Social Networks News, Articles and Updates

Facebook, trust and security

Facebook, trust and security

Trusting the good intentions of an agency shouldn't carry an automatic assumption that what they do or say, or where they say it, is always good for you.

Kelihos lives on thanks to Facebook trojan


After being "sinkholed," the Kelihos.B botnet has been reconfigured and is spreading through social networking sites.

Sponsored Video: Stephen Cobb of ESET on RSA 2012 hot topics


Stephen Cobb, security evangelist at ESET, discusses the hot topics at this year's RSA Conference 2012, including BYOD, attacks on social networks, and resource challenges in today's economy.

Twitter acquires web malware fighter Dasient


Twitter, a hotbed of malware due to its extreme popularity, has made one of its first-ever security acquisitions with the purchase of Dasient.

New Ramnit variant steals Facebook logins


A new variant of the Ramnit virus harvested the login credentials of more than 45,000 Facebook users worldwide, according to researchers.

Twitter buys Whisper Systems for Android security


Twitter has acquired a start-up that makes security and management solutions for Android devices.

Privacy, identity, and the Nym of the Rose

Anonymity and pseudonymity: A once and future thing.

Facebook identifies porn spam perpetrators


The social media giant is "pursuing the appropriate action" against those behind a wave of pornographic content that showed up on users' news feeds this week.

Microsoft YouTube channel hacked


Hackers over the weekend accessed Microsoft's YouTube channel to swap out videos with their own. It is unclear what the intruders' motive was, but they may have been able to access the account by stealing its login credentials from a Microsoft employee, Graham Cluley, senior technology consultant at anti-virus firm Sophos, said in a blog post Sunday. One of the unauthorized videos posted was titled "Bingo" and featured an animated video game character shooting another character. By Monday morning, the channel was operating normally. The incident followed hackers last week taking over the Sesame Street YouTube channel to display pornographic videos.

Podcast: Automating social engineering


The process of delivering targeted attacks to end-users has gotten easier for attackers thanks to automated social engineering, in which adversaries can write tools that scour the web for personal data to include in their emails to increase their believability. The goal, of course, is to design messages that people are more likely to click on and, as a result, install malware on their machines or divulge personal information. In this podcast, Matias Brutti, a security consultant at security services firm IOActive, explains what the automation of social engineering means for organizations and how they can fight back.

USA Today Twitter account hacked by The Script Kiddies


The Twitter account belonging to the USA Today was hacked over the weekend by a group called The Script Kiddies. In tweets posted from the compromised account, the hacktivist group bragged about past hacking feats, and urged users to "like" them on Facebook and vote on who they should infiltrate next. It is unclear how the hackers were able commandeer control of the account. The same group also claimed responsibility earlier this month for hacking the NBC News Twitter account and sending a series of erroneous tweets. In that case, a trojan permitted the takeover.

Who missed Facebook's bounty party?

Who missed Facebook's bounty party?

Facebook should use its recently announced vulnerability bounty program to push for more security in third-party applications that run on the site.

Anonymous plan to "kill" Facebook may be fake


One of the more prominent members of the Anonymous hacking movement has shot down reports that the group is planning to take down Facebook on Nov. 5. "Sabu" tweeted Wednesday that the so-called OpFacebook is a hoax. His claim was backed up by AnonOps, considered the most reliable Anonymous news source on Twitter. It is possible splinter members are planning the attack, which is being launched over allegations that Facebook provides information about its users to government agencies and security firms, according to a YouTube video posted in mid-July. The Nov. 5 date is known as Guy Fawkes Day to commemorate the capture of the British revolutionary who plotted to blow up the House of Lords.

FTC finalizes settlement with Twitter over privacy


The Federal Trade Commission late last week finalized a proposed settlement with Twitter, resolving charges that the social networking site failed to failed to properly safeguard the data and privacy of its users. As part of the settlement, announced in June, Twitter must create and maintain a comprehensive information security program and succumb to a third-party audit biennially for 10 years. Twitter was also barred for 20 years from misleading consumers about its security and privacy protections. Each subsequent violation may result in a penalty of up to $16,000. - AM

Cyberwar PsyOps: Islamic suffrage and social media

What cyberwar psychological operations are now being conducted by women? How can information businesses be adaptable for changes which may be trending in a new Middle East? Part four of a series.

