Microsoft

OAuth redirection abuse enables phishing and malware delivery

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users ...
Security Boulevard

The DocuSign Email That Wasn’t – A Three-Redirect Credential Harvest

TL;DR Attackers sent a convincing DocuSign notification with a "Review & Sign" button that chained through Google Maps redirects to an Amazon S3-hosted credential harvesting page. The redirect chain ...
Security Boulevard

Attackers abuse OAuth’s built-in redirects to launch phishing and malware attacks

Researchers have found that attackers are abusing OAuth to send users from legitimate Microsoft or Google login pages to phishing sites or malware downloads.
ZDNet

Suit filed over VeriSign domain redirect

VeriSign is facing a new class-action lawsuit over its controversial "Site Finder" service, which redirects all misspelled or unassigned .com domain names to a search page managed by the domain name ...