Social media | Breaking Cybersecurity News | The Hacker News

The Iranian hackers may have spent years in running a creative and most dedicated cyber espionage campaign to steal government credentials with the help of Social Media including Facebook, Twitter, LinkedIn, Google+, YouTube and Blogger. A Dallas-based computer-security firm, iSIGHT Partners, has exposed today a three-year old cyber espionage campaign which they believe to have originated in Iran, targeting a number of military and political leaders in the United States, Israel and other countries by creating false social networking accounts and a fake news website. The security firm dubbed the cyber espionage operation as ' Newscaster ', under which the iranian hackers are using more than a dozen social-media accounts of fake personas on social media sites such as Facebook, Twitter, and LinkedIn and targeted at least 2,000 people. Since 2011, the Iranian hackers group has targeted current and former senior U.S. military officials, including a four-star U.S. Navy ad

With all the popular social networking websites there on the web, managing them from several different internet browser tabs or windows can get frustrated very quickly. Besides our own Facebook Page, Twitter account, and Google+ profile, I also manage several others and, YES, I feel the " time management " pain! To make social media management and monitoring easier for users, some very innovative desktop applications and mobile apps were developed to help organize multiple platforms and information sharing across selected networks. Using online tools like TweetDeck, Seesmic, Hootsuite , Feedly, Twuffer and Buffer App for scheduling and posting directly from a web page has become an absolute necessity especially where Twitter is concerned. Additionally these apps gives you the ability to post on one or all of your connected accounts together i.e Multiple Facebook, Twitter or Google+ profiles. These applications don't require your passwords for social me

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.

If you're a user of the Buffer app, the social-media management service that let you cross-posting to various social networks, be aware that the service got hacked yesterday, with spam messages going out over Facebook.  " Buffer was hacked around 1 hour ago, and many of you may have experienced spam posts sent from you via Buffer. I can only understand how angry and disappointed you must be right now. " Buffer team said, in an email sent to users and also posted to Buffer's blog . It's not yet clear how many of Buffer's 1 million or so users were affected by the hack, but buffer maintains that user passwords are safe nor has any "billing or payment information been affected or exposed" . Photo Credit : The Next Web It appears that Buffer's Facebook and Twitter spam messages were first sent at around 2:20 p.m. ET. Hackers have used the exploit to spam user accounts on Facebook, Twitter, Google+, and other sites. Just recently, Instagram saw a viral wa

After months of disrupting the Twitter accounts of major U.S. media outlets, The Syrian Electronic Army Leader Says that they won't Stop hacking. Just two days before  SocialFlow,  a social media optimization platform was hacked by Syrian Electronic Army and readers on certain stories being redirected to the site of the Syrian Electronic Army. T he hackers hit four journalists employed by the New York Post, the tabloid's Facebook page, and a columnist for The Washington Post. Syrian Electronic Army today announced that they hacked into the admin panel of  Outbrain, a  content recommendation service, used my millons of websites including The  Washington Post, CNN, TIMES and also by us at ' The Hacker News '. They edit many parameters tp " Hacked by SEA " from the website panel , that actually reflects on major websites in widget as shown in above screenshot . Hackers also claimed to have access to  Outbrain's email box . The people

In the recent months I had the opportunity to conduct an interesting study on the use of Social Media in the Military Sector, large diffusion of media platforms makes them very attractive for governments and intelligence agencies . Social media platforms reveal enormous potentiality that could be exploited also in critical sectors such as military and defense. Modern social media networks are actively used by every government, the US, China and Russia are the most active in this field, but also emerging cyber countries like Iran and North Korea demonstrates an increasing interest in the matter. The principal uses of social media for government are Psychological Operations (PsyOps) OSInt Cyber espionage Offensive purposes On May 10th the Illinois Air National Guard 183rd Fighter Wing published a notice in the monthly issue of a newsletter titled Falcon View. The notice, that seems to be authentic, dedicates a paragraph to the use of social networking sites for

A multinational security firm ' Raytheon ' has secretly developed software called ' RIOT ', capable of tracking people's movements and predicting future Behavior by mining data from social networking websites. The multi billion dollar company, didn't want its concept video revealed, but the Guardian posted it anyway. Raytheon has not yet sold RIOT to any clients but has been shared with the US government as part of a joint research project to develop a Big Data system capable of surveilling large parts of the population. The software can also pull metadata from pictures taken to pinpoint a user's location when the picture was taken. From this and other location data taken from applications i.e Foursquare, the software can predict future movements of users. The video shows how Riot works on a sample Raytheon staff member, tracking his regular visits to Washington Nationals Park and a local gym. RIOT creates unique profiles from publicly available data, inclu

It seems that Facebook has now extended a hand of friendship toward China. Mark Zuckerberg has announced that he is going on a vacation to China with his girlfriend. His itinerary includes meetings with some of China's biggest high-tech executives, signaling his intention to extend the reach of his social network to the world's largest population of internet users. Industry analysts say Facebook will face tough competition from state-supported companies, as it is entering a market where 68% has been captured by sites like Ren-Ren. The competition is fierce, presenting challenges similar to those faced by companies like Google. While Facebook may not be making a formal friend request to China, Zuckerberg has been studying Mandarin daily with one-hour language lessons.

