Russian intelligence agents attempted to spy on President Emmanuel Macron's election campaign earlier this year by creating phony Facebook personas.
About two dozen Facebook accounts were created to conduct surveillance on Macron campaign officials and others close to the centrist former financier as he sought to defeat far-right nationalist Marine Le Pen and other opponents in the two-round election, the sources said. Macron won in a landslide in May. Facebook said in April it had taken action against fake accounts that were spreading misinformation about the French election. But the effort to infiltrate the social networks of Macron officials has not previously been reported.Read more
Researchers at PhishLabs recently spotted a trend emerging in malicious websites presented to customers: mobile-focused phishing attacks that attempt to conceal the true domain they were served from by padding the subdomain address with enough hyphens to push the actual source of the page outside the address box on mobile browsers.
"The tactic we're seeing is a tactic for phishing specifically mobile devices," said Crane Hassold, a senior security threat researcher at PhishLabs’ Research. Hassold called the tactic "URL padding," the front-loading of the Web address of a malicious webpage with the address of a legitimate website.Read more
Germany's consumer watchdogs have made good on their legal threat against Facebook's WhatsApp, suing the messaging giant over the user data it transmits to its social-networking mothership.
The Federation of German Consumer Organisations (VZBV) asked the Berlin county court for an injunction to stop the data-sharing, and to ensure that Facebook deletes the data that WhatsApp has already given it. The VZBV accused the companies of abusing users' trust. The move follows Facebook's failure to agree to a cease-and-desist request that the VZBV issued in September last year, a month after Facebook changed WhatsApp's terms to allow the data-sharing.Read more
Social media companies Facebook Inc, Alphabet Inc and Twitter Inc will have to amend their terms of service for European users within a month or face the risk of fines, a European Commission official said on Friday. U.S. technology companies have faced tight scrutiny in Europe for the way they do business, from privacy to how quickly they remove illegal or threatening content.
The Commission and European consumer protection authorities will "take action to make sure social media companies comply with EU consumer rules," the official said. Germany, the most populous EU state, said this week it planned a new law calling for social networks such as Facebook to remove slanderous or threatening online postings quickly or face fines of up to 50 million euros ($53 million).Read more
A hacker in Belgium claims he has found a serious security flaw that enables attackers to learn Facebook users' personal phone numbers, and he is now threatening to release details of the exploit unless the social network agrees to listen to him and patch the vulnerability.
Hacker is a creative developer for a Belgian public broadcaster who also moonlights as a white hat hacker. He has been discovering and reporting security vulnerabilities since the age of 16, and has worked with Facebook to report critical flaws since 2013. He has also found a total of 137 vulnerabilities for the bug bounty platform HackerOne.Read more
Christmas came early for Facebook bug bounty hunter Tommy DeVoss who was paid $5,000 this week for discovering a security vulnerability that allowed him to view the private email addresses of any Facebook user.
“The hack allowed me to harvest as many email addresses as I wanted from anybody on Facebook,” DeVoss said. “It didn’t matter how private you thought your email address was – I could of grabbed it.” DeVoss said he discovered the vulnerability and reported it to Facebook via its bug bounty program. After weeks of going back and forth verifying what the exact bug was and how it was exploited, Facebook said it would award him $5,000 for the discovery.Read more
Requests by governments around the world for Facebook account data went up 27 percent in the first half of 2016 compared to the latter half of 2015, the social media giant said.
More than half of requests that came from US law enforcement "contained a non-disclosure order that prohibited us from notifying the user," Facebook said. The number of requests for content restriction, or "the number of items restricted for violating local law," went down by 87 percent. Facebook said the attacks in Paris in November 2015 increased the number of content restrictions in the latter half of last year.Read more
A security researcher has discovered a critical vulnerability in Facebook Messenger that could allow an attacker to read all your private conversation, affecting the privacy of around 1 Billion users.
The researcher reported a cross-origin bypass-attack against Facebook which allows an attacker to access your private messages, photos as well as attachments sent on the Facebook chat. To exploit this vulnerability, all an attacker need is to trick a victim into visiting a malicious website; that’s all. Once clicked, all private conversations by the victim would be accessible to the attacker, because the flaw affected both the web chat as well as the mobile application.Read more
A low-tech but cunning malware program is worrying security researchers after it started spreading rapidly in the past week through a new attack vector: by forcibly exploiting vulnerabilities in Facebook and LinkedIn. According to the Israeli security firm Check Point, security flaws in the two social networks allow a maliciously coded image file to download itself to a user's computer.
Users who notice the download, and who then access the file, cause malicious code to install Locky ransomware onto their computers. Locky has been around since early this year, and works by encrypting victims' files and demands a payment of around half a bitcoin (currently £294; $365) for the key.Read more
If you came across any Facebook Message with an image file send by any of your Facebook friends, just avoid clicking it. An ongoing Facebook spam campaign is spreading malware downloader among Facebook users by taking advantage of innocent-looking SVG image file to infect computers.
If clicked, the file would eventually infect your PC with the nasty Locky Ransomware, a family of malware that has quickly become one of the favorite tools among criminals due to its infecting capabilities. The attack campaign uses Facebook Messenger to spread a malware downloader called Nemucod that takes the form of .SVG image files. Why SVG file?Read more