Search This Blog

Showing posts with label Facebook. Show all posts

Google Playstore Removes 25 Android Apps that Stole User Login Credentials


In a recent cybersecurity incident, Google cleared 25 applications from its google play store as they were alleged to steal the users' FB credentials. According to Google, these applications were downloaded for around 2..35 million before the play store decided to shut them down. All these 25 applications were created by the same developer, even though they seemed to work differently and offer different features, they were all peas in a pod.


These apps showed themselves as a video editor, photo editor, wallpaper apps, file managing apps, mobile gaming apps, and flashlight apps., says Evina, a France based cybersecurity organization. When the firm came to know about the incident, it reported to Google, and precautionary measures were taken immediately to protect the end-users. The malware was also reverse-engineered so that no damage could take place. The 25 apps had malware embedded in them, which stole FB login credentials whenever the user launched the FB application.

Although the apps worked legally, they, however, had hidden malicious codes. The code could tell about the recently launched app in the user's device. If it were FB, these apps would create a fake login page that looked the same as the original to steal the user's login credentials. If the user entered his login credentials, the app would capture the data and transfer it to a remote server domain. When Google came to know about the issue after Evina's claims in May, it verified it before taking down these apps. Playstore removed these 25 apps earlier this month, some of which had been in use for more than a year.

"When an application is launched on your phone, the malware queries the application name. If it is a Facebook application, the malware will launch a browser that loads Facebook at the same time. The browser is displayed in the foreground, which makes you think that the application launched it. When you enter your credentials into this browser, the malware executes javascript to retrieve them. The malware then sends your account information to a server," said Evina in a blog post.

Singapore’s Move to Facilitate Contact Tracing Amidst the Covid-19 Pandemic Rejected by Its Residents


While each country is attempting to stymie the outbreak of the disastrous coronavirus in different ways, Singapore attempted the same perhaps it wasn't a plan well thought off as the country attempted to come up with an inventive and a profoundly technological solution to battle the everyday rising cases of the virus.

Their arrangement included developing a wearable device that would be issued to each resident as an approach to facilitate contact tracing in the midst of the COVID-19 pandemic, however, the move, unfortunately, wasn't well-received by the citizens as it started an open objection with respect to their worries about their privacy.

An online petition titled “Singapore says 'No' to wearable devices for COVID-19 contact tracing", has thus to date, garnered in excess of 17,500 signatures.

The online petition describes the usage of such devices as "conspicuous encroachments upon our privileges to protection, individual space, and opportunity of development".

In words of Wilson Low, who started the petition on June 5, "All that is stopping the Singapore government from becoming a surveillance state is the advent and mandating the compulsory usage of such a wearable device. What comes next would be laws that state these devices must not be turned off [or] remain on a person at all times -- thus, sealing our fate as a police state.”

Singapore's Minister-in-Charge of the Smart Nation Initiative and Minister for Foreign Affairs, Vivian Balakrishnan, said during a parliament session Friday that while the government had introduced a contact tracing app earlier, TraceTogether, a wearable device was essential as it would not rely upon somebody possessing a smartphone.

His team however is developing and would “soon roll out a portable wearable device" keeping in mind the existing issues with the application, which didn't function well on Apple devices as the iOS operating system would suspend Bluetooth scanning when the app was running in the background.

He said that if the devices are proved to work viably, then they may be issued to each resident in Singapore, yet didn't expressly say that the government would make it obligatory for everybody to utilize it.

Wilson, however, was very determined upon proving his point as he wrote, “Even if we're not, we recognize the potential creation of a two-tiered society -- those who wear the devices versus [those] do who do not -- therein, and an open pass to engage in yet another form of prejudice and societal stratification.”

Later including, "The only thing that stops this device from potentially being allowed to track citizens' movements 24 by 7 are: if the wearable device runs out of power; if a counter-measure device that broadcasts a jamming signal masking the device's whereabouts; or if the person chooses to live 'off the grid' in total isolation, away from others and outside of any smartphone or device effective range.”

Numerous different residents also came to his support as they very openly expressed their concerns with respect to the potential execution of wearable devices, further taking to Balakrishnan's Facebook page to ask the legislature against taking this course.

One user Ian Chionh went so far as to accusing the government of utilizing the coronavirus as "an excuse" to put a tracking device on all residents on Facebook.

Wilson had likewise referenced something similar to these worries adding that "The government looks to the COVID-19 pandemic as the perfect excuse to realize what it has always envisioned for us, this country's populace: to surveil us with impunity, to track us without any technological inhibitions, and maintain a form of movement monitoring on each of us at all times and places. And to do so by decreeing it compulsory for all law-abiding persons to become 'recipients'."

Aside from TraceTogether, the Singapore government utilizes an advanced digital check-in tool, SafeEntry, to facilitate its contact tracing efforts.

The system gathers visitors' very own data, either through QR codes or barcode scans whenever they enter a venue, like supermarkets and workplaces. Information gathered through SafeEntry is retained for 25 days, just like TraceTogether's data retention policy.

The TraceTogether app was updated just the previous week to incorporate the registration of passports numbers for travelers visiting Singapore and barcode scans to support SafeEntry.

The nation however has begun with easing the restrictions, initially set up to check the spread of the virus - in phases as more and more businesses wish to resume with their operations over the following month.

