Microsoft validation error allowed state actor to access user email of government agencies and others

Categories: News

Tags: Microsoft. MSA

Tags: OWA

Tags: validation token

Tags: signing key

Tags: Storm-0556

Tags: GetAccessTokensForResource

Due to a validation error in Microsoft code, a suspected Chinese attacker was able to access user email from approximately 25 organizations, including government agencies.

(Read more…)

The post Microsoft validation error allowed state actor to access user email of government agencies and others appeared first on Malwarebytes Labs.

Read more

Facebook loses control of key used to sign Android app

Credit to Author: Lisa Vaas| Date: Wed, 04 Sep 2019 16:30:46 +0000

What should be a private key used to vouch for the ‘Free Basics by Facebook’ app was used to sign unrelated apps.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/oMymgOZ03gI” height=”1″ width=”1″ alt=””/>

Read more