Security News

Facebook Releases New Tool That Finds Security and Privacy Bugs in Android Apps
2021-09-29 22:14

Facebook on Wednesday announced it's open-sourcing Mariana Trench, an Android-focused static analysis platform the company uses to detect and prevent security and privacy bugs in applications created for the mobile operating system at scale. In a nutshell, the utility allows developers to frame rules for different data flows to scan the codebase for in order to unearth potential issues - say, intent redirection flaws that could result in the leak of sensitive data or injection vulnerabilities that would allow adversaries to insert arbitrary code - explicitly setting boundaries as to where user-supplied data entering the app is allowed to come from and flow into such as a database, file, web view, or a log.

Facebook open-sources tool to find Android app security flaws
2021-09-29 20:11

Facebook today open-sourced a static analysis tool its software and security engineers use internally to find potentially dangerous security and privacy flaws in the company's Android and Java applications. "A flow from sources to sinks indicate that for example user passwords may get logged into a file, which is not desirable and is called as an 'issue' under the context of Mariana Trench," Facebook Software Engineer Dominik Gabi said.

3.8 Billion Users’ Combined Clubhouse, Facebook Data Up for Sale
2021-09-27 14:59

According to CyberNews, the combined Clubhouse-Facebook database includes names, phone numbers and other data, and is listed on an underground forum for $100,000 for all 3.8 billion entries, with smaller chunks of data available for less. "Breaches like these often get sold at a discount because the ones who stole the data don't know what to do with it. In some cases, intelligence agencies will buy them if they have targets of interest on those platforms," Bambenek said.

TikTok, GitHub, Facebook Join Open-Source Bug Bounty
2021-09-22 14:52

As more businesses rely on open-source software for mission-critical infrastructure, HackerOne, along with sponsors including Elastic, Facebook, Figma, GitHub, Shopify and TikTok, announced they are throwing a new round of resources behind an Internet Bug Bounty Program to lure threat hunters' attention to open-source supply chains. Following a spate of spectacular software supply-chain breaches, market leaders have decided to throw in some cash to fund the IBB to incentivize bug hunters to take a closer look at open-source code.

UK.gov is launching an anti-Facebook encryption push. Don't think of the children: Think of the nuances and edge cases instead
2021-09-08 13:44

The British government is preparing to launch a full-scale policy assault against Facebook as the company gears up to introduce end-to-end encryption across all of its services. The backlash has already begun, showing that officials face a tooth-and-nail fight to derail the rollout of end-to-end encryption on the anti-social networking site and others in the Facebook estate.

Facebook sat on report that reveals most-shared post for months was questionable COVID story
2021-08-23 03:31

Facebook has revealed a report that shows the most-shared link on the platform in the first three months of 2021 described questionable interpretation of a death attributed to a COVID-19 vaccination - but only did so after publishing a later and more flattering report. The document wasn't Facebook's first such report.

Facebook Adds End-to-End Encryption to Calls in Messenger
2021-08-16 14:04

Facebook has updated the end-to-end encryption features in Messenger to provide users with more secure voice and video calling capabilities. Messenger has been offering support for end-to-end encrypted text chats for roughly five years, and Facebook has decided to expand the security feature to voice and video calling as well, after observing an increase in the use of these capabilities over the past year.

Facebook Adds End-to-End Encryption for Audio and Video Calls in Messenger
2021-08-14 03:20

Facebook on Friday said it's extending end-to-end encryption for voice and video calls in Messenger, along with testing a new opt-in setting that will turn on end-to-end encryption for Instagram DMs. "The content of your messages and calls in an end-to-end encrypted conversation is protected from the moment it leaves your device to the moment it reaches the receiver's device," Messenger's Ruth Kricheli said in a post. It's worth noting that the company's flagship messaging service gained support for E2EE in text chats in 2016, when it added a "Secret conversation" option to its app, while communications on its sister platform WhatsApp became fully encrypted the same year following the integration of Signal Protocol into the application.

Facebook Adds End-to-End Encryption for Audio and Video Calls in Messenger
2021-08-14 03:20

Facebook on Friday said it's extending end-to-end encryption for voice and video calls in Messenger, along with testing a new opt-in setting that will turn on end-to-end encryption for Instagram DMs. "The content of your messages and calls in an end-to-end encrypted conversation is protected from the moment it leaves your device to the moment it reaches the receiver's device," Messenger's Ruth Kricheli said in a post. It's worth noting that the company's flagship messaging service gained support for E2EE in text chats in 2016, when it added a "Secret conversation" option to its app, while communications on its sister platform WhatsApp became fully encrypted the same year following the integration of Signal Protocol into the application.

Facebook rolls out end-to-end encryption for Messenger calls
2021-08-13 20:20

Facebook has announced the rollout of end-to-end encrypted Messenger voice and video calls five years after making it available in one-on-one text chats. End-to-end encryption is used by most popular communication and collaboration platforms, including Zoom, Microsoft Teams, as well as Facebook's WhatsApp.