Search results for Facebook | Breaking Cybersecurity News | The Hacker News

Do you know there is a huge encryption backdoor still exists on the Internet that most people don't know about? I am talking about the traditional Digital Certificate Management System … the weakest link, which is completely based on trust, and it has already been broken several times. To ensure the confidentiality and integrity of their personal data, billions of Internet users blindly rely on hundreds of Certificate Authorities (CA) around the globe. In this article I am going to explain: The structural flaw in current Digital Certificate Management system. Why Certificate Authorities (CA) have lost the Trust. How Certificate Transparency (CT) fixes issues in the SSL certificate system. How to early detect every SSL Certificates issued for your Domain, legitimate or rogue? First, you need to know Certificate Authority and its role: Certificate Authority and its Role A Certificate Authority (CA) is a third-party organization that acts as a centr

Apple on Thursday said it's introducing new child safety features in iOS, iPadOS, watchOS, and macOS as part of its efforts to limit the spread of Child Sexual Abuse Material (CSAM) in the U.S. To that effect, the iPhone maker said it intends to begin client-side scanning of images shared via every Apple device for known child abuse content as they are being uploaded into iCloud Photos, in addition to leveraging on-device machine learning to vet all iMessage images sent or received by minor accounts (aged under 13) to warn parents of sexually explicit photos shared over the messaging platform. Furthermore, Apple also plans to update Siri and Search to stage an intervention when users try to perform searches for CSAM-related topics, alerting that the "interest in this topic is harmful and problematic." "Messages uses on-device machine learning to analyze image attachments and determine if a photo is sexually explicit," Apple  noted . "The feature is desi

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Lulzsec Exposed, Long Live Anonymous ! Lulz war ! Today Hacking group "Lulzsec" completed their 50th day and also announce the retirement of Lulz boat . What are the Reasons behind this ? Lulz Security's rise to prominence has been extraordinarily fast.The hacking group first emerged in May and in the past few weeks has attacked the websites of some of the world's leading corporations and governments. The group specialises in locating websites with poor security and then stealing information from them and posting it online via Twitter account, well They have 278,429 Followers]in 50days. To understand who/what lulzsec is, you need to understand where they came from. Everything originates from the chan (4chan/711chan/etc.) culture. It's a culture built around the anonymity of the internet. If your anonymous no one can find you. No one can hurt you, so your invincable. According to Anonymous " The problem with Lulzsec is that they lack the skills to kee

Just one day after Microsoft released its new operating system, over 14 Million Windows users  upgraded their PCs to Windows 10 . Of course, if you are one of the Millions, you should aware of Windows 10's Wi-Fi Sense feature that lets your friends automatically connects to your wireless network without providing the Wi-Fi password. Smells like a horrible Security Risk! It even triggered a firestorm among some security experts, who warned that Wi-Fi Sense is a terrible and dangerous feature and that you should disable it right away. Even some researchers advised Windows 10 users to rename their Wi-Fi access points. Before discussing the risks of Wi-Fi Sense, let's first know how it works. Also Read:  How to Fix 35+ Windows 10 Privacy Issues With Just One Click . How Windows 10 Wi-Fi Sense works? Windows 10 Wi-Fi Sense feature allows you to share your Wi-Fi password with your friends or contacts, as well as lets you automatically connect to networ

Many Smartphone applications support, installation or app data storage to an external SD Card, that can be helpful in saving space on the internal memory, but also vulnerable to hackers. Typically, an app that has permission to read and write data from an SD card has the permission to read all data on that card, including information written by other apps. This means that if you install a malicious application by mistake, it can easily steal any sensitive data from your Phone's SD Card. To prevent the data from being misused by any other app, the best implementation is to encrypt the data, but that will drop the performance of the device. On its 10th birthday, as a treat for mobile developers, Facebook has unveiled the source code of its Android security tool called ' Conceal ' cryptographic API Java library, that will allow app developers to encrypt data on disk in the most resource efficient way, with an easy-to-use programming interface. Smaller th

More than 10,000 Facebook account hacked by TeamSwaSTika Another group of Hackers, self titled Team Swastika, have caused panic amongst Facebook users after releasing the details of 10,000 accounts onto popular text sharing site, Pastebin. Pastebin, usually used to share source code, has frequently been host to a number of text files that contain the details of specific hacks by hackitivists and hacker groups. Team Swastika is just one of these hackitivist groups but claims to be the most powerful hacking team in Nepal. They also said that next target will be Nepal Government website. Facebook hacked account dump: https://pastebin.com/KYsd0j5B (part1) - Removed by Pastebin https://pastebin.com/nN5uDrQS (part2) - Removed by Pastebin

