Security News

Facebook is again pushing back on new Apple privacy rules for its mobile devices, this time saying in full page newspaper ads that the social media giant is standing up for small businesses. In ads that ran in The New York Times, The Wall Street Journal and other national newspapers Wednesday, Facebook said Apple's new rules "Limit businesses' ability to run personalized ads and reach their customers effectively."

Australia's consumer watchdog launched legal action against Facebook on Wednesday, alleging the social media giant "Misled" thousands of Australians by collecting user data from a free VPN service advertised as private. The Australian Competition and Consumer Commission has accused Facebook and two of its subsidiaries - Facebook Israel and Onavo Inc - of misleading people who downloaded its virtual private network app Onavo Protect, by collecting and using their "Very detailed and valuable personal activity data".

Facebook said Tuesday that it had removed two networks based in Russia and one linked to the French military, accusing them of carrying out interference campaigns in Africa. Two networks running multiple Facebook accounts were assigned to people associated with the Russian Internet Research Agency, and the third had "Links to individuals associated with French military," the social media platform said.

Molerats cyberespionage group has been using in recent spear-phishing campaigns fresh malware that relies on Dropbox, Google Drive, and Facebook for command and control communication and to store stolen data. Designed for cyberespionage, the malware attempts to avoid detection and takedown efforts by using Dropbox and Facebook services to steal data and receive instructions from the operators.

Facebook has shut down several accounts and Pages on its platform, which were used to launch phishing and malware attacks by two cybercriminal groups: APT32 in Vietnam and an unnamed threat group based in Bangladesh. "The operation from Vietnam focused primarily on spreading malware to its targets, whereas the operation from Bangladesh focused on compromising accounts across platforms and coordinating reporting to get targeted accounts and Pages removed from Facebook," said Nathaniel Gleicher, head of security policy, and Mike Dvilyanski, cyber-threat intelligence manager at Facebook, in a Thursday post.

Social media giant Facebook this week revealed that it has disrupted the activity of two groups of hackers - one operating from Vietnam and the other from Bangladesh. The groups, Facebook says, were engaging in cyber-espionage activities, attempting to compromise accounts to gain access to information of interest.

The Facebook security team has revealed today the real identity of APT32, a Vietnam-backed hacking group active in cyberespionage campaigns targeting foreign government, multi-national corporations, and journalists since at least 2014. The APT32 nation-state hackers were linked to Vietnamese IT firm CyberOne Group in a report published earlier today by Nathaniel Gleicher, Facebook's Head of Security Policy, and Mike Dvilyanski, Cyber Threat Intelligence Manager.

Cybersecurity researchers from Facebook today formally linked the activities of a Vietnamese threat actor to an IT company in the country after the group was caught abusing its platform to hack into people's accounts and distribute malware. Exact evidence trail leading Facebook to attribute the hacking activity to CyberOne Group was not disclosed, but according to a description on ITViec - a Vietnamese online platform to find and post job vacancies for IT professionals and software developers - the company advertises itself as a "Multinational company" with a focus on developing "Products and services to ensure the security of IT systems of organizations and businesses."

The MoleRats advanced persistent threat has developed two new backdoors, both of which allow the attackers to execute arbitrary code and exfiltrate sensitive data, researchers said. The DropBook backdoor uses fake Facebook accounts or Simplenote for C2, and both SharpStage and DropBook abuse a Dropbox client to exfiltrate stolen data and for storing their espionage tools, according to the analysis, issued Wednesday.

Two new backdoors have been attributed to the Molerats advanced persistent threat group, which is believed to be associated with the Palestinian terrorist organization Hamas. In early 2020, security researchers at Cybereason's Nocturnus group published information on two new malware families used by the APT, namely Spark and Pierogi.