Hackers are planning to increase data security attacks via applications on social networking websites this Christmas, according to an expert. Earlier this month, IT security firm Sophos traced the history of malware and viruses created over the Christmas period from 1987 until 2009. The blog post revealed that, although some were relatively harmless festive pranks, more cyberattacks over the holidays could have serious repercussions for computer users. Rik Ferguson, senior security analyst at Trend Micro, stated that hackers conduct such attacks annually. "Criminals absolutely do, every year without fail, conduct campaigns designed to take advantage of people's willingness to search for and click on links relating to Christmas activity, whether that's through phishing campaigns or sending social engineering emails masquerading as Christmas cards," he said. Mr. Ferguson added that apps on social networking sites had "come of age as an attack platform" and

A new computer worm is denying Facebook users access to their accounts. The worm, named "W32.Yimfoca" by the security company Symantec, spreads through Yahoo! Messenger and specifically targets Facebook users. It forces them to complete surveys before they can log into their profiles. The worm begins by sending an instant message containing a corrupted link. When a user clicks the link, the worm installs malware on their system. Later, when users visit Facebook, they see a message stating, "Your account is suspended. To make your account active, you need to complete one of these surveys," followed by a list of options like "Test Your Celebrity IQ here" and "Win a FREE iPhone 4." If users choose to fill out a survey, another message appears: "You have only 3 minutes to fill out the selected survey or you will not have access to your account." Each time a survey is completed, the creators of the worm earn $1, according to Symantec. The

Network security is on everyone's mind as 2010 comes to an end. Adam Powers, CTO of Atlanta-based Lancope, offers insights into expected trends for 2011. IT Consumerization and Internal Threats The introduction of consumer devices into corporate networks is reshaping security strategies. Traditional perimeter defenses like firewalls and intrusion prevention systems (IPS) are no longer sufficient. Companies must address security for smartphones, MiFi devices, and other consumer mobile devices. Rise of Social Media The growth of social media platforms like Facebook has created new attack surfaces for cyber threats. This development demands heightened awareness and security measures. Utilities as Targets The Stuxnet virus has alerted utilities, particularly those under NERC-CIP compliance, to the need for improved security as SCADA systems transition to IP. This shift demands a significant upgrade in security measures. Information Leakage and Reputation Damage The Wiki

In what has become a yearly tradition, it's now time for us to present 10 of the most noteworthy incidents on the Internet from this past year. As you'll see, 2010 has been very interesting. Just like previous years, we have included problems ranging from website outages and service issues to large-scale network interruptions. If you're an avid Web user, you are bound to recognize several of them. Let's get started! The major incidents on the Internet in 2010 were… Wikipedia's Failover Fail Wikipedia has become so ubiquitous that it can't go down for a minute without people noticing. According to Google Trends for Websites , the site has roughly 50 million visitors per day. In March, servers in Wikimedia's European data center overheated and shut down. The service was supposed to fail over to a US data center. Unfortunately, the failover mechanism didn't work properly and broke the DNS lookups for all of Wikipedia . This effectively rendered the site unreachable worldwide. It took

A 29-year-old man was arrested on Tuesday for hacking into a girl's social networking profile, altering her photos, and posting inappropriate messages. The police apprehended Pramod Nana Bavdekar from his home in Andheri, seizing his computer and hard disk as evidence. The incident began on November 8, when the victim noticed her account was being used by someone else after she tried to log in. Consulting an expert, she learned her profile had been hacked. Shortly after, she was horrified to find her nude photos and a message stating, "I am a prostitute," on her profile. Additionally, her bank account number and other personal details were posted. The victim later received four letters via courier containing similar messages and photos, prompting her to file a complaint with the cyber division of the BKC police station. In her complaint, she mentioned her suspicion of Bavdekar, a former neighbor who had proposed to her two years earlier. According to the police, altho

Gathering evidence on Facebook has become a standard legal practice, so a social sting operation was inevitable. This method led the Federal Bureau of Investigation (FBI) to apprehend a would-be terrorist in Baltimore. An FBI informant initially contacted 21-year-old Antonio Martinez after he publicly posted about his desire for jihad on Facebook earlier this fall, according to AFP. The U.S. Justice Department released a prepared statement that AFP cited: "An affidavit filed in support of the criminal complaint alleges that on September 29, 2010, Martinez publicly posted on his Facebook account a statement calling for violence to stop the oppression of Muslims, and that on October 1, 2010, he publicly posted a message stating that he hates any person who opposes Allah and his prophet." The FBI set Martinez up with a fake car bomb, then apprehended him when he attempted to detonate it remotely. The faux explosive was rigged in a vehicle parked outside a U.S. military recrui

