Security News

German political parties accused of microtargeting voters on Facebook
2023-03-22 12:31

Remember the Who Targets Me browser extension from privacy activists at Noyb? The group yesterday filed explosive complaints based on log records from the extension that claim six of Germany's political parties broke European data law when they targeted voters on Facebook's adtech platform. The group is claiming the allegedly GDPR-busting activity took place during the country's 2021 federal elections, and filed six complaints yesterday with the Berlin and Bavarian data protection watchdogs against parties spanning the entire German political spectrum.

SYS01 stealer targets Facebook business accounts and browser credentials
2023-03-13 19:11

Morphisec, a security solution provider based in Israel, has reported that an advanced information stealer malware dubbed SYS01 is aimed at stealing access to Facebook business accounts and Chromium-based browsers' credentials. Morphisec's researcher has also seen the SYS01 malware attack critical government infrastructure employees, manufacturing companies and other industries.

Fake ChatGPT Chrome Extension Hijacking Facebook Accounts for Malicious Advertising
2023-03-13 12:24

A fake ChatGPT-branded Chrome browser extension has been found to come with capabilities to hijack Facebook accounts and create rogue admin accounts, highlighting one of the different methods cyber criminals are using to distribute malware. "By hijacking high-profile Facebook business accounts, the threat actor creates an elite army of Facebook bots and a malicious paid media apparatus," Guardio Labs researcher Nati Tal said in a technical report.

Fake ChatGPT Chrome extension targeted Facebook Ad accounts
2023-03-09 12:13

From malvertising, extension installation, hijacking Facebook accounts, and back again to propagation. The fake ChatGPT extension discovered by Guardio is the latest security concern, affecting thousands daily.

SYS01stealer: New Threat Using Facebook Ads to Target Critical Infrastructure Firms
2023-03-07 13:58

Cybersecurity researchers have discovered a new information stealer dubbed SYS01stealer targeting critical government infrastructure employees, manufacturing companies, and other sectors. "The threat actors behind the campaign are targeting Facebook business accounts by using Google ads and fake Facebook profiles that promote things like games, adult content, and cracked software, etc. to lure victims into downloading a malicious file," Morphisec said in a report shared with The Hacker News.

FTC: BetterHelp pushed users to share mental health info then gave it to Facebook
2023-03-03 21:30

BetterHelp - whose business boomed during COVID lockdown - has denied wrongdoing, and claimed in a statement that it merely used "Industry-standard practice... routinely used by some of the largest health providers, health systems, and healthcare brands." The filing alleged: "Between 2017 and 2018, Respondent uploaded lists of over 7 million Visitors' and Users' email addresses to Facebook. Facebook matched over 4 million of these Visitors and Users with their Facebook user IDs, linking their use of the Service for mental health treatment with their Facebook accounts."

New S1deload Stealer malware hijacks Youtube, Facebook accounts
2023-02-22 17:27

An ongoing malware campaign targets YouTube and Facebook users, infecting their computers with a new information stealer that will hijack their social media accounts and use their devices to mine for cryptocurrency. Security researchers with Bitdefender's Advanced Threat Control team discovered the new malware and dubbed it S1deload Stealer due to its extensive use of DLL sideloading for evading detection.

Facebook Introduces New Features for End-to-End Encrypted Messenger App
2023-01-24 05:44

Meta Platforms on Monday announced that it has started to expand global testing of end-to-end encryption in Messenger chats by default. The social media behemoth said it intends to notify users in select individual chat threads as the security feature is enabled, while emphasizing that the process of choosing and upgrading the conversations to support E2EE is random.

Irish Regulators Fine Facebook $414 Million for Forcing Users to Accept Targeted Ads
2023-01-05 04:33

The Irish Data Protection Commission has fined Meta Platforms €390 million over its handling of user data for serving personalized ads in what could be a major blow to its ad-fueled business model. To that end, the privacy regulator has ordered Meta Ireland to pay two fines - a €210 million fine over violations of the E.U. General Data Protection Regulation related to Facebook, and a €180 million for similar violations in Instagram.

Facebook to Pay $725 Million to settle Lawsuit Over Cambridge Analytica Data Leak
2022-12-27 06:18

Meta Platforms, the parent company of Facebook, Instagram, and WhatsApp, has agreed to pay $725 million to settle a long-running class-action lawsuit filed in 2018. The legal dispute sprang up in response to revelations that the social media giant allowed third-party apps such as those used by Cambridge Analytica to access users' personal information without their consent for political advertising.