Security News

Facebook has announced a series of updates for its bug bounty program, including bonus rewards for engaged researchers, as well as a faster bug triage process. The social media platform announced that it streamlined the triage of security vulnerabilities reported through its bug bounty program, to increase efficiency and lower response timeframe.

Facebook has lifted the curtain on what it claims is an industry first: A loyalty program as part of its bug-bounty offering, which aims to further incentivize researchers to find vulnerabilities in its platform. The loyalty program, called "Hacker Plus," offers bonuses on top of bounty awards, access to more products and features that researchers can stress-test, and invites to Facebook annual events.

Facebook has detailed a wide-scale Chinese malware campaign that targeted its ad platform for years and siphoned $4 million from users' advertising accounts. Once installed, SilentFade stole Facebook credentials and cookies from various browser credential stores, including Internet Explorer, Chromium and Firefox.

Facebook on Thursday released a detailed technical report on a malware campaign that targeted its ad platform for years. Facebook took legal action against the malware operators in December 2019.

Cybercriminals are exploiting a $100 million Facebook grant program designed for small businesses impacted by the pandemic, to phish personal information and take over Facebook accounts. They pointed out that there is in fact, a real CNBC article about coronavirus-related Facebook grants, but the legitimate program is for small businesses, not individuals.

In one instance, Facebook removed 35 pages, 18 groups, 214 users as well as 34 accounts on Instagram. As part of the announcement, Facebook also revealed details about the number of followers and advertising expenditures related to these accounts.

Facebook said Tuesday it derailed a network of fakes accounts out of China that had recently taken aim at the US presidential race. The takedown came as part of the social networks fight against "Coordinated inauthentic behavior" and marked the first time Facebook had seen such a campaign based in China targeting US politics, according to head of security policy Nathaniel Gleicher.

Facebook may be forced to stop sending data about its European users to the U.S., in the first major fallout from a recent court ruling that found some trans-Atlantic data transfers don't protect users from American government snooping. The social network said Wednesday that Ireland's Data Protection Commission has started an inquiry into how Facebook shifts data from the European Union to the United States.

Facebook has been reportedly asked to stop sending data from Ireland to the US, on orders from the EU. This is according to a report from the Wall Street Journal, which said that Irish eyes won't be smiling come this Fall after a preliminary order to suspend data transfers to the US about its users was sent to Mark Zuckerberg's firm by the Irish Data Protection Commission. The news comes in the wake of an EU court ruling two months ago that transatlantic data protection arrangements - known as Privacy Shield - were "Inadequate".

Facebook has implemented a fresh security vulnerability disclosure policy this week - in an effort to explain how it decides when and how to roll out details on various bugs that its team finds in third-party software and open-source projects. If Facebook determines that disclosing a security vulnerability sooner "Serves to benefit the public or the potentially impacted people," it may pull the rip cord on disclosure: For instance, if a bug is being actively exploited in the wild.