A researcher discovered a serious vulnerability in an Xbox subdomain that exposed email addresses behind Xbox accounts. It only required an adversary to meddle with cookie files to extract this information. Xbox Subdomain Vulnerability Researcher Joseph Harris discovered a serious security flaw risking Xbox users’ privacy. The vulnerability existed in the “enforcement.xbox.com” subdomain – the portal letting Xbox users view and manage the enforcement actions against their profiles. Sharing the details with ZDNet, the researcher elaborated that when an Xbox user signs in to the...

Drupal, the fourth popular most popular CMS behind the websites today, has released emergency fixes for some critical flaws. Exploiting these vulnerabilities allows code execution attacks. Drupal confirmed known exploits exist. Drupal Code Execution Flaws Reportedly, Drupal has disclosed two serious security flaws, via a recent advisory, that could allow code execution attacks. As elaborated, two critical severity arbitrary PHP code execution flaws affected the different CMS versions. These include CVE-2020-28948 and CVE-2020-28948. Describing the issue in the advisory, Drupal...

Researcher from the Google Project Zero team has found a serious bug in Facebook Messenger app that allowed spying. As detailed in a bug report, the researcher Natalie Silvanovich described that the bug existed in the WebRTC protocol that manages audio/video calls on Facebook Messenger. As a standard, audio transmission on calls begins only after the callee answer an incoming call. Explaining this behavior, the researcher stated, Attribution link: https://latesthackingnews.com/2020/11/23/facebook-messenger-bug-could-allow-spying-on-users-via-audio/

In a recent blog post, Drew Rowny, Google’s Product Lead, Messages, has shared the tech giant’s future plans. As revealed, Google is rolling out the end-to-end encryption feature to its Messages app. The Messages by Google is one of the popular Android apps among users for general communication. It is also often available as the default pre-installed messaging app in the latest Android phones. However, despite being popular, it still lagged behind other instant messaging apps like WhatsApp and Signal as it lacks key features such as end-to-end encryption. Nonetheless, Google now gears up...

    http://bit.ly/1bhqmrm

Facebook released its internally-developed Pysa security tool. Based on the open-source code of Pyre project, Facebook designed Pysa as a static code analyzer. The tool specifically looks for security bugs, unlike most other analyzers. Facebook decided to opensource the tool after witnessing its success in security Instagram. The tech giant’s internal team used the tool for identifying various bugs. Sharing the details of the tool in a post, Facebook stated,     Attribution link:...