Israeli Security Company NSO Pretends to Be Facebook


As per several reports, Facebook was imitated by an Israeli security company that is known as the “NSO Group” to get the targets to install their “phone-hacking software”.

Per sources, a Facebook-like doppelganger domain was engineered to distribute the NSO’s “Pegasus” hacking contrivance. Allegedly, serves within the boundaries of the USA were employed for the spreading of it.

The Pegasus, as mentioned in reports, if installed once, can have access to text messages, device microphone, and camera as well as other user data on a device along with the GPS location tracking.

NSO has denied this but it still happens to be in a legal standoff with Facebook, which contends that NSO on purpose distributed its software on WhatsApp that led to the exploitation of countless devices. Another allegation on NSO is about having delivered the software to spy on journalist Jamal Khashoggi before his killing, to the government of Saudi Arabia, citing sources.

Facebook also claimed that NSO was also behind the operation of the spyware to which NSO appealed to the court to dismiss the case insisting that sovereign governments are the ones who use the spyware.

Per sources, NSO’s ex-employee, allegedly, furnished details of a sever which was fabricated to spread the spyware by deceiving targets into clicking on links. The server was connected with numerous internet addresses which happened to include the one that pretended to be Facebook’s. And Facebook had to buy it to stop the abuse of it.

As per reports, package tracking links from FedEx and other links for unsubscribing from emails were also employed on other such domains.

NSO still stand their ground about never using the software, themselves. In fact they are pretty proud of their contribution to fighting crime and terrorism, mention sources.

Security researchers say that it’s almost impossible for one of the servers to have helped in the distribution of the software to be within the borders of the USA. Additionally, reports mention, NSO maintains that its products could not be employed to conduct cyber-surveillance within the United States of America.

Facebook still holds that NSO is to blame for cyber-attacks. And NSO maintains that they don’t use their own software.

Facebook's Messenger''s Latest Update Supports 50 Participants In a Video Chat Room!


During these ungodly hours of the pandemic with everyone stuck at home and yearning for some one-on-one time with friends and family stuck elsewhere, Facebook has come through like a Knight in shining armor.

It has booted up Messenger and WhatsApp with fresh and much-needed video-calling features in light of the obvious hike in the “need” for video-calls via social media.

In the areas that are affected to the greatest degrees by Coronavirus, researchers have seen an acute escalation in the usage of Messenger and its video calling feature, as much as double the earlier rate.

With the latest WhatsApp update increasing the number of participants in its video/audio calls, Messenger has made available an update that could let users add up to 50 people in the Messenger Rooms.

Turns out that these fresh features were always on the list of updates but they were rolled out to the users a little earlier than planned because of the pandemic and lock-downs.

This update is scheduled to start reaching people soon and would eventually reach all the users but it is bound to take time.

Per sources, Facebook had been working towards preventing ‘unrequired’ and ‘unneeded’ guests from popping in the chats, as well.

There is no dearth of applications willing to help users get through these tough times by connecting virtually with their loved ones. Zoom, another app that has seen crazy growth in the number of its active users to an astonishing 300 Million.

Houseparty is another one that hit the download charts hard when the news of the lock-down first surfaced everywhere in March.

Much like in the formerly mentioned app, until the Messenger Room is ‘open’, guests can drop in and out per their wishes in the group video chats.


With a very thoughtful idea, Facebook had reportedly wanted to create a realistic atmosphere for the video chat users where people could “bump into each other”.

In fact, rumor has it that Facebook is planning to add the group video chat room feature to WhatsApp and Instagram as well but there is no evidence as to when.

The chat rooms that are open to the public shall be listed at the top of the feed. The person creating the chat room would have control over the privacy of the room, about sending the invitations to people who aren’t on Facebook, who gets added and blocking unwanted participants. Participants could also change their backgrounds in real time, mention sources.

Per reports, the feature was first tested in Argentina and Poland where Messenger is supposed to be used the most. The results showed that up to 20 participants could be added at once, but the number is would increase to 50 according to Facebook.

Having uninvited participants show up in their chat rooms has only caused inconvenience to the users especially in the case of Zoom. Facebook has definitely learned from that.

The chats wouldn’t be encrypted end-to-end at least at the beginning of the launching but it’s surely on the to-do list. Monitoring and listening in on the video calls, says Facebook, is absolutely out of question.

The tech giant has also promised that it will keep working towards making Facebook better in every way possible by collecting data from the users about the overall experience, mention sources.

Premium features are being made available for free by the Microsoft teams for some of their apps owing to the Coronavirus outbreak, per sources.

Per reports, usually, the most whopping product launches of Facebook are done via the blog post by Mark Zuckerberg which in this case was used to announce the Messenger Room’s latest update.

To know about the latest feature update of WhatsApp check out the following link:
WhatsApp's Latest Feature Lets You Add More People To Video Calls!

Facebook Makes Its Largest Bet on the Developing Market; Invests $5.7 Billion in Indian Internet Giant Jio


“The country is in the middle of a major digital transformation, and organizations like Jio have played a big part in getting hundreds of millions of Indian people and small businesses online. With communities around the world in lockdown, many of these entrepreneurs need digital tools they can rely on to find and communicate with customers and grow their businesses.”

