Search results for Facebook | Breaking Cybersecurity News | The Hacker News

Facebook on Wednesday announced it's open-sourcing  Mariana Trench , an Android-focused static analysis platform the company uses to detect and prevent security and privacy bugs in applications created for the mobile operating system at scale. "[Mariana Trench] is designed to be able to scan large mobile codebases and flag potential issues on  pull requests  before they make it into production," the Menlo Park-based social tech behemoth said . In a nutshell, the utility allows developers to frame rules for different data flows to scan the codebase for in order to unearth potential issues — say,  intent   redirection   flaws  that could result in the leak of sensitive data or injection vulnerabilities that would allow adversaries to insert arbitrary code — explicitly setting boundaries as to where user-supplied data entering the app is allowed to come from (source) and flow into (sink) such as methods that can execute code and retrieve or interact with user data. Dat

Before winding up the dispute of Apple and FBI over encryption, another buzz on the Whatsapp Snooping is now the hot debate on the court bench. In the wake of WhatsApp's move to offer end-to-end encryption to text messages as well as VoIP calls made through its app, federal authorities have not been able to execute wiretapping warrants on WhatsApp users. Though the US Department of Justice was discussing how to proceed with a continuing criminal investigation, the government is considering legal proceedings similar to those involved with Apple. According to the New York Times , as recently as this past week, a federal judge had approved a wiretap in a criminal investigation, but WhatsApp's encryption hindered investigators. Since any court officials have not made a final decision, the Department of Justice is very keen to drag Whatsapp into the Encryption fight war zone similar to the ongoing San Bernardino case . In San Bernardino case, the DoJ was gr

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

The recent controversies surrounding the WhatsApp hacking haven't yet settled, and the world's most popular messaging platform could be in the choppy waters once again. The Hacker News has learned that last month WhatsApp quietly patched yet another critical vulnerability in its app that could have allowed attackers to remotely compromise targeted devices and potentially steal secured chat messages and files stored on them. The vulnerability — tracked as CVE-2019-11931 — is a stack-based buffer overflow issue that resided in the way previous WhatsApp versions parse the elementary stream metadata of an MP4 file, resulting in denial-of-service or remote code execution attacks. To remotely exploit the vulnerability, all an attacker needs is the phone number of targeted users and send them a maliciously crafted MP4 file over WhatsApp, which eventually can be programmed to install a malicious backdoor or spyware app on the compromised devices silently. The vulnerability

In June 2017, a  study  of more than 3,000 Massachusetts Institute of Technology (MIT) students  published  by the National Bureau for Economic Research (NBER) found that 98% of them were willing to give away their friends' email addresses in exchange for free pizza. "Whereas people say they care about privacy, they are willing to relinquish private data quite easily when incentivized to do so," the research said, pointing out a what's called the privacy paradox. Now, nearly seven years later, Telegram has introduced a new feature that gives some users a free  premium membership  in exchange for allowing the popular messaging app to use their phone numbers as a relay for sending one-time passwords (OTPs) to other users who are attempting to sign in to the platform. The feature, called Peer-to-Peer Login (P2PL), is currently being tested in selected countries for Android users of Telegram. It was first spotted by  tginfo  in February 2024 (via  @AssembleDebug ). A

A suspected Vietnamese-origin threat actor has been observed targeting victims in several Asian and Southeast Asian countries with malware designed to harvest valuable data since at least May 2023. Cisco Talos is tracking the cluster under the name  CoralRaider , describing it as financially motivated. Targets of the campaign include India, China, South Korea, Bangladesh, Pakistan, Indonesia, and Vietnam. "This group focuses on stealing victims' credentials, financial data, and social media accounts, including business and advertisement accounts," security researchers Chetan Raghuprasad and Joey Chen  said . "They use RotBot, a customized variant of Quasar RAT, and XClient stealer as payloads." Other commodity malware used by the group comprises a combination of remote access trojans and information stealers such as  AsyncRAT ,  NetSupport RAT , and Rhadamanthys . The targeting of business and advertisement accounts has been of particular focus for attacke

Channel.facebook.com cross-site-scripting (XSS) vulnerability by Edgard Chammas Security researcher Edgard Chammas, has submitted on 02/04/2011 a cross-site-scripting (XSS) vulnerability affecting 1.61.channel.facebook.com, which at the time of submission ranked 2 on the web according to Alexa. It is currently unfixed. Link :  https://1.61.channel.facebook.com/iframe/11?r=https://static.ak.fbcdn.net/rsrc.php/1.js%22%3E%3C/script%3E%3Cscript%3Ealert(%22The%20Hacker%20News%22)%3C/script%3E%3Cscript%3E

