Cloud Security Alliance

The Salesloft Drift OAuth Supply-Chain Attack: Cross-Industry Lessons in Third-Party Access ...

Salesloft breach shows how OAuth tokens abused by trusted apps enable data exposure, underscoring the need for Zero Trust and ...
Bleeping Computer

OAuth risks: How to identify, investigate, and mitigate them

We’re now all too familiar with the ubiquitous “Sign in with Google” button we encounter all over the internet. For most of us, it has become the go-to “easy button” for managing the sprawling set of ...
VentureBeat

Etacts: OAuth for Gmail is live and we’re using it

Rumors of a new OAuth application programming interface for Gmail were reported in TechCrunch earlier this week, and now the first service using the tool is up and running. Email networking startup ...

Salesloft says Drift customer data thefts linked to March GitHub account hack

The breach, now known to have begun in March, raises questions about why it took six months for Salesloft to detect the breach.
Android

Google’s OAuth flaw is potentially exposing millions of accounts

Researchers have discovered a flaw in Google’s OAuth system that could allow attackers to access potentially sensitive data from former employee accounts at defunct startups. Google’s OAuth is the ...
Bleeping Computer

Microsoft disables verified partner accounts used for OAuth phishing

Microsoft has disabled multiple fraudulent, verified Microsoft Partner Network accounts for creating malicious OAuth applications that breached organizations' cloud environments to steal email. In a ...