Twitter Draws Data Privacy Concerns with Two New Bugs
The two flaws shed light on heightened concern around user data privacy when it comes to data. Continue reading Twitter Draws Data Privacy Concerns with Two New Bugs
Category Archives: 0Auth
OAuth-based phishing campaign gives Gmail users a scare
An immense phishing campaign targeting Google accounts hit a wide array of journalists, government employees, academics and private company email accounts. This is what the attack looks like: The email has been landed in newsrooms from BuzzFeed to ABC, at universities and reportedly from addresses within the Chicago city government. The “Open in Docs” link redirects to the OAUTH2 service on accounts.google.com, according to researcher Bojan Zdrnja, where it asks for full access to the GMail account and all contacts from an application deceptively named “Google Docs.” Once access is granted, the attacker uses that account to send phishing emails to every contact in the victim’s contact list. OAuth is a mechanism companies like Google use that allows users to authorize apps and websites to access account information without giving away a password. For example, a third-party email app will want access to your GMail and will ask for permission through OAuth. […]
The post OAuth-based phishing campaign gives Gmail users a scare appeared first on Cyberscoop.
Continue reading OAuth-based phishing campaign gives Gmail users a scare