A new malware campaign has been uncovered on Facebook which not only steals account credentials but also installs scripts for covert cryptocurrency mining.

Cybersecurity firm Radware said in a blog post on Thursday that Nigelthorn is a new campaign which focuses on the Facebook social network. The malware is so called due to the abuse of a legitimate Google Chrome extension called "Nigelify," which replaces images displayed on a web page with pictures of Nigel Thornberry, a cartoon character from the television show The Wild Thornberrys. 

Opinion polls published on Sunday in the United States and Germany cast doubt over the level of trust people have in Facebook over privacy, as the firm ran advertisements in British and U.S. newspapers apologizing to users.

Fewer than half of Americans trust Facebook to obey U.S. privacy laws, according to a Reuters/Ipsos poll released on Sunday, while a survey published by Bild am Sonntag, Germany’s largest-selling Sunday paper, found 60 percent of Germans fear that Facebook and other social networks are having a negative impact on democracy. Facebook founder and chief executive Mark Zuckerberg apologized for “a breach of trust”.

The big data leak scandal over Cambridge Analytica's alleged misuse of Facebook users' data will increase regulatory scrutiny over the social media giant's practices, according to an analyst at a small research firm.

On Friday night, Facebook announced in a blog post that the company had suspended political analytics research firm Cambridge Analytica from its platform, suggesting it had not been honest about deleting user data sent to it by the makers of a popular psychology test app. Experts reported the data firm was able to acquire 50 million people's Facebook profile data without their consent. 

Facebook has recently addressed an information disclosure vulnerability discovered by the security researcher Mohamed Baset that exposed page administrator.

The flaw is a “logical error” that he discovered after receiving an invitation to like a Facebook page on which he had liked a post. “One day I liked one of the posts of a specific page but I didn’t liked or followed the page itself after a few days I got an email notification from facebook regarding an invitation to like the page that I did already liked one of its posts, I was amazed by the feature but i realized that this is a feature to target non-fans and I was wondering what could go wrong since this is a new feature?” states the blog post published by the expert. 

Russian intelligence agents attempted to spy on President Emmanuel Macron's election campaign earlier this year by creating phony Facebook personas.

About two dozen Facebook accounts were created to conduct surveillance on Macron campaign officials and others close to the centrist former financier as he sought to defeat far-right nationalist Marine Le Pen and other opponents in the two-round election, the sources said. Macron won in a landslide in May. Facebook said in April it had taken action against fake accounts that were spreading misinformation about the French election. But the effort to infiltrate the social networks of Macron officials has not previously been reported.

Researchers at PhishLabs recently spotted a trend emerging in malicious websites presented to customers: mobile-focused phishing attacks that attempt to conceal the true domain they were served from by padding the subdomain address with enough hyphens to push the actual source of the page outside the address box on mobile browsers.

"The tactic we're seeing is a tactic for phishing specifically mobile devices," said Crane Hassold, a senior security threat researcher at PhishLabs’ Research. Hassold called the tactic "URL padding," the front-loading of the Web address of a malicious webpage with the address of a legitimate website.

A hacker in Belgium claims he has found a serious security flaw that enables attackers to learn Facebook users' personal phone numbers, and he is now threatening to release details of the exploit unless the social network agrees to listen to him and patch the vulnerability.

Hacker is a creative developer for a Belgian public broadcaster who also moonlights as a white hat hacker. He has been discovering and reporting security vulnerabilities since the age of 16, and has worked with Facebook to report critical flaws since 2013. He has also found a total of 137 vulnerabilities for the bug bounty platform HackerOne.

Christmas came early for Facebook bug bounty hunter Tommy DeVoss who was paid $5,000 this week for discovering a security vulnerability that allowed him to view the private email addresses of any Facebook user.

“The hack allowed me to harvest as many email addresses as I wanted from anybody on Facebook,” DeVoss said. “It didn’t matter how private you thought your email address was – I could of grabbed it.” DeVoss said he discovered the vulnerability and reported it to Facebook via its bug bounty program. After weeks of going back and forth verifying what the exact bug was and how it was exploited, Facebook said it would award him $5,000 for the discovery.

A low-tech but cunning malware program is worrying security researchers after it started spreading rapidly in the past week through a new attack vector: by forcibly exploiting vulnerabilities in Facebook and LinkedIn. According to the Israeli security firm Check Point, security flaws in the two social networks allow a maliciously coded image file to download itself to a user's computer.

Users who notice the download, and who then access the file, cause malicious code to install Locky ransomware onto their computers. Locky has been around since early this year, and works by encrypting victims' files and demands a payment of around half a bitcoin (currently £294; $365) for the key.

If you came across any Facebook Message with an image file send by any of your Facebook friends, just avoid clicking it. An ongoing Facebook spam campaign is spreading malware downloader among Facebook users by taking advantage of innocent-looking SVG image file to infect computers.

If clicked, the file would eventually infect your PC with the nasty Locky Ransomware, a family of malware that has quickly become one of the favorite tools among criminals due to its infecting capabilities. The attack campaign uses Facebook Messenger to spread a malware downloader called Nemucod that takes the form of .SVG image files. Why SVG file?