Drupal, the fourth popular most popular CMS behind the websites today, has released emergency fixes for some critical flaws. Exploiting these vulnerabilities allows code execution attacks. Drupal confirmed known exploits exist. Drupal Code Execution Flaws Reportedly, Drupal has disclosed two serious security flaws, via a recent advisory, that could allow code execution attacks. As elaborated, two critical severity arbitrary PHP code execution flaws affected the different CMS versions. These include CVE-2020-28948 and CVE-2020-28948. Describing the issue in the advisory, Drupal...

Researcher from the Google Project Zero team has found a serious bug in Facebook Messenger app that allowed spying. As detailed in a bug report, the researcher Natalie Silvanovich described that the bug existed in the WebRTC protocol that manages audio/video calls on Facebook Messenger. As a standard, audio transmission on calls begins only after the callee answer an incoming call. Explaining this behavior, the researcher stated, Attribution link: https://latesthackingnews.com/2020/11/23/facebook-messenger-bug-could-allow-spying-on-users-via-audio/

In a recent blog post, Drew Rowny, Google’s Product Lead, Messages, has shared the tech giant’s future plans. As revealed, Google is rolling out the end-to-end encryption feature to its Messages app. The Messages by Google is one of the popular Android apps among users for general communication. It is also often available as the default pre-installed messaging app in the latest Android phones. However, despite being popular, it still lagged behind other instant messaging apps like WhatsApp and Signal as it lacks key features such as end-to-end encryption. Nonetheless, Google now gears up...

    http://bit.ly/1bhqmrm

Facebook released its internally-developed Pysa security tool. Based on the open-source code of Pyre project, Facebook designed Pysa as a static code analyzer. The tool specifically looks for security bugs, unlike most other analyzers. Facebook decided to opensource the tool after witnessing its success in security Instagram. The tech giant’s internal team used the tool for identifying various bugs. Sharing the details of the tool in a post, Facebook stated,     Attribution link:...

One More Chrome Zero-Day Fixed Two weeks after addressing a zero-day, Google disclosed and addressed one more bug in Chrome under active attack. The bug, CVE-2020-16009, caught the attention of Clement Lecigne of Google’s Threat Analysis Group and Samuel Groß of Google Project Zero. As disclosed, the new zero-day bug affects the V8 component of the Chrome browser. Although, Google also fixed another zero-day flaw in the V8 component earlier this year. But that was a type confusion flaw, while for the recent bug, Google has described it as inappropriate implementation. As per their...