Search This Blog

Showing posts with label Facebook. Show all posts

Facebook Bans Suspicious Russian Accounts, Says Russian Spy Intelligence Interfering With U.S Presidential Election


Social networking giant Facebook says it terminated three fake account networks that could have been working for Russian intelligence. The intelligence, according to FB, might be leaking suspicious documents before the U.S presidential elections. According to FB, the suspended accounts contained fake users and identities and were suspended for 'coordinated inauthentic behavior.' The company associated all these accounts to Russian intelligence and hackers linked to St. Petersburg organization based in Russia.

The U.S officials accuse the group of meddling with the 2016 U.S presidential elections and votes. As per now, the Russian authorities haven't responded to these allegations. Neither did the Russian foreign aid ministry when asked for the comment regarding the issue. Since the beginning of its rivalry with the U.S, it is common knowledge that Russia has always denied allegations of interference in the U.S. According to Russia, the country doesn't meddle with the domestic policies of the U.S, and it has nothing to do with the presidential elections.
There was no solid proof whether the fake accounts leaked the hacked documents, but suspending these accounts helped us prevent any future leak, says Nathaniel Gleicher, head of security, Facebook. "Our team watches for the threats and trends that we need to be ready for, and one that we are very aware of ... is a hack-and-leak operation, particularly in the next 6-8 weeks. We want to make sure that the accounts are down to prevent their ability to pivot them to facilitate a hack-and-leak around the U.S. election," told Nathaniel to Reuters. 

Reuters reports, "Facebook said the networks were small with only a handful of accounts on its website and photo-sharing service Instagram, some of which posed as independent media outlets and think tanks. The accounts had a combined total of around 97,000 followers. While some of the activity did target audiences in Britain and the United States, the networks were predominantly focused on countries in the Middle East and bordering Russia, such as Syria, Turkey, Ukraine, and Belarus, Facebook said."

WhatsApp Reveals Six Bugs On Its Security Advisory Website


The Social Messaging app WhatsApp has been open about its bugs and vulnerabilities recently. To be vocal about the issue, the company has set up a dedicated website that will work as a security advisory and inform users about the latest developments on issues and bugs in WhatsApp. Owned by social media giant Facebook, WhatsApp, with a current user base of around 2 million, has set up the website as an initiative to keep the community informed about security and be more transparent with its users.


The dedicated website is not limited to WhatsApp users but open to the entire cybersecurity community. The move comes as a response to the criticisms that WhatsApp faced over its handling of security issues. The dedicated platform will give users detailed reports of security updates related to WhatsApp, along with CVEs (Common Vulnerabilities and Exposures) details. The updates will help cybersecurity experts to know the effect of these bugs and vulnerabilities.

WhatsApp reported six security bugs that it had recently discovered. The company had released security patches for these six bugs before the hackers could exploit them. Few of the bugs could be remotely launched. CVE-2020-1890, an android based WhatsApp bug, sent the recipients sticker, which contained malicious codes. The bug could be deployed without user interaction. Few bugs, however, required user interaction and couldn't be launched remotely. CVE-2019-11928 bug became active when a desktop WhatsApp user clicked any location link, allowing cross-site scripting. WhatsApp says that it will keep the community updated about the latest developments through its advisory platform, trying to release security patches as soon as possible.

According to reports, five of the six bugs were patched on the same day; however, the last bug took quite some time. "We are very committed to transparency, and this resource is intended to help the broader technology community benefit from the latest advances in our security efforts. We strongly encourage all users to ensure they keep their WhatsApp up-to-date from their respective app stores and update their mobile operating systems whenever updates are available," says WhatsApp.

The new iOS 14 to drop Facebook's Audience Network Advertising to 50%


Facebook on Wednesday posted a response to the new iOS 14 on their official blog stating that the new iOS could lead to a 50% drop in their Audience Network advertising business.



Though the company had previously raised issues with iOS 14 and that it could impact their advertising, this Wednesday blog detailed exactly how. 

Facebook Audience Network collects data from the user ( Facebook's data) and provides targeted in-app advertisements. Advertisers use a unique device ID number known as the IDFA in order to make advertisements personalized. 

In iOS 14, these tracking IDFA would be made optional and the user can opt if they want their app to track or not. Facebook said they won't collect IDFA information in iOS 14 at all even though it will make a significant dent in their audience network advertising. 

"We know this may severely impact publishers' ability to monetize through Audience Network on iOS 14, and, despite our best efforts, may render Audience Network so ineffective on iOS 14 that it may not make sense to offer it on iOS14 in the future," Facebook said in the blog.

"While it's difficult to quantify the impact to publishers and developers at this point with so many unknowns, in testing we've seen more than a 50% drop in Audience Network publisher revenue when personalization was removed from mobile ad install campaigns," Facebook said. "In reality, the impact to Audience Network on iOS 14 may be much more, so we are working on short-and long-term strategies to support publishers through these changes." 

Facebook said that their advertising policies will be in compliance with iOS 14's and Apple's preconditions but the social network's whole revenue is derived from advertising and around a billion people view at least one Audience Network ad in a month, so the decision is bound to affect Facebook grandly. 

The blog further cleared some changes Facebook would do for iOS 14 and operations for their partners. The new iOS is expected to launch this year.

