Jun 21, 2023Ravie LakshmananAuthentication / Vulnerability A security shortcoming in Microsoft Azure Active Directory (AD) Open Authorization (OAuth) process could have been exploited to achieve full account takeover, researchers said. California-based identity and access management service Descope, which discovered and reported the issue in April 2023, dubbed it nOAuth. “nOAuth
May 27, 2023Ravie LakshmananAPI Security / Vulnerability A critical security vulnerability has been disclosed in the Open Authorization (OAuth) implementation of the application development framework Expo.io. The shortcoming, assigned the CVE identifier CVE-2023-28131, has a severity rating of 9.6 on the CVSS scoring system. API security firm Salt Labs said
Apr 13, 2023Ravie LakshmananMobile Security / Privacy Popular instant messaging app WhatsApp on Thursday announced a new account verification feature that ensures that malware running on a user’s mobile device doesn’t impact their account. “Mobile device malware is one of the biggest threats to people’s privacy and security today because
Apr 06, 2023Ravie LakshmananPrivacy / Mobile Security Google is enacting a new data deletion policy for Android apps that allow account creation to also offer users with a setting to delete their accounts in an attempt to provide more transparency and control over their data. “For apps that enable app