#1 Trusted Cybersecurity News Platform Followed by 3.45+ million
The Hacker News Logo
Subscribe to Newsletter
CrowdSec

Social media | Breaking Cybersecurity News | The Hacker News

New S1deload Malware Hijacking Users' Social Media Accounts and Mining Cryptocurrency

New S1deload Malware Hijacking Users' Social Media Accounts and Mining Cryptocurrency
Feb 23, 2023 Cryptocurrency / Malware
An active malware campaign has set its sights on Facebook and YouTube users by leveraging a new information stealer to hijack the accounts and abuse the systems' resources to mine cryptocurrency. Bitdefender is calling the malware  S1deload Stealer  for its use of  DLL side-loading techniques  to get past security defenses and execute its malicious components. "Once infected, S1deload Stealer steals user credentials, emulates human behavior to artificially boost videos and other content engagement, assesses the value of individual accounts (such as identifying corporate social media admins), mines for BEAM cryptocurrency, and propagates the malicious link to the user's followers," Bitdefender researcher Dávid ÁCS  said . Put differently, the goal of the campaign is to take control of the users' Facebook and YouTube accounts and rent out access to raise view counts and likes for videos and posts shared on the platforms. More than 600 unique users are estimate

New Facebook Tool Let Users Transfer Their Photos and Videos to Google

New Facebook Tool Let Users Transfer Their Photos and Videos to Google
Dec 02, 2019
Facebook has finally started implementing the open source data portability framework as the first phase of ' Data Transfer Project ,' an initiative the company launched last year in collaboration with Google, Apple, Microsoft, and Twitter. Facebook today announced a new feature that will allow its users to transfer their Facebook photos and videos to their Google Photos accounts—directly and securely without needing to download and reupload it. The feature is only available to Facebook users in Ireland for now, as a test, and expected to be available to the rest of the world in early 2020. This new Facebook feature is built using the Data Transfer Project (DTP), a universal data import/export protocol that aims to give users more control over their data and let them quickly move it between online services or apps whenever they want. "If a user wants to switch to another product or service because they think it is better, they should be able to do so as easily a

external linkSay Goodbye to SaaS Blind Spots: Wing Security Unveils Free Discovery Tool

SaaS
websitewww.wing.securitySaaS Security / Attack Surface
Wing Security finds and ranks all SaaS applications completely for free, removing unnecessary risk.

Google+ to Shut Down Early After New API Flaw Hits 52.5 Million Users

Google+ to Shut Down Early After New API Flaw Hits 52.5 Million Users
Dec 10, 2018
Google today revealed that Google+ has suffered another massive data breach, forcing the tech giant to shut down its struggling social network four months earlier than its actual scheduled date, i.e., in April 2019 instead of August 2019. Google said it discovered another critical security vulnerability in one of Google+'s People APIs that could have allowed developers to steal private information on 52.5 million users, including their name, email address, occupation, and age. The vulnerable API in question is called "People: get" that has been designed to let developers request basic information associated with a user profile. However, software update in November introduced the bug in the Google+ People API that allowed apps to view users' information even if a user profile was set to not-public. Google engineers discovered the security issue during standard testing procedures and addressed it within a week of the issue being introduced. The company said

Snapchat Hack — Hacker Leaked Snapchat Source Code On GitHub

Snapchat Hack — Hacker Leaked Snapchat Source Code On GitHub
Aug 08, 2018
The source code of the popular social media app Snapchat was recently surfaced online after a hacker leaked and posted it on the Microsoft-owned code repository GitHub. A GitHub account under the name Khaled Alshehri with the handle i5xx , who claimed to be from Pakistan, created a GitHub repository called Source-Snapchat with a description " Source Code for SnapChat ," publishing the code of what purported to be Snapchat's iOS app. The underlying code could potentially expose the company's extremely confidential information, like the entire design of the hugely-successful messaging app, how the app works and what future features are planned for the app. Snapchat's parent company, Snap Inc., responded to the leak by filing a copyright act request under the Digital Millennium Copyright Act (DMCA), helping it takedown the online repository hosting the Snapchat code. SnapChat Hack: Github Took Down Repository After DMCA Notice Though it is not clear

