Search This Blog

Showing posts with label Social Media. Show all posts

Twitter to Pay $150M Penalty for Selling Customers' Data

 

Twitter has agreed to pay $150 million to settle a federal privacy suit filed by the US government last week over privacy data violation. 

Between May 2013 and September 2019, Twitter asked users for private details to secure their accounts, but then used that information to target users with ads, the Federal Trade Commission (FTC) and Department of Justice, stated. 

"Twitter obtained data from users on the pretext of harnessing it for security purposes but then ended up also using the data to target users with ads," said FTC Chair Lina Khan in a statement. "This practice affected more than 140 million Twitter users while boosting Twitter's primary source of revenue." 

This is not the first incident where Twitter violated the FTC Act, under which the agency is “empowered to prevent unfair or deceptive acts or practices in or affecting commerce.” In 2011, Twitter settled with the FTC, which had accused Twitter of serious loopholes in its data security that allowed attackers to secure unauthorized administrative control of the platform. 

The consent order between the Federal Trade Commission (FTC) and Twitter prevented the company from misrepresenting how it used individuals’ email addresses and phone numbers. 

The fine announced on Wednesday last week has been a couple years in the making. In August 2022, Twitter warned investors regarding an FTC probe and potentially a penalty of more than a hundred million dollars for both violating the FTC Act again and its 2011 settlement. 

“Specifically, while Twitter represented to users that it collected their telephone numbers and email addresses to secure their accounts, Twitter failed to disclose that it also used user contact information to aid advertisers in reaching their preferred audiences,” the complaint, which was filed by the DOJ on behalf of the FTC, said. 

The social media giant said it will comply with the court’s decision, pay the fine and launch robust privacy and information security program, which will include independent security audits every two years until 2042. 

Further, Twitter will be required to notify all US users who joined its platform before September 17 2019 regarding the settlement and offer them options for guarding their privacy and security in the future.

Spam with an SMS Group Offering Freebies in Return for Direct Debit

 
Unsolicited and unwanted messages which are referred to as spam, are rarely sent from another phone. They often originate on a computer and are delivered to your phone via email or instant messaging. Scammers can transmit them cheaply and easily since they are sent over the internet. Robotexts are a sort of spam text; however, because they are simpler to ignore than robocalls, they are less intrusive. 

Spam texts and robotexts are frequently the beginning of a scam in which the sender hopes to collect personal information about the user to utilize it for fraudulent purposes. These texts put you in danger of identity theft and raise the chances of you installing malware onto your phone unintentionally. 

Spam text messages are often not scams, although they are sometimes. Scammers will deploy a variety of content to deceive you which includes luring keywords like "You've won a prize, a gift card, or a voucher", which you must use, or "You've been offered a credit card with a low or no interest rate". You must take action because there is an issue with your payment information. There's a delivery package notification  potentially requesting you to reschedule a delivery slot or pay a delivery fee to obtain it. If you weren't the one who made the purchase or transaction, you'll be alerted and asked to respond.
  • Remember any reputable organizations will not approach you out of the blue by text message and ask you to reveal personal or financial information. 
  • There are grammatical and spelling mistakes. In client correspondence, legitimate businesses rarely make obvious spelling or grammatical problems. 
  • Is the message of any interest to you? Did you order or expect anything, for example, if it alerts you about a parcel delivery? Did you enter a competition if it informs you about a prize? Is it a gift card from a store where one previously purchased something? 
Why do People continue receiving spam texts, they may utilize technologies to generate numbers automatically, so you may obtain both robocalls and robotexts even if you have a different phone number. Users' data is sold on social networking sites as prominent and well-known social networking sites watch your online behavior and sell such data for advertising. What can one do if they receive a spam text message, don't respond, avoid clicking on any links, and don't give out any personal details. Furthermore, directly go to the company's website and report the scammer. 

One important question that needs to be addressed is: What steps can be taken to protect yourself against spam texts? In order to avoid being scammed via spam texts, users are advised to only give out their personal cell phone number if it is really necessary. Online forms frequently ask for phone numbers, however, users must bear in mind that the information they provide could end up on marketing lists or databases. To help decrease the number of unwanted messages and calls, do not give out your phone number unless it is absolutely necessary, besides, do not make your cell phone number available to the public. For example, avoid putting your mobile phone number on your Facebook, Twitter, or other social media pages. Additionally, keep a close check on your phone bill which includes examining your phone bill regularly. 

Users must note that if they are unsure, they should check the provider's website to see if they are offering freebies in exchange for payment. Although it is more than likely they aren't, it is still preferable to click any of them to find out.

