Tag Archives: Facebook

A Simple Bug Revealed Admins of Facebook Pages — Find Out How

Facebook Page admins are publicly displayed only if admins have chosen to feature their profiles.

However, there are some situations where you might want to contact a Facebook page admin or want to find out who is the owner of a Facebook page.

Egyptian security researcher Mohamed A. Baset has discovered a severe information disclosure vulnerability in Facebook that could have

No more embarrassing smartphone moments!

No more embarrassing smartphone moments!

Say goodbye to butt calls and other embarrassing smartphone moments. With the new pocket protection feature in Avira Optimizer for Android, you don’t need to worry if your smartphone screen is locked or not before putting it in your pocket or bag. This feature enables your device to automatically lock after it’s been placed in […]

The post No more embarrassing smartphone moments! appeared first on Avira Blog.

Read More

Facebook Survey: More than 50% of users don’t trust news on the social network

Facebook tries to stop “fake news” by surveying its own users

Facebook is surveying its own users to try and stop the spread of “fake news” on its social media platform. The new survey asks two questions:

  1. Do you recognize the following websites?
  2. How much do you trust each of these domains?

The “fake news” phenomenon is a cybersecurity issue that we predict will be relevant in 2018 and beyond, since social media platforms are used to sway public opinion. As reported by the New York Times, social media companies provided evidence to Congress that Russian influence might have reached 126 million Americans on Facebook and other platforms during the 2016 elections.

Social media critics are questioning whether Facebook’s own users should be trusted to determine which news outlets are “fake news”. In fact, when it comes to domain trust, Facebook itself faces skepticism. A recent Panda Security survey showed that 47 percent of parents consider Facebook “unsafe” for their children to use.

Panda Security has conducted an additional survey using Google Surveys to see how much consumers trust Facebook as a gatekeeper of news and information on their newsfeeds.

We asked a weighted sample of 765 online users in the United States: “How much do you trust Facebook to choose what news you read?”

  • 8.2 percent said “A lot” or “Entirely”
  • 20.4 percent said “Somewhat”
  • 20.0 percent said “Barely”
  • 51.5 percent said “Not at all”

The data shows almost three-quarters of respondents have little confidence in Facebook’s ability as a news gatekeeper, with a minority of respondents indicating high levels of trust.

Looking at the data by gender, male survey respondents were more likely to distrust Facebook than female survey respondents. While 73.4 percent of males said they “Barely” trust Facebook or trusted it “Not at all”, 69.7 percent of females said the same.

A larger percentage of males also said they trusted Facebook “A lot” or “Entirely”: 8.9 percent of males versus 7.4 percent of females.

Trust among age groups was fairly consistent. While 49.1 percent of respondents aged 18 to 34 answered “Not at all” with respect to level of trust, 56.9 percent of respondents aged 35 to 54 answered the same. Among respondents aged 55 and older, 51.5 percent answered “Not at all”.


The Facebook Trust Survey was written by Panda Security and conducted using Google Surveys. The survey collected responses from 1,015 online users in the United States from January 25 to 27, 2018. Responses were matched down to a weighted sample (by age, gender, and geographic distribution) of 765 to produce the final results.

The following methodology description is provided by Google Surveys: Google Surveys shows questions across a network of premium online news, reference, and entertainment sites (where surveys are embedded directly in the content), as well as through a mobile app, Google Opinion Rewards. On the web, users answer questions in exchange for access to the content, an alternative to subscribing or upgrading. The user’s gender, age, and geographic location are inferred based on anonymous browsing history and IP address. On the mobile app, users answer questions in exchange for credits for books, music, and apps, and users answer demographic questions when first downloading the app. Using this data, Google Surveys can automatically build a representative sample of thousands of respondents. For more detailed information, see the whitepaper.

Download your Antivirus

The post Facebook Survey: More than 50% of users don’t trust news on the social network appeared first on Panda Security Mediacenter.

Read More

Cyber-bullying, teens at risk

Cyber-bullying, teens at risk - cyberbullismo, cybermobbing, Harcèlement sur Internet

They’re young, often very young; they spend a good portion of their time online on social networks and, according to a recent study by four Italian universities, they’re dangerously unfamiliar with the basic knowledge needed to defend themselves against the risks of cyber-bullying or malicious advances. If online safety entails fighting cyber-bullying, the data provided […]

The post Cyber-bullying, teens at risk appeared first on Avira Blog.

