Security News

Meta Platforms on Thursday revealed it took steps to deplatform seven cyber mercenaries that it said carried out "Indiscriminate" targeting of journalists, dissidents, critics of authoritarian regimes, families of opposition, and human rights activists located in over 100 countries, amid mounting scrutiny of surveillance technologies. To that end, the company said it alerted 50,000 users of Facebook and Instagram that their accounts were spied on by the companies, who offer a variety of services that run the spyware gamut from hacking tools for infiltrating mobile phones to creating fake social media accounts to monitor targets.

The spyware industry spreads far beyond the infamous Israeli spyware company NSO Group, Meta said, it being "Only one piece of a much broader global cyber-mercenary ecosystem." Facebook sued NSO Group, maker of the notorious, industrial-grade spyware Pegasus, in 2019 over an alleged attack that exploited a zero-day vulnerability in WhatsApp's messaging platform to inject spyware onto victims' phones in targeted campaigns. The Israeli firm markets spyware that Meta's report said has been used in "Frequent targeting of activists, opposition politicians and government officials in Hong Kong and Mexico." Its clients reportedly include the Department of Homeland Security, the Internal Revenue Service, and Saudi Arabia.

Facebook successor Meta on Thursday said it canceled 1,500 social media accounts used by seven surveillance-for-hire firms to conduct online attacks against government critics and members of civil society. These accounts were primarily used to observe targets and lure them into visiting malicious websites, or receiving booby-trapped messages, typically, that compromise their devices and online profiles.

Facebook has disrupted the operations of seven different spyware-making companies, blocking their Internet infrastructure, sending cease and desist letters, and banning them from its platform. "As a result of our months-long investigation, we took action against seven different surveillance-for-hire entities to disrupt their ability to use their digital infrastructure to abuse social media platforms and enable surveillance of people across the internet," said Director of Threat Disruption David Agranovich and Head of Cyber Espionage Investigations Mike Dvilyanski.

Meta has expanded its bug bounty program to include payouts for reports of scraping attacks on Facebook - but hold your applause. "We're tackling the industry-wide issue of scraping by expanding our bug bounty program to reward valid reports of scraping bugs and unprotected data sets," states an update from the Facebook security team.

Meta Platforms, the company formerly known as Facebook, has announced that it's expanding its bug bounty program to start rewarding valid reports of scraping vulnerabilities across its platforms as well as include reports of scraping data sets that are available online. To that end, the social media giant aims to monetarily compensate for valid reports of scraping bugs in its service and identify unprotected or openly public databases containing no less than 100,000 unique Facebook user records with personally identifiable information such as email, phone number, physical address, religious, or political affiliation.

Meta, the company formerly known as Facebook, on Thursday announced an expansion of its Facebook Protect security program to include human rights defenders, activists, journalists, and government officials who are more likely to be targeted by bad actors across its social media platforms. Facebook Protect, currently being launched globally in phases, enables users who enroll for the initiative to adopt stronger account security protections, like two-factor authentication, and watch out for potential hacking threats.

Meta, the parent company of Facebook, Instagram, and WhatsApp, disclosed that it doesn't intend to roll out default end-to-end encryption across all its messaging services until 2023, pushing its original plans by at least a year. "We're taking our time to get this right and we don't plan to finish the global rollout of end-to-end encryption by default across all our messaging services until sometime in 2023," Meta's head of safety, Antigone Davis, said in a post published in The Telegraph over the weekend.

Meta, the company formerly known as Facebook, announced Tuesday that it took action against four separate malicious cyber groups from Pakistan and Syria who were found targeting people in Afghanistan, as well as journalists, humanitarian organizations, and anti-regime military forces in the West Asian country. The Pakistani threat actor, dubbed SideCopy, is said to have used the platform to single out people with ties to the Afghan government, military and law enforcement in Kabul.

At breakfast, she was convinced either Facebook or Google was listening to her the previous night. You see, Facebook knows my mother-in-law and I are friends on the platform.