This is what Mark Zuckerberg, the CEO of Facebook, said in a post to his Facebook page on the occasion of the social media giant making its biggest single investment by putting $5.7 billion into Jio Platforms of India on Tuesday.

Adding later on that the move indicates its 'commitment' to India, as approximately more than 388 million people in India have been in a solid connection with the internet service over the past four years via Jio.

While numerous businesses have been harmed by the aftermath from the Covid-19 pandemic, huge technology companies are positioned to profit over the long haul as more people resort to their services while keeping indoors.

Facebook is thusly making preparations to move ahead with vital and strategic investments at a very 'fragile' time in the global economy.

David Fischer, Facebook's chief revenue official, and Ajit Mohan, Facebook's managing director in India, in a blog-entry by-lined by the former said that “One focus of our collaboration with Jio will be creating new ways for people and businesses to operate more effectively in the growing digital economy. For instance, by bringing together JioMart, Jio’s small business initiative, with the power of WhatsApp, we can enable people to connect with businesses, shop, and ultimately purchase products in a seamless mobile experience.”

With more than 400 million Indian citizens utilizing WhatsApp and more than 300 million people utilizing the company's core social network, therefore Facebook sees a lot of chance with Jio.

Apart from this, last week India's Economic Times revealed that Facebook and Reliance were intending to use WhatsApp and Jio administrations to make a WeChat-style "super-app" for India.

Tencent's WeChat has enormous penetration in China, with in excess of a billion users and numerous independent businesses utilizing it for payments, promotion, and communication. Yet, it is to be noticed this isn't Facebook's first swoop into the Indian market.

Quite a long while ago, it attempted to offer free internet connectivity to Indian users in a program called Free Basics. Yet, that initiative hit a lot of obstacles until it was ultimately banned in the nation by the telecom regulator TRAI, in 2016.

What's more, is that the regulators concluded that businesses couldn't offer free internet services that supported only a few companies over the others. Facebook has been at a disagreement with the Indian government over WhatsApp for quite some time recently.

The government had demanded that WhatsApp change its encryption to trace messages back to their source, which WhatsApp refused to comply with. Simultaneously, regulators have over and over again thwarted WhatsApp's request to offer a payments service to its Indian users.

Here are some of the reaction tweets by people on the Jio-Facebook collab.







Is WhatsApp the new Coronavirus of Facebook?


The health officials and government authorities are trying their best to inform the public about the safety precautions amid the Coronavirus epidemic. But these health initiatives taken by the government and medical experts are constantly being threatened by one of the largest social media messaging platform. These messaging platforms are steadily spreading misinformation and fake remedies about the Coronavirus. Facebook-owned messaging platform WhatsApp has received harsh criticisms over its handling of the Coronavirus situation because of the spreading of fake news and misinformation using WhatsApp about the Coronavirus epidemic, which has caused more than 8000 death and affected more than 2,00,000 people across the globe.


WhatsApp users send messages that most of the time are inaccurate and lack any legitimacy, say the medical experts. The problem has now become so troublesome that global health organizations and world leaders have asked people to stop forwarding and sharing unverified claims about Coronavirus and its cures using WhatsApp. Irish president Leo Varadkar on twitter asked the people to avoid sharing unverified news in WhatsApp groups. According to him, the WhatsApp messages are frightening and ambiguous. People should only trust official information from health and government sectors, he says.

The misinformation shared on WhatsApp mostly comes from forwarded messages by a friend of a friend or supposedly a doctor. Not all messages are incorrect, for instance, washing your hand to stay safe. One of the most circulated false claims on WhatsApp is 'drinking warm water every 15 minutes will prevent you from Coronavirus.' Because WhatsApp messages have end-to-end encryption, health officials and the government can't trace the source of misinformation. Even WhatsApp can't trace the source of messages.

"It is clear ... that a lot of false information continues to appear in the public sphere. In particular, we need to understand better the risks related to communication on end-to-end encryption services," said Vice President Věra Jourová, Europen Commission, on Tuesday. He also surveys the alliance's work to stop misinformation. "There are over a dozen [local fact checkers] so far, and we want more to be able to do their important work so rumors are identified and countered," said Will Cathcart, the head of WhatsApp, on Wednesday in a tweet.

2 New Android Malwares on The Hunt to Gain Control of User’s Account



As per discoveries of competent security software two new Android malware is on the hunt to 'discreetly' access control of the victim's account so as to send different ill-intentioned content. The two malware together steal cookies collected by the browser as well as applications of famous social networking sites and accordingly making things easier for the thieves to do their job. 

While cookies are frequently perceived as quite harmless since they are characterized as small bits of data collected by websites to smoothly track user activity online with an end goal to create customized settings for them in the future however in a wring hands, they represent a serious security hazard. A grave security risk since, when websites store these cookies, they utilize a unique session ID that recognizes the user later on without having them to enter a password or login again. 

Once possessing a user's ID, swindlers can trick the websites into assuming that they are in fact the person in question and thusly take control of the latter's account. What's more, that is actually what these cookie thieves did, as described by computer security software major Kaspersky, creating Trojans with comparable coding constrained by a similar command and control (C&C) server. 