Facebook Struggles Against Hate Speech and Misinformation, Fails to Take Actions


In the last month, FB CEO Mark Zuckerberg and others met with civil rights activists to discuss FB's way of dealing with the rising hate speeches on the platform. The activists were not too happy about Facebook's failure to deal with hate speeches and misinformation. As it seems, the civil rights group took an 'advertising boycott' action against the social media giant and expressed their stark criticism. According to these civil groups, they have had enough with Mark Zuckerberg's incompetency to deal with white supremacy, propaganda, and voters suppression on FB.


This move to boycott Facebook came as a response to Donald Trump's recent statement on FB. Trump said that anti-racism protesters should be treated with physical violence, and he also spread misinformation about mail-in voting. FB, however, denies these allegations, saying these posts didn't violate community policies. Even after such incidents, the company ensures that everything's alright, and it just needs to toughen up its enforcement actions.

"Facebook stands firmly against hate. Being a platform where everyone can make their voice heard is core to our mission, but that doesn't mean it's acceptable for people to spread hate. It's not. We have clear policies against hatred – and we constantly strive to get better and faster at enforcing them. We have made real progress over the years, but this work is never finished, and we know what a big responsibility Facebook has to get better at finding and removing hateful content." "Later this morning, Mark and I, alongside our team, are meeting with the organizers of the Stop Hate for Profit campaign followed by a meeting with other civil rights leaders who have worked closely with us on our efforts to address civil rights," said COO Sheryl Sandberg in her FB post.

In another incident, FB refused to take action against T. Raja Singh, an Indian politician from BJP. According to the Wall Street Journal, the company didn't apply its hate speech policies on Raja's Islamophobic remarks. FB employees admitted that the politicians' statements were enough to terminate his FB account. The company refused to, as according to the FB executive in India, could hurt FB's business in India.

Facebook is testing Instagrams' new messaging app, Threads with Automated Data Sharing


Facebook's team is working on a companion app for Instagram, called "Threads", which will automatically share your location, battery, a movement to a close group of friends.


It is much like a messenger application and the company plans to rival snapchat, an app that also caters to close friends and sharing updates. Though Snapchat has been standing as a good alternative for Facebook and Instagram with much more engagement with young people, Threads could be a game-changer.

The Instagram team was itself working on Direct, a messaging app since 2017 but they closed the project in May. But after the acquisition by Facebook, the team was transferred to the Facebook Messenger team and Threads could be the prized outcome.

 The Verge reported, "Threads will regularly update your status, giving your friends a real-time view of information about your location, speed, and more. At the moment, Threads does not display your real-time location — instead, it might say something like a friend is 'on the move'." 

Though the core of the messaging app will be that "messaging", where friends can text, and even see status updates made on Instagram and can manually update the status on Threads but it does not dispute the privacy concerns over the automated data sharing. 

Concerns over privacy and data 

Facebook is testing Automated data sharing on Instagrams' companion app Threads and if successful we could see it applied to other Facebook apps too. Privacy, of course, is a big concern with automatic updates and does need to be concerned over but what's more interesting is how Facebook could use this data. After Mark Zuckerberg's pivot over privacy and data, Facebook has become more private and a loss but with this new automated data sharing, users can become layman and habitual of sharing their updates.

“You change your behavior if you’re constantly being looked at,” said Siân Brooke, a researcher at Oxford Internet Institute "If you know people see where you are, what you’re consuming, you’ll change what you’re doing, change what is normal in a group.”

And thus the data mining cycle will resume where data could be tracked by the app and sold.

Facebook using AI to track hate speech

 


Facebook's hate speech and malicious content identifying AI seem to be working as the company said that their AI identified and removed 134% more hate speech in the second quarter than in the first. The company stated in the Community Standards Enforcement Report that it acted upon 9.9 million hateful posts in the first quarter of the year and 22.5 million in the second. But the figures also reveal how much of hate content was there and is still on the site, to begin with.

Facebook's VP of Integrity Guy Rosen blames the high number to “the increase in proactive technology” in detecting a said form of content. The company has more and more been relying on machine learning and AI to drive out this type of content by losing bots on the network. 

There has been a similar rise on Instagram as well. They detected 84% of hate speeches in this quarter and 45% in the last and removed 3.3 million of these posts from April to June- a sweeping amount when compared to just 808,900 in January till March. 

The social media site also has plans to use similar technology to monitor Spanish, Arabic, and Indonesian posts. 

These increasing number in hate content does show the platform's improvement in the AI technology used to fish out hate post but it also raises concerns over the hostile environment the network presents. Though the company blames these numbers to an increase in coverage of content.

 “These increases were driven by expanding our proactive detection technologies in English and Spanish,” as the company states.

Some critiques also say that the company has no way of knowing how much percent they are actually capturing and how much there is as they measure it according to 'Prevalence' that is how often a Facebook user sees a hateful post as opposed to how many there actually are. The social media giant also updated as to what they include as hate speech - excluding misinformation that remains a big problem for Facebook.

Litigation Firm Discovers a New Phishing Scam Falsely Purporting To Be From Leading UK Supermarket


A litigation firm discovered a new phishing scam falsely indicating to be from a leading UK supermarket Tesco. 