Cyberwar PsyOps Analysis: Egypt 2011

#OpEgypt and #Jan25 lead in this cyberwarfare analysis on psychological operations using social media. The old-school mobile phone is now the instrument of real-time sitreps. Will cellular network technology be the next risk for state-sanctioned cyberwarfare? Part three of a series.

The time axis of evil: phishing's golden hour

Five steps any size business can employ today to crush phishing risks.

Stuxnet's persistent legacy: Cybersecurity is blended security

Were cybersecurity and Stuxnet involved with Iranian Prof. Shahriari's recent assassination? What are the game-changing physical security considerations for chief information officers?

Social networks: Criminal enterprise, Pt. 2

Some low level criminal networks have profiles in everyday social networks. Would researching these profiles during cyber intrusion research risk tipping off the bad guys?

Scammers ready to pounce on Cyber Monday deal-hunters


Social networking sites and search engines are expected to be hit hard as cybercriminals try to wrangle in unsuspecting holiday shoppers.

New malicious email campaign targets Facebook users


A large wave of malicious emails claiming to come from Facebook began hitting inboxes this morning, according to researchers at messaging security firm AppRiver. The emails contain the subject line "Facebook Support" and purport to be from "Facebook office." Recipients are told their Facebook accounts have been blocked due to spam activity and they must use a new password, which is included in an attachment. However, the attachment actually contains a variant of the Oficla downloader, which has been known to install rogue anti-virus programs and the Zeus trojan. AppRiver has detected more than 100,000 of the messages. - DK

Firefox add-on allows session hijacking of popular sites


A computer researcher has released a plug-in for the Firefox web browser that lets anyone scan open Wi-Fi networks and hijack, for example, Twitter and Facebook accounts.

Twitter recovers after second worm attack in a week


Twitter is cleaning up from another fast-spreading worm that forced users to tweet out a graphic message.

Twitter hole patched

A flaw allowing JavaScript code to appear in tweets was plugged Wednesday morning by engineers at The far-ranging cross-site scripting attack, which reportedly originated as a harmless, proof-of-concept attack by an Australian teenager, was estimated to affect more than 500,000 users of the social network site. The attacks exploited a common JavaScript feature, onmouseover, that allows programmers to create discrete actions when users move their mouse cursor over an area of a web page. The worm allowed attackers to infect a user's account, as well as those of their followers. - GM

Twitter fixes XSS flaw after being exploited


Cybercriminals this week took advantage of a cross-site scripting vulnerability on Twitter that since has been fixed, according to security researchers

Facebook unveils new logout capability


Facebook on Thursday announced the launch of a new security feature that allows members to log out of any active sessions from a central control. The function is aimed at users who may have accidentally remained logged in when using a computer or mobile device that wasn't their own. However, according to a Facebook Security blog post, the feature also can be used to sign off individuals who may have gained unauthorized access to an account. The new tool complements a feature announced in May that allows users to approve the devices that can access their accounts. — DK

Spammers inundate Apple's new social media service Ping


Apple's new social media service Ping already is being abused by spammers, security experts are warning.

Fake TweetDeck update on Twitter leads to trojan


Attackers took to Twitter on Monday to spread malware via links pointing to what they claimed was an update to the popular microblogging client TweetDeck.

Facebook "dislike" button scam spreading


The latest scam to hit Facebook is trying to trick users into spreading spam with the offer of a "dislike" button, Graham Cluley, senior technology consultant at anti-virus firm Sophos, said in a blog post Monday. Many users have been clamoring for such a capability, as they could use the button to give a thumbs-down to other posts, links or uploads of which they are not fond. A "like" button already exists. The scam entices users to click on a link and install a rogue Facebook application, Cluley said. If the app is given permission to run, it posts spam messages from the user's account and prompts them to complete an online survey that makes money for the perpetrators. — AM

Facebook fixes bug that spammers could have used


Facebook this week fixed a privacy glitch on its website that could have been abused to obtain a user's full name and photo by entering an incorrect password, a researcher said Wednesday.


Sign up to our newsletters