Originally published by Valence Security.
Written by John Filitz.
A sophisticated attack vector known as “consent phishing” has emerged as a significant SaaS security threat. Unlike traditional phishing that targets credentials directly, consent phishing exploits legitimate authorization protocols that use OAuth 2.0 to gain persistent access to corporate SaaS resources.
Late last year it was disclosed that Google Chrome extension vendors were targeted in a consent …
