Search This Blog

Showing posts with label Meta. Show all posts

Tax Preparation Websites are Suing Meta for Gathering Financial Data

 


Several anonymous plaintiffs have filed legal claims against Meta after they filed their taxes online using H&R Block in 2020. They allege that the company has violated their privacy and trust. H&R Block, among other tax-filing websites such as TaxAct and TaxSlayer, had been utilizing Meta's Pixel tracking system to collect sensitive financial information from users through web forms on their websites. In a recent Markup investigation, it was also revealed that Meta was storing users' sensitive financial information. 

Using Pixel, a company can track visitors' activities on its websites. This allows them to target ads to Facebook and Instagram users that they would like to advertise to. According to the investigation, the tax preparation websites mentioned above apparently transmitted confidential data such as income, filing statuses, refund amounts, and dependents' tuition grants to Meta by using that code. 

In Markup's report, it was revealed that many of the tax-filing services had already changed their Pixel settings so that they would stop sending information or were re-evaluating how they used Pixel before Markup's investigation. 

When the news of the data breaches first broke, Meta sent a statement to Engadget. This statement stated that advertiser is not allowed to share private information with third parties. According to the company, it is dependent on an automated system that is capable of filtering out sensitive content sent via Pixel. There is no dispute that Meta requires businesses that use Pixel to have a lawful right to collect, use, and share user data to exchange information with them in their complaint (PDF, courtesy of The Markup) before they can provide the company with any information about their users. Despite this, the plaintiffs contend that Meta does not make any efforts to enforce that rule and is relying on a "broken honor system," which has led to repeated violations of this rule. 

According to Marshal Hoda, a member of the legal team that will be representing the plaintiffs in their case. Users' sensitive financial information was passed on by Meta without their consent. In addition, Meta failed to protect the privacy of its users. As Hoda pointed out, there are some sacred kinds of information. 

The Markup reports that the lawsuit seeks to establish class-action status for people who used the tax preparation services detailed in the publication's report. It also seeks compensation for those people. In this case, however, the services were not named defendants in the lawsuit.

Meta Penalized 276 Million by Ireland Under EU Laws

According to Meta's handling of sensitive user data, the Irish Data Protection Commission has fined the company $276 million. 

The European Union's primary privacy watchdog, Meta, is the most recent example of how regional authorities are growing more active in their enforcement of the bloc's privacy regulations against major internet corporations.

Insiders discovered the exposed data, which contained the full names, contact information, addresses, and dates of birth of users on the platform between 2018 and 2019. At the time, Meta said that the information was taken by a malicious party using a flaw that the firm addressed in 2019 and that it was the same information used in a prior leak that Motherboard had discovered in January 2021.

The DPC has fined Meta three times already this year. In connection with a slew of 2018 data breaches that compromised the personal information of as many as 30 million Facebook users, the DPC penalized Meta $18.6 million USD in March for poor record-keeping.

In a privacy issue, Meta and its affiliates, including WhatsApp and Instagram, have now been punished by Ireland three times in the last 15 months, reaching more than $900 million in monetary penalties. The other concerns include WhatsApp's transparency on how it manages user data and Instagram's management of children's data. Meta is contesting those judgments.

A representative for Meta stated that the business will reconsider the choice. Meta representative remarked, "Unauthorized data scraping is unacceptable and against our standards.

According to Ireland's privacy regulator, there are dozens more complaints involving numerous major tech corporations that are still pending. Based on the corporations and EU officials, tech companies are currently in discussions with the European Commission, the EU's executive body, to identify which parts of each new law will apply to the particular services they provide. Beginning in the middle of next year, certain parts of the new laws will be put into effect.


Report: Tax Preparation Software Returned Personal Consumer Data to Meta and Google

 

As per The Markup, popular tax preparation software such as TaxAct, TaxSlayer, and H&R Block sent sensitive financial information to Facebook's parent company Meta via its widely used code known as a pixel, which helps developers track user activity on their sites. 

In accordance with a report published on Tuesday by The Verge, Meta pixel trackers in the software sent information such as names, email addresses, income information, and refund amounts to Meta, violating its policies. The Markup also discovered that TaxAct sent similar financial data to Google via its analytics tool, though the data did not include names.

According to CNBC, Meta employs tiny pixels that publishers and businesses embed on their websites. When you visit, the dots send a message back to Facebook. It also enables businesses to target advertisements to people based on previous websites they have visited.

Based on the report, Facebook could use data from tax websites to power its advertising algorithms even if the person using the tax service does not have a Facebook account. It's yet another example of how Facebook's tools can be utilized to track people across the internet, even if users are unaware of it. According to some statements provided to The Markup, it could have been a mistake.

Ramsey Solutions, a financial advice and software company that uses TaxSlayer, told The Markup that it "NOT KNEW and was never alerted that personal tax information was being gathered by Facebook from the Pixel," and that the company informed TaxSlayer to deactivate the Pixel tracking from SmartTax.

