This is the 5th part of our blog series "Things that security auditors will nag about and why you shouldn't ignore them". In these articles, Nixu's security consultants explain issues that often come up when assessing the security of web applications, platforms and other computer systems.
Granting access to 3rd party apps is not a new concept in the age of Facebook and big consumer services. In this article, we demonstrate a similar scenario, but using a known enterprise applications ecosystem (Azure AD) The attack demonstrates that 3rd party app requesting access to your data might not be what it claims to be.
We are increasingly seeing various forms of AI being used everywhere. Sometimes it feels like every day there is a new industry that comes up with clever new approaches. What happens next, nobody knows for sure.
Yesterday, the story broke on Wired about a sales intelligence company called Apollo suffering from a data breach. The company was collecting data from various sources – many of them public – and connecting it all together to create profiles of people. The purpose of their platform was to enable sales by helping sales people target the right stakeholders with the right message.