oauth


Threatpost News Wrap, May 5, 2017

The news of the week is discussed, including the Gmail/Google Docs phishing attack, the Intel AMT vulnerability, IBM’s malware-laden USB drives, and drone security.


UPDATE Popular applications Skype and Dropbox fixed holes in their websites this week that could have allowed an attacker to gain control of users’ Facebook accounts. In what’s technically being referred to as an “open direct vulnerability,” both applications failed to validate sites before sending users and their access tokens to them.

Researchers from ULM University have found a security flaw similar to sidejacking in Google’s Android operating system affecting some 99.7% of the platform’s users. The flaw is in the ClientLogin API, and according to the report, it could allow hackers to steal contact lists, calendar events, and other sensitive data.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.