OAuth - Security Ticks

Attackers phish OAuth codes, take over Microsoft 365 accounts

account hijacking, APT, Don't miss, government-backed attacks, Hot stuff, Microsoft 365, News, OAuth, phishing, Volexity / SecurityTicks

Attackers phish OAuth codes, take over Microsoft 365 accounts 2025-04-23 at 13:36 By Zeljka Zorz Suspected Russian threat actors are using OAuth-based phishing attacks to get targets to grant them access to their Microsoft 365 (M365) accounts. “The primary tactics observed involve the attacker requesting victim’s supply Microsoft Authorization codes, which grant the attacker with […]

React to this headline:

Attackers phish OAuth codes, take over Microsoft 365 accounts Read More »

Legacy Google Service Abused in Phishing Attacks

email security, Google phishing, OAuth, phishing / SecurityTicks

Legacy Google Service Abused in Phishing Attacks 2025-04-22 at 14:15 By Ionut Arghire A sophisticated phishing campaign abuses weakness in Google Sites to spoof Google no-reply addresses and bypass protections. The post Legacy Google Service Abused in Phishing Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to

React to this headline:

Legacy Google Service Abused in Phishing Attacks Read More »

GitHub project maintainers targeted with fake security alert

account hijacking, Don't miss, GitHub, Hot stuff, News, OAuth, phishing / SecurityTicks

GitHub project maintainers targeted with fake security alert 2025-03-17 at 12:52 By Zeljka Zorz A phishing campaign targeting GitHub account owners has been trying to scare them with a fake security alert into allowing a malicious OAuth app access to their account and repositories. The fake security alert from GitHub GitHub users have taken to

React to this headline:

GitHub project maintainers targeted with fake security alert Read More »

Millions of Websites Susceptible XSS Attack via OAuth Implementation Flaw

Application Security, Featured, OAuth, Vulnerabilities, XSS / SecurityTicks

Millions of Websites Susceptible XSS Attack via OAuth Implementation Flaw 2024-07-29 at 15:16 By Kevin Townsend Researchers discovered and published details of an XSS attack that could potentially impact millions of websites around the world. The post Millions of Websites Susceptible XSS Attack via OAuth Implementation Flaw appeared first on SecurityWeek. This article is an

React to this headline:

Millions of Websites Susceptible XSS Attack via OAuth Implementation Flaw Read More »

Product showcase: How to track SaaS security best practices with Nudge Security

access management, News, Nudge Security, OAuth, Product showcase, SaaS, SSO / SecurityTicks

Product showcase: How to track SaaS security best practices with Nudge Security 2024-03-13 at 06:37 By Help Net Security As technology adoption has shifted to be employee-led, IT and security teams are contending with an ever-expanding SaaS attack surface. At the same time, they are often spread thin, meaning they need ways to quickly identify

React to this headline:

Product showcase: How to track SaaS security best practices with Nudge Security Read More »

How threat actors abuse OAuth apps

access control, access management, Application Security, Astrix Security, attacks, cybersecurity, Don't miss, Hot stuff, OAuth, Video / SecurityTicks

How threat actors abuse OAuth apps 2024-02-08 at 06:31 By Help Net Security OAuth apps have become prominent in several attack groups’ TTPs in recent years. OAuth apps are used for every part of the attack process. In this Help Net Security video, Tal Skverer, Research Team Lead at Astrix Security, shares insights on how

React to this headline:

How threat actors abuse OAuth apps Read More »

3 ways to combat rising OAuth SaaS attacks

access control, Adaptive Shield, attacks, authentication, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, monitoring, News, OAuth, opinion, SaaS / SecurityTicks

3 ways to combat rising OAuth SaaS attacks 2024-01-16 at 07:31 By Help Net Security OAuth attacks are on the rise. In December, the Microsoft Threat Intelligence team observed threat actors misusing OAuth apps to take over a cloud server and mine cryptocurrency, establish persistence following business email compromise and launch spam activity using the

React to this headline:

3 ways to combat rising OAuth SaaS attacks Read More »

Attackers abuse OAuth apps to initiate large-scale cryptomining and spam campaigns

account hijacking, BEC scams, cryptojacking, Don't miss, Hot stuff, Microsoft, Microsoft 365, Microsoft Azure, Microsoft Entra ID, News, OAuth, phishing, spam / SecurityTicks

Attackers abuse OAuth apps to initiate large-scale cryptomining and spam campaigns 13/12/2023 at 16:46 By Helga Labus Attackers are compromising high-privilege Microsoft accounts and abusing OAuth applications to launch a variety of financially-motivated attacks. Abusing OAuth applications OAuth is an open standard authentication protocol that uses tokens to grant applications access to server resources without

React to this headline:

Attackers abuse OAuth apps to initiate large-scale cryptomining and spam campaigns Read More »

Researchers Flag Account Takeover Flaw in Microsoft Azure AD OAuth Apps

Azure, cloud security, Microsoft, noAuth, OAuth, Vulnerabilities / SecurityTicks

Researchers Flag Account Takeover Flaw in Microsoft Azure AD OAuth Apps 20/06/2023 at 23:24 By Ryan Naraine Businesses using ‘Log in with Microsoft’ could be exposed to privilege escalation and full account takeover exploits. The post Researchers Flag Account Takeover Flaw in Microsoft Azure AD OAuth Apps appeared first on SecurityWeek. This article is an

React to this headline:

Researchers Flag Account Takeover Flaw in Microsoft Azure AD OAuth Apps Read More »