Mozilla has released security update to address vulnerabilities in Thunderbird. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.
Users and administrators are encouraged to review Mozilla Security Advisory and apply necessary updates.
Cisco has released security update to address vulnerabilities to its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.
Users and administrators are encouraged to review Cisco Security Advisories and apply necessary updates. For more information click on the link below;
Mozilla has released security update to address vulnerability in Firefox prior to v.62.0.3 and Firefox ESR prior to v.60.2.2. Exploitation of the vulnerability may allow an attacker to take control of affected system.
Users and administrators are encouraged to review Mozilla Security Advisory and apply necessary updates.
Adobe has released security update to address vulnerability in Adobe Acrobat and Reader for Windows and MacOS. Exploitation of the vulnerability may allow an attacker to take control of affected system.
Users and administrators are encouraged to review Adobe Security Bulletin and apply necessary updates.
On Tuesday, 25th September 2018, Facebook Team released security notice to all users on security breach occurred on Facebook platform. Findings have revealed that unknown malicious actor hacked the site and managed to compromise about 50 million users’ accounts.
Earlier investigation revealed that, the breach was caused by security vulnerabilities that were persisting in Facebook source code. Due to that, attacker was able to exploit the vulnerabilities and be able to impact “VIEW AS” a feature on Facebook that let users see how their own profile looks like to someone else. Following the exploitation, the attacker was able to steal Facebook access-tokens and thereafter taking control of users’ accounts.
Access-tokens are equivalent to digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the application.
The source of vulnerabilities was a change that was effected by Facebook Team on video uploading feature in July 2017, which impacted “View As” feature.
Facebook Security Team is yet to establish whether there is any misuse of compromised accounts or disclosure of users’ information.
Until now, Facebook security team has implemented a number of security measures to address the matter which includes the following:-
a. Fixed the vulnerabilities and informed law enforcement on security breach for appropriate legal actions.
b. Reset the access tokens of the almost 50 million accounts known to be affected to protect their security.
c. Took the precautionary measure to reset access tokens for another 40 million user accounts that have been subject to a “View As” look-up in the last year. In view of this action, about 90 million users will now have to log back in to Facebook, or any of their apps that use Facebook username and password to login. On successful log back in, users will get a notification at the top of their News Feed explaining what happened as shown in the figure below.
d. Temporarily turned off the “View As” feature while conducting a detailed security review.
5. Important to users
Following security measure undertaken by Facebook Security Team, there is no need for users to change their passwords. For those who are facing difficulties to log back into Facebook application i.e. forgotten their password or any other reasons should visit Facebook Help Center.
And in case anyone wants to take the precautionary measure to log out of Facebook, they should visit the “ Security and Login” section in settings.
Tanzania Computer Emergency Response Team