Dark Reading

Attackers Abuse Google OAuth Endpoint to Hijack User Sessions

Attackers have been exploiting an undocumented Google OAuth endpoint to hijack user sessions and allow continuous access to Google services, even after a password reset. A threat actor called "Prisma" ...
Bleeping Computer

Google: Malware abusing API is standard token theft, not an API issue

Google is downplaying reports of malware abusing an undocumented Google Chrome API to generate new authentication cookies when previously stolen ones have expired. In late November 2023, ...
The New York Times

The Best Two-Factor Authentication App

We independently review everything we recommend. We may get paid to link out to retailer sites, and when you buy through our links, we may earn a commission. Learn more› By Max Eddy Max Eddy is a ...
Hackaday

Token Authentication For Gmail Using A EZ430 Chronos Watch

Two-factor authentication allows you to use your chosen password, as well as a one-time password to help keep your services secure. The one-time passwords traditionally come from a dedicated piece of ...
CNET

Google Replacing SMS With QR Codes for Gmail Authentication

You'll soon see a big change in how your Gmail account is secured and your two-factor authenticated logins are handled. Google has said it's planning to stop sending 2FA codes via text message to ...