Uber patched an authentication bypass vulnerability in its homegrown SSO solution that allowed attackers to take over subdomains and steal session cookies.
Mike Mimoso and Chris Brook recap RSA and discuss the news of the week including the impact of Cloudflare’s “Cloudbleed” bug, Google breaking SHA-1, and more.
RSA 2017 is previewed and last week’s report on iOS apps being vulnerable to interception attacks, macro malware coming to MacOS, and new Uber open source module are discussed.
Vulnerabilities in UberCENTRAL, a portal used by businesses to facilitate rides, could have leaked the names, phone numbers, email addresses, and unique IDs.