Author: Admin

Researchers have discovered a set of previously unknown methods to launch URL redirection attacks against weak OAuth 2.0 implementations. These attacks can lead to the bypassing of phishing detection and email security solutions, and at the same time, gives phishing URLs a false snse of legitimacy to victims. The relevant campaigns were detected by Proofpoint, and target Outlook Web Access, PayPal, Microsoft 365, and Google Workspace. How the attack works OAuth 2.0 is a widely…

0Auth 2.0 Authorization Code Flows The OAuth 2.0 authorization protocol requires developers to register their applications within the OAuth provider’s framework in order to receive a unique application ID. As part of this process, developers provide their redirect URI, so the provider can redirect the user with the authorization response to the redirect URI. The OAuth 2.0 flow, meanwhile, is made up of authorization code flows, implicit flows and hybrid flows, which combines the authorization…

Half a decade ago, in the wake of the rise of cloud computing, some IT evangelists, CIOs, and large tech research firms foretold the imminent death of the data center as we know it. My co-columnist at CIO.com Mark Settle at the time advised caution in writing off data centers and envisaged how they  would continue to grow based on the evolution of – you guessed it – data. Today, data centers continue to not…

As we continue this series, we have been looking at how the speed of business in today’s global market is continually increasing due to digitization. This is driving massive application growth, leading to more disparate technologies, more complexity across environments, poor visibility, difficulties resolving issues and a range of other challenges. IT Operations are pushed to breaking point. AIOps can help with machine learning & big data, dramatically enhancing IT Operations, with continuous insight across…

The internet is becoming more secure overall, but slightly more than half of websites’ digital keys are still generated via legacy encryption algorithms, according to new research. Security firm Venafi enlisted the help of noted researcher Scott Helme to analyze the world’s top one million sites over the past 18 months. The resulting TLS Crawler Report revealed some progress in a few areas. Nearly three-quarters (72%) of sites now actively redirect traffic to use HTTPS,…

The US-CERT has recorded more vulnerabilities so far in 2021 than any year previously, the fifth year in a row this has happened. At the time of writing, 18,376 vulnerabilities in production code were recorded in the US National Vulnerability Database (NVD), exceeding the 2020 record of 18,351. However, there were fewer high severity bugs in the NVD than last year. In 2020 the figure reached an all-time-high of 4381, falling to 3630 so far…

Senior IT and cybersecurity professionals are nearly half as likely to be fired following a data breach today versus three years ago, according to new data from Kaspersky. The security vendor’s research, IT Security Economics 2021: Managing the trend of growing IT complexity was compiled from interviews with thousands of IT decision makers across the globe. It revealed that just 7% of organizations laid off senior IT staff following a security breach in 2021 versus 12% in 2018. The…