Security News

Meta Sues Hackers Behind Facebook, WhatsApp and Instagram Phishing Attacks
2021-12-20 23:20

Facebook's parent company Meta Platforms on Monday said it has filed a federal lawsuit in the U.S. state of California against bad actors who operated more than 39,000 phishing websites that impersonated its digital properties to mislead unsuspecting users into divulging their login credentials. The attacks were carried out using a relay service, Ngrok, that redirected internet traffic to the phishing websites in a manner that concealed the true location of the fraudulent infrastructure.

Meta sues people behind Facebook and Instagram phishing
2021-12-20 18:37

Meta has filed a federal lawsuit in California court to disrupt phishing attacks targeting Facebook, Messenger, Instagram, and WhatsApp users. The attackers behind these phishing campaigns used almost 40,000 phishing pages that would impersonate the four platforms' login pages.

Facebook Bans 7 'Cyber Mercenary' Companies for Spying on 50,000 Users
2021-12-17 23:02

Meta Platforms on Thursday revealed it took steps to deplatform seven cyber mercenaries that it said carried out "Indiscriminate" targeting of journalists, dissidents, critics of authoritarian regimes, families of opposition, and human rights activists located in over 100 countries, amid mounting scrutiny of surveillance technologies. To that end, the company said it alerted 50,000 users of Facebook and Instagram that their accounts were spied on by the companies, who offer a variety of services that run the spyware gamut from hacking tools for infiltrating mobile phones to creating fake social media accounts to monitor targets.

Facebook Bans Spy-for-Hire Firms for Targeting 50K People
2021-12-17 20:17

The spyware industry spreads far beyond the infamous Israeli spyware company NSO Group, Meta said, it being "Only one piece of a much broader global cyber-mercenary ecosystem." Facebook sued NSO Group, maker of the notorious, industrial-grade spyware Pegasus, in 2019 over an alleged attack that exploited a zero-day vulnerability in WhatsApp's messaging platform to inject spyware onto victims' phones in targeted campaigns. The Israeli firm markets spyware that Meta's report said has been used in "Frequent targeting of activists, opposition politicians and government officials in Hong Kong and Mexico." Its clients reportedly include the Department of Homeland Security, the Internal Revenue Service, and Saudi Arabia.

Facebook locks out 1,500 fake accounts used by cyber-spy firms to snoop on people, alerts 50k potential targets
2021-12-17 01:41

Facebook successor Meta on Thursday said it canceled 1,500 social media accounts used by seven surveillance-for-hire firms to conduct online attacks against government critics and members of civil society. These accounts were primarily used to observe targets and lure them into visiting malicious websites, or receiving booby-trapped messages, typically, that compromise their devices and online profiles.

Facebook disrupts operations of seven surveillance-for-hire firms
2021-12-16 20:52

Facebook has disrupted the operations of seven different spyware-making companies, blocking their Internet infrastructure, sending cease and desist letters, and banning them from its platform. "As a result of our months-long investigation, we took action against seven different surveillance-for-hire entities to disrupt their ability to use their digital infrastructure to abuse social media platforms and enable surveillance of people across the internet," said Director of Threat Disruption David Agranovich and Head of Cyber Espionage Investigations Mike Dvilyanski.

Facebook expands bug bounty program to include scraping attacks, two years after it was scraped – hard
2021-12-16 01:33

Meta has expanded its bug bounty program to include payouts for reports of scraping attacks on Facebook - but hold your applause. "We're tackling the industry-wide issue of scraping by expanding our bug bounty program to reward valid reports of scraping bugs and unprotected data sets," states an update from the Facebook security team.

Facebook to Pay Hackers for Reporting Data Scraping Bugs and Scraped Datasets
2021-12-15 20:32

Meta Platforms, the company formerly known as Facebook, has announced that it's expanding its bug bounty program to start rewarding valid reports of scraping vulnerabilities across its platforms as well as include reports of scraping data sets that are available online. To that end, the social media giant aims to monetarily compensate for valid reports of scraping bugs in its service and identify unprotected or openly public databases containing no less than 100,000 unique Facebook user records with personally identifiable information such as email, phone number, physical address, religious, or political affiliation.

Meta Expands Facebook Protect Program to Activists, Journalists, Government Officials
2021-12-02 06:06

Meta, the company formerly known as Facebook, on Thursday announced an expansion of its Facebook Protect security program to include human rights defenders, activists, journalists, and government officials who are more likely to be targeted by bad actors across its social media platforms. Facebook Protect, currently being launched globally in phases, enables users who enroll for the initiative to adopt stronger account security protections, like two-factor authentication, and watch out for potential hacking threats.

Facebook Postpones Plans for E2E Encryption in Messenger, Instagram Until 2023
2021-11-22 03:32

Meta, the parent company of Facebook, Instagram, and WhatsApp, disclosed that it doesn't intend to roll out default end-to-end encryption across all its messaging services until 2023, pushing its original plans by at least a year. "We're taking our time to get this right and we don't plan to finish the global rollout of end-to-end encryption by default across all our messaging services until sometime in 2023," Meta's head of safety, Antigone Davis, said in a post published in The Telegraph over the weekend.