Android

Google’s OAuth flaw is potentially exposing millions of accounts

Researchers have discovered a flaw in Google’s OAuth system that could allow attackers to access potentially sensitive data from former employee accounts at defunct startups. Google’s OAuth is the ...
TechRepublic

Fake Google Security Alert Hides a Phishing Scam

A developer reported the scam after noticing a slight discrepancy in the email address. The scam passed Google’s own DKIM checks. One of the oldest signs of a scam email is an incorrect domain.
Bleeping Computer

Fake "Security Alert" issues on GitHub use OAuth app to hijack accounts

A widespread phishing campaign has targeted nearly 12,000 GitHub repositories with fake "Security Alert" issues, tricking developers into authorizing a malicious OAuth app that grants attackers full ...
Hosted on MSN

Beware, hackers can apparently now send phishing emails from “no-reply@google.com”

Crooks are abusing Google's notification system to bypass email protection Through OAuth apps, they are able to generate convincing phishing emails The campaign also uses sites.google.com Researchers ...