Microsoft

OAuth redirection abuse enables phishing and malware delivery

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users ...
Security Boulevard

Everyone Knows About Broken Authorization – So Why Does It Still Work for Attackers?

Broken authorization is one of the most widely known API vulnerabilities.  It features in the OWASP Top 10, AppSec conversations, and secure coding guidelines. Broken Object Level Authorization (BOLA) ...
Threat Post

Cisco Patches Critical Authentication Bug With Public Exploit

There’s proof-of-concept code out for the near-maximum critical – rated at 9.8 – authentication bypass bug, but Cisco hasn’t seen any malicious exploit yet. Cisco has patched a near-max critical bug ...