#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

Meta | Breaking Cybersecurity News | The Hacker News

Category — Meta
Facebook Hit With $18.6 Million GDPR Fine Over 12 Data Breaches in 2018

Facebook Hit With $18.6 Million GDPR Fine Over 12 Data Breaches in 2018

Mar 16, 2022
The Irish Data Protection Commission (DPC) on Tuesday slapped Facebook and WhatsApp owner Meta Platforms a fine of €17 million (~$18.6 million) for a series of security lapses that occurred in violation of the European Union's  GDPR laws  in the region. "The DPC found that Meta Platforms failed to have in place appropriate technical and organizational measures which would enable it to readily demonstrate the security measures that it implemented in practice to protect EU users' data, in the context of the twelve personal data breaches," the watchdog  said  in a press release. The decision follows the regulator's investigation into 12  data   breach   notifications  it received over the course of a six-month period between June 7 and December 4, 2018. "This fine is about record keeping practices from 2018 that we have since updated, not a failure to protect people's information," Meta  said  in a statement shared with the Associated ...
Here's How to Find if WhatsApp Web Code on Your Browser Has Been Hacked

Here's How to Find if WhatsApp Web Code on Your Browser Has Been Hacked

Mar 11, 2022
Meta Platforms' WhatsApp and Cloudflare have banded together for a new initiative called Code Verify to validate the authenticity of the messaging service's web app on desktop computers. Available in the form of a Chrome and Edge  browser extension , the  open-source add-on  is designed to "automatically verif[y] the authenticity of the WhatsApp Web code being served to your browser," Facebook  said  in a statement. The goal with Code Verify is to confirm the integrity of the web application and ensure that it hasn't been tampered with to inject malicious code. The social media company is also planning to release Firefox and Safari plugins to achieve the same level of security across browsers. The system works with Cloudflare acting as a third-party audit to compare the cryptographic hash of WhatsApp Web's JavaScript code that's shared by Meta with that of a locally computed hash of the code running on the browser client. Code Verify is also meant t...
Cyber Story Time: The Boy Who Cried "Secure!"

Cyber Story Time: The Boy Who Cried "Secure!"

Nov 21, 2024Threat Detection / Pentesting
As a relatively new security category, many security operators and executives I've met have asked us "What are these Automated Security Validation (ASV) tools?" We've covered that pretty extensively in the past, so today, instead of covering the " What is ASV?" I wanted to address the " Why ASV?" question. In this article, we'll cover some common use cases and misconceptions of how people misuse and misunderstand ASV tools daily (because that's a lot more fun). To kick things off, there's no place to start like the beginning. Automated security validation tools are designed to provide continuous, real-time assessment of an organization's cybersecurity defenses. These tools are continuous and use exploitation to validate defenses like EDR, NDR, and WAFs. They're more in-depth than vulnerability scanners because they use tactics and techniques that you'll see in manual penetration tests. Vulnerability scanners won't relay hashes or combine vulnerabilities to further attacks, whic
Facebook Agrees to Pay $90 Million to Settle Decade-Old Privacy Violation Case

Facebook Agrees to Pay $90 Million to Settle Decade-Old Privacy Violation Case

Feb 16, 2022
Meta Platforms has agreed to pay $90 million to settle a lawsuit over the company's use of cookies to allegedly track Facebook users' internet activity even after they had logged off from the platform. In addition, the social media company will be required to delete all of the data it illegally collected from those users. The development was first reported by  Variety . The decade-old case, filed in 2012, centered around Facebook's use of the proprietary "Like" button to track users as they visited third-party websites – regardless of whether they actually used the button – in violation of the federal wiretapping laws, and then allegedly compiling those browsing histories into profiles for selling the information to advertisers. Based on the terms of the proposed settlement, users who browsed non-Facebook websites that included the "Like" button between April 22, 2010, and September 26, 2011, will be covered. "Reaching a settlement in this cas...
cyber security

Creating, Managing and Securing Non-Human Identities

websitePermisoCybersecurity / Identity Security
A new class of identities has emerged alongside traditional human users: non-human identities (NHIs). Permiso Security's new eBook details everything you need to know about managing and securing non-human identities, and strategies to unify identity security without compromising agility.
Facebook Launches 'Privacy Center' to Educate Users on Data Collection and Privacy Options

Facebook Launches 'Privacy Center' to Educate Users on Data Collection and Privacy Options

Jan 08, 2022
Meta Platforms, the company formerly known as Facebook, on Friday announced the launch of a centralized Privacy Center that aims to "educate people" about its approach with regards to how it collects and processes personal information across its family of social media apps. "Privacy Center provides helpful information about five common privacy topics: sharing, security, data collection, data use and ads," the social technology firm  said  in a press release. The first module, Security, will offer easy access to common tools such as account security settings and two-factor authentication. Sharing will provide specifics about post visibility and settings to archive or trash old posts. Collection and Use will give users a quick glance into the type of data Meta harvests and learn how and why it's used, respectively. Lastly, the Ads section will furnish information regarding a user's ad preferences. The learning hub is expected to be initially limited to a s...
Meta Sues Hackers Behind Facebook, WhatsApp and Instagram Phishing Attacks