Read More

Facebook Messenger Kids: Is it safe?

Facebook has always required users to be aged 13 or older before signing up for an account, placing services like Messenger and Instagram out of reach for most middle school children. Laws regarding data collection and advertising to children means that Facebook cannot easily make money from youngsters – so it has always been easier to simply block access.

Despite having more than 2 billion users worldwide, Facebook has struggled to get more people to sign up. More concerning still, for (Facebook management anyway) has been the fact that young people are deserting the platform for alternatives like Instagram and Snapchat. Something had to be done to help bring younger users back into the ecosystem.

Facebook Messenger Kids makes an appearance

In the last few weeks we have seen the roll-out of Facebook Messenger Kids, the first product ever aimed at “under age” children. Facebook claims the app is to help families and family friends stay connected, providing a safe space for group chats and video calls. (It’s also a very useful way to bring people into the Facebook platform younger).

The app is very much like the standard Facebook Messenger platform, and under-13s will now be able to chat with other users – with a few restrictions.

Facebook Messenger Kids does not require a full Facebook account for instance. You don’t even need to supply a phone number. Instead a parent downloads the special kids’ messenger app onto their child’s tablet/smartphone and logs in with their Facebook account to create a profile for the child.

Once set-up, parents will see a new bookmark in their own Facebook account that shows contacts associated with Facebook Messenger for Kids.

A reduced risk of grooming

Importantly Facebook Messenger Kids is a “closed” network, so random strangers cannot contact them – they do not appear in Facebook searches for instance. Instead, every new contact must ask permission to connect – and only parents can approve the request. Each request will appear on the parent’s Facebook account, so they can immediately block strangers or anyone who looks suspicious.

It is impossible for anyone you don’t know to message – or even find – your kids on Facebook. The chat network also uses intelligent content filtering to identify (and block) inappropriate content, adding a further layer of protection for your kids.

Parents still need to be alert

Although parents must approve every contact request, there is a very real risk that strangers and criminals may create fake profiles with the specific intention of gaining access to your kids. You should check each and every connection request very carefully to ensure that no imposters sneak through. You should also talk with your children as they use Facebook Messenger Kids to ensure they know what to do if someone says something inappropriate, or which makes them feel uncomfortable.

The other consideration is how Facebook use your personal data. It is claimed that Facebook Messenger Kids does not collect information from your chat sessions for profiling purposes. They may use other data however, particularly about your contact list, to begin building a profile for use in advertising campaigns. That way when your kids do reach 13 and upgrade to a full Facebook account, the network can start targeting ads more effectively from day one.

Ultimately, parents need to decide whether they want the hassle of checking every contact request – and whether they really want to bring their younger children into the Facebook ecosystem. Although Facebook Messenger Kids is undoubtedly safer than other unfiltered messaging apps like Kik and Snapchat, parents may feel that plain old SMS text messaging and iMessage are just as good.

Facebook Messenger for Kids is available for download from the Apple App Store now.

The post Facebook Messenger Kids: Is it safe? appeared first on Panda Security Mediacenter.

Read More

19-Year-Old TLS Vulnerability Weakens Modern Website Crypto

New research shows how an old vulnerability called ROBOT can be exploited using an adaptive chosen-ciphertext attack to reveal the plaintext for a given TLS session.

Read More

Wait, Do You Really Think That’s A YouTube URL? Spoofing Links On Facebook


While scrolling on Facebook how you decide which link/article should be clicked or opened?

Facebook timeline and Messenger display title, description, thumbnail image and URL of every shared-link, and this information are enough to decide if the content is of your interest or not.

Since Facebook is full of spam, clickbait and fake news articles these days, most users do not click every second link served to them.

But yes, the possibility of opening an article is much higher when the content of your interest comes from a legitimate and authoritative website, like YouTube or Instagram.

However, what if a link shared from a legitimate website lands you into trouble?

Even before links shared on Facebook could not be edited, but to stop the spread of misinformation and false news, the social media giant also removed the ability for Pages to edit title, description, thumbnail image of a link in July 2017.

However, it turns out that—spammers can spoof URLs of the shared-links to trick users into visiting pages they do not expect, redirecting them to phishing or fake news websites with malware or malicious content.