The primary Trojan obtains root rights on the victim's device, which permits the thieves to transfer Facebook's cookies to their own servers. Be that as it may, in many cases, just having the ID number isn't sufficient to assume control for another's account. A few sites have safety measures set up that forestalls suspicious log-in endeavors as well. 

Here is when the second Trojan comes in. This malignant application can run a proxy server on a victim's device to sidestep the security measures, obtaining access without raising any doubt. From that point onwards, the thieves can act as the 'person in question' and assume control for their social media accounts to circulate undesirable content. While a definitive aim of the cookie thieves remains rather obscure, a page revealed on the same C&C server could provide a clue: the page promotes services for distributing spam on social networks and messengers. 

In simpler words, the thieves might be looking for account access as an approach to dispatch widespread spam and phishing attacks. 

Malware analyst Igor Golovin says "By combining two attacks, the cookie thieves have discovered a way to gain control over their victims` account without arising suspicions. While this is a relatively new threat -- so far, only about 1,000 individuals have been targeted -- that number is growing and will most likely continue to do so, particularly since it`s so hard for websites to detect." 

He adds later "Even though we typically don`t pay attention to cookies when we`re surfing the web, they`re still another means of processing our personal information, and anytime data about us is collected online, we need to pay attention." 

According to Kaspersky experts all hope’s isn’t lost they made certain recommendations which might help a user to save themselves from becoming a victim of cookie theft : - 
  1. Block third-party cookie access on your phone`s web browser and only let your data be saved until you quit the browser
  2. Periodically clear your cookies
  3. Use a reliable security solution that includes a private browsing feature, which prevents websites from collecting information about your activity online.

A vulnerability that Allows Hackers to Hijack Facebook Accounts


A cybersecurity expert recently found a vulnerability in FB's "login with the Facebook feature." According to the expert, the vulnerability allows hackers to steal "Access Token," and the hacker can also hijack the victim's FB account. FB uses "OAuth 2.0" as a verification process that helps exchange FB tokens and also gives 3rd parties access permission. To know more about OAuth 2.0, the readers can find information on the internet.

The vulnerability exists in the "Login with Facebook" option that eventually lets hackers make a phony website which they used for exchanging Access Tokens for other applications that include Spotify, Netflix, Instagram, Tinder, Oculus, etc besides the hijacked FB profiles. Once the hacker succeeded in hijacking the targeted FB accounts using the Access Tokens, he had access to personal data that includes private messages, photos, videos, and also the account setup credentials.


According to Amol Baikar, an Indian cybersecurity expert who found this vulnerability in the first place, the FB flaw allows hackers to exploit user accounts that include Tinder, FB, Oculus, Spotify, Instagram, Netflix, etc. Meanwhile, along with this account hijack, the hacker can also get 3rd party access to the mentioned apps via "Login with Facebook option." Facebook first received this vulnerability in December 2019 and immediately issued a security fix. Along with this, the company Facebook also announced a $55,000 bounty upon finding the person responsible through the Bug Bounty Program. This is said to be the biggest bounty ever issued for a client suite hack vulnerability founded on Facebook.

Cybersecurity organization GBHackers have made the following observations regarding Facebook vulnerability: 

  1. All Fb apps and 3rd party apps login credentials (Access Token) could be exposed within a few seconds, at the same time. 
  2. The vulnerability allows the hacker to take over the Facebook account of the user. Moreover, the hacker can read, write, edit, and delete your data. 
  3. The hacker also has the option to modify your privacy settings in the FB account. 
  4. If a user visits the malicious website set up by the hackers, he/she can lose their 1st party Access Tokens. 
  5. The stolen 1st party Access Tokens never lapse. 
  6. The attacker has control over the hijacked Facebook account even after the user changes the login credentials.

Facebook Sues Data Analytics Firm for Improperly Harvesting User Data


On Thursday, Facebook filed a federal lawsuit in California Court against OneAudience, a New Jersey-based marketing firm mainly involved in data analytics. The social media giant claimed that the firm was paying app developers to secretly harvest its users' data by getting an infectious software SDK installed onto their apps. The SDK was planted in various gaming, shopping, and utility-type applications available to download from the Google Play Store, as per the court documents.

A software development kit also known as SDK is a downloadable collection of software development tools used for developing applications. It consists of the basic tools a developer would require to build a platform-specific app with ease and excellence. In other words, SDK basically enables the programming of mobile applications. However, these packages have their drawbacks too as they also contain tools like trackers and it collects information about devices and app usage to send it back to the SDK maker.

Facebook alleged in the lawsuit that OneAudience has blatantly misused the feature "login with Facebook" to acquire unauthorized access to sensitive user data without any permissions. OneAudience has also been accused of paying apps to gain access to users' Twitter and Google data when they log into the infected apps using their account info.

"With respect to Facebook, OneAudience used the malicious SDK – without authorization from Facebook – to access and obtain a user's name, email address, locale (i.e. the country that the user logged in from), time zone, Facebook ID, and, in limited instances, gender," Facebook remarked.

Earlier in November 2019, social media giants Twitter and Facebook told that OneAudience collected private user information and the incident left hundreds of users affected as their privacy was compromised when OneAudience illegally collected their names, email addresses, usernames, genders and latest posts through SDK.

While commenting on the matter, Jessica Romero, Director of Platform Enforcement and Litigation, said "Facebook's measures included disabling apps, sending the company a cease and desist letter, and requesting their participation in an audit, as required by our policies. OneAudience declined to cooperate."