Egyptian 'Fake News' Law Threatens Citizens with 5000-plus Followers

Egyptian 'Fake News' Law Threatens Citizens with 5000-plus Followers
Jul 23, 2018
Do you or someone you know lives in Egypt and holds an account on Facebook, Twitter, or/and other social media platforms with more than 5000 followers? If yes, your account can be censored, suspended and is subject to prosecution for promoting or spreading the fake news through social media platforms. On July 16, the Egyptian parliament approved a new law that classifies a personal social media account, blog or website with more than 5,000 followers as media outlets, allowing the state to block social media accounts and penalize journalists for publishing fake news. Social media networks are no doubt a quick and powerful way to share information and ideas, but not everything shared on Facebook or Twitter is true. Fake news is all around us, and every country is finding its own new ways to tackle this issue. Over the past the year, fake news or misinformation has emerged as a primary issue on social media platforms, seeking to influence millions of people with wrong propaga

Timehop Hacked — Hackers Stole Personal Data Of All 21 Million Users

Timehop Hacked — Hackers Stole Personal Data Of All 21 Million Users
Jul 09, 2018
And the hacks just keep on coming. Timehop social media app has been hit by a major data breach on July 4th that compromised the personal data of its more than 21 million users. Timehop is a simple social media app that collects your old photos and posts from your iPhone, Facebook, Instagram, Twitter and Foursquare and acts as a digital time machine to help you find—what you were doing on this very day exactly a year ago. The company revealed on Sunday that unknown attacker(s) managed to break into its Cloud Computing Environment and access the data of entire 21 million users, including their names, email addresses, and approximately 4.7 million phone numbers attached to their accounts. "We learned of the breach while it was still in progress, and were able to interrupt it, but data was taken. Some data was breached," the company wrote in a security advisory posted on its website. Social Media OAuth2 Tokens Also Compromised Moreover, the attackers also got th

Facebook admits public data of its 2.2 billion users has been compromised

Facebook admits public data of its 2.2 billion users has been compromised
Apr 05, 2018
Facebook dropped another bombshell on its users by admitting that all of its 2.2 billion users should assume malicious third-party scrapers have compromised their public profile information. On Wednesday, Facebook CEO Mark Zuckerberg revealed that "malicious actors" took advantage of "Search" tools on its platform to discover the identities and collect information on most of its 2 billion users worldwide. The revelation once again underlines the failure of the social-media giant to protect users' privacy while generating billions of dollars in revenue from the same information. The revelation came weeks after the disclosure of the Cambridge Analytica scandal , wherein personal data of 77 million users was improperly gathered and misused by the political consultancy firm, who reportedly also helped Donald Trump win the US presidency in 2016. However, the latest scam revealed by the social media giant about the abuse of Facebook's search tools over the

Facebook, Twitter and Instagram Share Data with Location-based Social Media Surveillance Startup

Facebook, Twitter and Instagram Share Data with Location-based Social Media Surveillance Startup
Oct 12, 2016
Facebook, Instagram, Twitter, VK, Google's Picasa and Youtube were handing over user data access to a Chicago-based Startup — the developer of a social media monitoring tool — which then sold this data to law enforcement agencies for surveillance purposes, the ACLU disclosed Tuesday. Government records obtained by the American Civil Liberties Union (ACLU) revealed that the big technology corporations gave "special access" to Geofeedia. Geofeedia is a controversial social media monitoring tool that pulls social media feeds via APIs and other means of access and then makes it searchable and accessible to its clients, who can search by location or keyword to quickly find recently posted and publicly available contents. The company has marketed its services to 500 law enforcement and public safety agencies as a tool to track racial protests in Ferguson, Missouri, involving the 2014 police shooting death of Mike Brown. With the help of a public records request, the

Traveling to US? Agencies want to Spy on your Social Media activities right from Airport

Traveling to US? Agencies want to Spy on your Social Media activities right from Airport
Jun 27, 2016
Hey! Welcome to the United States. May we have your Twitter handle, please? That's exactly what you'll likely be asked by the U.S. Customs and Border Protection at the airport prior to entering U.S. soil. Yes, your Twitter handle may soon be part of the US Visa process as U.S. Customs and Border Protection has entered a new proposal into the federal register, suggesting a new field in which foreign visitors can declare their online presence. This new proposal submitted by the US Department of Homeland Security (DHS) to the Federal Register on Thursday would update the required entry forms with a question asking travelers to " Please enter information associated with your online presence -- Provider/Platform -- Social media identifier. " This information would not be mandatory, but of course, foreign travelers who decline to reveal their online presence may subject for additional scrutiny. What's the idea behind Knowing the visitors' Online Prese

