April 10, 2024 at 04:24PM Authentication protocols are essential for online security, allowing users to securely confirm their identities and access protected information. Selecting the right protocol can be daunting, but key options include OAuth/OpenID Connect for quick user registrations, SAML for enterprise single sign-on, FIDO2/WebAuthn for consumer-facing applications, and TOTP for enhanced security in … Read more
March 13, 2024 at 09:27AM Salt Security analyzed ChatGPT plugins and uncovered vulnerabilities that could be exploited to access sensitive data and take over accounts on third-party websites. These vulnerabilities affected the OAuth authentication process, potentially leading to unauthorized data access and account takeovers. Vendors were promptly notified and patches were implemented. Additionally, future GPTs … Read more
January 24, 2024 at 09:45AM A critical loophole named Sys:All in Google Kubernetes Engine (GKE) has been discovered by cybersecurity researchers, allowing threat actors with a Google account to take control of GKE clusters. Around 250,000 active GKE clusters are susceptible. Google has taken steps to address the issue in GKE versions 1.28 and later. … Read more
December 13, 2023 at 06:24AM Microsoft warns of adversaries using OAuth applications to automate virtual machine deployment for cryptocurrency mining and phishing attacks. Threat actors compromise user accounts to modify OAuth applications and maintain access to applications even if they lose access to accounts. Organizations are advised to enforce multi-factor authentication, conditional access policies, and … Read more
October 25, 2023 at 09:45AM Critical security flaws in the OAuth implementation of popular online services such as Grammarly, Vidio, and Bukalapak have been disclosed. These weaknesses could have allowed malicious actors to hijack user accounts by obtaining access tokens. The vulnerabilities have been addressed by the respective companies. OAuth, commonly used for cross-application access, … Read more