$275M Fine for Meta After Facebook Data Scrape
Following the discovery of a data set of Facebook user personal data available on the Internet, the European Union’s Data Protection Commission (DPC) has found Meta Platforms Ireland Ltd. (MPIL) in violation of General Data Protection Regulation rules, fining the platform $275 million (€265 million), and requiring the company to make cybersecurity changes. The breached…
Facebook gets round tracking privacy measure by encrypting links
A form of individual tracking specific to your web browser is at the heart of a currently contested privacy battle, and one which Facebook has just got the upper hand to. This type of tracking involves adding additional parameters to the URLs that you click on a daily basis. When you click one of these…
Hackers fool major tech companies into handing over data of women and minors to abuse
Some major tech companies have unwittingly opened harassment and exploitation opportunities to the women and children who they have pledged to protect. This happened because they provided information in response to emergency data requests from legitimate law enforcement accounts that hackers had compromised. This finding came from four federal law enforcement agencies and a couple…
Russia Blocks Access to Facebook Over War
The agency, Roskomnadzor, said Friday it decided to cut access to Facebook over its alleged “discrimination” of the Russian media and state information resources. It said the restrictions introduced by Facebook owner Meta on the RT and other state-controlled media violate the Russian law. A week ago, the watchdog announced “partial restrictions” on access to…
Facebook Will Reward Researchers for Reporting Scraping Bugs
As part of its bug bounty program, the company will pay monetary rewards to security researchers who discover flaws that allow attackers to bypass existing scraping limitations and gain access to data at scale. Scrapers – including malicious apps, scripts, and websites – constantly adapt to evade detection, and Facebook says it is seeking ways…
Facebook, Twitter Take Down More State-Linked Accounts
Facebook removed over 800 accounts, pages and groups from the social media platform for engaging in what the company calls coordinated inauthentic behavior. Other accounts were taken down for brigading and mass reporting. The largest number of removed Facebook accounts, pages, and groups (548 in total, alongside 86 Instagram accounts) were associated with a network…
SideCopy APT: Connecting lures to victims, payloads to infrastructure
Last week, Facebook announced that back in August it had taken action against a Pakistani APT group known as SideCopy. Facebook describes how the threat actors used romantic lures to compromise targets in Afghanistan. In this blog post we are providing additional details about SideCopy that have not been published before. We were able to…
Facebook to Shut Down Face-Recognition System, Delete Data
“This change will represent one of the largest shifts in facial recognition usage in the technology’s history,” Jerome Pesenti, vice president of artificial intelligence for Facebook’s new parent company, Meta, wrote in a blog post on Tuesday. “Its removal will result in the deletion of more than a billion people’s individual facial recognition templates.” He…
Facebook Sues Ukrainian for Scraping, Selling Data of 178 Million Users
The defendant is Alexander Alexandrovich Solonchenko, whom Facebook says used the online monikers “Solomame” and “barak_obama” on the RaidForums hacker forum, where he allegedly sold illegally obtained information. According to the social media giant, Solonchenko, who worked as a freelance computer programmer, abused its Contact Importer tool to scrape the user IDs and phone numbers…
Facebook Introduces New Tool for Finding SSRF Vulnerabilities
According to the definition provided by OWASP, a SSRF attack enables an attacker to abuse a server’s functionality to read or update internal resources. “The attacker can supply or modify a URL which the code running on the server will read or submit data to, and by carefully selecting the URLs, the attacker may be…