The scam had utilized SMS and email communication planned to fool customers into handling over their subtleties, and steal classified and payment data. 

The fraud started through an official-looking but fake Facebook page entitled 'Tesco UK' which shared images implying to be from a Tesco warehouse, showing stuffed boxes of HD television sets. 

As per Griffin Law, the litigation firm, the message stated: “We have around 500 TVs in our warehouse that are about to be binned as they have slight damage and can’t be sold. However, all of them are in fully working condition, we thought instead of binning them we’d give them away free to 500 people who have shared and commented on this post by July 18.” 

The firm stated that at least some 100 customers had responded to the Facebook page or received an email.

The original fake Tesco Facebook page is currently listed as 'content unavailable.' It was the clueless users who had due to immense excitement shared the post helped it to spread before receiving an email offering them the opportunity to 'claim their prize.' 

A button in the message connected victims to a landing page to enter their name, place of residence, phone number, and the bank account details. 

Tim Sadler, Chief, Tessian, stated: As the lines between people in our ‘known’ network and our ‘unknown’ networks blur on social media feeds and in our inboxes, it becomes incredibly difficult to know who you can and can’t trust. Hackers prey on this, impersonating a trusted brand or person to convince you into complying with their malicious request and they will also prey on people’s vulnerabilities." 

Although Sadler empathized with the people who are struggling financially in the wake of the [COVID-19] pandemic and henceforth the proposal of a free television could be appealing to them.

However, he advises the users to consistently scrutinize the authenticity of these certain messages and consistently confirm the requestor's offer before tapping on the link and refrain from asking for trouble.

Google Playstore Removes 25 Android Apps that Stole User Login Credentials


In a recent cybersecurity incident, Google cleared 25 applications from its google play store as they were alleged to steal the users' FB credentials. According to Google, these applications were downloaded for around 2..35 million before the play store decided to shut them down. All these 25 applications were created by the same developer, even though they seemed to work differently and offer different features, they were all peas in a pod.


These apps showed themselves as a video editor, photo editor, wallpaper apps, file managing apps, mobile gaming apps, and flashlight apps., says Evina, a France based cybersecurity organization. When the firm came to know about the incident, it reported to Google, and precautionary measures were taken immediately to protect the end-users. The malware was also reverse-engineered so that no damage could take place. The 25 apps had malware embedded in them, which stole FB login credentials whenever the user launched the FB application.

Although the apps worked legally, they, however, had hidden malicious codes. The code could tell about the recently launched app in the user's device. If it were FB, these apps would create a fake login page that looked the same as the original to steal the user's login credentials. If the user entered his login credentials, the app would capture the data and transfer it to a remote server domain. When Google came to know about the issue after Evina's claims in May, it verified it before taking down these apps. Playstore removed these 25 apps earlier this month, some of which had been in use for more than a year.

"When an application is launched on your phone, the malware queries the application name. If it is a Facebook application, the malware will launch a browser that loads Facebook at the same time. The browser is displayed in the foreground, which makes you think that the application launched it. When you enter your credentials into this browser, the malware executes javascript to retrieve them. The malware then sends your account information to a server," said Evina in a blog post.

Singapore’s Move to Facilitate Contact Tracing Amidst the Covid-19 Pandemic Rejected by Its Residents


While each country is attempting to stymie the outbreak of the disastrous coronavirus in different ways, Singapore attempted the same perhaps it wasn't a plan well thought off as the country attempted to come up with an inventive and a profoundly technological solution to battle the everyday rising cases of the virus.

Their arrangement included developing a wearable device that would be issued to each resident as an approach to facilitate contact tracing in the midst of the COVID-19 pandemic, however, the move, unfortunately, wasn't well-received by the citizens as it started an open objection with respect to their worries about their privacy.

An online petition titled “Singapore says 'No' to wearable devices for COVID-19 contact tracing", has thus to date, garnered in excess of 17,500 signatures.

The online petition describes the usage of such devices as "conspicuous encroachments upon our privileges to protection, individual space, and opportunity of development".

In words of Wilson Low, who started the petition on June 5, "All that is stopping the Singapore government from becoming a surveillance state is the advent and mandating the compulsory usage of such a wearable device. What comes next would be laws that state these devices must not be turned off [or] remain on a person at all times -- thus, sealing our fate as a police state.”

Singapore's Minister-in-Charge of the Smart Nation Initiative and Minister for Foreign Affairs, Vivian Balakrishnan, said during a parliament session Friday that while the government had introduced a contact tracing app earlier, TraceTogether, a wearable device was essential as it would not rely upon somebody possessing a smartphone.

His team however is developing and would “soon roll out a portable wearable device" keeping in mind the existing issues with the application, which didn't function well on Apple devices as the iOS operating system would suspend Bluetooth scanning when the app was running in the background.

He said that if the devices are proved to work viably, then they may be issued to each resident in Singapore, yet didn't expressly say that the government would make it obligatory for everybody to utilize it.

Wilson, however, was very determined upon proving his point as he wrote, “Even if we're not, we recognize the potential creation of a two-tiered society -- those who wear the devices versus [those] do who do not -- therein, and an open pass to engage in yet another form of prejudice and societal stratification.”

