Security News

Following yesterday's deadly blast on İstiklal Avenue in Istanbul, Turkish authorities began restricting access to social media platforms including Instagram, Facebook, Twitter, YouTube and Telegram as a nationwide broadcast ban went into effect. Reports of a bomb blast taking place on Istanbul's busy İstiklal street began circulating on Sunday, November 13th on social media platforms.

Facebook appears to have silently rolled out a tool that allows users to remove their contact information, such as phone numbers and email addresses, uploaded by others. When users sync the contact lists on their devices with Facebook, it's worth pointing out the privacy violation, which stems from the fact that those contacts didn't explicitly consent to the upload. "Someone may have uploaded their address book to Facebook, Messenger or Instagram with your contact information in it," Facebook notes in the page.

A new Ducktail phishing campaign is spreading a never-before-seen Windows information-stealing malware written in PHP used to steal Facebook accounts, browser data, and cryptocurrency wallets. The malware targeted information stored in browsers, focusing on Facebook Business account data, and exfiltrated it to a private Telegram channel that acted as a C2 server.

A PHP version of an information-stealing malware called Ducktail has been discovered in the wild being distributed in the form of cracked installers for legitimate apps and games, according to the latest findings from Zscaler. "Like older versions, the latest version also aims to exfiltrate sensitive information related to saved browser credentials, Facebook account information, etc.," Zscaler ThreatLabz researchers Tarun Dewan and Stuti Chaturvedi said.

Facebook warns of 400 malicious apps that tried to steal your account credentials. Facebook is advising its users to beware of fake and malicious apps that attempt to hijack your credentials for the popular social network.

Meta Platforms on Friday disclosed that it had identified over 400 malicious apps on Android and iOS that it said targeted online users with the goal of stealing their Facebook login information. 42.6% of the rogue apps were photo editors, followed by business utilities, phone utilities, games, VPNs, and lifestyle apps.

Meta Platforms on Tuesday disclosed it took steps to dismantle two covert influence operations originating from China and Russia for engaging in coordinated inauthentic behavior so as to manipulate public debate. The sophisticated Russian activity, which commenced in May 2022, impersonated mainstream European news outlets like Der Spiegel, The Guardian, and Bild, not to mention build credibility by creating fake accounts across several platforms to amplify pro-Russian narratives.

Phishers are looking to trick owners of Facebook pages with fake notices from the social network, in an attempt to get them to part with sensitive information. Such a link makes it less likely that email security solutions will flag the email as potentially malicious, and can also give a false sense of security to the potential targets, as the email ostensibly came from Facebook and contains a link to a page hosted on Facebook.

Facebook parent Meta has disbanded its Responsible Innovation Team that it claimed last year was a central part of efforts to "Proactively surface and address potential harms to society in all that we build." The RIT previously included two dozen engineers, ethicists and other Meta employees who were responsible for identifying and addressing concerns with products and updates to Facebook and Instagram.

Facebook's stonewalling has been revealing on its own, providing variations on the same theme: It has amassed so much data on so many billions of people and organized it so confusingly that full transparency is impossible on a technical level. In the March 2022 hearing, Zarashaw and Steven Elia, a software engineering manager, described Facebook as a data-processing apparatus so complex that it defies understanding from within.