Security News

Dubbed CopperStealer, the malware acts similarly to previously discovered, China-backed malware family SilentFade, according to a report from Proofpoint researchers Brandon Murphy, Dennis Schwarz, Jack Mott and the Proofpoint Threat Research Team published online this week. CopperStealer is in the same class not only as SilentFade-the creation of which Facebook attributed to Hong Kong-based ILikeAD Media International Company Ltd-but also other malware such as StressPaint, FacebookRobot and Scranos.

Facebook told KrebsOnSecurity it seized hundreds of accounts - mainly on Instagram - that have been stolen from legitimate users through a variety of intimidation and harassment tactics, including hacking, coercion, extortion, sextortion, SIM swapping, and swatting. THE MIDDLEMEN. Facebook said it targeted a number of accounts tied to key sellers on OGUsers, as well as those who advertise the ability to broker stolen account sales.

Smart-security practices like not sharing passwords with anyone and multi-factor authentication are two simple ways to prevent this type of personal insider threat, Dan Conrad, field strategist with One Identity, told Threatpost. "People assume that they should change their passwords after a big life event if you're following strong password hygiene practices, an individual's password shouldn't be affected by [this], as no one else should have access to the password in the first place," Conrad said in an emailed response to the report.

The issue was discovered in October by Saugat Pokharel, a researcher based in Nepal, and it was patched within hours by Facebook. Pokharel identified the vulnerability while analyzing the Facebook Business Suite interface that the social media giant introduced in September.

A police constable has been sacked after reportedly tracking down young women motorists through their car numberplates and propositioning them on social media. Stephen Woods, formerly of Guernsey Police, was dismissed from the Channel Island's local force after searching for their car registration details to find their names.

Nowhere is that more clear than in a case heard in the US Supreme Court on Monday, covering a cop - former police sergeant Nathan Van Buren - who was convicted of breaking the Computer Fraud and Abuse Act in 2017 after using his access to a police database of license plate numbers to look up the owner of a specific car for a cash payment. Van Buren's lawyer, Jeffrey Fisher, argued that once someone is authorized to access a database, such a cop authorized to use a plate database, that's pretty much it - you can't be found guilty of fraud under the CFAA. The law, he argued, was intended only to address hacking - and his client didn't hack the computer.

Event-discovery application Peatix has disclosed a data breach, after ads for stolen user-account information were reportedly being circulated on Instagram and Telegram. In a data breach notice to affected users, Peatix said it learned on Nov. 9 that user account data had been improperly accessed.

Instagram and TikTok social-media influencers Kelly Fitzpatrick and Sabrina Kelly-Krejci are among 13 defendants in a lawsuit filed by Amazon, which alleges that they participated in an an online scam to sell counterfeit luxury goods. Counterfeit goods are strictly forbidden in the Amazon marketplace, but generic products - often called "Dupes" - are allowed.

UPDATE. Link previews in popular chat apps on iOS and Android are a firehose of security and privacy issues, researchers have found. When a user sends a link through, it renders a short summary and a preview image in-line in the chat, so other users don't have to click the link to see what it points to.

Irish privacy regulators have opened two investigations into Instagram over the social media site's handling of young people's personal data. Data scientist David Stier said last year that his analysis found users, including those under 18, who switched their account types to business accounts also had their contact information displayed on their profile.