Later including, "The only thing that stops this device from potentially being allowed to track citizens' movements 24 by 7 are: if the wearable device runs out of power; if a counter-measure device that broadcasts a jamming signal masking the device's whereabouts; or if the person chooses to live 'off the grid' in total isolation, away from others and outside of any smartphone or device effective range.”

Numerous different residents also came to his support as they very openly expressed their concerns with respect to the potential execution of wearable devices, further taking to Balakrishnan's Facebook page to ask the legislature against taking this course.

One user Ian Chionh went so far as to accusing the government of utilizing the coronavirus as "an excuse" to put a tracking device on all residents on Facebook.

Wilson had likewise referenced something similar to these worries adding that "The government looks to the COVID-19 pandemic as the perfect excuse to realize what it has always envisioned for us, this country's populace: to surveil us with impunity, to track us without any technological inhibitions, and maintain a form of movement monitoring on each of us at all times and places. And to do so by decreeing it compulsory for all law-abiding persons to become 'recipients'."

Aside from TraceTogether, the Singapore government utilizes an advanced digital check-in tool, SafeEntry, to facilitate its contact tracing efforts.

The system gathers visitors' very own data, either through QR codes or barcode scans whenever they enter a venue, like supermarkets and workplaces. Information gathered through SafeEntry is retained for 25 days, just like TraceTogether's data retention policy.

The TraceTogether app was updated just the previous week to incorporate the registration of passports numbers for travelers visiting Singapore and barcode scans to support SafeEntry.

The nation however has begun with easing the restrictions, initially set up to check the spread of the virus - in phases as more and more businesses wish to resume with their operations over the following month.

Israeli Security Company NSO Pretends to Be Facebook


As per several reports, Facebook was imitated by an Israeli security company that is known as the “NSO Group” to get the targets to install their “phone-hacking software”.

Per sources, a Facebook-like doppelganger domain was engineered to distribute the NSO’s “Pegasus” hacking contrivance. Allegedly, serves within the boundaries of the USA were employed for the spreading of it.

The Pegasus, as mentioned in reports, if installed once, can have access to text messages, device microphone, and camera as well as other user data on a device along with the GPS location tracking.

NSO has denied this but it still happens to be in a legal standoff with Facebook, which contends that NSO on purpose distributed its software on WhatsApp that led to the exploitation of countless devices. Another allegation on NSO is about having delivered the software to spy on journalist Jamal Khashoggi before his killing, to the government of Saudi Arabia, citing sources.

Facebook also claimed that NSO was also behind the operation of the spyware to which NSO appealed to the court to dismiss the case insisting that sovereign governments are the ones who use the spyware.

Per sources, NSO’s ex-employee, allegedly, furnished details of a sever which was fabricated to spread the spyware by deceiving targets into clicking on links. The server was connected with numerous internet addresses which happened to include the one that pretended to be Facebook’s. And Facebook had to buy it to stop the abuse of it.

As per reports, package tracking links from FedEx and other links for unsubscribing from emails were also employed on other such domains.

NSO still stand their ground about never using the software, themselves. In fact they are pretty proud of their contribution to fighting crime and terrorism, mention sources.

Security researchers say that it’s almost impossible for one of the servers to have helped in the distribution of the software to be within the borders of the USA. Additionally, reports mention, NSO maintains that its products could not be employed to conduct cyber-surveillance within the United States of America.

Facebook still holds that NSO is to blame for cyber-attacks. And NSO maintains that they don’t use their own software.

Facebook's Messenger''s Latest Update Supports 50 Participants In a Video Chat Room!


During these ungodly hours of the pandemic with everyone stuck at home and yearning for some one-on-one time with friends and family stuck elsewhere, Facebook has come through like a Knight in shining armor.

It has booted up Messenger and WhatsApp with fresh and much-needed video-calling features in light of the obvious hike in the “need” for video-calls via social media.

In the areas that are affected to the greatest degrees by Coronavirus, researchers have seen an acute escalation in the usage of Messenger and its video calling feature, as much as double the earlier rate.

With the latest WhatsApp update increasing the number of participants in its video/audio calls, Messenger has made available an update that could let users add up to 50 people in the Messenger Rooms.

Turns out that these fresh features were always on the list of updates but they were rolled out to the users a little earlier than planned because of the pandemic and lock-downs.

This update is scheduled to start reaching people soon and would eventually reach all the users but it is bound to take time.

Per sources, Facebook had been working towards preventing ‘unrequired’ and ‘unneeded’ guests from popping in the chats, as well.

There is no dearth of applications willing to help users get through these tough times by connecting virtually with their loved ones. Zoom, another app that has seen crazy growth in the number of its active users to an astonishing 300 Million.

Houseparty is another one that hit the download charts hard when the news of the lock-down first surfaced everywhere in March.

Much like in the formerly mentioned app, until the Messenger Room is ‘open’, guests can drop in and out per their wishes in the group video chats.


With a very thoughtful idea, Facebook had reportedly wanted to create a realistic atmosphere for the video chat users where people could “bump into each other”.

In fact, rumor has it that Facebook is planning to add the group video chat room feature to WhatsApp and Instagram as well but there is no evidence as to when.