Selena Gomez  has warned fans to ignore a series of hateful messages posted on her  Twitter  and  Facebook. com pages, after her online accounts were targeted by hoaxers. The Wizards of Waverly Place star's pages on the social networking sites were taken over by hackers earlier this week. Imposters confused fans with a series of profanity-riddled messages, including, "THE KID ON 4CHAN.ORG IS A LIEN F**KER HE DIDNT HACK S**T!!!!," and, "This message is for puha, YOU SUCK B**CH!!!" The unauthorized posts have since been deleted. And Gomez has taken to her Facebook page to warn fans to ignore the mean messages, assuring them the problem is being fixed. She wrote, "Sorry everyone. My Facebook Page and Twitter account has been hacked and we are cleaning it up." News Source : Om Rathore

' The Hacker News ' Magazine - Anonymous Edition - Issue 01 - April,2011 Download now ! Link :  https://theevilhackerz.com/magazine-01-low.pdf 'The Hacker News' Magazine contacts : Mohit Kumar, Editor in Chief Email -  thehackernews@gmail.com Facebook Profile -   https://www.facebook.com/unix.root Twitter Profile -  https://twitter.com/TheHackersNews Facebook Page -  https://www.facebook.com/thehackernew

Popular antivirus service Webroot mistakenly flagged core Windows system files as malicious and even started temporarily removing some of the legit files, trashing user computers around the world. The havoc caused after the company released a bad update on April 24, which was pulled after approximately 15 minutes. But that still hasn't stopped some PCs from receiving it, causing serious issues for not just individuals, but also companies and organizations relying on the software. Webroot even Blocked Facebook According to the reports by many customers on social media and Webroot's forum , hundreds and even thousands of systems were broken down after antivirus software flagged hundreds of benign files needed to run Windows and apps that run on top of the operating system. The faulty update even caused the antivirus to incorrectly block access to Facebook after flagging the social network service as a phishing website, preventing users from accessing the social netw

A Vietnamese threat actor has been attributed as behind a "malverposting" campaign on social media platforms to infect over 500,000 devices worldwide over the past three months to deliver variants of information stealers such as  S1deload Stealer  and  SYS01stealer . Malverposting refers to the use of promoted social media posts on services like Facebook and Twitter to mass propagate malicious software and other security threats. The idea is to reach a broader audience by paying for ads to "amplify" their posts. According to  Guardio Labs , such attacks commence with the adversary creating new business profiles and hijacking already popular accounts to serve ads that claim to offer free adult-rated photo album downloads. Within these ZIP archive files are purported images that are actually executable files, which, when clicked, activate the infection chain and ultimately deploy the stealer malware to siphon session cookies, account data, and other information.

Albania Security Group Hack more than 1 000 Facebook Pages In One day ! There are Four Admins In the Group : 1.) Hacker Twilight  2.) Akrepi Hacker  3.) BombRun 4.)  WarBot They Spread a Hex Javascript on Facebook, Once Victim will run that ,it automatically add there email id as admin in all victims Facebook pages. Nice Concept ! Beware .... these are Genius ....

New Facebook worm propagating : VERIFY MY ACCOUNT , Video Explanation of Code In the past hour a new application has begun spreading on Facebook which has found an exploit in the existing sharing system. Whatever you do, don't click the link described below. The system is pretty straight forward. It suggests that you click "VERIFY MY ACCOUNT" within a link which ultimately results in the user posting the same message to all their friends' walls. The message typically resembles the following one: Scam Signature Message:  In order to PREVENT SPAM, I ask that you VERIFY YOUR ACCOUNT. Click VERIFY MY ACCOUNT right next to comment below to start the process… The result is that thousands of users have seen the message spreading to their profiles in the past hour or so. Our guess is that this message could reach hundreds of thousands of users before it's shut down (unless Facebook's security team is up right now). The bottom line is this: don't click any of the links resembling the o

Yesterday reports revealed that Pavel Durov , the 29-year-old founder of Russia's most popular social networking site VKontakte (VK) - Russia's Facebook, had been fired from his post of general director of Vkontakte. On monday, Durov said that the social networking site VK is now under the complete control of two close allies of President Vladimir Putin. Publicly announcing his firing on his VK page he said, " In this way, today VKontakte goes under the complete control of Igor Sechin and Alisher Usmanov. Probably, in the Russian context, something like this was inevitable, but I'm happy we lasted seven and a half years. We did a lot. And part of what's been done can't be turned back. " Last Month on 21st March, the 29-year-old entrepreneur announced submitted his resignation, but earlier this month that he had rescinded his resignation as the company's CEO because it was an April Fool Prank, but unfortunately he supposedly failed to properly withdraw befor

The hacktivist group Anonymous has launched a massive cyber attack against the Islamic State of Iraq and Syria (ISIS) — the radical Islamic terrorist group who were  responsible for the terrorist attack against the Paris offices of satirical magazine Charlie Hebdo . With huge social media presence, ISIS is the most active terror group on Facebook, Twitter, YouTube and Instagram accounts. But unluckily, over dozens of Facebook and Twitter accounts linked to ISIS has recently been taken by the Anonymous group. In a video appeared on Youtube, Anonymous group and RedCult announced the operation  #OpISIS  and claimed to have carried out cyber attack against hundreds of Twitter and Facebook accounts used by ISIS for its own propaganda and to recruit new members. According to the video, Operation  #OpISIS  is coordinated by "Muslims, Christians, Jews"  alike and a masked individual discusses the aim of the campaign. They are " hackers, crackers, Hacktivist, phi