Discovered by 24-year-old security researcher Barak Tawily, a simple trick could allow anyone to spoof URLs by exploiting the way Facebook fetch link previews.

In brief, Facebook scans shared-link for Open Graph meta tags to determine page properties, specifically ‘og:url’, ‘og:image’ and ‘og:title’ to fetch its URL, thumbnail image and title respectively.

facebook security

Interestingly, Tawily found that Facebook does not validate if the link mentioned in ‘og:url’ meta tag is same as the page URL, allowing spammers to spread malicious web pages on Facebook with spoofed URLs by just adding legitimate URLs in ‘og:url’ Open Graph meta tag on their websites.

“In my opinion, all Facebook users think that preview data shown by Facebook is reliable, and will click the links they are interested in, which makes them easily targeted by attackers that abuse this feature in order to perform several types of attacks, including phishing campaigns/ads/click fraud pay-per-click,” Tawily told The Hacker News.

Tawily reported the issue to Facebook, but the social media giant refused to recognise it as a security flaw and referred that Facebook uses “Linkshim” to protect against such attacks.

If you are unaware, every time a link is clicked on Facebook, a system called “Linkshim” checks that URL against the company’s own blacklist of malicious links to avoid phishing and malicious websites.

This means if an attacker is using a new domain for generating spoofed links, it would not be easy for Linkshim system to identify if it is malicious.

Although Linkshim also uses machine learning to identify never-seen-before malicious pages by scanning its content, Tawily found that the protection mechanism could be bypassed by serving non-malicious content explicitly to Facebook bot based on User-Agent or IP address.

Tawily has also provided a demo video to show the attack in action. You can watch the video above.

Since there is no way to check the actual URL behind a shared link on Facebook without opening it, there is a little user can do to protect themselves except being vigilant.

Scam Alert: Your Trusted Friends Can Hack Your Facebook Account


If you receive a message from any of your Facebook Friends asking for urgent help to recover their Facebook account, since they’ve added you as one of their ‘Trusted Contacts‘—just don’t blindly believe it.

Researchers have detected a new Facebook phishing scam that can even trick an experienced technical user into falling victim to the scam, helping an attacker gain access to your Facebook account.

This latest social media scam is abusing “Trusted Contact”—a Facebook account recovery feature that sends secret access codes to a few of your close friends in order to help you regain access to your Facebook account in case you forget your password or lost access to your account.

According to a public security alert published by AccessNow, the attack initiates by an already compromised account of one of your friends, asking for urgent help to get back into his/her Facebook account.

The attacker explains that you are listed as one of his/her Trusted Contacts on Facebook and asks you to check your email for a recovery code and share with the attacker (who’s hiding behind the identity of your friend).

However, in actual, the code you received is not the key to unlock your friend’s account, but instead, the attacker initiated “Forgot my password” request for your account in an attempt to hijack your Facebook account.

Knowing that a friend is in trouble, apparently one would share the code without giving a second thought.

“The new attack targets people using Facebook, and it relies on your lack of knowledge about the platform’s Trusted Contacts feature,” Access Now warns.

You should know Facebook’s Trusted Contacts feature doesn’t work the way this phishing attack suggests. To understand how this feature works, you can head on to this Facebook post.

The Access Now says, “So far we’re seeing the majority of reports [falling victims to this new Facebook phishing scam] from human right defenders and activists from the Middle East and North Africa.”

Although this latest Facebook scam is initiated using a compromised Facebook account of one of your friends, any of your Facebook friend can also intentionally trick you into handing over your Facebook account to them (looking at the way how people accept friend requests sent by anyone on the social media platform).


The best way to protect yourself is always to be vigilant to every recovery emails you receive, and read the recovery message or email carefully, even if it is sent by one of your actual friends.

Stay Safe!

Powered by WPeMatico

Facebook slapped with $1.43 million fine for violating users’ privacy in Spain


Facebook is once again in trouble regarding its users’ privacy.

The social media giant has recently been heavily fined once again for a series of privacy violations in Spain.

Recently, Google also incurred a record-breaking fine of $2.7 billion (€2.42 billion) by the European antitrust officials for unfairly manipulating search results since at least 2008.

