InfoSecBulletin Cybersecurity for mankind
Samip Aryal informed a Nepali media outlet about discovering a vulnerability in Facebook that could allow for an ‘account takeover.’ According to Aryal, the vulnerability could be exploited to take control of any user’s account with minimal effort.
WhatsApp banned on all US House of Representatives devices
Kaspersky found “SparkKitty” Malware on Google Play, Apple App Store
OWASP AI Testing Guide Launched to Uncover Vulns in AI Systems
Axentec Launches Bangladesh’s First Locally Hosted Tier-4 Cloud Platform
Hackers Bypass Gmail MFA With App-Specific Password Reuse
Russia detects first SuperCard malware attacks via NFC
Income Property Investments exposes 170,000+ Individuals record
ALERT (CVE: 2023-28771)
Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs
CISA Flags Active Exploits in Apple iOS and TP-Link Routers
10K Records Allegedly from Mac Cloud Provider’s Customers Leaked Online
While he is currently ranked as one of the top hackers, there may be someone with a higher score in that position. Aryal mentioned that for now, 2024 is ranked first. Previously, Aryal reported security vulnerabilities to Facebook and was ranked 27th.
Finding this type of security vulnerability is a top priority for cyber security researchers. Aryal also made it a priority.
“This is Facebook’s Priority Based Vulnerability (priority security weakness),” he said. Earlier I looked at two factor authentication bypass. That is also a priority. This is definitely the highest priority.”
For discovering this weakness, Facebook has honored him in the Hall of Fame and given him a monetary reward.
Aryal found a weakness that could take over anyone’s account, but accounts with two-factor authentication cannot be taken over. OTP is needed to access these accounts, and it cannot be accessed because it goes to phone or email. Aryal recommends enabling two-factor authentication for added Facebook account security.
