Search results for Facebook | Breaking Cybersecurity News | The Hacker News

" Signup or Login with Facebook " ?? You might think twice before doing that next time. A security researcher has discovered a critical flaw that allows hackers take over Facebook accounts on websites that leverage ' Login with Facebook ' feature. The vulnerability doesn't grant hackers access to your actual Facebook password, but it does allow them to access your accounts using Facebook application developed by third-party websites such as Bit.ly , Mashable , Vimeo , About.me , Stumbleupon , Angel.co and possibly many more. FLAW EXPLOITS THREE CSRFs PROTECTION Egor Homakov , a researcher with pentesting company Sakurity, made the social network giant aware of the bug a year ago, but the company refused to fix the vulnerability because doing so would have ruined compatibility of Facebook with a vast number of websites over the Internet. The critical flaw abuses the lack of CSRF ( Cross-Site Request Forgery ) protection for three different proce

Facebook announced a whole lot of new features at its 2018 Facebook F8 developers conference, along with the keynote by its CEO Mark Zuckerberg addressing concerns from app developers after Facebook paused 3rd-party app review in the wake of the Cambridge Analytica scandal. Here are some big takeaways from Zuckerberg's keynote on Day 1 of Facebook F8, held for two days, May 1 and 2, at the McEnery Convention Center in San Jose, California: FaceDate—Facebook's New Tinder-Like 'Dating' Feature Still Single? Don't worry because Facebook doesn't want you to remain single for long. The social network giant is introducing a new dating feature that will allow you to build your profile that will only be visible to other Facebook users (non-friends) who have also opted into looking for love. Dubbed FaceDate, the new feature will match your profile based on all its data with others to find potential suitors and messaging will happen in a dedicated inbox rat

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

DIGITAL INDIA – A Flagship Programme of the Government of India with a vision to transform India into a digitally empowered society as well as a knowledge economy. Yes, I am a proud Indian, and I support Digital India too, but I am absolutely not supporting Facebook's Internet.org Project. Yesterday, Facebook's CEO Mark Zuckerberg and Indian Prime Minister Narendra Modi met at Facebook's Headquarter. The Historic meeting between PM Modi and Zuckerberg went great. Hours after this event, Facebook launched a tool that allows you to change your Facebook profile picture to a Tricolor shade of Indian Flag, just like few months back 30 Millions Facebook users had changed their Profile picture with Rainbow color to support "Gay Marriages." The Latest Tool with URL https://fb.com/supportdigitalindia is to support the "Digital India" campaign by the PM Modi Government. Ever since Zuckerberg changed his Facebook profile picture to an Indian

Exposing 25 Facebook phishing websites Geeks at Security Web-Center Found 25 Facebook and list them. Sometimes spammers create fake pages that look like the Facebook login page. When you enter your email and password on one of these pages, the spammer records your information and keeps it. This is called phishing . The fake sites, like the one below, use a similar URL to Facebook.com in an attempt to steal people's login information. The people behind these websites, then use the information to access victims' accounts and send messages to their friends, further propagating the illegitimate sites. In some instances, the phishers make money by exploiting the personal information they've obtained. List of Fake Sites Collected by  Security Web-Center : https://www.sanagustinturismo.co/Facebook/ https://www.facebook.pcriot.com/login.php https://deadlyplayerx.binhoster.com/Facebook/securelogin.php https://facelook.shop.co/login.php https://sigininto.horizon-host.com/facbook/face

After being embroiled into controversies over its data sharing practices , it turns out that Facebook had granted inappropriate access to its users' data to more than 60 device makers, including Amazon, Apple, Microsoft, Blackberry, and Samsung. According to a lengthy report published by The New York Times, the social network giant struck data-sharing partnerships with at least 60 device manufacture companies so that they could offer Facebook messaging functions, "Like" buttons, address books, and other features without requiring their users to install a separate app. The agreements were reportedly made over the last 10 years, starting before Facebook apps were widely available on smartphones. Most notably, the publication suggests that the partnerships could be in breach of a 2011 consent decree by the Federal Trade Commission (FTC), which barred Facebook from granting other companies access to data of users' Facebook friends without their explicit consent

Top Story— Facebook has just lost over $60 billion in market value over the past two days—that's more than Tesla's entire market capitalisation and almost three times that of Snapchat. Facebook shares plunge over revelations that personal data of 50 million users was obtained and misused by British data analytics firm ' Cambridge Analytica ,' who reportedly helped Donald Trump win the US presidency in 2016. The privacy scandal that rocked the social media giant was revealed earlier this week when Chris Wylie , the 28-year-old data scientist who worked with a Cambridge University academic, turned into a whistleblower and leaked to the newspapers how poorly Facebook handles people's private information. Wylie claims Cambridge Analytica created " Steve Bannon's psychological warfare mindf**k tool " that profiles citizens to predict their voting patterns based on the personal information gathered from a variety of sources and then helps political

