In a lawsuit filed yesterday, Facebook is accusing a Hong Kong-based company of infecting individuals with malware in order to hijack their Facebook ad accounts and run malicious advertisements at their expense. The Menlo Park, Calif.-based social media company filed the legal documentation in a San Francisco federal court against ILikeAd Media International Company Ltd.,…
Facebook ads are being targeted by a new trojan which could allow a malicious actor to access not only regular advertisements but the growing number of political spots being posted to the social media giant. The trojan, called Socelars, is distributed through a fake PDF editing app named PDFreader attempts to mine data from Facebook…
Twitter warned its users that a software development kit (SDK) developed by oneAudience could have allowed that company to obtain account information. Facebook also posted a notice concerning not only the oneAudience SDK, but also for fellow SDK maker Mobiburn. OneAudience confirmed the problem and then shut down the SDK along with its associated websites…
A hacker hijacked the Twitter account of Arron Banks, chairman of the pro-Brexit UK political campaign organization Leave.EU, and leaked his private message history online earlier this week. The BBC yesterday reported that the culprit had access to thousands of private messages that had been sent and received by Banks over several years. The Register…
Camille Francois remembers the day she learned that the U.S. Senate Select Committee on Intelligence was granting her the extraordinary opportunity to research the extent of Russia’s influence operations during 2016 presidential election campaign. SC Podcast “Our CEO [John Kelly]… said, ‘Hey Cam, what would you say if we had access to the actual data…
For the last 18 months some of Facebook’s developers have had access to private user information contained within some of the social media site’s groups. The information was accessible through the Facebook Group’s API which allowed those developing apps for a group to see information such as names and profile pictures in connection with group…
Twitter this week disclosed that it gave advertisers access to email addresses and phone numbers that users had supplied to the social media messaging platform, originally for two-factor authentication purposes. The company is asserting that this practice was inadvertent. In an online post, Twitter acknowledged that data intended for “safety or security purposes” went to…
Researchers conducted an experiment to see what it would take for malicious actors to either boost a company’s online stature or tear it down and found both could be accomplished in about 30 days and cost just a few thousand dollars. Recorded Future’s Insikt Group created a fake firm, Tyrell Corp., and hired two companies…
An estimated 16,000 WordPress websites are running a plugin that is vulnerable to unauthenticated plugin option updates. WordFence, a WordPress security solution provider, has reported that the plugin Rich Reviews has a vulnerability that is currently being abused and can be exploited to deliver stored cross-site scripting (XSS) payloads. This can result in malvertisements being…
Facebook yesterday excised from its platform hundreds of inauthentic pages, groups and accounts that were created by actors in Iraq and Ukraine. The social media giant removed 76 accounts, 120 Facebook pages, one group, two events and seven Instagram accounts linked to the Iraq-based campaign, and it expelled 168 accounts, 149 Facebook pages and 79…