When you see a post on a Facebook friend's wall that seems out of character, don't be too quick to click. Posts labeled "Pictures of girls in bikinis" or "All boys can stare at it but girls cannot" might be clickjacking attacks. These attacks typically don't carry malicious payloads, but they can certainly annoy any friends who fall for them. Here's how to avoid that scenario. Usually, the post itself uses a short, provocative phrase to spark your curiosity. If you fall for the attack currently making the rounds, you'll see a warning that the content might be inappropriate and a request to confirm that you're 18 or older. Once you click the button to confirm your age, you'll encounter another embedded dialog box. This one claims a need to verify that you're human, supposedly to avoid spam bots that are "putting an extra load on our servers." The box requests that you click numbered buttons in a specific order. Clicking th

Facebook is set to launch an integrated email service on Monday, aiming to compete with Gmail and Yahoo Mail. This move will position Facebook as the largest email service provider in the world, serving its 500 million users. TechCrunch, a prominent Silicon Valley technology blog, reported that Facebook plans to announce a web-based email service featuring @facebook.com addresses at an event in San Francisco. This initiative, part of a secret project known as 'Project Titan,' is internally referred to as its 'Gmail killer.' Yahoo, Google, and Microsoft are already enhancing their email services to emphasize social connections. However, Facebook holds a significant advantage due to its extensive data on user relationships, making it easier to integrate email with its existing social services like photo-sharing. Facebook's new email service will seamlessly integrate with the social network, utilizing its network of friends model. The goal is to create a communication ecosystem tha

Computer security firms and military personnel have issued warnings about certain Facebook features that could compromise both personal and national security. On Thursday, Sophos, a computer security developer, warned that Facebook's new online messaging service could increase users' vulnerability to identity theft. John Leyden of The Register reported that the service, which combines site updates, instant messaging chat, and SMS messages in one place, is an attractive target for cybercriminals. According to Leyden, spammers can easily target accounts, or they can be compromised to create Web 2.0 botnets. "Users need to realize that these new features increase the attack surface on the Facebook platform, making personal accounts more attractive to cybercriminals," said Graham Cluley, Sophos' senior technology consultant, to AFP. "Facebook accounts will now be linked with more people in users' social circles, creating new opportunities for identity fraud

Facebook has confirmed that the recent issue with posts was on their end. A representative told SecurityWeek via email, "We began removing the posts immediately upon discovering them and shortly after they were made. They were caused by a temporary bug on Facebook that allowed certain posts requested by an application to be rendered when they shouldn't have. Upon discovering the bug, we immediately began work to fix it. It's now been resolved, and these posts can no longer be made. We're not aware of any cases in which the bug was used maliciously." A representative from Sendible stated that they had discussed the issue with Facebook over the phone. Facebook acknowledged the problem but could not reproduce it on their end. "They've agreed to patch the issue by the end of the day. In the meantime, we've agreed to remove the feature on Sendible that allows fans of Facebook pages to automate posts." Several Facebook Pages, including those of large

We've received several rapid-fire tips indicating a major compromise in the Facebook app Sendible. Several prominent Facebook Pages, including Google, Coca-Cola, YouTube, South Park, The Daily Show, and Team Coco, are sending out a malicious link to their followers. The link reads, "Change Your Facebook Background Here!" It's crucial not to click on this link. Those who clicked on the link reported being redirected to a page outside Facebook that asked for personal information. The bottom of this page reads, "Powered By AWeber Email Marketing." Oddly, many other Facebook users are "liking" these links. We've contacted Facebook about the issue and will update once we receive their response. The compromised accounts suggest that this malicious link is appearing in tens of millions of feeds right now. Most of the malicious links have been removed, but tips indicate the attack is ongoing, with new links continuing to appear. We still have not heard bac

Facebook's privacy issues are like a centipede with countless shoes dropping. There seems to be no end to them. Recently, the Wall Street Journal reporters revealed that Facebook apps have been inadvertently sharing user identities with advertisers. Companies like Rapleaf use Facebook data to create detailed personal profiles, including names, locations, politics, and religious beliefs. This morning, we found out that not only were Facebook apps inadvertently sharing user identities (UIDs), but some were also doing it deliberately, for money. App makers were selling user information to data brokers. This is like Charlie Sheen sharing his secrets with Perez Hilton—it won't stay private for long. Facebook's blogger Mike Vernal disclosed the news. Vernal's blogging style is rather dry and dense, which might be why he got the job. It took him six paragraphs to explain the situation: "As we examined the circumstances of inadvertent UID transfers, we discovered some instance

Facebook privacy has been a recurring topic in the news. With the massive number of users on the site, the amount of personal data involved is enormous. Recently, it has been revealed that many popular third-party apps, mainly games like Farmville and Texas HoldEm Poker, are leaking the unique Facebook ID that can track individual users. According to an investigation by the Wall Street Journal, several Facebook apps have been providing advertisers with information that makes social networking users easily identifiable. All ten of Facebook's most popular apps, including Farmville and Texas HoldEm Poker, are leaking the unique Facebook ID number to outside firms. Each Facebook ID is unique and linked to every profile. By searching for this number, anyone can access the user's profile and view the information they have chosen to share with the public. This can include their name, date of birth, and even photos. Farmville, with 59 million users, also passes this information about a u