Social Media | SC Media

Social Media

WordPress Social Warfare plugin vulnerabilities abused in the wild


About 42,000 websites have not updated to the latest version of the Social Warfare WordPress plugin, leaving themselves open to a pair of vulnerabilities that are being exploited in the wild. Palo Alto’s Unit 42 research team is reporting that the two problems, both rated medium-level threats and tracked under CVE-2019-9978, were patched through a…

Facebook says it ‘unintentionally’ harvested 1.5M users’ email contacts via verification feature


Facebook has once again stoked controversy after the social media giant reportedly owned up to “unintentionally” collecting the email contacts of 1.5 million users without their consent. Business Insider revealed the company’s latest data mismanagement gaffe in an April 17 news report, after its staff members created a fake account and entered an email password…


74 Facebook groups for cybercriminals found


There are Facebooks groups for moms, people who like trains, or old photographs of Chicago so it should come as no surprise that cybercriminals also use the social media network to discuss what they like. Cisco Talos found 74 Facebook groups with more than 385,000 members with dedicated to acts ranging from shady to illegal.…

540M Facebook member records exposed by an unsecure AWS S3 bucket


Upguard is reporting it found more than 540 million records from two Facebook app providers on two unprotected Amazon S3 buckets. The exposed information is from the Mexican media firm Cultura Colectiva and a now defunct Facebook-integrated app called “At the Pool.” The Cultura Colectiva dataset contained 146GB of data with 540 million records showing…


Massively invasive Italian spyware campaign found on Google Play


The non-profit security organization Security Without Borders (SWB) has identified a campaign utilizing Italian-language service applications from mobile operators apps that instead of doing their stated function are in fact spyware. The groups report stated that dozens of infected apps had been found in the Google Play store with a possible download total in the…

Microsoft grabs APT35/Charming Kitten websites in court ordered take down


Working under a court order Microsoft seized control of 99 websites allegedly controlled by the Iranian hacker group APT 35. Charming Kitten has been associated with Iran. Microsoft obtained clearance to take action against APT35 (aka Phosphorus, Charming Kitten, Ajax Security Team) by the U.S. District Court for Washington, D.C. after the company took legal…

Facebook sues app makers over browser extensions that allegedly scraped user data


Facebook has filed a lawsuit against two Ukrainian men accused of creating fraudulent quiz applications that tricked users into installing malicious browser extensions. These extensions allegedly scraped information from users’ social media pages and injected unapproved advertisements when users would visit various social networking sites, including Facebook. As reported in The Verge, Facebook filed the…

Report reveals how China leverages social media to influence U.S.


A new report from Recorded Future’s Insikt Group research team examines how the Chinese government exerts influence on Americans through an organized social media campaign. Unlike Russia, which has weaponized social media as a means to sow discord and undermine democracy within the U.S., China’s objective is to present itself in a more positive, benign…

Panel: Laws to curb influence campaigns on social media should stress transparency, collaboration


Security and trust executives from social media platforms Facebook and Twitter said at a RSA 2019 keynote panel this week that their companies would welcome additional transparency regulations as a countermeasure against the weaponization of the internet by foreign adversaries. In addition, other experts on the panel suggested regulations that would require the identification of…

Scammers con kids into paying for “free” Fortnite concert


Scammers using a major event to separate fools from their money is nothing new so several took advantage of the first live concert ever streamed through the massively popular video game Fortnite to sell non-existent tickets to gullible game players. In February Fortnite hosted DJ Marshmello who played a 10-minute set inside the game that…

Next post in Gaming