An H&R Block spokesperson said the company takes “protecting our clients’ privacy very seriously, and we are taking steps to mitigate the sharing of client information via pixels.” 

H&R Block further stated in a statement on Wednesday that it had "removed the pixels from its DIY online product to stop any client tax information from being collected."

The Markup discovered the data trail earlier this year while working with Mozilla Rally on a project called "Pixel Hunt," in which participants installed a browser extension that sent the group a copy of data shared with Meta via its pixel.

“Advertisers should not send sensitive information about people through our Business Tools,” a Meta spokesperson told CNBC in a statement. “Doing so is against our policies and we educate advertisers on properly setting up Business tools to prevent this from occurring. Our system is designed to filter out potentially sensitive data it is able to detect.”

Meta considers potentially sensitive data to contain information about income, loan amounts, and debt status.

“Any data in Google Analytics is obfuscated, meaning it is not tied back to an individual and our policies prohibit customers from sending us data that could be used to identify a user,” a Google spokesperson told CNBC. “Additionally, Google has strict policies against advertising to people based on sensitive information.”

A TaxAct spokesperson said in a statement, “The privacy of our customers is very important to all of us at TaxAct, and we continue to comply with all laws and IRS regulations. Data provided to Facebook is used at an aggregate level, not the individual level, by TaxAct to analyze our advertising effectiveness. TaxAct is not using the information provided by its customers and referenced in the report issued by The Markup to target advertising with Facebook.”

A TaxSlayer representative did not immediately respond to CNBC's request for comment.

Another Health Entity Reports Breach Linked to Meta Pixel Use


About the Breach

Another healthcare enterprise is treating its earlier use of FB's Pixel website tracking code in patient portals for a data breach requiring regulatory notification. WakeMed Health and Hospitals from North Korea informed the Department of Health and Human Services on 14 October of an unauthorized access/leak compromise impacting around 500,000 individuals. 

The entity's compromise notification statement said "select data"- it includes email addresses, novel coronavirus vaccine status and appointment info, and phone numbers- may have been sent to Facebook parent Meta via its deployment tracking number code. 

Breached Information

Impacted information didn't consist of Social Security numbers or other financial info, except when the info was put into a free text box by the user. As per WakeMed, it started using Pixel in 2018 and stopped its use after May. 

"WakeMed is a co-defendant in at least one proposed class action lawsuit filed in a North Carolina federal court involving its use of Pixel. That lawsuit, filed against Meta Platforms, WakeMed, and Duke University Health System on Sept. 1, alleges the medical systems violated medical privacy by the use of Pixel in the websites and patient portals. Neither WakeMed, Duke University Health nor Meta responds to Information Security Media Group's request for comment.," reports Bank Info Security.

Similar Compromise

WakeMed while reporting itself to the HHS' Office for Civil Rights for a data compromise by web tracking tech, joined another big healthcare entity in wanting to be proactive with regulators. Midwest Health System "Advocate Aurora Health" reported in October its usage of Pixel as a data breach impacting 3 million individuals. 

FB Pixel and likewise tracking tools are being scrutinized by privacy advocates, lawmakers, and class action attorneys who gave risen concerns over health data privacy in the wake of the Supreme Court's June decision changing the right to an abortion nationwide. 

The tracking pixels, if used in the manner intended, can gather and send considerable information about the user. 

In the case of a patient portal, it can include sensitive health info entered and viewed by patients that in the end get transferred to third parties. Consumer activity tracking used for marketing is not a right fit for the health sector. 

Lawmakers have contacted Meta CEO Mark Zuckerberg and expressed concern over the company's ability to get across its website tracking tools sensitive health information, which includes medial conditions, treating physician names, and appointment dates. 

BankInfo Security said, "Meta also faces at least four other proposed class action lawsuits about to be consolidated in the Northern District of California related to its use of Pixel and the privacy of health data."


Metaverse Opens Up New World of Cybercrime, Says Interpol

 

Global police agency, Interpol says that it is preparing for the risks that online immersive environments, the “metaverse" could create in form of new kinds of cybercrime while bolstering the already existing forms of cybercrime. 
 
Countries that are a member of Interpol have since been raising concerns on how to prepare for potential metaverse crime. Interpol's executive director for technology and innovation, Madan Oberoi told Reuters that, “some of the crimes may be new to this medium, some of the existing crimes will be enabled by the medium and taken to a new level." 
 
According to Oberoi, augmented reality and virtual reality could affect how phishing and scams operate. Additionally, he stated that concerns over child safety were also present.  
 
Virtual reality, as per Oberoi could aid crime in the physical world, “If terror group wants to attack a physical space they may use this space to plan and simulate and launch their exercises before attacking” he added.  
 
Earlier this October, Europol, the European Union’s law enforcement agency stated in a report that threat groups in the future may use virtual worlds for propaganda, recruitment, and training. The report added that users may as well create virtual worlds with “extremist rules.” 
 
