Security News

A PHP version of an information-stealing malware called Ducktail has been discovered in the wild being distributed in the form of cracked installers for legitimate apps and games, according to the latest findings from Zscaler. "Like older versions, the latest version also aims to exfiltrate sensitive information related to saved browser credentials, Facebook account information, etc.," Zscaler ThreatLabz researchers Tarun Dewan and Stuti Chaturvedi said.

Facebook warns of 400 malicious apps that tried to steal your account credentials. Facebook is advising its users to beware of fake and malicious apps that attempt to hijack your credentials for the popular social network.

Meta Platforms on Friday disclosed that it had identified over 400 malicious apps on Android and iOS that it said targeted online users with the goal of stealing their Facebook login information. 42.6% of the rogue apps were photo editors, followed by business utilities, phone utilities, games, VPNs, and lifestyle apps.

Meta Platforms on Tuesday disclosed it took steps to dismantle two covert influence operations originating from China and Russia for engaging in coordinated inauthentic behavior so as to manipulate public debate. The sophisticated Russian activity, which commenced in May 2022, impersonated mainstream European news outlets like Der Spiegel, The Guardian, and Bild, not to mention build credibility by creating fake accounts across several platforms to amplify pro-Russian narratives.

Phishers are looking to trick owners of Facebook pages with fake notices from the social network, in an attempt to get them to part with sensitive information. Such a link makes it less likely that email security solutions will flag the email as potentially malicious, and can also give a false sense of security to the potential targets, as the email ostensibly came from Facebook and contains a link to a page hosted on Facebook.

Facebook parent Meta has disbanded its Responsible Innovation Team that it claimed last year was a central part of efforts to "Proactively surface and address potential harms to society in all that we build." The RIT previously included two dozen engineers, ethicists and other Meta employees who were responsible for identifying and addressing concerns with products and updates to Facebook and Instagram.

Facebook's stonewalling has been revealing on its own, providing variations on the same theme: It has amassed so much data on so many billions of people and organized it so confusingly that full transparency is impossible on a technical level. In the March 2022 hearing, Zarashaw and Steven Elia, a software engineering manager, described Facebook as a data-processing apparatus so complex that it defies understanding from within.

Novant Health confirmed that it may have disclosed 1.3 million patients' sensitive data, including email addresses, phone numbers, financial information - even doctor's appointment details - to Meta. Novant finally copped to sending letters to "Some of its patients following possible disclosure of protected health information resulting from an incorrect configuration of a pixel, an online tracking tool," in a statement released late on Friday.

Social media company Meta said it will begin testing end-to-end encryption on its Messenger platform this week for select users as the default option, as the company continues to slowly add security layers to its various chat services. "If you're in the test group, some of your most frequent chats may be automatically end-to-end encrypted, which means you won't have to opt in to the feature," Sara Su, product management director of Messenger Trust, said.

Users of Apple's Instagram and Facebook iOS apps are being warned that both use an in-app browser that allows parent company Meta to track 'every single tap' users make with external websites accessed via the software. iOS users' concerns over tracking were addressed by Apple's 2021 release of iOS 14.5 and a feature called App Tracking Transparency.