CSOonline

Failure to verify OAuth tokens enables account takeover on websites

Report shows the importance of ensuring OAuth implementation is secure to protect against identity theft, financial fraud, and access to personal information ...
Redmond Magazine

Widespread Entra ID Account Takeover Campaign Detected Using Open Source Tool

Security researchers at Calif.-based Proofpoint have uncovered a large-scale account takeover campaign aimed at Microsoft Entra ID environments. The attackers are using TeamFiltration, an open source ...
Cloud Security Alliance

The Salesloft Drift OAuth Supply-Chain Attack: Cross-Industry Lessons in Third-Party Access Visibility

Salesloft breach shows how OAuth tokens abused by trusted apps enable data exposure, underscoring the need for Zero Trust and ...
ZDNet

Heroku fesses up to customer password theft due to OAuth token attack

Heroku has explained why it emailed users with a sudden password reset warning earlier this week, and how it was due to the theft of OAuth tokens from GitHub. "[Our investigation] revealed that the ...
Óstáilte ar MSN

Stolen OAuth tokens expose Palo Alto customer data

Palo Alto Networks is writing to customers that may have had commercially sensitive data exposed after criminals used stolen OAuth credentials lifted from the Salesloft Drift break-in to gain entry to ...
CSOonline

What the Salesloft Drift breaches reveal about 4th-party risk

Turns out your biggest breach risk might come from a vendor’s acquisition — and an old OAuth token you didn’t even know existed. The recent SalesLoft Drift breaches revealed an uncomfortable truth ...
IT News For Australia Business

Heroku hackers got account passwords via OAuth token theft

Salesforce platform-as-a-service provider Heroku has revealed that the April hack, which saw OAuth tokens for Microsoft Github integration downloaded by a threat actor, went further than initally ...