FFDroider: A New Malware that Hacks Social Media Accounts

 

FFDroider, a new kind of information stealer has emerged, it steals cookies and credentials from browsers and hacks the target's social media accounts. FFDroider, like any other malware, spreads through software cracks, free software games/apps, and other downloaded files from torrent sites. While installing these downloads, FFDroider will also be initialized, but as a Telegram desktop app disguise to avoid identification. After it's launched, the malware creates "FFDroider" named windows registry key, which eventually led to the naming of this malware. 

FFDroider targets account credentials and cookies stored in browsers like Chrome, Mozilla Firefox, Microsoft edge, and internet explorer. For instance, the malware scans and parses SQLite Credential stores, Chromium SQLite cookies, and decrypts these entries by exploiting Windows Crypt API, particularly, the CryptUnProtectData function. The process is similar to other browsers, with functions such as InternetGetCookieRxW and IEGet ProtectedMode Cookie exploited for stealing the cookies in Microsoft Edge and Internet Explorer. 

"If the authentication is successful on Facebook, for example, FFDroider fetches all Facebook pages and bookmarks, the number of the victim's friends, and their account billing and payment information from the Facebook Ads manager," reports Bleeping Computer. The decryption and stealing of these cookies lead to clear text usernames and passwords, which are later extracted through an HTTP Post request from the C2 server in the malware campaign. 

FFDroider isn't like other passwords hacking Trojans, its operators do not care about all account credentials present in the browsers. On the contrary, the malware operators focus on stealing credentials from social media accounts and e-commerce websites, these include Amazon, Facebook, Instagram, eBay, Etsy, Twitter, and WAX Cloud wallet's portal. Bleeping Computer reports, "after stealing the information and sending everything to the C2, FFDroid focuses on downloading additional modules from its servers at fixed time intervals."

Android's March 2022 Security Updates Patch 39 Vulnerabilities

 

This week Google has announced the release of security patches for 39 vulnerabilities for the March 2022 security update for Android devices. The most sensitive vulnerability is CVE-2021-39708 which gives a remotely exploitable elevation of privilege to malicious actors. This issue was found in the System component. 

“The most severe of these issues is a critical security vulnerability in the System component that could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation,” Google notes in its advisory. 

The first set of measures arrives on devices as the 2022-03-01 security patch level and addresses CVE-2021-39708 with 17 other bugs. 

According to the data, 10 security issues have been resolved in the System component in which nine issues were elevation of privilege and one was information disclosure vulnerability. Also, six vulnerabilities were resolved in Framework in which four were elevation of privilege and two denials of service bugs. Further, one security measure was patched in Android runtime (elevation of privilege) and the last was in Media Framework (information disclosure). 

Additionally, On Google Pixel devices, the March 2022 Android security measures also have resolved 21 flaws as part of the 2022-03-05 security patch level. Later addresses all of these vulnerabilities along with 41 other security flaws that hit Kernel components (13 flaws), Pixel (26), Qualcomm components (1), and Qualcomm closed-source components (1). 

The March 2022 security measures with patch level 2022-03-05 are released for the Pixel 3a series, Pixel 4 series, Pixel 4a series, Pixel 5, Pixel 5a, however, the Pixel 6 series update is delayed (again). Additionally, the Pixel-specific new measures introduced additional vulnerabilities in the Pixel software, kernel, and both open and closed-source Qualcomm components, the details of which have been given below. 

Global: Pixel 3a: SP2A.220305.012 Pixel 3a (XL): SP2A.220305.012 Pixel 4: SP2A.220305.012 Pixel 4 (XL): SP2A.220305.012 Pixel 4a: SP2A.220305.012 Pixel 4a (5G): SP2A.220305.012 Pixel 5: SP2A.220305.012 Pixel 5a (5G): SP2A.220305.012 Pixel 6: Waiting Pixel 6 Pro: delayed.

Amazon's Bogus Crypto Token Investment Scam Robs Bitcoin off Users.

 

Investors are being misled into turning over Bitcoin in a new cryptocurrency fraud (BTC). Scams involving cryptocurrency and digital tokens have become commonplace, posing a risk to potential buyers. 

Exit scams, rug pulls, and theft are still common, despite the fact regulators throughout the world are cracking down on fraud through tax laws, securities offering registration, tougher restrictions governing cryptocurrency advertisements, and a careful check on initial coin offers (ICOs). The popularity of cryptocurrencies and NFTs continues to rise, creating breeding soil for new frauds to emerge on a regular basis.

Utilizing Amazon's branding to promote a bogus scheme entitled "Amazon to produce its digital token," cyber-criminals are luring users to give away private credentials from the first step of the scam campaign. 

