CSOonline

How to defend against OAuth-enabled cloud-based attacks

Recently Malwarebytes reported that the SolarWinds hackers accessed its internal emails using the same intrusion vector they used in other attacks. The vector appears to abuse applications with ...
Bleeping Computer

Google to Force OAuth in G Suite to Increase Security

Google announced that it will block less secure apps (LSAs) from accessing G Suite account data starting February 2021, following an initial stage of limiting their access during June 2020. This ...
Bleeping Computer

Phishing Attack Hijacks Office 365 Accounts Using OAuth Apps

A phishing campaign has been discovered that doesn't target a recipient's username and password, but rather uses the novel approach of gaining access to a recipient's Office 365 account and its data ...