Login with Facebook | Breaking Cybersecurity News | The Hacker News

Meta Platforms on Friday disclosed that it had identified over 400 malicious apps on Android and iOS that it said targeted online users with the goal of stealing their Facebook login information. "These apps were listed on the Google Play Store and Apple's App Store and disguised as photo editors, games, VPN services, business apps, and other utilities to trick people into downloading them," the social media behemoth  said  in a report shared with The Hacker News. 42.6% of the rogue apps were photo editors, followed by business utilities (15.4%), phone utilities (14.1%), games (11.7%), VPNs (11.7%), and lifestyle apps (4.4%). Interestingly, a majority of the iOS apps posed as ads manager tools for Meta and its Facebook subsidiary. Besides concealing its malicious nature as a set of seemingly harmless apps, the operators of the scheme also published fake reviews that were designed to offset the negative reviews left by users who may have previously downloaded the apps

FaceApp—the AI-powered photo-morphing app that recently gone viral for its age filter but hit the headlines for its controversial privacy policy—has been found collecting the list of your Facebook friends for no reason. The Russian-made FaceApp has been around since the spring of 2017 but taken social media by storm over the course of the past few weeks as millions of people downloaded the app to see how they would look when they are older or younger, or swap genders. The app also contains a feature that allows users to download and edit photos from their Facebook accounts, which only works when a user enables FaceApp to access the social media account via the 'Login with Facebook' option. As you can see in the screenshot above, besides requesting for access to your basic profile information and photos, FaceApp also fetches the list of your Facebook friends "who also use and have shared their friends' lists with FaceApp." Have you yet asked yourself why

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

Just like 'login with Google,' 'login with Facebook,' Twitter, LinkedIn or any other social media site, you would now be able to quickly sign-up and log into third-party websites and apps using your Apple ID. What's the difference? Well, Apple claims that signing-in with Apple ID would protect users' privacy by not disclosing their actual email addresses to the 3rd-party services and also limiting personal information to the minimum necessary data. While announcing 'Sign in with Apple' today at WWDC, the company revealed that the feature has been designed to randomly generate a new unique email address for each different service a user sign-up with, and will forward all emails to your primary email ID, internally. "It [randomly generate emails] is a smart jab against spam: Not only will you be able to turn off spammy email more easily, but you'll also be able to see who exactly is sharing and selling your email widely when that random a

How do you check if a website asking for your credentials is fake or legit to log in? By checking if the URL is correct? By checking if the website address is not a homograph? By checking if the site is using HTTPS? Or using software or browser extensions that detect phishing domains? Well, if you, like most Internet users, are also relying on above basic security practices to spot if that " Facebook.com " or " Google.com " you have been served with is fake or not, you may still fall victim to a newly discovered creative phishing attack and end up in giving away your passwords to hackers. Antoine Vincent Jebara , co-founder and CEO of password managing software Myki , told The Hacker News that his team recently spotted a new phishing attack campaign "that even the most vigilant users could fall for." Vincent found that cybercriminals are distributing links to blogs and services that prompt visitors to first " login using Facebook acco

When Facebook last weekend disclosed a massive data breach—that compromised access tokens for more than 50 million accounts —many feared that the stolen tokens could have been used to access other third-party services, including Instagram and Tinder, through Facebook login. Good news is that Facebook found no evidence "so far" that proves such claims. In a blog post published Tuesday, Facebook security VP Guy Rosen revealed that investigators "found no evidence" of hackers accessing third-party apps with its "Login with Facebook" feature. "We have now analyzed our logs for all third-party apps installed or logged in during the attack we discovered last week. That investigation has so far found no evidence that the attackers accessed any apps using Facebook Login," Rosen says. This does not mean that the stolen access tokens that had already been revoked by Facebook do not pose any threat to thousands of third-party services using Face

From past few days, Internet Users in China are dealing with a weird redirection of traffic nationwide while accessing any website that makes use of connect.facebook.net resource. Great Firewall of China , which is infamous for the Internet censorship by Chinese government, believes to be intercepting the JavaScript module used by Facebook Connect Login, which is meant to allow third-party websites to authorize users through Facebook infrastructure. Chinese Internet users are complaining that when they visit any website that contain " Login with Facebook " or " Connect with Facebook " buttons (which is being used by a vast number of sites), they automatically redirect to unrelated websites. The two websites to which the traffic is being redirected: wpkg.org — A website for open source automated software deployment, upgrade, and removal program for Windows. ptraveler.com — A personal travel blog authored by a young couple of Poland. "Th

" Signup or Login with Facebook " ?? You might think twice before doing that next time. A security researcher has discovered a critical flaw that allows hackers take over Facebook accounts on websites that leverage ' Login with Facebook ' feature. The vulnerability doesn't grant hackers access to your actual Facebook password, but it does allow them to access your accounts using Facebook application developed by third-party websites such as Bit.ly , Mashable , Vimeo , About.me , Stumbleupon , Angel.co and possibly many more. FLAW EXPLOITS THREE CSRFs PROTECTION Egor Homakov , a researcher with pentesting company Sakurity, made the social network giant aware of the bug a year ago, but the company refused to fix the vulnerability because doing so would have ruined compatibility of Facebook with a vast number of websites over the Internet. The critical flaw abuses the lack of CSRF ( Cross-Site Request Forgery ) protection for three different proce