Thursday, March 25, 2021

Facebook offers 2 severe vulnerabilities for WordPress Plugin

Facebook, the world’s number 1 social networking platform, has offered patches to two severe vulnerabilities related to WordPress Plugins, thus inducing faith into its users that it gives due respect to the privacy and security of its respective customers.

Known as Official Facebook Pixel, the plugin was aimed to keep a track of user actions on the WebPages they visit. However, in December last year, security researchers found the plugin was paving way for hackers to fraudulently access the site’s secret salts and keys to achieve remote code execution.

In another instance, few of the independent security researchers discovered a second vulnerability in the month of January 2021 that was related to cross-site request forgery security flaw causing issues in the scripting.

Although Facebook released fixes to both the flaws in February 2021, it still needed some tweaks and so was re-published recently in the 3.0.4 version.

Meanwhile, Facebook has also introduced a 2FA feature for its Android and iOS users, where users can use a physical security key to login via mobile devices- a feature that already exists on PC.

The social networking giant is urging all its users to use the physical security keys to defend themselves against the modern day cyber attacks launched on the user accounts.

Hence, FB becomes the second social media giant after Twitter to offer an authentication based on physical keys.  

Usually, users receive a passcode on mobile via text or email that when inserted allows the users to login into their respective accounts. But in this case, a USB thumb drive is used to validate a login session, a tool useful to high profile political celebrities, journalists, NGOs and those dealing with sensitive information.

The post Facebook offers 2 severe vulnerabilities for WordPress Plugin appeared first on Cybersecurity Insiders.


March 26, 2021 at 10:52AM

0 comments:

Post a Comment