And the hacks just keep on coming. Timehop social media app has been hit by a major data breach on July 4th that compromised the personal data of its more than 21 million users. Timehop is a simple social media app that collects your old photos and posts from your iPhone, Facebook, Instagram, Twitter and Foursquare and acts as a digital time machine to help you find—what you were doing on this very day exactly a year ago. The company revealed on Sunday that unknown attacker(s) managed to break into its Cloud Computing Environment and access the data of entire 21 million users, including their names, email addresses, and approximately 4.7 million phone numbers attached to their accounts. "We learned of the breach while it was still in progress, and were able to interrupt it, but data was taken. Some data was breached," the company wrote in a security advisory posted on its website. Social Media OAuth2 Tokens Also Compromised Moreover, the attackers also got th

Chinese spied on NATO officials using Facebook Friends An online scam has been exposed in which senior British military and government officials were tricked into becoming Facebook friends with someone masquerading as U.S. Admiral James Stavridis, NATO's Supreme Allied Commander and lead officer on the Libyan mission, thereby exposing their own personal information to unknown hackers. Late last year, senior British military officers, Defense Ministry officials, and other government officials were tricked into becoming Facebook friends with someone masquerading as United States Navy admiral James Stavridis. Nato will not officially say who was behind the cyber-fraud or who accepted friend requests but it is understood that evidence points to Chinese state-sponsored hackers. NATO has advised senior officers and officials, including Admiral Stirvis to open their own social networking pages to prevent a repeat of such incident. the Supreme Headquarters Allied Powers Europe (Shape), c

Chandan Roy Sanyal's FB account has been hacked and is being used scandalously. The actor is livid Mikhail of Kaminey, Chandan Roy Sanyal's Facebook status reads: Some tv actress Sneha Wagh keep sending me abusive messages, and SMS. It is very serious matter. Don't know what to do. "But that's not me on Facebook. My account got hacked three weeks ago and I've been unable to log in since then. In fact, I don't even know Sneha Wagh... I've not even heard of her," said Chandan. Apparently, Sneha Wagh is a television actress who essayed the role of the protagonist in a serial called Jyoti. The actor, who is currently shooting in Colombo for Deepa Mehta's Midnight's Children, added, "I'm going to lodge a complaint with the cyber crime cell once I return to Mumbai. I have uploaded some of my personal pictures on Facebook and things like these are just scary." Chandan, better be careful about your social network. You

Facebook founder Mark Zuckerberg has a dream to make Internet access available to everyone across the world - Zuckerberg argues Internet should be a service as essential as of 911 in the case of an emergency. In a blog post published Monday in The Wall Street Journal , founder of the social networking giant highlighted the future of universal Internet access, along with the steps he thinks to achieve it. Today 2.7 billion people, just over one-third of the world's population, have access to the Internet, Zuck said, and the adoption has been growing at a very lower rate, by less than 9% each year. The rest of the world's 5 billion people who do not have access to Internet are lacking access due to issues such as high costs or improper infrastructure. One may think that Zuckerberg's vision sounds like a self-interested push to gain more users for its social networking service, Facebook. But its true that the world is currently facing a growing technological divide,

Researchers have uncovered a new social engineering trick that leads users to a malicious extension from Google Chrome impersonating to deliver Adobe's Flash Player in order to lure victims in a click fraud campaign. Security experts at TrendMicro believe that the malware is triggered by opening Facebook or Twitter via shortened links provided in any social networking websites. Once clicked, the links may lead victims to a site that automatically downloads the malicious browser extension . MALWARE INVOLVES DOWNLOADING MULTIPLE MALICIOUS FILES The process is quite complicated as the malware drops a downloader file which downloads multiple malicious files on the victim's computer. Moreover, the malicious program also has ability to bypass Google's recent security protection added to Chrome against installation of browser extensions that are not in Chrome Web Store. Researchers came across a baiting tweet that advertises " Facebook Secrets ", claiming to show videos

Attention WordPress users! Your website could easily get hacked if you are using " Ultimate Addons for Beaver Builder ," or " Ultimate Addons for Elementor " and haven't recently updated them to the latest available versions. Security researchers have discovered a critical yet easy-to-exploit authentication bypass vulnerability in both widely-used premium WordPress plugins that could allow remote attackers to gain administrative access to sites without requiring any password. What's more worrisome is that opportunistic attackers have already started exploiting this vulnerability in the wild within 2 days of its discovery in order to compromise vulnerable WordPress websites and install a malicious backdoor for later access. Both vulnerable plugins, made by software development company Brainstorm Force, are currently powering over hundreds of thousands of WordPress websites using Elementor and Beaver Builder frameworks, helping website admins and de