"This is the latest in our efforts to protect people and increase accountability of those who abuse the technology industry and users," she further added.

Beware of Fake Videos on Facebook and WhatsApp!


Beware! People who have blind faith in the internet and tend to believe almost anything that they view or come across online, for there has surfaced a new medium for fearless dissemination of misinformation.

Fake news and modified pictures have already been wreaking havoc on social media and real lives of people for quite a long time now; leading to serious after-effects and reactions. Mob lynching, hate speeches and violent masses are few of the many upshots of such news and pictures.

At a time when the county was freshly getting used to fighting fake news and misinformation, a leading player joined the race, which goes by the name of “deepfake”.

Deppfake videos employ artificial intelligence to alter fake videos in such a way that they seem real to viewers. These videos are crafted with such ability that it becomes difficult for people to identify any possible lacunae.

These videos are so absolutely deceitful that the common person viewing them can’t remotely recognize or realize if, then what is wrong with them.

In latest times, the concept of morphed images is not new and hence people started to rely more on videos. But with deepfake, altering videos is possible too. In fact the operator could even manipulate actions and what is being said in the video.


Like every other fad that social media and its users accept with open arms, deepfake videos have a strong probability of making significant trouble on platforms like WhatsApp and Facebook to name a few.

Another issue with these videos is the resolution they are available in. Most videos that are found on Facebook or WhatsApp are quite low on quality and hence it becomes all the more challenging to identify their bogusness.

These days political or any other kind of speeches of influential personalities are circulated generously across all of social media. With threat actors like deepfake videos, the ordinary speeches could be malformed to enflame the masses.

Sources mention that genuine looking fake porn videos could also be circulated online via deepfake. Especially the porn clips that are recorded through spy cameras can be effortlessly manipulated into any sort of personal or professional hazard.

The extremely effective notion of targeted adverting refers to placing information according to the needs of the audience. Deepfake videos open new avenues for negative targeted advertising and people who are looking forward to creating unrest in otherwise peaceful situations.

These videos are outstandingly dangerous because along with being imperceptible as fake they also hold the capacity to instigate populaces for a cause that may not even exist.


Alert! The Days of WhatsApp Are Gone? Stronger Competitor In The Market!


Joy all around for the social media fanatics who had gotten quite bored of WhatsApp being their only source of incessant chatting provisions. And to those as well who felt unsafe because of the recent spyware that hit the beloved social media chat application.

The word around is that a recently surfaced social media chat application could give strong competition to the Facebook-owned social media service.

The users were already quite disconcerted about the recent cyber threat that hit WhatsApp and were in desperate need of any substitute to satisfy their daily social cravings.

The celebrated application goes by the name of “Signal”. Its unique characteristic is its keen focus on the privacy of the users.

Per sources, Signal has planned out to move towards the big market and go “main-stream”, owing it to the substantial monetary support it received from WhatsApp’s co-founder.

The financial backing is to facilitate “Signal” in getting better features and attracting the attention of people who are sort of done with using WhatsApp and are in want of other options, for whatever reasons.

Reports mention that the launcher of ‘Signal’ had continually been working on getting everyone access to encrypted communications without much fuss.

Now it finally is time for Signal to enter the world it was originally created for in the first place. It is a revolutionized effort at forming a more secure cyber-space for the people.

With key agendas like privacy and cyber-security being the central constituents of Signal, the application is sure to win a lot of hearts.

In recent times WhatsApp has been all over the place because of the alleged cyber threats, like spyware, it has been leaving its users open to. Because of which people’s trust over it has been withering gradually.

Per valid sources, Signal is special because it is encrypted from end-to-end. Its servers do not store any sort of “conversation metadata” on them. This especially was quite a hefty task for the developers to work their way around. They also had to work on enabling “group administration” to let people add and remove members without the servers’ knowledge. But they did it.

Hence, at a time like this, Signal is a very welcome blessing for social media fanatics who have become so used to social applications that they can’t imagine their lives without them.

Facebook Data Breach: API Security Risks


In the year 2018 Facebook disclosed a massive data breach due to which the company had to face a lawsuit along with allegations of not properly securing its user data. The breach directly affected the authentication tokens of nearly 30 million of its users which led to the filing of several class-action complaints in a San Francisco appeals court. In the wake of the incident, Facebook pledged to strengthen its security.

A feature, known as "View As" which was employed by developers to render user pages was exploited by hackers to get access to user tokens. The theft of these tokens is associated with the advancement of a major API security risk, it also indicates how API risks can go unnoticed for such a long time frame. The trends in digital up-gradation have further pushed the process of continuous integration and continuous delivery – CI/CD, which are closely related concepts but are sometimes used interchangeably. The main purpose of continuous delivery is to ensure that the deployment of a new code takes the least possible effort. It enables DevOps to maintain a constant flow of software updates to fasten release patterns and reduce the risks related to development.

Conventionally, developers used to work on the parts of an application– one at a time and then manually merge the codes. The process was isolated and time-consuming, it led to the duplication of code creation efforts. However, as the IT ecosystem went on embracing the new CI/CD model and effectively sped up the development process while ensuring early detection of bugs, almost all the security has been commercialized by ace infrastructure providers namely Microsoft and Amazon. The commodities offered include authorization, container protection and encryption of data. Similarly, security components of first-generation firewalls and gateways like the protection of denial-of-service (DDoS) attacks also constitute the infrastructure.

