A flaw was found in Dex, an identity service that uses OpenID Connect to drive authentication for other apps. This issue may allow an attacker to make a victim navigate to a malicious website and guid ...
Continue Reading14 декабря, 2023
Microsoft has warned that adversaries are using OAuth applications as an automation tool to deploy virtual machines (VMs) for cryptocurrency mining and launch phishing attacks. "Threat actors ...
Continue Reading14 декабря, 2023
On May 1, 2023, the Wordfence Threat Intelligence team began the responsible disclosure process for multiple high and critical severity vulnerabilities we discovered in Kirotech’s UserPro plugin, wh ...
Continue Reading14 декабря, 2023
Ambitious Employees Tout New AI Tools, Ignore Serious SaaS Security Risks Like the SaaS shadow IT of the past, AI is placing CISOs and cybersecurity teams in a tough but familiar spot. Employees are ...
Continue Reading14 декабря, 2023
authentik is vulnerable to authentication bypass due to an insufficient PKCE check. The vulnerability is caused by code_verifier step during the OAUTH initialisation flow. Authentik improperly accepts ...
Continue Reading14 декабря, 2023
ownCloud has warned users about three critical security flaws in its file-sharing software which, if exploited, could reveal sensitive information and modify files. An especially and potentially impac ...
Continue Reading14 декабря, 2023
2023 has seen its fair share of cyber attacks, however there's one attack vector that proves to be more prominent than others - non-human access. With 11 high-profile attacks in 13 months and an ...
Continue Reading14 декабря, 2023
By Deeba Ahmed Cloud Security Shakeup: Experts Urge Caution as OAuth Becomes Hacker Playground. This is a post from HackRead.com Read the original post: Microsoft: Storm-1283 Sent 927,000 Phishing Ema ...
Continue Reading14 декабря, 2023
Back to Main