Now, the Spanish Data Protection Agency (AEPD) has issued a €1.2 Million (nearly $1.4 Million) fine against Facebook for breaching laws designed to protect its people’s information and confidentiality.

According to the data protection watchdog, the social network collects its users’ personal data without their ‘unequivocal consent’ and makes the profit by sharing the data with advertisers and marketers.

The AEPD also found Facebook collects sensitive data on user’s ideology, religious beliefs, sex and personal tastes and navigation—either directly from its own services or through third parties—without clearly informing its users how this information would be used.

This activity constituted a “very serious” infringement of the country’s local data protection law (LOPD), for which the authority fined the company €600,000 ($718,062).

The regulator also identified two “serious” violations of privacy laws, including:

  1. Tracking people through the use of “Like” button social plug-ins embedded in other non-Facebook web pages—for which it is fined €300,000 ($359,049).
  2. Failing to delete data collected from users once it has finished using it, in fact, the company “retains and reuses it later associated with the same user”—which resulted in another €300,000 ($359,049) fines.

The AEPD also said that Facebook’s existing privacy policy contains “generic and unclear terms,” and doesn’t “adequately collect the consent of either its users or nonusers, which constitutes a serious infringement.”

However, Facebook denied any wrongdoing and intended to appeal the decision of the Spanish data protection authority, providing the following statement.

“We take note of the DPA’s decision with which we respectfully disagree. Whilst we value the opportunities we’ve had to engage with the DPA to reinforce how seriously we take the privacy of people who use Facebook, we intend to appeal this decision.” 

“As we made clear to the DPA, users choose which information they want to add to their profile and share with others, such as their religion. However, we do not use this information to target adverts to people.”

In May, the social media giant was fined €150,000 ($179,532) by for the way Facebook targeted advertising and tracked users.

Powered by WPeMatico

Facebook Messenger: Beware of malware!


New cross-platform malware for Windows/Mac/Linux spreading via Facebook Messenger

A cyber-criminal gang is using Facebook Messenger to spread a new malware specimen through links to spoof websites. This threat, which is highly sophisticated and has been customized for each Web browser, has been uncovered by a security expert who received a suspicious message from one of their Facebook friends and decided to analyze its content.

How malware works

The mechanics of the attack are relatively simple. The targeted user receives a Facebook message that includes the recipient’s name, the word ‘video’ and a shocked emoji followed by a shortened URL. As the message comes from one of the victim’s friends, they are very likely to click the link in order to view its content. The malicious link opens a Google document containing a blurry picture taken from the victim’s Facebook and which looks like a playable movie. Then, if the victim attempts to play the video, the malware will send them to one of a number of different websites, depending on their Web browser, operating system, location, and other factors. This site will then prompt the user to install malicious software.

Google Chrome users, for example, are redirected to a fake YouTube channel, complete with the official logo and branding. This site shows the user a fake error message designed to trick them into downloading a malicious Chrome extension. Firefox users, however, are sent to a website displaying a fake Flash update notice, which, once run, attempts to run a Windows executable to install adware. Finally, Safari users are taken to a similar site, customized for macOS, encouraging them to download a malicious .dmg file.

A highly complex, sophisticated attack

This type of malware is designed to track the victim’s browsing activity using cookies and display targeted adverts, but also to use social engineering to trick the user into clicking on them. The malware is capable of spreading across different platforms via Facebook Messenger, using multiple domains to prevent tracking and earning clicks.
The malicious code is highly sophisticated and complex, and researchers suggest that the malicious links are being sent from real Messenger accounts compromised as a result of stolen passwords, hijacked browsers or clickjacking techniques. Each click on the ads generates revenue for the malware authors, and even though there is relatively little known about the malware campaign and those behind it, the sheer number of Facebook Messenger users gives attackers access to an extremely large number of potential victims.

How to protect yourself from malware

One simple way to avoid falling victim to this scam is to use caution with any link received from a Facebook friend. For greater security, experts recommend having a trusted, up-to-date antivirus such as Panda Protection installed on your computer to protect your system with the best protection. In addition to this, a spokesperson for Facebook has confirmed that the company maintains a number of automated systems to help stop the distribution of harmful links and files via the social networking site.

The post Facebook Messenger: Beware of malware! appeared first on Panda Security Mediacenter.

Read More