Facebook exposed user data to thousands of app developers

By Zara Khan Facebook 'Privacy Matters' reveals 5000 app developers accessed user data. This is a post from HackRead.com Read the original post: Facebook exposed user data to thousands of app developers...

Facebook Privacy Glitch Gave 5K Developers Access to ‘Expired’ Data

Facebook is facing yet another privacy faux pas in how its users’ data is collected and used by third-party apps. The social media giant said that it recently discovered that 5,000 developers received data from Facebook users — long after their access to that data should have expired. In 2018, on...

py-matrix-synapse -- multiple vulnerabilities

Matrix developers report: Due to the two security issues highlighted below, server administrators are encouraged to update Synapse. We are not aware of these vulnerabilities being exploited in the wild. A malicious homeserver could force Synapse to reset the state in a room to a small subset of t...

BlogCMS Cross-Site Request Forgery Vulnerability

BlogCMS is a PHP and MySQL based blogging system by Pramod Mahato Software Developers in India. A cross-site request forgery vulnerability exists in the admin/changepass.php file in BlogCMS 2019-12-31 and earlier versions. The vulnerability stems from the WEB application not adequately verifying...

Adobe Prompts Users to Uninstall Flash Player As EOL Date Looms

With Flash Player’s Dec. 31, 2020 kill date quickly approaching, Adobe said that it will start prompting users to uninstall the software in the coming months. The End of Life EOL timeline has been a long time coming. Adobe first announced in July 2017 that it will no longer update or distribute...

How Covid-19 Contact Tracing Works on Your Phone

Developers are working on track-and-trace systems to keep infection levels low. The apps aren't here yet, but here's what they do—and how you can enable them...

[SECURITY] Fedora 31 Update: python38-3.8.3-1.fc31

Python 3.8 package for developers. This package exists to allow developers to test their code against a newer version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.8, update your Fedora to a newer version once Python 3.8 is stable...

FinalRecon - The Last Web Recon Tool You'll Need

FinalRecon is a fast and simple python script for web reconnaissance. It follows a modular structure so in future new modules can be added with ease. Featured NullByte https://null-byte.wonderhowto.com/how-to/conduct-recon-web-target-with-python-tools-0198114/...

Now Chrome Can Block Ads That Leach Power From Your CPU

Google developers have built a feature to help you avoid abusive ads. Here’s how to turn it on...

Create-Project Manager 1.07 Cross Site Scripting / HTML Injection

Exploit Title: Create-Project Manager 1.07 Multi XSS /HTML injection Vunlerabilities Google Dork:N/A Date: 2020-05-06 Exploit Author: @ThelastVvV Vendor Homepage: https://codecanyon.net/item/create-project-manager-with-authenticator/20483329?srank=3 Version: 1.6 Tested on: 5.4.0-kali4-amd64...

What Is Fleeceware, and How Can You Protect Yourself?

Sneaky developers are charging big bucks for basic apps. Here's how to spot a scam in sheep's clothing...

FreeBSD : py-bleach -- regular expression denial-of-service (4c52ec3c-86f3-11ea-b5b4-641c67a117d8)

Bleach developers reports : bleach.clean behavior parsing style attributes could result in a regular expression denial of service ReDoS. Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean..., attributes='a': 'style'. C...

CVE-2020-6825

Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary...

Memory corruption

Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary...

Over 700 Malicious Typosquatted Libraries Found On RubyGems Repository

As developers increasingly embrace off-the-shelf software components into their apps and services, threat actors are abusing open-source repositories such as RubyGems to distribute malicious packages, intended to compromise their computers or backdoor software projects they work on. In the latest...

MS16-015: Description of the security update for Excel 2016: February 9, 2016

MS16-015: Description of the security update for Excel 2016: February 9, 2016 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft...

Official Government COVID-19 Mobile Apps Hide a Raft of Threats

A rash of COVID-19 Android mobile apps have emerged that are aimed at helping citizens in Iran, Italy and Colombia track symptoms and virus infections. However, they’re also putting people’s privacy and the security of their data at risk, researchers have found. Security researchers at the ZeroFO...

Windows Unquoted Service Path Privilege Escalation

This module exploits a logic flaw due to how the lpApplicationName parameter is handled. When the lpApplicationName contains a space, the file name is ambiguous. Take this file path as example: C:\program files\hello.exe; The Windows API will try to interpret this as two possible paths:...

Thousands of Android Apps Are Silently Accessing Your Data

More than 4,000 Google Play apps let developers and advertisers collect a list of the user's other installed apps, no permission needed...

[SECURITY] Fedora 31 Update: tor-0.4.2.7-1.fc31

The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than makin g a direct connection, thus allowing both organizations and...