Security News
The notorious information-stealer known as Vidar is continuing to leverage popular social media services such as TikTok, Telegram, Steam, and Mastodon as an intermediate command-and-control server. What's new in the latest version of the malware is that the gathered data is encoded prior to exfiltration, a change from the previous variants that have been known to send the compressed file data in plaintext format.
Eight braggadocious social media influencers fond of posing next to sportscars are facing charges from the US Securities and Exchange Commission and Department of Justice, who claim they manipulated their 1.5 million followers in order to help themselves to $100 million in "Fraudulent profits." The suspects, all men in their twenties and thirties, were charged with conspiracy to commit securities fraud in connection with a long-running, social media-based "Pump and dump" scheme, a recently unsealed Texas federal grand jury indictment [PDF] and an SEC complaint [PDF] revealed.
In its latest quarterly threat report, Meta said it had detected and disrupted influence operations originating in the US, and it calls out those it believes are responsible: the American military. Meta said it picked up on three major covert influence operations on its platforms in the third quarter of the year, the first of which originated in the United States.
At which point the crooks immediately try to use the combination of username + password + one-time code they just got hold of, in the hope of logging in quickly enough to get into your account before you realise there's anything phishy going on. As a result, social media users are understandably concerned about protecting their accounts in general, whether they're specifically concerned about Twitter or not: Lure you to a real page with a facebook.com URL. The account is fake, set up entirely for this particular scam campaign, but the link that shows up in the email you receive does indeed lead to facebook.com, making it less likely to attract suspicion, either from you or from your spam filter.
Asia In Brief India's government has given itself the power to compel social networks to take down content. India's minister of state for electronics and information technology, Rajeev Chandrasekhar, said the GACs are needed because India's previous attempt at regulating social media - requiring the networks to appoint a grievance officer - has not delivered.
Given how reliant employees are on their own "Brand" and contacts to thrive in today's economy, the drive to use social media at home and work isn't likely to diminish, leading to potential compromises for the organization from their employees' online activities. As we constantly adapt and improve our technology and techniques for countering and responding to attacks, attackers are doing the same from the other side of the fence.
"This system includes a web-based dashboard known as SANA that enables a user to formulate and deploy trending social media events en masse. The system creates these events that it refers to as Инфоповоды, 'newsbreaks,' utilizing the botnet as a geographically distributed transport." The existence of Fronton, an IoT botnet, became public knowledge following revelations from BBC Russia and ZDNet in March 2020 after a Russian hacker group known as Digital Revolution published documents that it claimed were obtained after breaking into a subcontractor to the FSB, the Federal Security Service of the Russian Federation.
The time has come to remove Chinese voices from global social media, according to Samir Saran, president of Delhi-based think tank Observer Research Foundation, a commissioner of The Global Commission on the Stability of Cyberspace, and a member of Microsoft's Digital Peace Now Initiative. Speaking at the Black Hat Asia conference, Saran said China's Communist Party sees tech as a means of exerting control and uses social media to deliberately interfere in the affairs of other nations.
FBI investing millions in software to monitor social media platforms. The FBI has invested millions of dollars into social media tracking software, according to a report from the Washington Post.
The targeting of social media is the highlighted finding in the 2021 Phishing report by cybersecurity firm Vade, who analyzed phishing attack patterns that unfolded throughout 2021. Phishing actors focused on Facebook and other social media platforms because taking over social media accounts is commonly a stepping stone to reach a wider audience or perform highly effective spear-phishing attacks.