Uber patched an authentication bypass vulnerability in its homegrown SSO solution that allowed attackers to take over subdomains and steal session cookies.

Version 10g of Oracle Access Manager suffers from vulnerabilities that could allow an attacker to hijack sessions.

Mike Mimoso and Chris Brook discuss the news of the week, including the ShadowBrokers crowdfunding attempt, errors in WannaCry, a new Wikileaks dump, last week’s Samba vulnerability, and the OneLogin breach.

A breach at OneLogin appears to have compromised customer data, including the ability to decrypt encrypted data.

Mobile app developers need to be aware of improper OAuth 2.0 implementations that have put one billion mobile apps at risk to takeover.