According to Akamai experts, the ongoing cyberattack attempts have profited from the cryptocurrency hype, including scammers using a range of phishing methods based on false rumors. "This particular fraud preyed on consumers' fear of missing out on a special offer to participate in a new cryptocurrency opportunity". Furthermore, in 2021, according to Chainalysis, fraudsters have received around $14 billion in deposits.

Visitors were asked to purchase for the pre-sale tokens with users cryptocurrencies, such as Bitcoin (BTC) or Ethereum (ETH). However, as the tokens aren't real, the funds ended up in the hands of criminals. 

Another enticement is a referral programme that allows the attackers to increase the scope of the token fraud with no further effort. In all, mobile devices were used by the majority of visitors to the phoney token landing pages (98 percent). The distribution of mobile operating systems, however, favors Android handsets (56 percent), with Apple iOS coming in second (42 percent). North America, South America, and Asia account for the vast majority of victims.

To avoid being a victim of fraud like this, users are advised to take the following precautions: 

  •  Be wary of bitcoin marketing and social media posts. 
  •  Before submitting information and making a purchase, double-check URLs and websites. 
  •  Don't be fooled by high-pressure techniques like "flash sales," "just a few left," or "buy now."
  •  Look for legitimate sources while researching what to buy. 
  •  When you see scam ads or postings, report them so they can be removed from social media. 
  •  Be alert, and therefore don't believe everything. 
It's essential to avoid chatting with random commentators or accepting unsolicited invitations from strangers, especially now when social media-based communication is at its most over-used in the pandemic.

Over 2.6 Million Data of Instagram and TikTok Users Exposed by Data Scrapers

 

Security researchers detected over two million social network user accounts scraped from the internet after they were unintentionally posted online by an analytics firm. 

Anurag Sen's team at reviews site SafetyDetectives discovered the data on a misconfigured Elasticsearch server that had been left accessible with no password security or encryption in place. It instantly traced the 3.6GB trove of over 2.6 million TikTok and Instagram accounts to IGBlade, a company that delivers marketing information on social media users to its clients. 

The researchers wrote, “The scraped data of users on the server is the same data that features each user’s corresponding IGBlade.com page, and the database often provides links back to IGBlade,” this is how we know the database belongs to IGBlade.com.” 

Although data scraping is not unlawful, and all of the user information in the leaked database was publicly available, it violates TikTok and Instagram's terms of service. The breach might also benefit cyber criminals, who can use the enormous amount of user information collected in one place to facilitate mass social engineering and fraud schemes. 

As per the report, the compromised data was publicly available online for more than a month before the research team discovered it and contacted IGBlade. The Romanian company obtained it on the same day, July 5. 

The database contained complete names and usernames, profile images, "about" information, email addresses, phone numbers, and geographical data. Celebrities such as Alicia Keys, Ariana Grande, Kim Kardashian, Kylie Jenner, and Loren Gray have all been caught up in the privacy issue. 

According to SafetyDetectives, the disclosure might find IGBlade in hot water with the two social media behemoths. Furthermore, if thieves had access to the trove, they might utilise it in subsequent phishing attempts and bulk robocalling frauds.  They might even utilise the collected profile pictures to build new bogus profiles for disinformation and fraud operations. 

SafetyDetectives stated, “Data scraping can make information for thousands or millions of users instantly accessible, as it’s all stored in the same place. For example, navigating logs in a database is a far quicker solution than navigating between each user on a social media site.” 

“In this case, cyber-criminals can use data scraping as a cybercrime accelerant rather than an enabler. It can accelerate the speed and scope of hackers’ criminal activities.”

Facebook, WhatsApp, Instagram Faces Massive Global Outage: What was the Reason?

 

The massive global outage for hours halted three giant social media platforms including Facebook, Instagram, and WhatsApp. Organizations and people all across the globe who heavily rely on services of these platforms including Facebook’s own workforce faced a huge loss. According to the data, Zuckerberg suffered a 7 billion loss. 

Facebook reported on late Monday that the company is working hard to restore access to its services and is “happy to report they are coming back online now." Also, the company apologized and thanked its users for their patience. However, fixing the glitches was not easy. 

As per the users’ reviews for some users, WhatsApp was working for a while, then it was not. For others, Instagram was working but not Facebook, and so on. 

Following the global outage, Facebook Chief Technology Officer Mike Schroepfer tweeted, "To every small and large business, family, and the individual who depends on us, I'm sorry, may take some time to get to 100%." 

According to the Security experts, the disruption could be the result of an internal mistake, though sabotage by an insider would be theoretically possible. However, Facebook says "a faulty configuration change" was the main reason for Monday's hours-long global outage. 