Meta Sues Hackers Behind Facebook, WhatsApp and Instagram Phishing Attacks

Dec 21, 2021
Facebook's parent company Meta Platforms on Monday said it has filed a federal lawsuit in the U.S. state of California against bad actors who operated more than 39,000 phishing websites that impersonated its digital properties to mislead unsuspecting users into divulging their login credentials. The social engineering scheme involved the creation of rogue webpages that masqueraded as the login pages of Facebook, Messenger, Instagram, and WhatsApp, on which victims were prompted to enter their usernames and passwords that were then harvested by the defendants. The tech giant is also seeking $500,000 from the anonymous actors. The attacks were carried out using a relay service, Ngrok , that redirected internet traffic to the phishing websites in a manner that concealed the true location of the fraudulent infrastructure. Meta said the volume of these phishing attacks ramped up in volume since March 2021 and that it worked with the relay service to suspend thousands of URLs to the...
Facebook to Pay Hackers for Reporting Data Scraping Bugs and Scraped Datasets

Facebook to Pay Hackers for Reporting Data Scraping Bugs and Scraped Datasets

Dec 15, 2021
Meta Platforms, the company formerly known as Facebook, has announced that it's expanding its  bug bounty program  to start rewarding valid reports of scraping vulnerabilities across its platforms as well as include reports of scraping data sets that are available online. "We know that automated activity designed to scrape people's public and private data targets every website or service," said Dan Gurfinkel, security engineering manager at Meta. "We also know that it is a highly adversarial space where scrapers — be it malicious apps, websites or scripts — constantly adapt their tactics to evade detection in response to the defenses we build and improve." To that end, the social media giant aims to  monetarily compensate  for valid reports of scraping bugs in its service and identify unprotected or openly public databases containing no less than 100,000 unique Facebook user records with personally identifiable information (PII) such as email, phone numb...
Meta Expands Facebook Protect Program to Activists, Journalists, Government Officials

Meta Expands Facebook Protect Program to Activists, Journalists, Government Officials

Dec 02, 2021
Meta, the company formerly known as Facebook, on Thursday announced an expansion of its Facebook Protect security program to include human rights defenders, activists, journalists, and government officials who are more likely to be targeted by bad actors across its social media platforms. "These people are at the center of critical communities for public debate," said Nathaniel Gleicher, head of security policy at Meta. "They enable democratic elections, hold governments and organizations accountable, and defend human rights around the world. Unfortunately this also means that they are highly targeted by bad actors." Facebook Protect , currently being launched globally in phases, enables users who enroll for the initiative to adopt stronger account security protections, like two-factor authentication (2FA), and watch out for potential hacking threats. Meta said more than 1.5 million accounts have enabled Facebook Protect to date, of which nearly 950,000 account...
Facebook Postpones Plans for E2E Encryption in Messenger, Instagram Until 2023

Facebook Postpones Plans for E2E Encryption in Messenger, Instagram Until 2023

Nov 22, 2021
Meta, the parent company of Facebook, Instagram, and WhatsApp, disclosed that it doesn't intend to roll out default end-to-end encryption (E2EE) across all its messaging services until 2023, pushing its original plans by at least a year. "We're taking our time to get this right and we don't plan to finish the global rollout of end-to-end encryption by default across all our messaging services until sometime in 2023," Meta's head of safety, Antigone Davis,  said  in a post published in The Telegraph over the weekend. The new scheme, described as a "three-pronged approach," aims to employ a mix of non-encrypted data across its apps as well as account information and reports from users to improve safety and combat abuse, noting that the goal is to deter illegal behavior from happening in the first place, giving users more control, and actively encouraging users to flag harmful messages. Meta had previously  outlined  plans to be "fully end-to-en...
Facebook to Shut Down Facial Recognition System and Delete Billions of Records

Facebook to Shut Down Facial Recognition System and Delete Billions of Records

Nov 03, 2021
Facebook's  newly-rebranded  parent company Meta on Tuesday announced plans to discontinue its decade-old "Face Recognition" system and delete a massive trove of more than a billion users' facial recognition templates as part of a wider initiative to limit the use of the technology across its products. The Menlo Park tech giant  described  the about-face as "one of the largest shifts in facial recognition usage in the technology's history." The shutdown, which is expected to take place over the coming weeks, will mean users who have previously opted into the setting will no longer be automatically recognized in Memories, photos and videos or see suggested tags with their name in photos and videos they may appear in. Furthermore, the company's Automatic Alt Text (AAT) tool, which creates image descriptions for visually impaired people, will no longer include the names of people identified in photos. Facebook's discontinuing of the program com...
Mark Zuckerberg’s China Visit Signals Facebook’s Expansion Plans

Mark Zuckerberg's China Visit Signals Facebook's Expansion Plans

Dec 28, 2011
It seems that Facebook has now extended a hand of friendship toward China. Mark Zuckerberg has announced that he is going on a vacation to China with his girlfriend. His itinerary includes meetings with some of China's biggest high-tech executives, signaling his intention to extend the reach of his social network to the world's largest population of internet users. Industry analysts say Facebook will face tough competition from state-supported companies, as it is entering a market where 68% has been captured by sites like Ren-Ren. The competition is fierce, presenting challenges similar to those faced by companies like Google. While Facebook may not be making a formal friend request to China, Zuckerberg has been studying Mandarin daily with one-hour language lessons.
Expert Insights / Articles Videos
Cybersecurity Resources