According to Europol, if the metaverse environment detects users' interactions on a blockchain, “this might make it possible to follow everything someone does based on one interaction with them- providing valuable information for stalkers or extortionists.” 
 
Since 2021, Metaverse has been a tech buzzword, with company giants and investors claiming that the virtual world environments will advance in popularity, marking a new stage in the internet’s development. Marking its shift towards the idea, Facebook, in October 2021 announced renaming the giant to “Meta.” 
 
But thus far, there are few indications that this vision will come true. As the stock price of Meta fell on Thursday, investors expressed skepticism about making bets in the metaverse. 
 
Sales of blockchain-based assets, that represent virtual land and other digital possessions have also witnessed a plunge after a period of frenetic growth last year.

Pavel Durov: Users Must Cease Using WhatsApp Since it's a Spying Tool

WhatsApp is among the most popular messaging apps in the world. It was first launched in January 2009 and since then evolved to include audio and video calls, emojis, and WhatsApp Payments. However, criticism has also surrounded the well-known messaging app due to claims about privacy and security issues. 

Recently, WhatsApp disclosed a security flaw affecting its Android app that was deemed critical. Pavel Durov, the creator of Telegram, pokes fun at WhatsApp and advises users to avoid it. 

Hackers could have complete access to all aspects of WhatsApp users' phones, according to Telegram founder Pavel Durov. Additionally, he asserted that WhatsApp has been monitoring user data for the past 13 years while claiming that WhatsApp's security flaws were planned purposely.

Durov outlined Telegram's security and privacy characteristics by saying, "I'm not trying to convince anyone to use Telegram here. There is no need to promote Telegram more." He claimed that Telegram's instant messaging software prioritizes privacy. With more than 700 million active users as of right now, the app is apparently growing steadily, adding over 2 million new users every day.

Regarding security and privacy, WhatsApp states that all texts, chats, and video calls are provided with end-to-end encryption. However, the program has frequently experienced bugs and security problems, which have sparked concerns about its privacy.

In terms of private chats and user data, WhatsApp already has a complicated and distorted past. People have been worried about Facebook's handling of users' personal data ever since it purchased Meta in 2014. For revealing user data not just with governmental organizations but also with private parties, Meta has been criticized for a considerable time.

The rise in popularity of Telegram and Signal and other instant messaging services with a security and privacy focus can be attributed to this.

According to a recent report from Meta, WhatsApp users are susceptible to hacking due to a flaw in the way videos are downloaded and played back. If this flaw is exploited, hackers would have complete access to virtually everything on the phone of the WhatsApp user. Along with users' emails and pictures, this also contains other correspondence, such as SMS messages from various banks and app data from one's banking and payment apps.




Meta: Users Warned Against Android, iOS Apps That Are Stealing Facebook Passwords

As per the report published by Facebook parent Meta on Thursday, as many as a million Facebook users have been warned of the seemingly malicious application, they may have been exposed to. The Android and iOS malware is designed to steal passwords from social networking sites. 
 
This year so far, Meta has detected more than 400 fraudulent applications, and structures for Apple or Android-powered smartphones. The malicious apps are apparently made available at the Play Store and App Store, says director of threat disruption, David Agranovich during a briefing. 
 
"These apps were listed on the Google Play Store and Apple's App Store and disguised as photo editors, games, VPN services, business apps, and other utilities to trick people into downloading them," states Meta in a Blog post.  
 
Reportedly, the fraudulent apps ask Facebook users to log in with their account information, enticing them with certain promising features. Ultimately, stealing user passwords and other credentials, if entered.  
 
"They are just trying to trick people into entering in their login information in a way that enables hackers to access their accounts [..] We will notify one million users that they may have been exposed to these applications; that is not to say they have been compromised," mentions Agranovich. 
 
With regard to these activities, Meta stated that it has shared information about the malicious apps with both Apple and Google, which controls the activities of their respective app shops.  
 
Considering this, Google said that most of the malicious apps mentioned by Meta have already been identified and removed from its Play Store by its vetting systems.  
 
"All of the apps identified in the report are no longer available on Google Play," a spokesperson told AFP. "Users are also protected by Google Play Protect, which blocks these apps on Android." 
 
On the other hand, Apple has yet not responded to questions about whether it took any action against the aforementioned apps. In the blog post, Meta also alerts internet users about certain activities they may unknowingly perform, that could leverage the threat actor.  
 
"We are also alerting people who may have unknowingly self-compromised their accounts by downloading these apps and sharing their credentials, and are helping them to secure their accounts," the blog post notes.

Data of 1.3M Patients of Novant Health was Leaked on Meta


More than 1.3 million users have received notices from healthcare provider Novant Health that their private health data (PHI) had unintentionally been leaked to Facebook parent firm Meta.

Facebook marketers can add JavaScript a monitoring script known as Meta Pixel to their website to monitor the effectiveness of their advertising. Unauthorized patient records access and disclosure started in May 2020, when Novant launched Facebook ad-based marketing campaigns to promote the COVID-19 vaccine.

