Microsoft

OAuth redirection abuse enables phishing and malware delivery

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users ...
Security Boulevard

The DocuSign Email That Wasn’t – A Three-Redirect Credential Harvest

TL;DR Attackers sent a convincing DocuSign notification with a "Review & Sign" button that chained through Google Maps redirects to an Amazon S3-hosted credential harvesting page. The redirect chain ...
Ars Technica

ASP.NET Forms Authentication - Not Redirecting

I want to create a standard ASP.NET login page to be shared by several applications.<BR><BR>I've set up a login page that checks against hashed and salted passwords stored in a SQL table. When a user ...