This App Lets You Find Anyone's Social Profile Just By Taking Their Photo

This App Lets You Find Anyone's Social Profile Just By Taking Their Photo
May 18, 2016
Is Google or Facebook evil? Forget it! Russian nerds have developed a new Face Recognition technology based app called FindFace , which is a nightmare for privacy lovers and human right advocates. FindFace is a terrifyingly powerful facial recognition app that lets you photograph strangers in a crowd and find their real identity by connecting them to their social media accounts with 70% success rate, putting public anonymity at risk. The FindFace app was launched two months ago on Google Play and Apple's App Store and currently has 500,000 registered users and processed nearly 3 Million searches, according to its co-founders, 26-year-old Artem Kukharenko, and 29-year-old Alexander Kabakov. According to The Guardian , FindFace uses image recognition technology to compare faces against profile pictures on Vkontakte, a very popular social networking site in Russia that has over 200 Million users. Besides showing the social media account of the one you are searching for, FindF

​Facebook launches ThreatExchange for Sharing Cyber Security Threats

​Facebook launches ThreatExchange for Sharing Cyber Security Threats
Feb 12, 2015
Social Networking giant Facebook has just launched a new platform called ThreatExchange , which is designed to mount a coordinated defense against cybercrime. Many security professionals rely largely on manual methods for collecting, analyzing, and consuming information about latest cyber security threats such as malware and botnets . Whereas, Mark Zuckerberg's ThreatExchange is a unique social media platform where multiple organizations can sign up and share information about new threats to cyber security, new types of hacks, phishing attacks and malicious activities they may have experienced. COLLABORATE AND TAKE ACTION Facebook is currently using a threat analysis framework called " ThreatData " to discover and tackle scams and cybercrimes, but with the growth in the magnitude of cyber attacks, Facebook believes that better communication between companies could help stamp them out. " We quickly learned that sharing with one another was key to bea

Hacktivist Group Anonymous (#OpISIS) Takes Down Islamic State (ISIS) Social Media Accounts

Hacktivist Group Anonymous (#OpISIS) Takes Down Islamic State (ISIS) Social Media Accounts
Feb 09, 2015
The hacktivist group Anonymous has launched a massive cyber attack against the Islamic State of Iraq and Syria (ISIS) — the radical Islamic terrorist group who were  responsible for the terrorist attack against the Paris offices of satirical magazine Charlie Hebdo . With huge social media presence, ISIS is the most active terror group on Facebook, Twitter, YouTube and Instagram accounts. But unluckily, over dozens of Facebook and Twitter accounts linked to ISIS has recently been taken by the Anonymous group. In a video appeared on Youtube, Anonymous group and RedCult announced the operation  #OpISIS  and claimed to have carried out cyber attack against hundreds of Twitter and Facebook accounts used by ISIS for its own propaganda and to recruit new members. According to the video, Operation  #OpISIS  is coordinated by "Muslims, Christians, Jews"  alike and a masked individual discusses the aim of the campaign. They are " hackers, crackers, Hacktivist, phi

Iranian Hackers Pose as Journalists to Spy on US Government Officials and Diplomats

Iranian Hackers Pose as Journalists to Spy on US Government Officials and Diplomats
May 29, 2014
The Iranian hackers may have spent years in running a creative and most dedicated cyber espionage campaign to steal government credentials with the help of Social Media including Facebook, Twitter, LinkedIn, Google+, YouTube and Blogger. A Dallas-based computer-security firm, iSIGHT Partners, has exposed today a three-year old cyber espionage campaign which they believe to have originated in Iran, targeting a number of military and political leaders in the United States, Israel and other countries by creating false social networking accounts and a fake news website. The security firm dubbed the cyber espionage operation as ' Newscaster ', under which the iranian hackers are using more than a dozen social-media accounts of fake personas on social media sites such as Facebook, Twitter, and LinkedIn and targeted at least 2,000 people. Since 2011, the Iranian hackers group has targeted current and former senior U.S. military officials, including a four-star U.S. Navy ad