When it comes to navigating and communicating – especially through an unfamiliar space, APIs are a powerful tool with great flexibility in their framework. However, similar reasons also make APIs equally vulnerable also.

While giving insights into the major IT risk posed by APIs, Terry Ray, chief security officer for Imperva told, "APIs represent a mushrooming security risk because they expose multiple avenues for hackers to try to access a company's data."

"To close the door on security risks and protect their customers, companies need to treat APIs with the same level of protection that they provide for their business-critical web applications."

The API threat is basically rooted in its lack of visibility, Subra Kumaraswamy, the former head of product security at Apigee, an API security vendor owned by Google, while putting the risk into the perspective, told: "When you have visibility into your APIs throughout your organization, you can then put controls in place."

"You might decide that a certain API should only be exposed to in-house developers, not external, third-party ones. If you don't have visibility, you can't see who is accessing what."

While labeling the authorization and improper asset management as areas of key concern, Yalon told, “Authorization mechanisms are complex because they are not implemented in one place, but in many different components like configuration files, code, and API gateways."

“Even though this sometimes may look like simple housekeeping, having a very clear understanding of the APIs, with well-maintained inventory, and documentation (we whole-heartedly recommend Open API Specification) is very critical in the world of APIs,” he further said.

Facebook and Google- The Kingpins Who Generated Millions of Ad Revenue This Year!


This fiscal year has been quite a success for all the social media platforms in terms of online digital advertising revenue generation.

Digital advertising revenue is the income that businesses earn via displaying paid advertising advertisements on their social media platforms or websites.

Per sources, Facebook and Google rose big time on the online revenue charts of the year 2018-2019. Facebook gathered 2,233 and as compared to the Rs. 6389 crore of the last fiscal year, Google landed itself a sum of Rs. 9,203 crore in ad revenue.

According to reports the social media giant’s ad revenue partly builds up of the advertisement that Indians “spend” on trendy social applications like Messenger, Instagram, and other third-party affiliations and applications.

Per sources, over 4.39 billion people use the internet all over the world today. Digital advertising hence, is more than a fitting alternative for the online world. The field is growing at a flying rate. According to a major report, the expenditure of ads is likely to multiply exponentially in a couple of years.

Reports also say that Facebook and Google collectively have a share of 68 percent in India’s online advertising sphere. They also plan on expanding it, given the compelling competition from Amazon and other similar entities.

The Indian division of Facebook, Facebook Indian Online Service Pvt. Ltd., cites that it gives the ad inventory amount back to the main company, which adds somewhere up to Rs.1,960 crore in the latest fiscal year. The amount that contributed to the net revenue of this Indian division was Rs. 263 crore.

Per sources, Facebook’s revenue from online ad ventures had an overall rise of 71 percent this “year-on-year”, only to reach a glorious Rs. 892 crore in this fiscal year.

This made the profit for the social media colossus rise by 84 percent which amounts up to Rs. 105 crore, mentioned the reports.
Google India Pvt. on the other hand as per what the reports mentioned displayed Rs. 1, 097 crores as its “net sales” from online advertisements.

The overall revenue for this search engine master totaled Rs.4,147 crore which was half of what it acquired in the previous fiscal year. Nevertheless, its profit experienced a 16 percent hike equalling to Rs. 473 crore, sources indicated.

Deputy of the State Duma of the Russian Federation: it is necessary at the legislative level to protect the data of Russians on Facebook


Andrey Alshevskikh, the State Duma Deputy, said that the threat to the personal data of Russian users of the social network Facebook is real. The Deputy notes that it is necessary to take appropriate security measures at the legislative level.

The day before it became known that the hacker group OurMine hacked two official Facebook accounts on Twitter. On the night of February 8, an appeal appeared on these pages stating the vulnerability of Facebook to hacker attacks. It was also said about the weakness of the Twitter security system.

"As for Facebook, this is not the first case and, something tells me, not the last. It is necessary to deal with such cases in detail and take concrete steps at the legislative level, make amendments to existing laws, and adopt new ones to protect the data of Russian citizens," said the Deputy.

Alshevskikh recalled that the threat to the personal data of Russians who use Facebook was mentioned repeatedly. Therefore, a law was adopted providing for the storage of personal data of citizens of the Russian Federation in Russia, however, some companies do not want to comply with it.

"We need to force Facebook to comply with Russian law," said Alshevskikh. Recall that earlier Roskomnadzor started administrative proceedings against Facebook and Twitter, which did not provide a localization report at the indicated time. Refusal to localize, according to Russian law, faces a multimillion-rubles fine. In the case of the first violation, legal entities may be charged up to 6 million rubles ($94,000), in the case of a second violation - from 6 to 18 million rubles ($94,000-$282,000). Court hearings have already been scheduled and will take place on February 13 in a Moscow court.

Earlier, CEO of a detective agency and speaker on cyberattacks Vladimir Golovin recommended that those who are concerned about the safety of their personal data stop using Facebook.