The chat rooms that are open to the public shall be listed at the top of the feed. The person creating the chat room would have control over the privacy of the room, about sending the invitations to people who aren’t on Facebook, who gets added and blocking unwanted participants. Participants could also change their backgrounds in real time, mention sources.

Per reports, the feature was first tested in Argentina and Poland where Messenger is supposed to be used the most. The results showed that up to 20 participants could be added at once, but the number is would increase to 50 according to Facebook.

Having uninvited participants show up in their chat rooms has only caused inconvenience to the users especially in the case of Zoom. Facebook has definitely learned from that.

The chats wouldn’t be encrypted end-to-end at least at the beginning of the launching but it’s surely on the to-do list. Monitoring and listening in on the video calls, says Facebook, is absolutely out of question.

The tech giant has also promised that it will keep working towards making Facebook better in every way possible by collecting data from the users about the overall experience, mention sources.

Premium features are being made available for free by the Microsoft teams for some of their apps owing to the Coronavirus outbreak, per sources.

Per reports, usually, the most whopping product launches of Facebook are done via the blog post by Mark Zuckerberg which in this case was used to announce the Messenger Room’s latest update.

To know about the latest feature update of WhatsApp check out the following link:
WhatsApp's Latest Feature Lets You Add More People To Video Calls!

Facebook Makes Its Largest Bet on the Developing Market; Invests $5.7 Billion in Indian Internet Giant Jio


“The country is in the middle of a major digital transformation, and organizations like Jio have played a big part in getting hundreds of millions of Indian people and small businesses online. With communities around the world in lockdown, many of these entrepreneurs need digital tools they can rely on to find and communicate with customers and grow their businesses.”

This is what Mark Zuckerberg, the CEO of Facebook, said in a post to his Facebook page on the occasion of the social media giant making its biggest single investment by putting $5.7 billion into Jio Platforms of India on Tuesday.

Adding later on that the move indicates its 'commitment' to India, as approximately more than 388 million people in India have been in a solid connection with the internet service over the past four years via Jio.

While numerous businesses have been harmed by the aftermath from the Covid-19 pandemic, huge technology companies are positioned to profit over the long haul as more people resort to their services while keeping indoors.

Facebook is thusly making preparations to move ahead with vital and strategic investments at a very 'fragile' time in the global economy.

David Fischer, Facebook's chief revenue official, and Ajit Mohan, Facebook's managing director in India, in a blog-entry by-lined by the former said that “One focus of our collaboration with Jio will be creating new ways for people and businesses to operate more effectively in the growing digital economy. For instance, by bringing together JioMart, Jio’s small business initiative, with the power of WhatsApp, we can enable people to connect with businesses, shop, and ultimately purchase products in a seamless mobile experience.”

With more than 400 million Indian citizens utilizing WhatsApp and more than 300 million people utilizing the company's core social network, therefore Facebook sees a lot of chance with Jio.

Apart from this, last week India's Economic Times revealed that Facebook and Reliance were intending to use WhatsApp and Jio administrations to make a WeChat-style "super-app" for India.

Tencent's WeChat has enormous penetration in China, with in excess of a billion users and numerous independent businesses utilizing it for payments, promotion, and communication. Yet, it is to be noticed this isn't Facebook's first swoop into the Indian market.

Quite a long while ago, it attempted to offer free internet connectivity to Indian users in a program called Free Basics. Yet, that initiative hit a lot of obstacles until it was ultimately banned in the nation by the telecom regulator TRAI, in 2016.

What's more, is that the regulators concluded that businesses couldn't offer free internet services that supported only a few companies over the others. Facebook has been at a disagreement with the Indian government over WhatsApp for quite some time recently.

The government had demanded that WhatsApp change its encryption to trace messages back to their source, which WhatsApp refused to comply with. Simultaneously, regulators have over and over again thwarted WhatsApp's request to offer a payments service to its Indian users.

Here are some of the reaction tweets by people on the Jio-Facebook collab.







Is WhatsApp the new Coronavirus of Facebook?


The health officials and government authorities are trying their best to inform the public about the safety precautions amid the Coronavirus epidemic. But these health initiatives taken by the government and medical experts are constantly being threatened by one of the largest social media messaging platform. These messaging platforms are steadily spreading misinformation and fake remedies about the Coronavirus. Facebook-owned messaging platform WhatsApp has received harsh criticisms over its handling of the Coronavirus situation because of the spreading of fake news and misinformation using WhatsApp about the Coronavirus epidemic, which has caused more than 8000 death and affected more than 2,00,000 people across the globe.


WhatsApp users send messages that most of the time are inaccurate and lack any legitimacy, say the medical experts. The problem has now become so troublesome that global health organizations and world leaders have asked people to stop forwarding and sharing unverified claims about Coronavirus and its cures using WhatsApp. Irish president Leo Varadkar on twitter asked the people to avoid sharing unverified news in WhatsApp groups. According to him, the WhatsApp messages are frightening and ambiguous. People should only trust official information from health and government sectors, he says.

The misinformation shared on WhatsApp mostly comes from forwarded messages by a friend of a friend or supposedly a doctor. Not all messages are incorrect, for instance, washing your hand to stay safe. One of the most circulated false claims on WhatsApp is 'drinking warm water every 15 minutes will prevent you from Coronavirus.' Because WhatsApp messages have end-to-end encryption, health officials and the government can't trace the source of misinformation. Even WhatsApp can't trace the source of messages.