Soon after the global outage began, Facebook started acknowledging that the platform is facing some technical issues because users were not able to access its apps, and then Facebook started examining the same.

Facebook, the social media giant, also known as the second-largest digital advertising platform in the world, has faced a loss of around $545,000 in U.S. ad revenue per hour during the global shutdown, ad measurement firm Standard Media Index reported. 

Kumsong 121 North Korean Hacker Group Conducts Cyber Attacks via Social Media

 

Kumsong 121 the North Korean Hacker gang has unleashed a cyberattack employing social media in North Korea. The North Korean hacking attempts are a matter of concern for computer users and mobile telephone users likewise. 

Given the frequency of cyber threats from North Korea, smartphone and computer users ought to stay careful, safety experts advise. 

Kumsong 121 is conducting "smishing" cyberattacks against Android mobile phone users, as per EST Security. When victims download an infected Android package that a hacker creates, most of its private information, comprising address books, text messages, telephone records, locations, sound recordings, and images stored on their phones, is disclosed. 

EST Security reported on Tuesday in a news release that Kumsong 121 had discovered a potential "advanced persistent threat" (APT). The attack used a very complicated technique: the assailants used social media instead of e-mail to support the target and deliver a malicious attachment. 

The hackers selected extra aims from their pals in social media upon hacking an individual's social media profile. The hackers then dropped the target's security and became mates by delivering chat messages containing nice welcomes and regular issues or gossip. 

The hackers subsequently delivered the corrupted document file via e-mail to the target, asking for input in a recent piece on North Korean matters. A macro virus is included in the accompanying document file that makes the computer system exploitable when the email recipient acknowledges the file. The hackers effectively grafted social media into conventional attacks against specific persons on "spear phishing." 

Indeed, a hacker gang from North Korea recently tried to disseminate a contaminated record by disabling the social media account of a defector from North Korea and chatting with their friends. 

Kumsong 121 has infiltrated mobile phones of well-known personalities, including particular South Korean legislators, to obtain their personal information, claimed Mun Chong Hyun, head for the EST security response center (ESRC). He said hackers attack organizations in North Korea's websites or build counterfeit Facebook accounts for those functioning in the North Korean industry on an ongoing basis. 

“In particular, they often use mobile phones or email to contact you, pretending to be an acquaintance or industry expert,” he said. “When sent .apk or .doc files, the safest thing is to directly call the sender and confirm whether they are legit.”

Discord CDN and API Exploits Drive Wave of Malware Detections

 

As per the researchers, the number of reported Discord malware detections has increased significantly since last year. Even users who have never interacted with Discord are at risk, even though the network is mostly utilized by gamers as Discord has a malware problem.

Discord develops servers, or unique groups or communities of people, who can communicate instantly via voice, text, and other media. 

According to research issued by Sophos, occurrences have increased 140 times since 2020. The major cause of the Discord spike is its content delivery network (CDN) and application programming interface (API), both of which have been exploited by cybercriminals. 

The CDN of Discord is being exploited to host malware, while its API is being utilized to exfiltrate stolen data and allow hacker command-and-control channels. 

Since Discord is extensively used by younger gamers who play Fortnite, Minecraft, and Roblox, most of the virus floating around involves pranking, such as using code to crash an opponent's game, as per Sophos. However, the increase in data thieves and remote access trojans is more concerning, according to the report. 

“But the greatest percentage of the malware we found have a focus on credential and personal information theft, a wide variety of stealer malware as well as more versatile RATs. The threat actors behind these operations employed social engineering to spread credential-stealing malware, then use the victims’ harvested Discord credentials to target additional Discord users,” the report added. “And this excludes the malware not hosted within Discord that leverage Discord’s application interfaces in various ways. At just before publication time, more than 4,700 of those URLs, pointing to a malicious Windows .exe file, remained active.” 

In April, Sophos discovered 9,500 malicious URLs on Discord's CDN. After a few months, the number had risen to 17,000 URLs. Sophos pointed out that Discord's "servers" are actually Google Cloud Elixir Erlang virtual machines with Cloudfare, and that they can be made "public" or "private" for a subscription, with keys to invite others to attend. 

According to the report, Discord's CDN is just Google Cloud Storage, which makes the information exchanged available on the internet. 

Discord: Easy Target
According to the report, “once files are uploaded to Discord, they can persist indefinitely unless reported or deleted.” 

Phishing messages and virus URLs may also be sent using Discord chat channels. Many Discord scams promise game "cheats," but instead send credential stealers of various kinds, as per Sophos. 