The company said that Novant Health was employing a misaligned pixel on both its website as well as the Novant Health MyChart patient interface and the pixel carried code that allowed businesses to track website activity.

The healthcare company placed the Meta Pixel code on its website to track these advertisements and evaluate their effectiveness.

After a reporter contacted and questioned about the use of MetaPixel, the pixel was introduced to the portals in May 2020 and disabled in May 2022, after Novant Health learned of the potential data exposure.

Depending on a user's activity on the Novant Health website and MyChart interface, it was possible PHI would have been shared to Meta, Novant Health decided in June 2022.

Email addresses, phone numbers, computer IP addresses, contact information patients entered into Advanced Care Planning or Emergency Contacts, appointment information, the doctor they chose, and data like button/menu selections and or content typed into free text boxes were all potentially impacted information.

64 healthcare service providers in the United States use the MyChart portal, which enables their users to schedule medical appointments, ask for prescription refills, get in touch with their clinicians, and more.

Unfortunately, this means that due to the tracker's improper setting, even people who haven't actually used Novant's services may nonetheless have been exposed.

"Advertisers shouldn't send private data about individuals through our business tools. This is against our policies, and to avoid it from happening, we instruct advertising on how to set up business tools correctly. Our technology is built to weed out any potentially sensitive information it can find. We'll keep trying to get in touch with Novant," a Meta spokeswoman stated.

Only those who received notices may consider themselves victims of a breach, according to the company, which claims it has identified the affected persons following a thorough investigation that was finished on June 17, 2022. Novant claimed that it's not aware of any "improper or attempted use" of the information by Meta or any other third party. 

Bitter APT and Transparent Tribe Campaigns on Social Media

 

Facebook's parent company, Meta, has recently shut down two cyberespionage efforts on its social networking networks. Bitter APT and Transparent Tribe threat groups were behind these campaigns. Both groups have been based in South Asia.

About Bitter APT:

The first group discovered was Bitter APT or T-APT-17, which targeted firms in the government, engineering, and energy industries. The group used social engineering against targets in India, the United Kingdom, New Zealand, and Pakistan.

To install malware on target devices, it exploited a combination of hijacked websites, URL shortening services, and third-party file hosting companies. To interact with and fool their victims, the hackers impersonated activists, journalists, and young women. Bitter also utilised Dracarys, a new Android malware that exploits accessibility services.

Transparent Tribe

Transparent Tribe, also known as APT36, is less complex than Bitter APT. It employs social engineering techniques as well as widely available malware. Its most recent campaign targeted citizens in India, Pakistan, Afghanistan, Saudi Arabia, and the United Arab Emirates. 

Human rights advocates and military officials were the primary targets of the campaign. The hackers pretended to be recruiters for bogus and real firms, as well as young ladies and military personnel.

In conclusion

Social media has become a playground for cybercriminals of all sorts. Cyberspies utilise these platforms to gather intelligence and lure victims to external sites where malware may be downloaded. As a result, users are advised to exercise caution while befriending strangers online.

NFTs Worth 200 Ether Were Stolen From the Bored Ape Yacht Club 

 

Yuga Lab's Bored Ape Yacht Club or Otherside Metaverse Discord services were hacked to publish a phishing scheme, hackers allegedly took approximately $257,000 in Ethereum and 32 NFTs. A Yuga Labs community manager's Discord account was allegedly hacked on June 4 and used to spread a phishing scam on the firm's Discord servers. 

According to Coindesk, the attacker hacked Boris Vagner's Discord account, put many phishing links on the account, its related metaverse account 'Otherside,' and the NFT fantasy football team Spoiled Banana Society's (SPS) Discord account. As of 8.50 a.m., the worldwide crypto market capitalization had increased by 3.43 percent to $1.27 trillion. According to Coinmarketcap data, worldwide crypto volume increased by 18.04 percent to $51.24 billion. 

The phishing communications, which claimed to be from Vagner, advertised an exclusive prize and stated that only BAYC, Mutant Ape Yacht Club, and Otherside NFTS holders were eligible. The owners were then directed to a phishing site, where they were requested to input the login information. The attackers then took all Ethereum and NFTS contained in the account's associated wallet after receiving the login credentials. Yuga Labs finally regained login to the Discord server, but not before significant harm had been done. 

The seized NFTS were worth roughly 200 ETH ($361,000) according to BAYC's official Twitter account. The perpetrators made off with 145 Ethereum and 32 NFTS, valued at a total of $250,000.

Approximately 32 NFTs were taken, according to blockchain cybersecurity firm PeckShield, including the Bored Ape Yacht Club, Otherdeed, Bored App Kennel Club, and Mutant Ape Yacht Club projects. 

As per the reports, it is unknown how the forum manager's account was hacked or whether two-factor authentication was turned on, which generally protects against such assaults.

Malspam Campaign Spreads Novel META Info-stealer

 

The new META malware, a unique info-stealer malware that appears to be gaining popularity among hackers, has been discovered in a malspam campaign. 