"It is clear ... that a lot of false information continues to appear in the public sphere. In particular, we need to understand better the risks related to communication on end-to-end encryption services," said Vice President Věra Jourová, Europen Commission, on Tuesday. He also surveys the alliance's work to stop misinformation. "There are over a dozen [local fact checkers] so far, and we want more to be able to do their important work so rumors are identified and countered," said Will Cathcart, the head of WhatsApp, on Wednesday in a tweet.

2 New Android Malwares on The Hunt to Gain Control of User’s Account



As per discoveries of competent security software two new Android malware is on the hunt to 'discreetly' access control of the victim's account so as to send different ill-intentioned content. The two malware together steal cookies collected by the browser as well as applications of famous social networking sites and accordingly making things easier for the thieves to do their job. 

While cookies are frequently perceived as quite harmless since they are characterized as small bits of data collected by websites to smoothly track user activity online with an end goal to create customized settings for them in the future however in a wring hands, they represent a serious security hazard. A grave security risk since, when websites store these cookies, they utilize a unique session ID that recognizes the user later on without having them to enter a password or login again. 

Once possessing a user's ID, swindlers can trick the websites into assuming that they are in fact the person in question and thusly take control of the latter's account. What's more, that is actually what these cookie thieves did, as described by computer security software major Kaspersky, creating Trojans with comparable coding constrained by a similar command and control (C&C) server. 

The primary Trojan obtains root rights on the victim's device, which permits the thieves to transfer Facebook's cookies to their own servers. Be that as it may, in many cases, just having the ID number isn't sufficient to assume control for another's account. A few sites have safety measures set up that forestalls suspicious log-in endeavors as well. 

Here is when the second Trojan comes in. This malignant application can run a proxy server on a victim's device to sidestep the security measures, obtaining access without raising any doubt. From that point onwards, the thieves can act as the 'person in question' and assume control for their social media accounts to circulate undesirable content. While a definitive aim of the cookie thieves remains rather obscure, a page revealed on the same C&C server could provide a clue: the page promotes services for distributing spam on social networks and messengers. 

In simpler words, the thieves might be looking for account access as an approach to dispatch widespread spam and phishing attacks. 

Malware analyst Igor Golovin says "By combining two attacks, the cookie thieves have discovered a way to gain control over their victims` account without arising suspicions. While this is a relatively new threat -- so far, only about 1,000 individuals have been targeted -- that number is growing and will most likely continue to do so, particularly since it`s so hard for websites to detect." 

He adds later "Even though we typically don`t pay attention to cookies when we`re surfing the web, they`re still another means of processing our personal information, and anytime data about us is collected online, we need to pay attention." 

According to Kaspersky experts all hope’s isn’t lost they made certain recommendations which might help a user to save themselves from becoming a victim of cookie theft : - 
  1. Block third-party cookie access on your phone`s web browser and only let your data be saved until you quit the browser
  2. Periodically clear your cookies
  3. Use a reliable security solution that includes a private browsing feature, which prevents websites from collecting information about your activity online.

A vulnerability that Allows Hackers to Hijack Facebook Accounts


A cybersecurity expert recently found a vulnerability in FB's "login with the Facebook feature." According to the expert, the vulnerability allows hackers to steal "Access Token," and the hacker can also hijack the victim's FB account. FB uses "OAuth 2.0" as a verification process that helps exchange FB tokens and also gives 3rd parties access permission. To know more about OAuth 2.0, the readers can find information on the internet.

The vulnerability exists in the "Login with Facebook" option that eventually lets hackers make a phony website which they used for exchanging Access Tokens for other applications that include Spotify, Netflix, Instagram, Tinder, Oculus, etc besides the hijacked FB profiles. Once the hacker succeeded in hijacking the targeted FB accounts using the Access Tokens, he had access to personal data that includes private messages, photos, videos, and also the account setup credentials.


According to Amol Baikar, an Indian cybersecurity expert who found this vulnerability in the first place, the FB flaw allows hackers to exploit user accounts that include Tinder, FB, Oculus, Spotify, Instagram, Netflix, etc. Meanwhile, along with this account hijack, the hacker can also get 3rd party access to the mentioned apps via "Login with Facebook option." Facebook first received this vulnerability in December 2019 and immediately issued a security fix. Along with this, the company Facebook also announced a $55,000 bounty upon finding the person responsible through the Bug Bounty Program. This is said to be the biggest bounty ever issued for a client suite hack vulnerability founded on Facebook.

Cybersecurity organization GBHackers have made the following observations regarding Facebook vulnerability: 

  1. All Fb apps and 3rd party apps login credentials (Access Token) could be exposed within a few seconds, at the same time. 
  2. The vulnerability allows the hacker to take over the Facebook account of the user. Moreover, the hacker can read, write, edit, and delete your data. 
  3. The hacker also has the option to modify your privacy settings in the FB account. 
  4. If a user visits the malicious website set up by the hackers, he/she can lose their 1st party Access Tokens. 
  5. The stolen 1st party Access Tokens never lapse. 
  6. The attacker has control over the hijacked Facebook account even after the user changes the login credentials.

