The Oh No! news.

Oh No! News is Good

News.

TAGS: Oh No News, InfoSec, browser security,

session tokens, session id

InfoSec; the language

of security.

Source: Session ID.

Source: JSON Web

Token.

Terms

of Use: Copyleft, free content

Source: Session

vs Token Based Authentication.

Terms

of Use: CC-BY-SA (with CC-BY-NC-SA elements).

Source: Steal Application

Access Token. Adversaries can steal application access tokens as a

means of acquiring credentials to access remote systems and resources.

Application access tokens are used to make authorized API requests on

behalf of a user or service and are commonly used as a way to access

resources in cloud and container-based applications and

software-as-a-service (SaaS).

Terms of

Use: Similar to CC-BY-SA

Source: Analysis:

CircleCI attackers stole session cookie to bypass MFA.

Terms of

Use: Section 8. CONTENT AND CONTENT LICENSES. NOT

certain

Source: How to Prevent

Session Hijacking?

Terms of

Use: Copyright, restrictive

Additional Information.

What is a "Data

Breach"? A data breach is a security violation, in which sensitive,

protected or confidential data is copied, transmitted, viewed, stolen,

altered or used by an individual unauthorized to do so.

What is "Malware"?

Malware (a portmanteau for

malicious software) is any software intentionally designed to cause

disruption to a computer, server, client, or computer network, leak

private information, gain unauthorized access to information or systems,

deprive access to information, or which unknowingly interferes with the

user's computer security and privacy.

What is a "Payload"?

In the context of a computer virus or worm, the payload is the portion

of the malware which performs malicious action; deleting data, sending

spam or encrypting data. In addition to the payload, such malware also

typically has overhead code aimed at simply spreading itself, or

avoiding detection.

What is "Phishing"?

Phishing is a form of so