About 42,000 websites have not updated to the latest version of the Social Warfare WordPress plugin, leaving themselves open to a pair of vulnerabilities that are being exploited in the wild. Palo Alto’s Unit 42 research team is reporting that the two problems, both rated medium-level threats and tracked under CVE-2019-9978, were patched through a…
Facebook has once again stoked controversy after the social media giant reportedly owned up to “unintentionally” collecting the email contacts of 1.5 million users without their consent. Business Insider revealed the company’s latest data mismanagement gaffe in an April 17 news report, after its staff members created a fake account and entered an email password…
There are Facebooks groups for moms, people who like trains, or old photographs of Chicago so it should come as no surprise that cybercriminals also use the social media network to discuss what they like. Cisco Talos found 74 Facebook groups with more than 385,000 members with dedicated to acts ranging from shady to illegal.…
Upguard is reporting it found more than 540 million records from two Facebook app providers on two unprotected Amazon S3 buckets. The exposed information is from the Mexican media firm Cultura Colectiva and a now defunct Facebook-integrated app called “At the Pool.” The Cultura Colectiva dataset contained 146GB of data with 540 million records showing…
The non-profit security organization Security Without Borders (SWB) has identified a campaign utilizing Italian-language service applications from mobile operators apps that instead of doing their stated function are in fact spyware. The groups report stated that dozens of infected apps had been found in the Google Play store with a possible download total in the…
Working under a court order Microsoft seized control of 99 websites allegedly controlled by the Iranian hacker group APT 35. Charming Kitten has been associated with Iran. Microsoft obtained clearance to take action against APT35 (aka Phosphorus, Charming Kitten, Ajax Security Team) by the U.S. District Court for Washington, D.C. after the company took legal…
Facebook has filed a lawsuit against two Ukrainian men accused of creating fraudulent quiz applications that tricked users into installing malicious browser extensions. These extensions allegedly scraped information from users’ social media pages and injected unapproved advertisements when users would visit various social networking sites, including Facebook. As reported in The Verge, Facebook filed the…
A new report from Recorded Future’s Insikt Group research team examines how the Chinese government exerts influence on Americans through an organized social media campaign. Unlike Russia, which has weaponized social media as a means to sow discord and undermine democracy within the U.S., China’s objective is to present itself in a more positive, benign…
Security and trust executives from social media platforms Facebook and Twitter said at a RSA 2019 keynote panel this week that their companies would welcome additional transparency regulations as a countermeasure against the weaponization of the internet by foreign adversaries. In addition, other experts on the panel suggested regulations that would require the identification of…
Scammers using a major event to separate fools from their money is nothing new so several took advantage of the first live concert ever streamed through the massively popular video game Fortnite to sell non-existent tickets to gullible game players. In February Fortnite hosted DJ Marshmello who played a 10-minute set inside the game that…