Facebook Sues Data Analytics Firm for Improperly Harvesting User Data


On Thursday, Facebook filed a federal lawsuit in California Court against OneAudience, a New Jersey-based marketing firm mainly involved in data analytics. The social media giant claimed that the firm was paying app developers to secretly harvest its users' data by getting an infectious software SDK installed onto their apps. The SDK was planted in various gaming, shopping, and utility-type applications available to download from the Google Play Store, as per the court documents.

A software development kit also known as SDK is a downloadable collection of software development tools used for developing applications. It consists of the basic tools a developer would require to build a platform-specific app with ease and excellence. In other words, SDK basically enables the programming of mobile applications. However, these packages have their drawbacks too as they also contain tools like trackers and it collects information about devices and app usage to send it back to the SDK maker.

Facebook alleged in the lawsuit that OneAudience has blatantly misused the feature "login with Facebook" to acquire unauthorized access to sensitive user data without any permissions. OneAudience has also been accused of paying apps to gain access to users' Twitter and Google data when they log into the infected apps using their account info.

"With respect to Facebook, OneAudience used the malicious SDK – without authorization from Facebook – to access and obtain a user's name, email address, locale (i.e. the country that the user logged in from), time zone, Facebook ID, and, in limited instances, gender," Facebook remarked.

Earlier in November 2019, social media giants Twitter and Facebook told that OneAudience collected private user information and the incident left hundreds of users affected as their privacy was compromised when OneAudience illegally collected their names, email addresses, usernames, genders and latest posts through SDK.

While commenting on the matter, Jessica Romero, Director of Platform Enforcement and Litigation, said "Facebook's measures included disabling apps, sending the company a cease and desist letter, and requesting their participation in an audit, as required by our policies. OneAudience declined to cooperate."

"This is the latest in our efforts to protect people and increase accountability of those who abuse the technology industry and users," she further added.

Beware of Fake Videos on Facebook and WhatsApp!


Beware! People who have blind faith in the internet and tend to believe almost anything that they view or come across online, for there has surfaced a new medium for fearless dissemination of misinformation.

Fake news and modified pictures have already been wreaking havoc on social media and real lives of people for quite a long time now; leading to serious after-effects and reactions. Mob lynching, hate speeches and violent masses are few of the many upshots of such news and pictures.

At a time when the county was freshly getting used to fighting fake news and misinformation, a leading player joined the race, which goes by the name of “deepfake”.

Deppfake videos employ artificial intelligence to alter fake videos in such a way that they seem real to viewers. These videos are crafted with such ability that it becomes difficult for people to identify any possible lacunae.

These videos are so absolutely deceitful that the common person viewing them can’t remotely recognize or realize if, then what is wrong with them.

In latest times, the concept of morphed images is not new and hence people started to rely more on videos. But with deepfake, altering videos is possible too. In fact the operator could even manipulate actions and what is being said in the video.


Like every other fad that social media and its users accept with open arms, deepfake videos have a strong probability of making significant trouble on platforms like WhatsApp and Facebook to name a few.

Another issue with these videos is the resolution they are available in. Most videos that are found on Facebook or WhatsApp are quite low on quality and hence it becomes all the more challenging to identify their bogusness.

These days political or any other kind of speeches of influential personalities are circulated generously across all of social media. With threat actors like deepfake videos, the ordinary speeches could be malformed to enflame the masses.

Sources mention that genuine looking fake porn videos could also be circulated online via deepfake. Especially the porn clips that are recorded through spy cameras can be effortlessly manipulated into any sort of personal or professional hazard.

The extremely effective notion of targeted adverting refers to placing information according to the needs of the audience. Deepfake videos open new avenues for negative targeted advertising and people who are looking forward to creating unrest in otherwise peaceful situations.

These videos are outstandingly dangerous because along with being imperceptible as fake they also hold the capacity to instigate populaces for a cause that may not even exist.


Alert! The Days of WhatsApp Are Gone? Stronger Competitor In The Market!


Joy all around for the social media fanatics who had gotten quite bored of WhatsApp being their only source of incessant chatting provisions. And to those as well who felt unsafe because of the recent spyware that hit the beloved social media chat application.

The word around is that a recently surfaced social media chat application could give strong competition to the Facebook-owned social media service.

The users were already quite disconcerted about the recent cyber threat that hit WhatsApp and were in desperate need of any substitute to satisfy their daily social cravings.

The celebrated application goes by the name of “Signal”. Its unique characteristic is its keen focus on the privacy of the users.

Per sources, Signal has planned out to move towards the big market and go “main-stream”, owing it to the substantial monetary support it received from WhatsApp’s co-founder.

The financial backing is to facilitate “Signal” in getting better features and attracting the attention of people who are sort of done with using WhatsApp and are in want of other options, for whatever reasons.

Reports mention that the launcher of ‘Signal’ had continually been working on getting everyone access to encrypted communications without much fuss.

Now it finally is time for Signal to enter the world it was originally created for in the first place. It is a revolutionized effort at forming a more secure cyber-space for the people.

With key agendas like privacy and cyber-security being the central constituents of Signal, the application is sure to win a lot of hearts.

