Security Boulevard

API Authentication Methods Explained: API Keys, OAuth, JWT & HMAC Compared

A deep dive comparing API Keys, OAuth 2.0, JWT, and HMAC for CTOs. Learn which api authentication method fits your enterprise SSO and IAM strategy.
CSOonline

Failure to verify OAuth tokens enables account takeover on websites

Report shows the importance of ensuring OAuth implementation is secure to protect against identity theft, financial fraud, and access to personal information ...
Infosecurity-magazine.com

Attacker Accessed Dozens of Repositories After OAuth Token Theft

GitHub has revealed that dozens of organizations were compromised by a data thief that used stolen OAuth tokens to access their private repositories. The developer platform’s security team opened an ...
Threat Post

Microsoft OAuth Flaw Opens Azure Accounts to Takeover

Some Microsoft applications are vulnerable to an authentication issue that could enable Azure account takeover. A vulnerability in the way Microsoft applications use OAuth for third-party ...
ZDNet

Heroku fesses up to customer password theft due to OAuth token attack

Heroku has explained why it emailed users with a sudden password reset warning earlier this week, and how it was due to the theft of OAuth tokens from GitHub. "[Our investigation] revealed that the ...
CSOonline

GitHub repositories compromised by stolen OAuth tokens

Salesforce-owned PaaS vendor Heroku and GitHub have both warned that compromised OAuth user tokens were likely used to download private data from organizations using Heroku and continuous integration ...
Dark Reading

Beware of Device Code Phishing

Device codes are alphanumeric or numeric codes employed for authenticating an account on a device that does not have a standard login interface, such as a browser or input-limited devices, where it is ...