Twitter AAAPI Bug to Open Access to Users' Messages

Due to glitch in Account Activity API, a copy of a private message was sent to a random recipient 
25 September 2018   1320

On September 10, 2018, Twitter detected a bug in the Account Activity API (AAAPI) sending a copy of a private message to a random recipient. The company officially stated that the error affected less than 1% of users. The developers fixed the problem within a few hours of detection. Currently Twitter sends notification to potential victims and works to neutralize possible damage.

The Account Activity API is designed to communicate with developers on the Twitter platform. Using this interface, contractors can send private messages to each other. The detected error led to the fact that, at the confluence of certain circumstances, information and tweets of clients came to third-party destinations. A bug in the interface existed in May 2017 and could affect any interactions over the past 16 months.

Twitter states that only officially registered developers could receive random messages. Currently, there is correspondence with possible recipients. Representatives of the company promise to monitor the developers' compliance with their obligations and make sure that the information received is illegally received.

Problems of information leakage due to developer errors or hacker attacks regularly pop up in the IT field. In early September, 2018, Family Orbit, a company specializing in the hidden control of user actions, allowed a leakage of 281 gigabytes of data obtained during the surveillance process.

Critical Zero-Day Exploit to be Found at Firefox

Using this bug scammers could install programs, view, change or delete data, as well as create new accounts; users are recommended to update ASAP
19 June 2019   133

Coinbase Security and Google security researcher Samuel Gross discovered a vulnerability in Mozilla Firefox browser that could manipulate Javascript objects. It has already been used to attack users of cryptocurrency. This is reported on Medium.

The zero-day vulnerability received a CVE-2019-11707 identifier, and the bug was assigned a critical or highest threat level by the Firefox,

Critical Impact — Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.
 

Firefox Vulnerabilities Types Description

In fact, the attackers could force users to visit malicious websites and thus be able to execute arbitrary code on the devices of their victims. The scammers who used the bug could install programs, view, change or delete data, as well as create new accounts.

Users are urged to upgrade as soon as possible to the new version of Firefox 67.0.3 and Firefox ESR 60.7.1, in which the vulnerability is fixed.