Cybernews

Attackers abusing OAuth to maintain access long after passwords are reset

Hackers are using OAuth as a loophole to retain access to user accounts. Password resets won’t help, and even multi‑factor authentication can be evaded.

Find hidden malicious OAuth apps in Microsoft 365 using Cazadora

Malicious OAuth apps can hide inside Microsoft 365 tenants. Huntress Labs' Cazadora script helps uncover rogue apps before ...
ZDNet

Heroku fesses up to customer password theft due to OAuth token attack

Heroku has explained why it emailed users with a sudden password reset warning earlier this week, and how it was due to the theft of OAuth tokens from GitHub. "[Our investigation] revealed that the ...
Digit

Twitter makes OAuth mandatory; tries out new link wrapping service

Applications are no longer allowed to store your password. If you change your password, the applications will continue to work. Some applications you have been using may require you to reauthorize ...
Threat Post

Facebook Patches OAuth Authentication Vulnerability

Social media supersite Facebook has fixed a vulnerability that could have allowed a hacker to access a user’s account simply by getting them to click through to a specially crafted website. The flaw ...