Meta Archives

AppWizard

February 21, 2025

Messenger rolls out new safety, useful, and fun features

Meta has updated Messenger with new features focusing on privacy, usability, and enjoyment. Privacy and safety updates include the View Once Media option for single-view media messages, screenshot and screen recording blocks, in-app scam alerts via Spam Protection, and streamlined reporting and blocking of suspicious contacts. Usability improvements consist of HD photo sharing, enhanced HD video calls, noise-suppressed audio for clearer calls, and Siri integration for easier navigation. Expressive features allow users to personalize chats with themes, add music to notes, and use new sticker packs, including the Butterbear stickers. Social features encourage community building through Messenger Communities, enabling topic-based chats via QR codes, and engaging with public figures through Broadcast Channels.

Tech Optimizer

February 20, 2025

PostgreSQL vulnerability exploited in US Treasury attack

In December 2024, suspected state-sponsored Chinese hackers executed a sophisticated cyber attack on U.S. Treasury employees' workstations, utilizing a dual vulnerability strategy involving CVE-2024-12356 and CVE-2025-1094. CVE-2024-12356 is an unauthenticated command injection flaw in BeyondTrust Remote Support SaaS, while CVE-2025-1094 is a PostgreSQL zero-day vulnerability that allows SQL injection attacks through the psql tool. The PostgreSQL team released a fix for CVE-2025-1094 on February 13, 2025, and BeyondTrust issued patches in December 2024 to mitigate the vulnerabilities. PostgreSQL users are advised to upgrade to fixed versions: 17.3, 16.7, 15.11, 14.16, or 13.19, and BeyondTrust users should implement the December 2024 fix. Rapid7 has provided advisories and indicators of compromise related to these vulnerabilities.

AppWizard

February 18, 2025

X Blocks Signal Messenger Links Shared on Posts, DMs, and More—But Why?

Users are experiencing difficulties sharing links from Signal Messenger on Elon Musk's X platform, as these links appear to be blocked. Reports indicate that attempts to share Signal links result in various error messages, affecting public tweets and direct messages. There has been no official explanation from X regarding this restriction. Journalist Matt Binder noted that links to Signal have seemingly vanished from X, with users reporting similar issues. Error messages encountered range from generic notices to alerts labeling posts as harmful content or spam. While links already posted may carry warnings, they can still be accessed; however, links associated with Signal handles or the main website are currently inaccessible. Elon Musk previously endorsed Signal Messenger as a trustworthy alternative to WhatsApp, but the current blockage suggests a shift in his stance on secure messaging.

Tech Optimizer

February 17, 2025

A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094)

The US Treasury workstations were breached by suspected state-sponsored Chinese hackers using two zero-day vulnerabilities. The first vulnerability, CVE-2024-12356, is an unauthenticated command injection flaw in BeyondTrust's Remote Support SaaS, which requires prior exploitation of CVE-2025-1094. CVE-2025-1094 is related to the PostgreSQL interactive tool, psql, and allows SQL injection attacks due to improper handling of invalid byte sequences. This vulnerability can lead to arbitrary code execution through the execution of meta-commands. Fixes for CVE-2025-1094 were issued by the PostgreSQL team on February 13, 2025, and BeyondTrust released patches in December 2024 that also mitigate risks associated with this vulnerability. PostgreSQL users are advised to upgrade to specific fixed versions, and BeyondTrust users should implement the December 2024 fix. Rapid7 has provided technical details and indicators of compromise for the vulnerabilities.

AppWizard

February 16, 2025

Federal workers say they increasingly distrust platforms like Facebook

Federal employees are increasingly concerned about the security of traditional communication platforms and are migrating to encrypted messaging apps like Signal for personal and work-related discussions. This shift is driven by distrust in technology companies, particularly those perceived to have ties with the Trump administration, and fears that user data may be shared with the government. Employees have noted a change in workplace conversation dynamics, becoming more guarded and circumspect. Concerns have also been raised about the potential misuse of personal data, highlighted by past incidents involving companies like Meta. Many federal workers are seeking security tips through forums and adopting measures such as anonymous display names to protect their identities. The federal workforce consists of over 3 million individuals, indicating a significant portion of the U.S. labor market is affected by these privacy and data security concerns.