Security breach at OAuth based applications can cause Social Media Disaster

Security breach at OAuth based applications can cause Social Media Disaster
Oct 28, 2013
With all the popular social networking websites there on the web, managing them from several different internet browser tabs or windows can get frustrated very quickly. Besides our own Facebook Page, Twitter account, and Google+ profile, I also manage several others and, YES, I feel the " time management " pain! To make social media management and monitoring easier for users, some very innovative desktop applications and mobile apps were developed to help organize multiple platforms and information sharing across selected networks. Using online tools like TweetDeck, Seesmic, Hootsuite , Feedly, Twuffer and Buffer App for scheduling and posting directly from a web page has become an absolute necessity especially where Twitter is concerned. Additionally these apps gives you the ability to post on one or all of your connected accounts together i.e Multiple Facebook, Twitter or Google+ profiles. These applications don't require your passwords for social me

Buffer hacked; Twitter, Facebook flooded with Spam Weight-loss links

Buffer hacked; Twitter, Facebook flooded with Spam Weight-loss links
Oct 27, 2013
If you're a user of the Buffer app, the social-media management service that let you cross-posting to various social networks, be aware that the service got hacked yesterday, with spam messages going out over Facebook.  " Buffer was hacked around 1 hour ago, and many of you may have experienced spam posts sent from you via Buffer. I can only understand how angry and disappointed you must be right now. " Buffer team said, in an email sent to users and also posted to Buffer's blog . It's not yet clear how many of Buffer's 1 million or so users were affected by the hack, but buffer maintains that user passwords are safe nor has any "billing or payment information been affected or exposed" . Photo Credit : The Next Web It appears that Buffer's Facebook and Twitter spam messages were first sent at around 2:20 p.m. ET. Hackers have used the exploit to spam user accounts on Facebook, Twitter, Google+, and other sites. Just recently, Instagram saw a viral wa

Syrian Electronic Army Hacks the Outbrain service; Washington Post, CNN suffers

Syrian Electronic Army Hacks the Outbrain service; Washington Post, CNN suffers
Aug 15, 2013
After months of disrupting the Twitter accounts of major U.S. media outlets, The Syrian Electronic Army Leader Says that they won't Stop hacking. Just two days before  SocialFlow,  a social media optimization platform was hacked by Syrian Electronic Army and readers on certain stories being redirected to the site of the Syrian Electronic Army. T he hackers hit four journalists employed by the New York Post, the tabloid's Facebook page, and a columnist for The Washington Post. Syrian Electronic Army today announced that they hacked into the admin panel of  Outbrain, a  content recommendation service, used my millons of websites including The  Washington Post, CNN, TIMES and also by us at ' The Hacker News '. They edit many parameters tp " Hacked by SEA " from the website panel , that actually reflects on major websites in widget as shown in above screenshot . Hackers also claimed to have access to  Outbrain's email box . The people

U.S. Department of Defense Officials are potential target of cyber espionage via social networking sites

U.S. Department of Defense Officials are potential target of cyber espionage via social networking sites
May 16, 2013
In the recent months I had the opportunity to conduct an interesting study on the use of Social Media in the Military Sector, large diffusion of media platforms makes them very attractive for governments and intelligence agencies . Social media platforms reveal enormous potentiality that could be exploited also in critical sectors such as military and defense. Modern social media networks are actively used by every government, the US, China and Russia are the most active in this field, but also emerging cyber countries like Iran and North Korea demonstrates an increasing interest in the matter. The principal uses of social media for government are Psychological Operations (PsyOps) OSInt Cyber espionage Offensive purposes On May 10th the Illinois Air National Guard 183rd Fighter Wing published a notice in the monthly issue of a newsletter titled Falcon View. The notice, that seems to be authentic, dedicates a paragraph to the use of social networking sites for

Defence develop Software that can track people on Social media

Defence develop Software that can track people on Social media
Feb 12, 2013
A multinational security firm ' Raytheon ' has secretly developed software called ' RIOT ', capable of tracking people's movements and predicting future Behavior by mining data from social networking websites. The multi billion dollar company, didn't want its concept video revealed, but the Guardian posted it anyway. Raytheon has not yet sold RIOT to any clients but has been shared with the US government as part of a joint research project to develop a Big Data system capable of surveilling large parts of the population. The software can also pull metadata from pictures taken to pinpoint a user's location when the picture was taken. From this and other location data taken from applications i.e Foursquare, the software can predict future movements of users. The video shows how Riot works on a sample Raytheon staff member, tracking his regular visits to Washington Nationals Park and a local gym. RIOT creates unique profiles from publicly available data, inclu
Cybersecurity Resources