CEO of a detective agency and speaker on cyber attacks: users should understand that Facebook is leaking their data


Numerous Facebook leaks in 2013 and 2016 put users in a position where they are not responsible for their security. This opinion was expressed by the General Director of the detective agency and speaker on cyber attacks Vladimir Golovin.

The Cybersecurity team at Check Point Research found out that Internet attacks were most often carried out on Internet users to obtain their personal data via Facebook for the last quarter of 2019. A social network is not able to protect its customers from online fraud.

Experts told about such a fraud scheme as "phishing", which consists of the theft of the username, password and other personal data. Hackers operate through social networks or other platforms where people leave information about themselves. As a result, it turned out that Facebook has become the leader among platforms that are hacked by scammers. The second line is occupied by the Yahoo service, and in third place is Netflix.

According to Golovin, when a user leaves their data somewhere, their security depends on him only by 50%.

"If you want to give your personal data, then use Facebook. If not, you don't need to use it at all," said the speaker.

According to him, today people have the wrong attitude to personal data, so it is worth starting the fight with this. Many people do not understand the danger they face when leaving personal information on unverified sources.

Golovin notes that Facebook continues to do the same, leaking user information.
"Therefore, in the field of information security and data storage, all these are political games," he concluded.

It is worth noting that, in addition to the constant leak of personal information, foreign sites continue to brazenly violate Russian laws by refusing to transfer servers with Russian data to the territory of the Russian Federation. Ruslan Ostashko, editor-in-chief of the online publication Politrussia, said that it is necessary to register the possibility of blocking the activities of Facebook and Twitter at the legislative level.

Clause Addition to the IT Act; Social Media Companies Now Responsible For All Nonuser Generated Content


A change brought in line with the changes in the US and Europe, the Indian government has recently added a clause to the proposed IT intermediary guidelines, making social media companies responsible for all nonuser produced content including supported content, distributed on their platforms. 

The change is expected to impact some extremely popular social media platforms, like Twitter, TikTok, YouTube, Instagram as well as Facebook. 

When the amended guidelines are made public, social media organizations will be required to accordingly and appropriately tag and identify all sponsored content published on their platforms and alongside it, draft standards, which are 'under consideration' of the law ministry, are expected to be notified in about a few weeks according to a senior government official “We have had a few rounds of discussions with the law ministry. 

These guidelines should be notified by February-end, the start of March.” Section 79-II of the Information Technology Act, 2000, right now absolves online intermediaries from obligation for any third party substance shared on their platform. In any case, with the new clause, the Act will give "safe harbor protection" to intermediaries, inasmuch as they just assume the job of a facilitator and not maker or modifier, in any way of the content posted.


What expedited the change was an issue that occurred in the previous year a disagreement regarding content between social media platform TikTok and Twitter-sponsored ShareChat where the latter had to bring down more than 100 videos from its platform. 

Right now, platforms like Facebook, Twitter and Instagram have certain features and tags through which ads and paid partnerships are displayed. Yet, publicists and advertisers state brands would rather push content through influencers to make it look increasingly organic. 

There is likewise no compulsion or onus on the influencers to highlight that the products and content they are supporting are paid for. 

However, Government authorities said such content, produced by influencers without the contribution of the social media platforms, may in any case not be secured by the most recent clause. This clause will relate to just such non-user produced content in which the platform is in some way involved.

Facebook to give $550 Million as a Settlement in a Lawsuit


Social Media giant Facebook is to pay an amount of $550 million as a settlement in what appears to be another series of lawsuits, and this time, it is a Facial Recognition issue. The lawsuit is not good for the brand perception of Facebook as it puts further questions to the credibility of the privacy laws of the social networking site.


"Facebook has agreed to pay a settlement of $550 million related to a claim filed for FB's facial recognition technique," said Facebook this Wednesday. The incident that appeared in Illinois is said to be a great triumph for privacy organizations as it raises the question of privacy laws of the company Facebook which is already among the controversies of data laws. The issue emerged from FB's image labeling technique named 'Tag Suggestions,' which uses facial recognition techniques to suggest the name of users present in the photo.

The company that has filed lawsuit accused Facebook of collecting the facial data of the company's employees that violate Ilionis Biometric Privacy law. It accuses Fb of storing data of millions of users for Tag suggestions without the knowledge of the company's employees and also without them knowing how long the data will be kept. Facebook has dismissed the allegations saying it has no basis of proof. As per the settlement, FB has to pay $550 Million as legal fees to the affected users of the Illinois company. This payment even surpasses the $380 Million amount that the reporting agency 'Equifax' had agreed to pay for the settlement of a 2017 consumer data breach incident.

"Facebook agreed to settle the case by giving back what was rightful to the community and in the goodwill of public interest, as it affects our stakeholders," says FB's spokesperson. "The settlement highlighted the importance of user privacy and security," says lawyer Joey Edelson, whose firm addressed the issue on behalf of the affected users of Facial Recognition suit. He further says, "people worried about issues related to gun rights concerning women safety or people who like to participate in societal issues by not disclosing their identity hold the same importance and we should respect their privacy."

Simple Tips to Prevent your WhatsApp Account from Hackers


WhatsApp (now owned by Facebook), a popular social networking app, as we all know, is very easy to setup. But this simple process also opens your account to some vulnerabilities and threats, if you are not cautious while setting your WhatsApp account. Luckily, there exists an extra defense line to ensure the safety of your account, if your 6 digit activation code is hacked.


