Access Control | Breaking Cybersecurity News | The Hacker News

If forecasters are right, over the course of today, consumers will spend  $13.7 billion . Just about every click, sale, and engagement will be captured by a CRM platform. Inventory applications will trigger automated re-orders; communication tools will send automated email and text messages confirming sales and sharing shipping information.  SaaS applications supporting retail efforts will host nearly all of this behind-the-scenes activity. While retailers are rightfully focused on sales during this time of year, they need to ensure that the SaaS apps supporting their business operations are secure. No one wants a repeat of one of the biggest retail cyber-snafus in history, like when one U.S.-based national retailer had 40 million credit card records stolen.  The attack surface is vast and retailers must remain vigilant in protecting their entire SaaS app stack. For example, many often use multiple instances of the same application. They may use a different Salesforce ...

Critical security flaws have been disclosed in the Open Authorization (OAuth) implementation of popular online services such as Grammarly, Vidio, and Bukalapak, building upon previous shortcomings uncovered in  Booking[.]com and Expo . The weaknesses, now addressed by the respective companies following responsible disclosure between February and April 2023, could have allowed malicious actors to obtain access tokens and potentially hijack user accounts. OAuth is a  standard  that's commonly used as a mechanism for cross-application access, granting websites or applications access to their information on other websites, such as Facebook, but without giving them the passwords. "When OAuth is used to provide service authentication, any security breach in it can lead to identity theft, financial fraud, and access to various personal information including credit card numbers, private messages, health records, and more, depending on the specific service being attacked," Sa...