Threat Post

Twitter OAuth API Keys Leaked

The OAuth keys and secrets that official Twitter applications use to access users’ Twitter accounts have been leaked in a post to Github this morning. The OAuth keys and secrets that official Twitter ...
Dark Reading

OAuth+XSS Attack Threatens Millions of Web Users With Account Takeover

Critical API security flaws have put millions of users at risk for account takeover, by using a modern authentication standard to resurrect a longtime vulnerability. The bugs were found in the Hotjar ...
The Next Web

Hackers are mass-exploiting a Gravity SMTP flaw to steal API keys from 100,000 WordPress sites

Wordfence has blocked 17M+ exploit attempts targeting a Gravity SMTP bug that leaks API keys, OAuth tokens, and full system reports without authentication.
Dark Reading

'Log in with...' Feature Allows Full Online Account Takeover for Millions

Flaws in the implementation of the Open Authorization (OAuth) standard across three prominent online services could have allowed attackers to take over hundreds of millions of user accounts on dozens ...
Infosecurity-magazine.com

OAuth – authentication and authorization for mobile applications

Federation is a model of identity management that distributes the various individual components of an identity operation amongst different actors. The presumption being that the jobs can be ...
TechRepublic

Getting ready for the end of Basic Authentication in Exchange Web Services

Prepare your applications and users for big changes on 13 October 2020. It’s less than a year until Microsoft turns off Basic Authentication for its Exchange Web Services (EWS). While new apps like ...