Security News
The US Fifth Circuit Court of Appeals has modified a ruling from last month to add the Cybersecurity and Infrastructure Security Agency to a list of US government entities prohibited from working with social media firms to curtail the spread of misinformation. In other words, stopping CISA from asking social media sites to restrict the reach of misinformation would interrupt the bulk of the Biden administration's moderation requests.
UK's Information Commissioner's Office, together with eleven data protection and privacy authorities from around the world, have published a statement calling social media platforms to up their protections against data scrapers. Data scraping is the process of extracting large amounts of publicly available data from websites using automated tools such as bots, collecting information that users have published on that platform.
UK's Information Commissioner's Office, together with eleven data protection and privacy authorities from around the world, have published a statement calling social media platforms to up their protections against data scrapers. Data scraping is the process of extracting large amounts of publicly available data from websites using automated tools such as bots, collecting information that users have published on that platform.
An Australian Senate Committee has recommended banning Chinese social media apps in the land down under, on grounds the Communist Party of China uses them to spread propaganda and misinformation. The Select Committee on Foreign Interference through Social Media yesterday filed its final report [PDF] which outlines the reason the committee convened: social media has become the public square in which policy debate tales place, but "Is increasingly being weaponized to spread disinformation to deliberately mislead or obscure the truth for malicious or deceptive purposes." Plenty of that disinformation comes from foreign powers, "As part of a broader, integrated strategic campaign to advance their own national interests at Australia's expense."
Experts at Group-IB noted both an increase in the number of scams as well as the number of people engaged in scam activity, both driven by the more frequent use of social media to spread scams and the growing automation of scam processes. In the APAC region, 58% of scam resources targeting companies in seven core economic sectors used this vector, while in Europe, messengers remained the primary vector for scam activity.
Sextortion is a form of online blackmail where malicious actors threaten their targets with publicly leaking explicit images and videos they stole or acquired, typically demanding money payments for withholding the material. FBI warns that sextortionists are now scraping publicly available images of their targets, like innocuous pictures and videos posted on social media platforms.
Three different threat actors leveraged hundreds of elaborate fictitious personas on Facebook and Instagram to target individuals located in South Asia as part of disparate attacks. "Each of these APTs relied heavily on social engineering to trick people into clicking on malicious links, downloading malware or sharing personal information across the internet," Guy Rosen, chief information security officer at Meta, said.
Money mules, individuals whose bank accounts are used by fraudsters to transfer money, are becoming an increasingly prominent aspect of cybercriminals' economic business models too. In the US particularly, fraudsters are targeting unwitting consumers to become money mules.
An active malware campaign has set its sights on Facebook and YouTube users by leveraging a new information stealer to hijack the accounts and abuse the systems' resources to mine cryptocurrency. Bitdefender is calling the malware S1deload Stealer for its use of DLL side-loading techniques to get past security defenses and execute its malicious components.
The notorious information-stealer known as Vidar is continuing to leverage popular social media services such as TikTok, Telegram, Steam, and Mastodon as an intermediate command-and-control server. What's new in the latest version of the malware is that the gathered data is encoded prior to exfiltration, a change from the previous variants that have been known to send the compressed file data in plaintext format.