Security News
Facebook took down accounts used by a Chinese-sponsored hacking group to deploy surveillance malware on devices used by Uyghurs activists, journalists, and dissidents living outside China. The hacking group tracked as Earth Empusa or Evil Eye used the now disabled Facebook accounts to send links that redirected their targets to malicious websites under their control in watering hole attacks.
Facebook's threat intelligence team says it has disrupted a sophisticated Chinese spying team that routinely use iPhone and Android malware to hit journalists, dissidents and activists around the world. The hacking group, known to malware hunters as Evil Eye, has used Facebook to plant links to watering hole websites rigged with exploits for the two major mobile platforms.
The US Supreme Court on Monday declined to consider an appeal by Facebook that would have derailed a $15 billion lawsuit over whether it illegally tracked users about a decade ago. The nation's top court issued an order denying a request by the leading social network to review a California federal court's decision to allow the litigation accusing Facebook of violating wiretap laws.
TikTok is likely no more of a threat to users than Facebook, according to an analysis by academic research group Citizen Lab that analyzed the video-sharing social networking service's app to probe for security, privacy and censorship issues. The authors considered both TikTok - the app available outside China - and Douyin, the Chinese version of TikTok.
Facebook services are currently experiencing issues around the world, with users unable to access Facebook, Messenger, WhatsApp, and Instagram. When attempting to access Facebook services, users worldwide have stated that the application will display a continuous "Connecting" message.
Dubbed CopperStealer, the malware acts similarly to previously discovered, China-backed malware family SilentFade, according to a report from Proofpoint researchers Brandon Murphy, Dennis Schwarz, Jack Mott and the Proofpoint Threat Research Team published online this week. CopperStealer is in the same class not only as SilentFade-the creation of which Facebook attributed to Hong Kong-based ILikeAD Media International Company Ltd-but also other malware such as StressPaint, FacebookRobot and Scranos.
A researcher says he has earned more than $50,000 from Facebook after discovering vulnerabilities that could have been exploited to gain access to some of the social media giant's internal systems. Abdulridha also claimed the account takeover attack may have allowed a hacker to access accounts for other internal Facebook applications as well, but Facebook told SecurityWeek it had not found any evidence to suggest that the flaw could be escalated to access other internal accounts.
Previously undocumented account-stealing malware distributed via fake software crack sites targets the users of major service providers, including Google, Facebook, Amazon, and Apple. The malware, dubbed CopperStealer by Proofpoint researchers, is an actively developed password and cookie stealer with a downloader feature that enables its operators to deliver additional malicious payloads to infected devices.
Social media and advertising giant Facebook today announced that it is now allowing mobile users to secure their accounts with the help of security keys. Available for Facebook's desktop users since 2017, the authentication method requires that the user confirm authentication requests with the help of a physical security key.
Facebook has decided to halt its efforts to build a trans-Pacific undersea cable that would have connected California and Hong Kong, due to tensions between the United States and China. "Due to ongoing concerns from the US government about direct communication links between the United States and Hong Kong, we have decided to withdraw our FCC application," a Facebook spokesperson told AFP on Wednesday, referring to the Federal Communications Commission.