Facebook patched flaw within 9hours - XML Cross Domain

On March 25, 2014, Facebook announced that it had agreed to buy Oculus VR for $400 million in cash, $1.6 billion in Facebook stock, and an additional $300 million subject to Oculus VR meeting certain financial targets in a transaction expected to close in the second quarter of 2014.

Since 2012, Oculus website has been in the bug bounty scope for Facebook Bug Bounty at facebook.com/whitehat. The security researcher, Paulos Yibelo discovered a sever flaw in the developers portal of the website (developers.oculus.com), the site was using incorrectly configured crossdomain file that could allow cross domain reads. In a less technical term, that means the ability to read the contents of any HTML file using the victim’s sessions by a simple CSRF exploit.

LizardSquad DDoS Stresser - Multiple Vulnerabilities revealed

The core team of the vulnerability laboratory is daily watching for new web-application in the it-security sector. This week we have tested the new software of the lizard squad to discover some web-vulnerabilities. In the last days was several public announcements about the SQL Database leak of the DDoS Stresser online-service. For sure you need some 0day vulnerabilities in the application that has been revealed by the evolution security gmbh team. We did not report the issue to provoke any kind of cyberwar. We demonstrated the issues without the full proof of concepts to prevent target user damage.