Facebook

New Ramnit variant steals Facebook logins

January 05, 2012

A new variant of the Ramnit virus harvested the login credentials of more than 45,000 Facebook users worldwide, according to researchers.
 

Crooks using Zeus in new Facebook attacks

November 30, 2011

Variants of the Zeus trojan are being used in new Facebook and banking heists, security researchers and law enforcement are warning.
 

Facebook identifies porn spam perpetrators

November 18, 2011

The social media giant is "pursuing the appropriate action" against those behind a wave of pornographic content that showed up on users' news feeds this week.
 

Facebook: Is the Fawkes virus still smoldering?

David Harley, ESET senior research fellow • November 15, 2011

Once again Facebook is a focus for unsavory activity, but is there a change here for the worse?
 

Facebook to extend bug bounty program

November 01, 2011

At some point in the future, Facebook plans to begin asking researchers to review code that has not yet been released, according to Joe Sullivan, CSO at Facebook.
 

Facebook rolls out application-specific passwords

October 28, 2011

Facebook on Thursday introduced two new security features to help users better protect their accounts. The first is the ability to create unique passwords for each application a user accesses. (Normally they only need to enter in their standard Facebook credentials). The new capability allows members to create a password, which they won't have to remember each time they login to the app, by visiting Account Settings>Security>App Passwords. Meanwhile, the "Trusted Friends" feature allows a user to select three to five trusted individuals to serve as custodians of codes that can be used to access one's account if he or she is ever locked out.
 

Researcher finds way to send executable file on Facebook

October 28, 2011

Researchers have discovered a way to evade Facebook security controls to deliver a message that could come outfitted with a malicious attachment.
 

Social engineering and social media

David Harley, ESET senior research fellow • October 14, 2011

Truth when Symantec inadvertently blocks access to Facebook.
 

Scammers exploiting death of Steve Jobs

October 06, 2011

Online miscreants took to Facebook about an hour after Apple announced that Jobs died, attempting to earn commission by luring users into clicking on affiliate scam links with the promise of a free iPad.
 

Facebook-style feng shui phooey

David Harley, ESET senior research fellow • September 30, 2011

Facebook is the 21st century chainletter channel of choice.
 

Most businesses lack social media security controls

September 29, 2011

Just 32 percent of U.S. IT and IT security practitioners said their company has a policy that addresses the acceptable use of social media by employees in the workplace.
 

Facebook has already paid $40,000 for bug finds

August 30, 2011

Three weeks after launching its vulnerability bounty program, Facebook has awarded one security researcher more than $7,000 for reporting six different issues.
 

Facebook releases how-to guide to stay protected

August 23, 2011

Facebook has released a guide to security. Written in simple-to-understand terms, the 14-page document encourages users to set strong passwords and log out of their accounts when they are finished. It also address common scams on the social networking site, including clickjacking. The handbook suggests users implement enhanced security settings, including secure browsing, one-time passwords and account activity monitoring. In addition, it explains how Facebook members can recover their accounts if they have been compromised.
 

Social media and political certainties

David Harley, ESET senior research fellow • August 15, 2011

Blanket censorship of social media in the UK might be unlikely, but targeted blocking based on legal interception isn't out of the question.
 

Who missed Facebook's bounty party?

Sean Martin, founder, imsmartin consulting August 12, 2011

Facebook should use its recently announced vulnerability bounty program to push for more security in third-party applications that run on the site.
 

Anonymous plan to "kill" Facebook may be fake

August 10, 2011

One of the more prominent members of the Anonymous hacking movement has shot down reports that the group is planning to take down Facebook on Nov. 5. "Sabu" tweeted Wednesday that the so-called OpFacebook is a hoax. His claim was backed up by AnonOps, considered the most reliable Anonymous news source on Twitter. It is possible splinter members are planning the attack, which is being launched over allegations that Facebook provides information about its users to government agencies and security firms, according to a YouTube video posted in mid-July. The Nov. 5 date is known as Guy Fawkes Day to commemorate the capture of the British revolutionary who plotted to blow up the House of Lords.
 

Facebook offers $500 bounty for security bugs

August 01, 2011

The company joins several other high-profile web brands by providing awards to researchers who privately disclose flaws, such as cross-site scripting.
 

Pfizer latest corporate victim in hacktivist attacks

July 21, 2011

The Facebook page for Pfizer has returned online after it was compromised by hackers who posted remarks disparaging the pharmaceutical giant. U.K.-based group The Script Kiddies claimed responsibility with gaining control of Pfizer's Facebook page, which has nearly 30,000 followers, to post updates that called the company "corrupt" and "irresponsible." Once it retook control, Pfizer posted a message on the account saying it was "working with Facebook to understand what happened so we can guard against it in the future." The Script Kiddies, through its Twitter account, posted two screenshots of the defacement, done as part of the AntiSec movement recently announced by fellow hacktivist collectives Anonymous and LulzSec.
 

