Geeky Gadgets

Creating custom GPTs with OAuth Authentication for improved security

Designing custom Generative Pre-trained Transformers (GPTs) and adding OAuth Authentication is a big step for anyone who want to improve their custom GPTs. This integration makes it possible to create ...

ConsentFix debrief: Insights from the new OAuth phishing attack

ConsentFix is an OAuth phishing technique abusing browser-based authorization flows to hijack Microsoft accounts. Push ...
Infosecurity-magazine.com

OAuth Device Code Phishing Campaigns Surge Targets Microsoft 365

A surge in phishing campaigns abusing Microsoft’s OAuth device code authorization flow has been observed with multiple threat clusters using the technique to gain unauthorized access to Microsoft 365 ...
Dark Reading

Attackers Target Microsoft Accounts to Weaponize OAuth Apps

Threat actors are abusing organizations' weak authentication practices to create and exploit OAuth applications, often for financial gain, in a string of attacks that include various vectors, ...
CSOonline

Salt Security adds defense against OAuth attacks

Salt Security has added a new OAuth security offering to its API protection platform to help organizations detect attempts to exploit OAuth and fix vulnerabilities associated with the protocol. OAuth ...
ZDNet

Google updates OAuth incremental authorization

Google has simplified the OAuth authorization process for users who give a third-party app access to Google apps such as Docs and Drive. The update, though minor, makes it possible for users to ...
The Next Web

OAuth and OpenID Authentication Vulnerable To “Timing Attack”

Authentication systems employed by large websites such as Twitter and Digg could be at risk after researchers have discovered a basic flaw that could crack a large number of open-source software ...