Android

Google’s OAuth flaw is potentially exposing millions of accounts

Researchers have discovered a flaw in Google’s OAuth system that could allow attackers to access potentially sensitive data from former employee accounts at defunct startups. Google’s OAuth is the ...
Ars Technica

Startup necromancy: Dead Google Apps domains can be compromised by new owners

Lots of startups use Google’s productivity suite, known as Workspace, to handle email, documents, and other back-office matters. Relatedly, lots of business-minded webapps use Google’s OAuth, i.e.
TechRepublic

Fake Google Security Alert Hides a Phishing Scam

A developer reported the scam after noticing a slight discrepancy in the email address. The scam passed Google’s own DKIM checks. One of the oldest signs of a scam email is an incorrect domain.
Hosted on MSN

Beware, hackers can apparently now send phishing emails from “[email protected]

Crooks are abusing Google's notification system to bypass email protection Through OAuth apps, they are able to generate convincing phishing emails The campaign also uses sites.google.com Researchers ...