META, along with Mars Stealer and BlackGuard, is one of the latest info-stealers whose administrators aim to profit from Raccoon Stealer's absence from the market, which has left many looking for a new platform.  META was initially reported on the Bleeping Computer last month when KELA experts cautioned of its quick entry into the TwoEasy botnet marketplace. The product is advertised as an upgraded version of RedLine and costs $125 per month for monthly users or $1,000 for unlimited lifetime use. 

META is currently being utilised in attacks, according to security researcher and ISC Handler Brad Duncan. It is being used to steal passwords stored in Chrome, Edge, and Firefox, as well as cryptocurrency wallets. The infection chain in this campaign uses the "standard" approach of sending a macro-laced Excel spreadsheet as an email attachment to potential victims' inboxes. The communications make fictitious financial transfer promises that aren't very persuasive or well-crafted, yet they can nonetheless be effective against a considerable percentage of recipients. 

A DocuSign bait is included in the spreadsheet files, urging the target to "allow content" in order to launch the malicious VBS macro in the background. The malicious script will download a variety of payloads, including DLLs and executables, when it runs. To avoid detection by the security software, some of the downloaded files are base64 encoded or have their bytes reversed. 

One of the samples Duncan collected, for example, has its bytes reversed in the original file. The full payload is eventually assembled on the machine under the name "qwveqwveqw.exe," which is most likely random, and a new registry entry for persistence is created. The EXE file generating activity to a command and control server at 193.106.191[.]162, even after the system reboots, is clear and persistent evidence of the infection, restarting the infection process on the affected machine. 

One thing to keep in mind is that META uses PowerShell to tell Windows Defender to exclude .exe files in order to protect its files from discovery.

According to Arkose Labs, the Bots Target Financial Organizations

 

Children as young as five use internet channels for a variety of activities, so it isn't just adults who are essentially living online. The epidemic hastened the adoption of the internet by children for online lessons, entertainment, and socializing.

In the preface to a company's study paper, 2022 State of Fraud & Account Security Report, Kevin Gosschalk, founder and CEO of Arkose Labs, writes, "A familiar term heard in the last few years is 'data is the new oil." "Data is the precious resource who feeds the digital world, which today permeates so much of our daily lives. Work, socializing, education, and a variety of other activities all take place primarily in the digital realm."

Bloomberg Intelligence estimates the online "metaverse" might be worth $800 billion by 2024, according to the cybersecurity firm. "Fraudsters will have an immensely broader attack surface to target as a result of this." Threat actors can corrupt smart appliances, connected autos, and virtual reality gadgets in addition to PCs and mobile devices." 

According to the Arkose research, fraud assaults on financial institutions are increasing in frequency "as well as sophistication." Internet fraud has increased by 85 percent in recent months, and much more than a fifth of all internet traffic is a cyberattack. Not only fraudsters, but Master Fraudsters - the worst type of fraudster – are coming after gaming, internet streaming, and social media sites with all guns blazing. These are the most prominent and, as a result, the most harmful internet pastimes for youngsters. 

Although children are more comfortable with the internet and can navigate it like a pro, but are not always aware of the dangers which lurk there. They might not be able to spot situations where cybercrooks are attempting to take advantage of human gullibility. 

The Arkose Labs analysis also highlighted an 85 percent increase in login or registration stage attacks year over year. "Once an existing account has been hijacked, attackers can monetize it in a variety of ways," according to Gosschalk, "including stealing bank information, reselling credentials, redeeming collected loyalty points, and more." "Fake new accounts are employed in assaults like stock hoarding, content harvesting, and spam and phishing messaging," says the report.

Indeed, according to the Arkose Labs analysis, the average individual now has over 100 passwords. Abuse of financial information and credentials drove an 85 percent increase in login and registration invasions last year compared to 2020. 

The Arkose Labs analysis indicated such automated services assist in targeting more enterprises: bots utilizing "scraping" assaults helped compromise at least 45 percent of the traffic on travel sites. Meanwhile, phishing, fraud, and the promise of a free trial were used to increase the number of bogus accounts last year compared to 2020. Financial firms and financial institutions have been major targets for attacks.

Brave Disabled a Chrome Extension Linked to Facebook Users

 

Last week, security analyst Zach Edwards stated how Brave had restricted the L.O.C. Chrome extension citing concerns it leaked the user's Facebook information to the third server without warning or authorization prompt. An access token used by L.O.C. was obtained easily from Facebook's Creator Studio online app. After retrieving this token — a text thread made up of 192 alphanumeric characters – from the apps, the chrome extensions can use it with Facebook's Graph API to get data about the signed-in user without being a Facebook-approved third-party app. 

The concern is whether this type of data access could be exploited. Without the user's knowledge, an extension using this token could, copy the user's file and transmit it to a remote server. It might also save the user's name and email address and use it to track them across websites. According to a Brave official, the business is working with the programmer to make certain changes — most likely an alert or permission prompt – to ensure the extension is appropriate in terms of privacy and security. 