Osama bin Laden killing prompts malware, Facebook scams

May 02, 2011

The website belonging to a man in Pakistan who unknowingly live tweeted the raid on Osama bin Laden's compound was found to be infected with malware.
 

Giving the cybercriminals a helping hand

Randy Abrams, director of technical education, Cyber Threat Analysis Center, ESET North America March 31, 2011

Most Facebook app developers are making session hijacking too easy for the cybercriminals.
 

New Koobface campaign hits Facebook

January 14, 2011

Researchers at web security firm Websense have discovered a new Koobface campaign that is spreading on Facebook via direct messages sent from compromised accounts. Those behind the latest campaign have attempted to obfuscate the URL in each message to avoid detection by security software or Facebook security controls, researchers said Friday. Recipients of the message are told to follow a link to view a video in which they appear. After clicking the link, users are directed to a malicious site, where they are instructed to download a "missing Flash plug-in" to play the supposed video. The download is actually a variant of the Koobface worm. - AM
 

New malicious email campaign targets Facebook users

November 19, 2010

A large wave of malicious emails claiming to come from Facebook began hitting inboxes this morning, according to researchers at messaging security firm AppRiver. The emails contain the subject line "Facebook Support" and purport to be from "Facebook office." Recipients are told their Facebook accounts have been blocked due to spam activity and they must use a new password, which is included in an attachment. However, the attachment actually contains a variant of the Oficla downloader, which has been known to install rogue anti-virus programs and the Zeus trojan. AppRiver has detected more than 100,000 of the messages. - DK
 

Facebook, Twitter fail latest security assessment

November 05, 2010

A nonprofit security think tank's "report card" has failed Facebook and Twitter for neglecting to implement safeguards that are available on other popular online services.
 

Firefox add-on allows session hijacking of popular sites

October 26, 2010

A computer researcher has released a plug-in for the Firefox web browser that lets anyone scan open Wi-Fi networks and hijack, for example, Twitter and Facebook accounts.
 

Facebook goes after three more spammers in court

October 20, 2010

Facebook has filed three additional lawsuits against alleged spammers, the company announced Wednesday.
 

Facebook "dislike" button scam spreading

August 16, 2010

The latest scam to hit Facebook is trying to trick users into spreading spam with the offer of a "dislike" button, Graham Cluley, senior technology consultant at anti-virus firm Sophos, said in a blog post Monday. Many users have been clamoring for such a capability, as they could use the button to give a thumbs-down to other posts, links or uploads of which they are not fond. A "like" button already exists. The scam entices users to click on a link and install a rogue Facebook application, Cluley said. If the app is given permission to run, it posts spam messages from the user's account and prompts them to complete an online survey that makes money for the perpetrators. — AM
 

"Sexiest video" scam preys on Facebook users

May 17, 2010

Researchers over the weekend discovered a new Facebook adware campaign that quickly was disabled.
 

1.5 million stolen Facebook accounts up for grabs

April 23, 2010

Researchers at VeriSign's iDefense have discovered a single hacker selling 1.5 million stolen Facebook account credentials on an underground market. The stolen credentials were put up for sale by a hacker with the handle "kirllos" who is believed to be from Eastern Europe. The hacker is selling batches of 1,000 accounts with 10 Facebook "friends" for $25 and 1,000 accounts with more than 10 "friends" for up to $45. It is estimated that 700,000 accounts have already been purchased. Compromised Facebook accounts can be used by cybercriminals to spread malware, send spam or attempt to defraud a user's "friends." — AM
 

Experts warn of fake Valentine's Day e-cards

February 12, 2010

Cybercriminals will no doubt, begin sending out emails over the next few days that look like Valentine's Day greeting cards, which contain a malicious link or attachment.
 

Panda finds 2009 a record-breaking malware year

January 05, 2010

More than 40 million pieces of malware have been identified by PandaLabs and 55,000 new samples are being identified each day, many on social networking sites, the report states.
 
Powered by Disqus
Popular Topics
Analyst Reports & Industry Surveys Android Anonymous Breaches & Exposures Canada Data Breaches DNS Education Finance Government Hackers Hacktivism Health Care Lawbreakers & Cybercrime Lawsuit Legislation LulzSec Malware Mobile Applications Mobile Devices Phishing Rootkits SC Awards 2012 Social Engineering Trojans