However, as noticed in the recent hacking incident against Amazon's CEO Jeff Bezos, it was observed that these security measures aren't enough to provide security. But it will somehow provide you an extra safety mechanism if, by any chance, the hacker gets your 6 digit security code. How to ensure the safety of your Whatsapp account? In normal circumstances, getting back to your hacked Whatsapp account is very simple: open the app, and while logging in, the app will send you another 6 digit code.

But the problem arises when the hacker, once having the hold of your account, intentionally puts up wrong verification codes to prevent further login into your account for up to 12 hours. The worst-case scenario arises when the user has not set up the 2 step authentication process, which permits the hacker to use a security pin of their own, restricting the user access to his Whatsapp account for a total duration of 7 days.

Therefore, it is always important to follow 2 basic rules:
  1. Don't disclose your 6 digit verification code- it doesn't matter if it's your parents, family, or friends. No one ever has a genuine intention to ask your Whatsapp code sent over the SMS, so never consider disclosing the details. 
  2. Set up a 2 step verification process- if in case, your account gets hacked by some reason, 2 step security pin ensures that only the user has the access to the Whatsapp account. 
How to set up the security pin-
  • Open Whatsapp and go to the settings option. 
  • Select account and hit 2 step verification. 
  • Setup your 6 digit security pin. 
  • You will be asked this every time you install your WhatsApp. You can also add your e-mail address as a backup if you ever lose your pin.

Facebook Code Update Gone Wrong Exposes Anonymous Admins



Recently Facebook encountered quite a bug crisis, as a bad code update going live on the night of 10th January apparently prompted the exposure of the mysterious anonymous of admins and many known personalities for a few hours.

All it took to exploit' the bug was opening a target page and checking specifically the edit history of a post and Facebook erroneously showed the account or accounts that made those edits to each post, as opposed to simply displaying the edits themselves.

In spite of the fact that Facebook immediately pushed a fix for this flaw, yet it wasn't quick than the word that had already got around on message boards like 4chan, where users posted screen captures that 'doxed' the accounts behind prominent and rather well-known pages.

Saying that it was the aftereffect of a code update, the social media giant, exposed the accounts behind the official Facebook Pages of the 'pseudonymous' artist Banksy, Russian President Vladimir Putin, former US secretary of state Hillary Clinton, Canadian Prime Minister Justin Trudeau alongside the Climate activist Greta Thunberg, and rapper Snoop Dogg, among others.

No data past a name and public profile link was accessible; however, for those admins running anti-regime pages under 'a repressive government', even this much public exposure is also extremely alarming.

After a series of privacy and security indiscretions, Facebook has concentrated explicitly on building out its protections and has additionally been relentlessly growing its bug bounty, which has encouraged researchers, just like the person who discovered the edit history bug, to submit security flaw for potential rewards in the future.

As ambitious upgrades like these require some serious effort and time and no absolutely no amount of added security can change the major risks that go with amassing the information of 2.5 billion individuals.

Lukasz Olejnik, an independent privacy adviser and research associate at Oxford University's Center for Technology and Global Affairs says, "For sensitive pages, I would not rule out that some people may be feeling that they are in danger due to what happened today, using fake accounts to run pages would have been a good idea. Some could see it as a paranoid way of hiding, but it's not."

Further adding, "People who run sensitive Pages from their own Facebook should now consider that their identity may be known, while mistakes happen, this one is unexpected."


Data Privacy on Alert; Facebook, Whatsapp and Others Fear The Personal Data Protection Bill?


The latest amendments in the “personal data protection bill” of India could make Facebook and other data consuming platforms lose sleep over enhanced government powers.

On Tuesday, the Personal Data Protection Bill was passed around in the parliament which could have strong consequences on the way the organizations store, process and use public data.

The newest addition to the bill is the stipulation that endows the Indian government to demand from a company the “anonymized” personal and non-personal data for better government services.

Per the bill, any information that could aid in identifying a person and possesses characteristics, traits or any attributes of a person’s identity could be defined as “personal data” and the rest as non-personal.

For the leading tech-organizations, personal or non-personal, the data is valuable. And these new provisions brought out by the bill are issues of major concern.

Reportedly, an official strongly taking the government’s stand mentioned that the “personal data” is as valuable to the society as it is to the tech-companies.

They also mentioned something along the lines of making use of data from cab organizations like “Uber” to comprehend the limitations of Indian public transport and what could be done for its betterment.


There is no specific mention as to what the data shall come in exchange for or any other ensuing rules as to the processes regarding it.

Per the bill, personal data such as biometric details and financial data could be transferred beyond the boundaries of India for processing purposes but must be stored locally.

Allegedly, the media platforms in question could also need to provide a structured procedure for users to “prove their identities” and “display a verification sign publicly”. This could cause major companies to face major technical issues.

Dreading the possibility of furthered compliance costs, the countries across the globe have been pushing their agencies to go against such rules.

Per reports, these fresh exceptions that the bill makes available for the government could be alarming for India’s privacy situation which isn’t as strong as all that.

The bill that shall soon be presented in the parliament will definitely not be passed in this session and only after further voting and discussion should any results be declared.