The Federal Trade Commission (FTC) today officially confirmed that Facebook has agreed to pay a record-breaking $5 billion fine over privacy violations surrounding the Cambridge Analytica scandal . Besides the multibillion-dollar penalty, the company has also accepted a 20-year-long agreement that enforces it to implement a new organizational framework designed to strengthen its data privacy practices and policies. The agreement requires Facebook to make some major structural changes, as explained below, that will hold the company accountable for the decisions it makes about its users' privacy and information it collects on them. "The order requires Facebook to restructure its approach to privacy from the corporate board-level down, and establishes strong new mechanisms to ensure that Facebook executives are accountable for the decisions they make about privacy and that those decisions are subject to meaningful oversight," the FTC said in a press release . Ac

If you are thinking that Facebook is sitting quietly after being forced to remove its Onavo VPN app from Apple's App Store, then you are mistaken. It turns out that Facebook is paying teenagers around $20 a month to use its VPN app that aggressively monitors their smartphone and web activity and then sends it back to Facebook. The social media giant was previously caught collecting some of this data through Onavo Protect , a Virtual Private Network (VPN) service that it acquired in 2013. However, the company was forced to pull the app from the App Store in August 2018 after Apple found that Facebook was using the VPN service to track its user activity and data across multiple apps, which clearly violates its App Store guidelines on data collection. Onavo Protect became a data collection tool for Facebook helping the company track smartphone users' activities across multiple different apps to learn insights about how Facebook users use third-party apps. Facebook&#

Security researchers from MetaIntell, the leader in intelligent led Mobile Risk Management (MRM), have discovered a major security vulnerability in the latest version of Facebook SDK that put millions of Facebook user's Authentication Tokens at risk. Facebook SDK for Android and iOS is the easiest way to integrate mobile apps with Facebook platform, which provides support for Login with Facebook authentication, reading and writing to Facebook APIs and many more. Facebook OAuth authentication or ' Login as Facebook ' mechanism is a personalized and secure way for users to sign into 3rd party apps without sharing their passwords. After the user approves the permissions as requested by the application, the Facebook SDK implements the OAuth 2.0 User-Agent flow to retrieve the secret user's access token required by the apps to call Facebook APIs to read, modify or write user's Facebook data on their behalf. ACCESSING UNENCRYPTED ACCESS TOKEN It is important that

Remember the last OAuth Flaw in Facebook , that allow an attacker to hijack any account without victim's interaction with any Facebook Application, was reported by white hat Hacker ' Nir Goldshlager '. After that Facebook security team fixed that issue using some minor changes. Yesterday Goldshlager once again pwn Facebook OAuth mechanism by bypassing all those minor changes done by Facebook Team. He explains the complete Saga of hunting Facebook  bug in a blog post. As explained in last report on The hacker News , OAuth URL contains two parameters i.e.  redirect_uri &   next , and using Regex Protection (%23xxx!,%23/xxx,/) Facebook team tried to secure that after last patch. In recent discovered technique hacker found that next parameter allow  facebook.facebook.com domain as a valid option and multiple hash signs is now enough to bypass Regex Protection. He use facebook.com/l.php file (used by Facebook to redirect users to external links) to redirect victims to

Facebook has a lot of problems, then there are a lot of problems for Facebook—and both are not going to end anytime sooner. Though Facebook has already set aside $5 billion from its revenue to cover a possible fine the company is expecting as a result of an FTC investigation over privacy violations, it seems to be just first installment of what Facebook has to pay for continuously ignoring users' privacy. This week, Facebook has been hit with three new separate investigations from various governmental authorities—both in the United States and abroad—over the company's mishandling of its users' data . New York Attorney General to Investigate Facebook Email Collection Scandal New York Attorney General is opening an investigation into Facebook's unauthorized collection of the email contacts of more than 1.5 million users during site registration without their permission. Earlier this month, Facebook was caught practicing the worst ever user-verification mechanism

There are many unpatched loopholes or flaws in Facebook website, that allow hackers to inject external links or images to a wall, hijacking any facebook account or bypassing your social privacy . Today we are going to report about another unfixed facebook app vulnerability that allow a hacker to spoof the content of any Facebook app  easily. Nir Goldshlager from Break Security today exposed another major flaw that allows hacker to wall post spoofed messages from trusted applications like Saavn, Candy Crush, Spotify, Pinterest, or really any other application on Facebook. In 2012 Facebook's method of publishing called stream.publish and the  Stream Publish Dialog looks like the following:  https://www.facebook.com/dialog/stream.publish?app_id=xxxx&redirect_uri=https://www.facebook.com/&action_links=&attachment=%7B%27media%27:%20[%7B%27type%27:%20%27flash%27,%27swfsrc%27:%27https://files.nirgoldshlager.com/goldshlager2.swf%27,%27imgsrc%27:%27https://w