Meta Platforms on Tuesday disclosed it took steps to dismantle two covert influence operations originating from China and Russia for engaging in coordinated inauthentic behavior (CIB) so as to manipulate public debate. While the Chinese operation sets its sights on the U.S. and the Czech Republic, the Russian network primarily targeted Germany, France, Italy, Ukraine and the U.K. with themes surrounding the ongoing war in Ukraine. "The largest and most complex Russian operation we've disrupted since the war in Ukraine began, it ran a sprawling network of over 60 websites impersonating news organizations, as well as accounts on Facebook, Instagram, YouTube, Telegram, Twitter, Change.org and Avaaz, and even LiveJournal," the social media behemoth  said . The sophisticated Russian activity, which commenced in May 2022, impersonated mainstream European news outlets like Der Spiegel, The Guardian, and Bild, not to mention build credibility by creating fake accounts across

A threat actor with affiliations to the cyber warfare division of Hamas has been linked to an "elaborate campaign" targeting high-profile Israeli individuals employed in sensitive defense, law enforcement, and emergency services organizations. "The campaign operators use sophisticated social engineering techniques, ultimately aimed to deliver previously undocumented backdoors for Windows and Android devices," cybersecurity company Cybereason  said  in a Wednesday report. "The goal behind the attack was to extract sensitive information from the victims' devices for espionage purposes." The monthslong intrusions, codenamed " Operation Bearded Barbie ," have been attributed to an Arabic-speaking and politically-motivated group called Arid Viper, which operates out of the Middle East and is also known by the monikers APT-C-23 and Desert Falcon. Most recently, the threat actor was  held responsible  for attacks aimed at Palestinian activists

We all are aware of Net Neutrality and the recent controversies over it in India. Net Neutrality is simply the Internet Freedom — Free, Fast and Open Internet for all.  India has been battling for Net Neutrality since zero-rating services such as Facebook's Internet.org and Airtel Zero were announced. The Department of Telecommunications (DoT) has now released a much-awaited report [ PDF ] on the Net Neutrality issue, recommending the Telecom Regulatory Authority of India (TRAI) to regulate the voice calls conducted by the Internet users of over-the-top (OTT) services. Over 100 pages-long report details the DoT's understanding of Net Neutrality Principles, which has been criticized by consumer groups because it could End Free domestic voice calls offered by apps like WhatsApp and Skype. The Report says, "the core principles of net neutrality must be adhered to," and user rights on the Internet need to be protected, so that the Telecom Service Provid

According to a new report revealed by NSA leaker Edward Snowden , The National Security Agency has a secret program that allows it to see just about everything a person does on the Internet.  An NSA tool called DNI Presenter, used to read the content of stored emails, also enables an analyst using XKeyscore to read the content of Facebook chats or private messages.  An analyst can monitor such Facebook chats by entering the Facebook user name and a date range into a simple search screen. XKeyscore provides the technological capability, if not the legal authority, to target even US persons for extensive electronic surveillance without a warrant provided that some identifying information, such as their email or IP address, is known to the analyst. The Guardian has published several NSA training slides from the program: The NSA documents show that as of 2008, the X-Keyscore platform was used to nab 300 alleged terrorists around the world. Another

Reminder—If you've forgotten about any Google app after using it once a few years ago, be careful, it may still have access to your private emails. When it comes to privacy on social media, we usually point fingers at Facebook for enabling third-party app developers to access users personal information—even with users' consent. But Facebook is not alone. Google also has a ton of information about you and this massive pool of data can be accessed by third-party apps you connect to, using its single sign-on service. Though Google has much stricter privacy policies about what developers can do with your data, the company still enables them to ask for complete access of your Google account, including the content of your emails and contacts. The entire Facebook's  Cambridge Analytica privacy saga highlights how crucial it is to keep track of the apps you have connected to your social media accounts and permitted to access your data. Last year, Google itself prom

Meta, the parent company of Facebook, Instagram, and WhatsApp, disclosed that it doesn't intend to roll out default end-to-end encryption (E2EE) across all its messaging services until 2023, pushing its original plans by at least a year. "We're taking our time to get this right and we don't plan to finish the global rollout of end-to-end encryption by default across all our messaging services until sometime in 2023," Meta's head of safety, Antigone Davis,  said  in a post published in The Telegraph over the weekend. The new scheme, described as a "three-pronged approach," aims to employ a mix of non-encrypted data across its apps as well as account information and reports from users to improve safety and combat abuse, noting that the goal is to deter illegal behavior from happening in the first place, giving users more control, and actively encouraging users to flag harmful messages. Meta had previously  outlined  plans to be "fully end-to-en

WhatsApp on Friday  announced  it will roll out support for end-to-end encrypted chat backups on the cloud for Android and iOS users, paving the way for storing information such as chat messages and photos in Apple iCloud or Google Drive in a cryptographically secure manner. The optional feature, which will go live to all of its two billion users in the coming weeks, is expected to only work on the primary devices tied to their accounts, and not companion devices such as desktops or laptops that simply mirror the content of WhatsApp on the phones. The development marks an escalation in the growing tussle over encryption technology and meeting law enforcement needs, wherein privacy-preserving technologies have created impenetrable barriers to comply with legal demands to access vast swathes of digital information stored on smartphones and the cloud — a phenomenon referred to as the "going dark" problem. While the Facebook-owned messaging platform flipped the switch on end-