In September 2018, Facebook announced a security breach impacting nearly 50 million profiles, it blamed criminals for stealing access tokens supplied by its "View As" function, allowing users to see how the profiles appear to others." They were able to steal Facebook access tokens, which subsequently used to take over people's accounts," said Guy Rosen, Meta's VP of Integrity.

Cambridge Analytica accessed people's Facebook profiles using a third-party quiz app which was linked to the social media platform. One would assume a quiz app won't disclose your Facebook profile information with others, and a Chrome extension won't do the same. Despite Facebook's assurances, some steps must be taken to prevent a repetition of the Cambridge Analytica scandal, the Creators Studio access tokens in the hands of a malicious and widely used Chrome extension might lead to a rerun of history. 

Part of the problem is Google's Chrome extensions seem easy to corrupt or exploit, and Meta, aside from reporting the matter to Google, has no immediate ability to block the deployment of extensions which abuse its Graph API. The Creator Studio token is detailed to the user's session, according to a Meta representative, meaning it will terminate if the extension user signs out of Facebook. And, if the token hasn't been transferred to the extension developer's server, as looks to be the situation with the L.O.C. extension, uninstalling it will also result in the token expiring. 

Meta has asked Google to delete the extension from the Chrome Web Store once more and is looking into alternative options.

Forged Kubernetes Apps is used to Extract Sensitive Data from Argo CD Setups

 

Argo CD is among the most popular Kubernetes continuous deployment technologies. Besides being easy to operate, it has a lot of power too. Kubernetes GitOps is the first tool that comes to mind. For cluster bootstrapping, Argo CD uses the App of Apps pattern.

Instead of manually developing each Argo CD app, we can make it programmatically and automatically. The idea is simple: make a single Argo CD application that looks for a git repo directory and puts all of the Argo CD application configuration files there. As a result, whenever an application definition file is created on the git repo location, the Argo CD application is immediately produced. Inspiringly, any Kubernetes object, including Argo CD, can be generated or handled. 

Apiiro's Security Research team discovered a vulnerability scanning supply chain 0-day vulnerability (CVE-2022-24348) in Argo CD, another famous open source Continuous Delivery platform, which allows attackers to access sensitive data like secrets, passwords, and API keys. 

Argo CD organizes and instigates the operation and monitoring of post-integration application deployment. A user can create a new deployment pipeline by specifying an Archive or a Kubernetes Helm Chart file which contains:
  • The metadata and data required to deploy the correct Kubernetes setup.
  • The ability to update the cloud setup dynamically as the manifest is changed. 

A Helm Infographic is a YAML document that has multiple fields which constitute a declaration of assets and configurations required for an application to be deployed. File names and indirect paths to self-contained software sections in other files are one form of value that can be found in the application in question. 

In reality, Argo CD contributors predicted as this type of exploitation will be available in 2019 and designed a dedicated framework to facilitate it. The vulnerability has two consequences: 

First, the direct consequences of reading contents from other files on the repository, which may contain sensitive data. The aforementioned can have a significant influence on a company. 

Second, because application files typically contain a variety of transitive values of secrets, tokens, and environmentally sensitive settings, the attacker can effectively use this to expand the campaign by moving laterally through different services and escalating the privileges to gain more ground on the system and target organization's resources. 

Argo CD-reposerver is a central server or pod where repositories are saved; apart from file architecture, there is no robust segmentation, hence the anti-path-traversal technique is a crucial component of file security. The mechanism's inner workings are mostly contained in a single source code file called util/security/path traversal.go, which details the systematic cleanup of origin path input.

Finland Alerted About Facebook Accounts Compromised via Messenger Phishing

 

The National Cyber Security Centre of Finland (NCSC-FI) has issued a warning about an ongoing phishing attack aimed at compromising Facebook accounts by masquerading victims' friends in Facebook Messenger conversations. 

According to the NCSC-FI, this ongoing scam targets all Facebook users who got messages from online acquaintances seeking their contact information and a confirmation number given through SMS. If users provide the requested information, the attackers will gain control of their accounts by altering the password and email address linked with them. 

Once taken over, the Facebook accounts will use similar schemes to target more potential victims from their friend list. 

“In the attempts, a hacked account is used to send messages with the aim of obtaining the recipients' telephone numbers and two-factor authentication codes to hijack their Facebook accounts," the cybersecurity agency described. 

The scammers will undertake the following techniques to successfully compromise the victim' Facebook accounts: 
• They start by sending a message through Facebook Messenger from the previously compromised friend's account. 
• They request the target's phone number, claiming to be able to assist with the registration for an online contest with cash awards worth thousands of euros. 
• The next step is to request a code that was supposedly given via SMS by the contest organizers to verify the entry. 
• If the fraudsters obtain the SMS confirmation code, they will combine it with the phone number to gain access to and hijack the victim's Facebook account. 