Tech Optimizer

February 14, 2025

PostgreSQL bug played key role in zero-day Treasury attack

A significant SQL injection vulnerability, identified as CVE-2025-1094, exists within the PostgreSQL interactive tool and was exploited alongside a zero-day vulnerability that led to a breach of the US Treasury in December 2024. This vulnerability is critical for executing the BeyondTrust zero-day (CVE-2024-12356). CVE-2025-1094 affects all versions of the PostgreSQL interactive tool, and while BeyondTrust patched CVE-2024-12356, it did not resolve the underlying issue of CVE-2025-1094. The vulnerability can lead to arbitrary code execution (ACE) and arises from a flawed assumption about SQL injection attacks and PostgreSQL's string escaping routines. Attackers can exploit this vulnerability independently of CVE-2024-12356, and it allows for the execution of shell commands and arbitrary SQL statements through psql's meta-commands. Users are advised to update to the latest versions released on February 13 to mitigate these vulnerabilities.

Tech Optimizer

February 14, 2025

Rapid7 Discovers High-Severity SQL Injection Vulnerability – Australian Cyber Security Magazine

Cybersecurity firm Rapid7 has identified a SQL injection vulnerability, CVE-2025-1094, affecting the PostgreSQL interactive tool, psql. This vulnerability was discovered during an investigation into another vulnerability, CVE-2024-12356, which poses unauthenticated remote code execution risks. Successful exploitation of CVE-2024-12356 requires prior exploitation of CVE-2025-1094. Although BeyondTrust patched CVE-2024-12356 in December 2024, it did not address the root cause of CVE-2025-1094, leaving it as a zero-day until reported by Rapid7. All supported versions prior to PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 are vulnerable, with a CVSS 3.1 base score of 8.1, indicating high severity. The vulnerability arises from flawed assumptions about PostgreSQL’s string escaping routines, allowing SQL injection under certain conditions. An attacker could exploit this vulnerability to execute arbitrary code via meta-commands in the psql tool. Users are advised to upgrade to PostgreSQL versions 17.3, 16.7, 15.11, 14.16, or 13.19 to mitigate risks.

Tech Optimizer

February 14, 2025

PostgreSQL Terminal Tool Injection Vulnerability Allows Remote Code Execution

Researchers have identified a SQL injection vulnerability, CVE-2025-1094, in PostgreSQL's interactive terminal tool, psql. This vulnerability is linked to another vulnerability, CVE-2024-12356, related to remote code execution in BeyondTrust's products. CVE-2025-1094 arises from a flawed assumption about the security of escaped untrusted input and allows attackers to inject malicious SQL statements due to the processing of invalid UTF-8 characters. It has a CVSS 3.1 base score of 8.1, indicating high severity, and can lead to arbitrary code execution through psql's meta-command functionality. The vulnerability affects all supported PostgreSQL versions prior to 17.3, 16.7, 15.11, 14.16, and 13.19. Users are advised to upgrade to these patched versions to mitigate risks. A Metasploit module targeting this vulnerability has been developed, emphasizing the urgency for organizations to implement patches.

Tech Optimizer

February 14, 2025

Experts discovered PostgreSQL flaw chained with BeyondTrust zeroday in targeted attacks

Researchers from Rapid7 have identified a significant SQL injection vulnerability in PostgreSQL, designated as CVE-2025-1094. This flaw was discovered during an investigation into another vulnerability, CVE-2024-12356, which was patched by BeyondTrust in December 2024. The patch for CVE-2024-12356 did not resolve the underlying issue of CVE-2025-1094, allowing it to remain a zero-day vulnerability until reported by Rapid7. CVE-2025-1094 has a CVSS score of 8.1 and is caused by improper handling of quoting syntax in PostgreSQL’s libpq functions. Versions of PostgreSQL prior to 17.3, 16.7, 15.11, 14.16, and 13.19 are vulnerable. The exploitation of CVE-2025-1094 allows attackers to inject malicious SQL commands and execute arbitrary code through psql meta-commands. PostgreSQL has released updates to address this vulnerability in the aforementioned versions. The discovery was made by Stephen Fewer, a principal Security Researcher at Rapid7.

AppWizard

February 14, 2025

TikTok is back in US app stores for Apple and Android

TikTok has returned to the app stores of both Apple and Android in the United States after being removed due to a divest-or-ban law enacted by former President Joe Biden, which raised national security concerns about its parent company, ByteDance. The app was inaccessible since late January, despite its service remaining operational. A Supreme Court ruling on January 17 upheld the ban, leading to TikTok's reinstatement by Apple and Android shortly thereafter. During TikTok's removal, there was a surge in secondhand sales of used iPhones pre-installed with the app, and competitors like Meta-owned Instagram announced new applications to rival TikTok. Users also explored alternative platforms like Clapper and RedNote during TikTok's absence.