

OAuth redirection abuse enables phishing and malware delivery

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users ...
Bleeping Computer

Over One Billion Android Users Susceptible to App Hijacking via OAuth 2.0 Attack

Problem lies with how app developers implemented OAuth 2.0 operations At the heart of the issue is the fact that the OAuth 2.0 protocol wasn't designed with mobile devices in mind, being created in an ...
InfoQ

Securing OAuth 2.0 Resources in Spring Security 5

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
Dark Reading

Azure OAuth 2.0 Vulnerability Grabs Tokens

Omer Tsarfati and his team at security firm CyberArk are now finally able to discuss a major OAuth 2.0 vulnerability that affects Microsoft Azure web services which they have been sitting on since ...
ZDNet

Nginx adds OAuth 2 authentication, other tools to its application delivery platform

Nginx on Tuesday released its latest product offering, the Plus R8, which includes an initial release of OAuth 2-based authentication. Nginx CEO Gus Robertson said that many of today's most popular ...
adtmag.com

OAuth 2.0 and OpenID Connect: The Professional Guide

Authentication and authorization are critical parts of any application. They evolved over the years to meet the challenging requirements of the modern Web. OAuth2.0 and OpenID Connect offer a ...