The NCSC-FI advised, "The best way to protect yourself from this scam is to be wary of Facebook messages from all senders, including people you know. If the message sender is a friend, you can contact him, for example, by phone and ask if he is aware of this message. This information should not be disclosed to strangers." 

Meta (previously Facebook) recently has filed a federal lawsuit in a California court to stop further phishing assaults that are currently targeting Facebook, Messenger, Instagram, and WhatsApp users. 

Around 40,000 phishing sites impersonating the four platforms' login pages were used by the threat actors behind these phishing attacks. These lawsuits are part of a lengthy series of lawsuits filed by Facebook against attackers who target its users and exploit its platform for nefarious purposes.

Meta Takes Legal Action Against Cyber Criminals

 

Facebook's parent company, Meta Platforms, announced on Monday that it has filed a federal lawsuit in the U.S. state of California against malicious attackers who ran more than 39,000 phishing websites impersonating its digital properties to trick consumers into disclosing their username and password. 

“Today, we filed a federal lawsuit in California court to disrupt phishing attacks designed to deceive people into sharing their login credentials on fake login pages for Facebook, Messenger, Instagram, and WhatsApp. Phishing is a significant threat to millions of Internet users”, states the report. 

The social engineering strategy entailed the construction of rogue websites that tried to portray as Facebook, Messenger, Instagram, and WhatsApp login pages, prompting victims to input their login details, which were subsequently captured by the defendants. The unidentified actors are also being sought for $500,000 by the tech behemoth. 

The assaults were conducted with the help of Ngrok, a relay service that diverted internet traffic to malicious websites while concealing the exact location of the fraudulent equipment. Meta stated that the frequency of these phishing assaults has increased since March 2021 and that it has collaborated with the relay service to restrict thousands of URLs to phishing sites. 

The lawsuit comes just days after Facebook revealed it was making efforts to disrupt the activities of seven surveillance-for-hire firms that generated over 1,500 phony identities on Facebook and Instagram to target 50,000 users in over 100 countries. Meta announced last month that it has barred four harmful cyber groups from attacking journalists, humanitarian organizations, and anti-regime military forces in Afghanistan and Syria. 

“This lawsuit is one more step in our ongoing efforts to protect people’s safety and privacy, send a clear message to those trying to abuse our platform, and increase accountability of those who abuse technology. We will also continue to collaborate with online hosting and service providers to identify and disrupt phishing attacks as they occur. We proactively block and report instances of abuse to the hosting and security community, domain name registrars, privacy/proxy services, and others. And Meta blocks and shares phishing URLs so other platforms can also block them”, mentioned the report.

Citizen Lab Exposes Cytrox as Vendor Behind 'Predator' iPhone Spyware

 

The University of Toronto's Citizen Lab has found yet another player in the private sector mobile spyware market, citing a small North Macedonian firm called Cytrox as the maker of high-end iPhone implants. 

Citizen Lab worked with Facebook parent company Meta's threat-intelligence team to expose Cytrox and a handful of other PSOAs (private sector offensive actors) in the murky surveillance-for-hire industry. Citizen Lab stated that Cytrox is behind a piece of iPhone spying malware that was put on the phones of two prominent Egyptians, according to a detailed technical analysis published. 

Predator, the malware, was able to infect the most recent iOS version (14.6) utilising single URLs provided via WhatsApp. Exiled Egyptian politician Ayman Nour was spooked by his iPhone overheating, and later discovered evidence of two different spyware applications running on the device, administered by two different government APT actors. 

The Egyptian government, a known Cytrox customer, has been attributed with the attack, according to Citizen Lab. Nour's phone was infected with both Cytrox's Predator and Israeli vendor NSO Group's more well-known Pegasus spyware, according to Citizen Lab. Citizen Lab's exposé detailed Cytrox's background as a startup launched in 2017 by Ivo Malinkovksi, a North Macedonian who later integrated the company with Intellexa and publicly hawked digital forensics tools. The firm claims to be established in the European Union, with R&D labs and sites all over Europe. 

In a separate advisory published by Meta’s security team, Cytrox is listed alongside Cobwebs Technologies, Cognate, Black Cupe, Bluehawk CI, BellTroX and two unknown Chinese entities among a growing roster of private companies in the surveillance-for-hire business. 

These firms handle the reconnaissance, engagement, and exploitation phases of advanced malware campaigns for governments and law enforcement agencies all across the world, including those that target journalists, politicians, and other members of civil society. 

Cytrox was recognised as a company that "develops exploits and sells surveillance tools and viruses that enable its clients to compromise iOS and Android devices," as per Facebook's team. 

Facebook’s security team stated, “[We were] able to find a vast domain infrastructure that we believe Cytrox used to spoof legitimate news entities in the countries of their interest and mimic legitimate URL-shortening and social media service.” 

“They used these domains as part of their phishing and compromise campaigns. Cytrox and its customers took steps to tailor their attacks for particular targets by only infecting people with malware when they passed certain technical checks, including IP address and device type. If the checks failed, people could be redirected to legitimate news or other websites.” 

