Security News

Newly discovered web skimming malware is capable of hiding in plain sight to inject payment card skimmer scripts into compromised online stores. The malware's creators use malicious payloads concealed as social media buttons that mimic high profile platforms such as Facebook, Twitter, and Instagram.

Social media firms remained on high alert Tuesday against Election Day misinformation and manipulation efforts as polling places began closing in the US and focus turned to tallying ballots. "Our Election Operations Center will continue monitoring a range of issues in real time - including reports of voter suppression content," said a Facebook statement posted on Twitter.

Disinformation, or false information intended to mislead or deceive people, is commonly spread by social media users and bots - automated accounts controlled by software - with the intent to sow division among people, create confusion, and undermine confidence in the news surrounding major current events, such as the 2020 U.S. presidential election, COVID-19 and social justice movements. "Disinformation campaigns can spread like wildfire on social media and have a long-lasting impact, as people's opinions and actions may be influenced by the false or misleading information being circulated."

The world's biggest social media companies may have to put more of a priority on security now that a New York state financial watchdog is calling for the creation of a designated regulator tasked with monitoring their cyber defense. The New York State Department of Financial Services made the determination in a lengthy report on the Twitter hack in July after the Justice Department said two teenagers and a 22-year-old took over more than 100 prominent Twitter accounts, including the accounts of former President Barack Obama and former Vice President Joe Biden.

Two researchers at the Cisco Talos Intelligence Group examined misleading and incorrect posts on social media to understand why so many people share misinformation and help spread propaganda online. Disinformation is what criminals and foreign actors do: The intentional spreading of false information with the intent to deceive.

This data is then used to launch phishing attacks against even more people and organizations. So it's hardly surprising that phishing is now responsible for almost one-quarter of all data breaches.

An influential UK Parliamentary committee has called on social media companies to remove covert hostile state material and said the government must "Name and shame" those that fail to act. We are concerned that there is no clear coordination of the numerous organisations across the UK intelligence community working on , this is reinforced by an unnecessarily complicated wiring diagram of responsibilities amongst ministers.... The focus of political attention because of its relevance to the EU referendum and subject to delay at the hands of Prime Minister and his office, the report also details use of technology and social media for nefarious Russian activity.

Social media businesses are making moves to block Hong Kong authorities from accessing their user data, days after Beijing imposed a new national security law on the territory. Google and Twitter also said that they had paused all data and information requests from Hong Kong authorities when the national security law went into effect last week.

Software vulnerabilities are more likely to be discussed on social media before they're revealed on a government reporting site, a practice that could pose a national security threat, according to computer scientists at the U.S. Department of Energy's Pacific Northwest National Laboratory. At the same time, those vulnerabilities present a cybersecurity opportunity for governments to more closely monitor social media discussions about software gaps, the researchers assert.

Researchers at the University of Washington wanted to know how people investigated potentially suspicious posts on their own feeds. Previous research on how people interact with misinformation asked participants to examine content from a researcher-created account, not from someone they chose to follow.