SiliconANGLE

Google I/O 2013: OAuth API Design and Security for Authentication in Application Development

Developers who work with accessing APIs are probably already largely familiar with the paradigm that OAuth works under: it’s an identity and authentication API. In his session, Adam Eijdenberg ...
Bleeping Computer

Microsoft, Google OAuth flaws can be abused in phishing attacks

Researchers have discovered a set of previously unknown methods to launch URL redirection attacks against weak OAuth 2.0 implementations. These attacks can lead to the bypassing of phishing detection ...
Dark Reading

Attackers Abuse Google OAuth Endpoint to Hijack User Sessions

Attackers have been exploiting an undocumented Google OAuth endpoint to hijack user sessions and allow continuous access to Google services, even after a password reset. A threat actor called "Prisma" ...
Ars Technica

Don’t trust OAuth: Why the “Google Docs” worm was so convincing

You really think someone would just go on the Internet and tell lies? An evil phishing worm masquerading as “Google Docs” took the Internet by storm today. It sent an e-mail claiming to be from a ...
Android

Scammers are now abusing Google OAuth to send phishing emails

Summary: A new scam has come into light, where scammers are sending out phishing emails to targets by abusing the Google OAuth app. Such an email comes from a legit-looking “[email protected]” address ...