“Targets of Cytrox and its customers included politicians and journalists around the world, including in Egypt and Armenia.”

Meta Alerts its 50,000 Users Against Surveillance-For-Hire Firm Operations

 

Surveillance-for-hire companies have utilized Facebook, Instagram, & WhatsApp as a major opportunity to target Individuals in over 100 countries for decades. Recently, Meta eliminated 7 of them from its platforms and notified over 50,000 people that the activities might as well have affected them. Many are journalists, human rights activists, dissidents, political opposition leaders, and clergy, according to Meta, while others are ordinary people, such as those involved in a lawsuit. 

As part of the attack, Meta removed numerous accounts and disassembled other infrastructure on its platforms, blacklisted the groups, and sent cease and desist notices. According to the corporation, it is also publicly disclosing its findings and indications of infiltration so that other platforms and security companies may better spot similar conduct. The findings highlight the magnitude of the targeted surveillance industry as well as the huge scope of tailoring it facilitates globally. 

“Cyber mercenaries often claim that their services and their surveillance-ware are meant to focus on tracking criminals and terrorists, but our investigations and similar investigations by independent researchers, our industry peers, and governments have demonstrated that the targeting is, in fact, indiscriminate,” Nathaniel Gleicher, Meta's head of security policy, said to the reporters. 

“These companies … are building tools to manage fake accounts, to target and surveil people, to enable the delivery of malware, and then they’re providing them to any most interested clients—the clients who are willing to pay. This means that there are far more threat actors able to use these tools than there would be without this industry.” 

Cobwebs Technologies, an Israeli web intelligence company with offices in the United States, Cognyte, an Israeli firm previously recognized as WebintPro, Black Cube, an Israeli company with an existence in the United Kingdom and Spain, Bluehawk CI, which itself is rooted in Israel and has offices in the United States and the United Kingdom, BellTroX, a North Macedonian firm, Cytrox, a North Macedonian firm, and an unidentified organization based in China. 

Meta highlights that the surveillance-for-hire industry as a whole operates in three areas. One can conceive of it as several stages of a monitoring chain, with different firms specializing in different aspects of that superstructure. 

The very first stage is "reconnaissance," in which corporations gather comprehensive data concerning targets, frequently via automated, bulk gathering on the public internet and darknet. The second stage is "engagement," wherein operators seek out targets in an attempt to form a connection and gain their trust. Surveillance firms create bogus profiles and personalities, posing as, for example, graduate students or journalists, to reach out to targets. Hackers may also spread fake content and misinformation to establish rapport. The third stage is "exploitation," sometimes known as "hacking for hire," in which actors might use this trust to persuade targets to disclose information, click a malicious link, download a malicious file, or perform some other action. 

Every stage might take place on a variety of platforms and services. For instance, Meta's WhatsApp is a popular platform for disseminating malicious links to victims. Furthermore, Facebook and Instagram serve as natural breeding places for phony personalities. The eliminated entities, according to the social media giant, breached its Community Standards and Terms of Service. 

“Given the severity of their violations, we have banned them from our services. To help disrupt these activities, we blocked related internet infrastructure and issued cease and desist letters, putting them on notice that their targeting of people has no place on our platform,” the firm added. 

“We also shared our findings with security researchers, other platforms, and policymakers so they can take appropriate action.”

Meta's New Security Program Protects Activities, Journalists, and Human Rights Defenders


Social media website Meta (earlier known as Facebook), earlier this week announced a broadening of its Facebook protect security program to add human rights activists, journalists, social activists, and government officials exposed to malicious actors throughout the social media platforms. These defenders and activists are vital for public debate in critical communities, said Nathan Gleicher, security policy head at Meta. These people safeguard human rights across the world, promote democratic elections, hold government and political parties accountable. However, this makes them a primary target for threat actors.

Facebook Protect, as of now, is being released around the world in phases, it allows users that apply for a change to have robust safety protections such as 2FA two-factor authentication, and looking out for possible hacking threats. According to Meta, around 1.5 million user profiles have enabled the Facebook Protect as of now, out of which, 9,50,000 profiles turned on the 2FA feature after the feature was on the roll since September 2021. 

The program is similar to Google's APP (Advanced Protection Program), aimed at protecting users with sensitive information and high visibility, putting them at a greater risk of online attacks. It stops suspicious account access attempts and incorporates strict checks before downloading softwares and files on Gmail and Chrome. Users eligible for Facebook Protect will be informed via a Facebook prompt, with an option to enable the advanced security features along with identifying potential problems like weak passwords, that can be easily hacked by actors for gaining access to FB accounts. 

The announcement came a week after Apple announced to notify targeted users of threat notifications by state-sponsored hackers. These notifications would be sent via email and iMessage notifications to the phone numbers and addresses linked with Apples users' IDs. Meta said "over the next several months, we’re going to carefully expand this requirement globally. We’re encouraged by our early findings and will continue to improve Facebook Protect over time."