In recent times WhatsApp has been all over the place because of the alleged cyber threats, like spyware, it has been leaving its users open to. Because of which people’s trust over it has been withering gradually.

Per valid sources, Signal is special because it is encrypted from end-to-end. Its servers do not store any sort of “conversation metadata” on them. This especially was quite a hefty task for the developers to work their way around. They also had to work on enabling “group administration” to let people add and remove members without the servers’ knowledge. But they did it.

Hence, at a time like this, Signal is a very welcome blessing for social media fanatics who have become so used to social applications that they can’t imagine their lives without them.

Facebook Data Breach: API Security Risks


In the year 2018 Facebook disclosed a massive data breach due to which the company had to face a lawsuit along with allegations of not properly securing its user data. The breach directly affected the authentication tokens of nearly 30 million of its users which led to the filing of several class-action complaints in a San Francisco appeals court. In the wake of the incident, Facebook pledged to strengthen its security.

A feature, known as "View As" which was employed by developers to render user pages was exploited by hackers to get access to user tokens. The theft of these tokens is associated with the advancement of a major API security risk, it also indicates how API risks can go unnoticed for such a long time frame. The trends in digital up-gradation have further pushed the process of continuous integration and continuous delivery – CI/CD, which are closely related concepts but are sometimes used interchangeably. The main purpose of continuous delivery is to ensure that the deployment of a new code takes the least possible effort. It enables DevOps to maintain a constant flow of software updates to fasten release patterns and reduce the risks related to development.

Conventionally, developers used to work on the parts of an application– one at a time and then manually merge the codes. The process was isolated and time-consuming, it led to the duplication of code creation efforts. However, as the IT ecosystem went on embracing the new CI/CD model and effectively sped up the development process while ensuring early detection of bugs, almost all the security has been commercialized by ace infrastructure providers namely Microsoft and Amazon. The commodities offered include authorization, container protection and encryption of data. Similarly, security components of first-generation firewalls and gateways like the protection of denial-of-service (DDoS) attacks also constitute the infrastructure.

When it comes to navigating and communicating – especially through an unfamiliar space, APIs are a powerful tool with great flexibility in their framework. However, similar reasons also make APIs equally vulnerable also.

While giving insights into the major IT risk posed by APIs, Terry Ray, chief security officer for Imperva told, "APIs represent a mushrooming security risk because they expose multiple avenues for hackers to try to access a company's data."

"To close the door on security risks and protect their customers, companies need to treat APIs with the same level of protection that they provide for their business-critical web applications."

The API threat is basically rooted in its lack of visibility, Subra Kumaraswamy, the former head of product security at Apigee, an API security vendor owned by Google, while putting the risk into the perspective, told: "When you have visibility into your APIs throughout your organization, you can then put controls in place."

"You might decide that a certain API should only be exposed to in-house developers, not external, third-party ones. If you don't have visibility, you can't see who is accessing what."

While labeling the authorization and improper asset management as areas of key concern, Yalon told, “Authorization mechanisms are complex because they are not implemented in one place, but in many different components like configuration files, code, and API gateways."

“Even though this sometimes may look like simple housekeeping, having a very clear understanding of the APIs, with well-maintained inventory, and documentation (we whole-heartedly recommend Open API Specification) is very critical in the world of APIs,” he further said.

Facebook and Google- The Kingpins Who Generated Millions of Ad Revenue This Year!


This fiscal year has been quite a success for all the social media platforms in terms of online digital advertising revenue generation.

Digital advertising revenue is the income that businesses earn via displaying paid advertising advertisements on their social media platforms or websites.

Per sources, Facebook and Google rose big time on the online revenue charts of the year 2018-2019. Facebook gathered 2,233 and as compared to the Rs. 6389 crore of the last fiscal year, Google landed itself a sum of Rs. 9,203 crore in ad revenue.

According to reports the social media giant’s ad revenue partly builds up of the advertisement that Indians “spend” on trendy social applications like Messenger, Instagram, and other third-party affiliations and applications.

Per sources, over 4.39 billion people use the internet all over the world today. Digital advertising hence, is more than a fitting alternative for the online world. The field is growing at a flying rate. According to a major report, the expenditure of ads is likely to multiply exponentially in a couple of years.

Reports also say that Facebook and Google collectively have a share of 68 percent in India’s online advertising sphere. They also plan on expanding it, given the compelling competition from Amazon and other similar entities.

The Indian division of Facebook, Facebook Indian Online Service Pvt. Ltd., cites that it gives the ad inventory amount back to the main company, which adds somewhere up to Rs.1,960 crore in the latest fiscal year. The amount that contributed to the net revenue of this Indian division was Rs. 263 crore.

Per sources, Facebook’s revenue from online ad ventures had an overall rise of 71 percent this “year-on-year”, only to reach a glorious Rs. 892 crore in this fiscal year.

This made the profit for the social media colossus rise by 84 percent which amounts up to Rs. 105 crore, mentioned the reports.
Google India Pvt. on the other hand as per what the reports mentioned displayed Rs. 1, 097 crores as its “net sales” from online advertisements.

The overall revenue for this search engine master totaled Rs.4,147 crore which was half of what it acquired in the previous fiscal year. Nevertheless, its profit experienced a 16 percent hike equalling to Rs. 473 crore, sources indicated.