Facebook

Pierluigi Paganini November 06, 2024
South Korea fined Meta $15.67M for illegally collecting and sharing Facebook users

South Korea fined Meta $15.67M for illegally collecting and sharing Facebook users’ sensitive data, including political views and sexual orientation, with advertisers. South Korea’s data privacy watchdog, Personal Information Protection Commission (PIPC), fined Meta 21.62 billion won ($15.67 million) for illegally collecting sensitive personal information from Facebook users, including data about their political views and […]

Pierluigi Paganini March 04, 2024
META hit with privacy complaints by EU consumer groups

This is my interview with TRT International on the Meta dispute with EU consumer groups, which are calling on the bloc to sanction the company EU consumer groups are calling on the bloc to sanction the company Meta – which owns Facebook, Instagram and WhatsApp – for allegedly breaching privacy rules. Earlier this week, Meta […]

Pierluigi Paganini February 29, 2024
Researchers found a zero-click Facebook account takeover

A critical vulnerability in Facebook could have allowed threat actors to hijack any Facebook account, researcher warns. Meta addressed a critical Facebook vulnerability that could have allowed attackers to take control of any account. The Nepalese researcher Samip Aryal described the flaw as a rate-limiting issue in a specific endpoint of Facebook’s password reset flow. […]

Pierluigi Paganini October 21, 2023
A threat actor is selling access to Facebook and Instagram’s Police Portal

A threat actor is selling access to Facebook and Instagram’s Police Portal used by law enforcement agencies to request data relating to users under investigation. Cyber security researcher Alon Gal, co-founder & CTO of Hudson Rock, first reported that a threat actor is selling access to Facebook and Instagram’s Police Portal. The portal allows law […]

Pierluigi Paganini August 02, 2023
Zero-day in Salesforce email services exploited in targeted Facebook phishing campaign

Experts spotted a spear-phishing Facebook campaign exploiting a zero-day vulnerability in Salesforce email services. Researchers from Guardio Labs uncovered a sophisticated phishing campaign exploiting a zero-day vulnerability in Salesforce email services and SMTP servers. The phishing campaigns are able to evade conventional detection methods by chaining the Salesforce vulnerability and legacy quirks in Facebook’s web […]

Pierluigi Paganini May 04, 2023
Facebook warns of a new information-stealing malware dubbed NodeStealer

Facebook discovered a new information-stealing malware, dubbed ‘NodeStealer,’ that is being distributed on Meta. NodeStealer is a new information-stealing malware distributed on Meta that allows stealing browser cookies to hijack accounts on multiple platforms, including Facebook, Gmail, and Outlook. The malware was first spotted in late January 2023 while targeting the browsers of Windows systems. It […]

Pierluigi Paganini May 03, 2023
Hackers are taking advantage of the interest in generative AI to install Malware

Threat actors are using the promise of generative AI like ChatGPT to deliver malware, Facebook parent Meta warned. Threat actors are taking advantage of the huge interest in generative AI like ChatGPT to trick victims into installing malware, Meta warns. The hackers attempt to trick victims into installing malicious apps and browser extensions on their […]

Pierluigi Paganini March 22, 2023
Rogue ChatGPT extension FakeGPT hijacked Facebook accounts

A tainted version of the legitimate ChatGPT extension for Chrome, designed to steal Facebook accounts, has thousands of downloads. Guardio’s security team uncovered a new variant of a malicious Chat-GPT Chrome Extension that was already downloaded by thousands a day. The version employed in a recent campaign is based on a legitimate open-source project, threat […]

Pierluigi Paganini January 30, 2023
Researcher received a $27,000 bounty for 2FA bypass bug in Facebook and Instagram

A researcher disclosed technical details of a two-factor authentication bypass vulnerability affecting Instagram and Facebook. The researcher Gtm Manoz received a $27,000 bug bounty for having reported a two-factor authentication bypass vulnerability affecting Instagram and Facebook. The flaw resides in a component used by the parent company Meta for confirming a phone number and email […]

Pierluigi Paganini January 24, 2023
Meta Platforms expands features for EE2E on Messenger App

Meta Platforms announced the implementation of more features into its end-to-end encrypted Messanger App. Meta Platforms started gradually expanding testing default end-to-end encryption for Messenger. The company announced that over the next few months, its users will continue to see some of their chats gradually being upgraded with end-to-end encryption.  “We will notify people in […]