Tag: identity provider

Source URL: https://arxiv.org/abs/1601.01229 Source: Hacker News Title: A Comprehensive Formal Security Analysis of OAuth 2.0 Feedly Summary: Comments AI Summary and Description: Yes Summary: The paper presents a comprehensive formal security analysis of the OAuth 2.0 protocol, a widely used authorization standard essential for secure single sign-on (SSO) applications. It highlights vulnerabilities discovered during analysis…

Bulletins: Vulnerability Summary for the Week of February 17, 2025

Feb 24, 2025

—

by

Source URL: https://www.cisa.gov/news-events/bulletins/sb25-055 Source: Bulletins Title: Vulnerability Summary for the Week of February 17, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info a1post–A1POST.BG Shipping for Woo Cross-Site Request Forgery (CSRF) vulnerability in a1post A1POST.BG Shipping for Woo allows Privilege Escalation. This issue affects A1POST.BG Shipping for Woo: from n/a…

Cloud Blog: 5 ways Google Cloud can help you minimize credential theft risk

Feb 10, 2025

—

by

Source URL: https://cloud.google.com/blog/products/identity-security/5-ways-google-cloud-can-help-you-minimize-credential-theft-risk/ Source: Cloud Blog Title: 5 ways Google Cloud can help you minimize credential theft risk Feedly Summary: Threat actors who target cloud environments are increasingly focusing on exploiting compromised cloud identities. A compromise of human or non-human identities can lead to increased risks, including cloud resource abuse and sensitive data exfiltration. These…

Cloud Blog: Securing Cryptocurrency Organizations

Jan 21, 2025

—

by

Source URL: https://cloud.google.com/blog/topics/threat-intelligence/securing-cryptocurrency-organizations/ Source: Cloud Blog Title: Securing Cryptocurrency Organizations Feedly Summary: Written by: Joshua Goddard The Rise of Crypto Heists and the Challenges in Preventing Them Cryptocurrency crime encompasses a wide range of illegal activities, from theft and hacking to fraud, money laundering, and even terrorist financing, all exploiting the unique characteristics of digital…

Hacker News: OpenAUTH: Universal, standards-based auth provider

Dec 17, 2024

—

by

Source URL: https://openauth.js.org/ Source: Hacker News Title: OpenAUTH: Universal, standards-based auth provider Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text discusses OpenAuth, an open-source centralized authentication server designed for easy self-hosting on user infrastructure. Unlike conventional library solutions, OpenAuth is compliant with OAuth 2.0, allowing for integration across various applications. It provides…

Hacker News: Discovery of CVE-2024-2550 (Palo Alto)

Dec 2, 2024

—

by

Source URL: https://www.ac3.com.au/resources/discovery-of-CVE-2024-2550/ Source: Hacker News Title: Discovery of CVE-2024-2550 (Palo Alto) Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses a security incident involving a critical vulnerability in Palo Alto GlobalProtect VPN, traced back to a “nil pointer dereference” error after a firewall patch. The collaboration between AC3 and Palo Alto…

Docker: Better Together: Understanding the Difference Between Sign-In Enforcement and SSO

Nov 12, 2024

—

by

Source URL: https://www.docker.com/blog/sign-in-enforcement-and-sso/ Source: Docker Title: Better Together: Understanding the Difference Between Sign-In Enforcement and SSO Feedly Summary: Learn how Docker Desktop’s sign-in enforcement and single sign-on (SSO) features work together to enhance security and streamline user management, ensuring proper authentication and access control while unlocking Docker’s full suite of tools. AI Summary and Description:…

Hacker News: Pushed Authorization Requests (Par) in Asp.net Core 9

Nov 10, 2024

—

by

Source URL: https://nestenius.se/net/pushed-authorization-requests-par-in-asp-net-core-9/ Source: Hacker News Title: Pushed Authorization Requests (Par) in Asp.net Core 9 Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses the importance of Pushed Authorization Requests (PAR) in enhancing security within authentication processes, particularly in sectors such as open banking and healthcare. It highlights the implementation of PAR…

Cloud Blog: Mandatory MFA is coming to Google Cloud. Here’s what you need to know

Nov 4, 2024

—

by