Sonatype discovered three malicious software packages in a prominent JavaScript code repository in January, including Discord token and credential stealers that allowed hackers to steal users' personal details. This isn't the first time a security concern has been brought to Discord's notice. Cisco's Talos released a report in April warning users that Discord and Slack were being frequently utilized to deploy RATs and data stealers. 

In February, Zscaler THreatLabZ reported that spam emails linked to the pandemic were spreading on Discord in an attempt to get users to download the XMRig cryptominer virus. PandaStealer, a data-stealing virus, was spreading through a spam operation on Discord by May. 

According to Sophos experts, Discord has responded positively to their findings and is actively trying to improve safety on the platform. However, as more businesses use Discord to provide services, Sophos advises that they should be mindful of the dangers that lie on the site. 

Sophos added, “With more organizations using Discord as a low-cost collaboration platform, the potential for harm posed by the loss of Discord credentials opens up additional threat vectors to organizations. Even if you don’t have a Discord user in your home or office, abuse of Discord by malware operators poses a threat.” On the Discord CDN, the team discovered old malware such as spyware and phoney app info stealers.

Trump's Social Media Website GETTR Hacked

 

An attacker leaked non-public information from GETTR, a social media platform made by former president Donald Trump's team in July 2021. The data was stored in two attempts, first on 1st July and 2nd on 5th July, the data was later leaked on a publicly accessible hacking forum called RAID. It is a forum where one can download hacking data free of cost. 

As per the leaked file copies and hacker's claims, the first batch of hacked data was retrieved via scraping the website, whereas the second batch (the heavier leak) was stolen by exploiting compromised GETTR API endpoints. The Record analyzed these samples which contained data like user names, address, profile info, website user IDs, and other public information. Besides this, the leak also contained non public info like user email IDs, date of birth, and location data. 

The dumped data contained authentic information, confirm cybersecurity experts. GETTR didn't respond to any requests sent to its website for giving comment about the hack. All in all, 90,065 users' data was included in the dump posted on RAID this Monday, i.e July 5. The API leak news comes following the website's bumpy launch. On 4th July, an attacker hacked into the GETTR website and seized multipl high profile Republican accounts, which include Georgia Rep. Marjorie Taylor Greene, former Secretary of State Mike Pompeo, Jason Miller, the former Trump spokesperson Gettr’s founder, and former Trump campaign chief Steve Bannon. Bumpy site launch are a common thing, similar incidents have happened in the past which impacted other organisations before, particularly right wing affiliations in the US political diaspora. 

Another pro-Trump social media platform, Gab, recently suffered a similar attack in March this year, the attack had exposed data of its members. The Wrap reports "the hacked profiles were all changed to include the message “@JubaBaghad was here :)”; some of the accounts also included the phrase “free Palestine.” The accounts were hacked around 8:30 a.m. ET on Sunday, according to Insider, before being restored around 10:00 a.m. ET. Miller, meanwhile, told the outlet the hack was merely a sign Gettr was onto something big."

Social Media Influencers are the Latest Target of Cyber Criminals

 

The number of cybercrimes and scams is rapidly increasing with the advancement of technology. The police said that a new cyber fraud with social media influencers has been detected. 

There are a great number of followers of social media influencers on social media and companies are paying them regularly for their handles to promote their products. Many famous people get roped in, too. 

Cyber fraud is a kind of cybercrime fraud that uses the Internet to hide information or to provide erroneous data to knock victims out of money, property, and heritage. 

Cyber Law Expert N.Karthikeyan notes that mainstream media cannot include an advertisement on gambling or false investments. Such imaginary operators can utilize these influencers of social media who are unaware of the consequences. There are influencers on social media that only promote fictitious mobile apps. Fraudsters also send dubious links as supporters of influencers on social media. Once the victims click in and the details are registered, the fraudsters acquire complete control of the influencer's page or channel. They'll then post their content – that can be anything.

However, the Cyber Crime Cell officials noted that no specific complaint had yet been made on the matter. 

A woman social media influencer who was a candidate in recent elections said, " After uploading my affidavit into ECI website, I had three lakh downloads. I got good reviews on a social media page but only one person alleged that I had hacked the ECI site- which was baseless. He went on leveling allegations on me. I just ignored it." 

With the increase in such cyber frauds, a Youtuber who himself was a victim of this, stated that the overwhelming majority of influencers on social media are being used by fraudsters. They at times typically represent themselves as an established company or brand and appeal to influencers with lucrative publicity deals while proposing to administer the ads on behalf of the influencers. Later, they gather personally identifiable information or passwords from social media and seize complete control of the website or handle used by the influencers. 

"We have lodged a complaint against an Instagrammer who specifically targeted women influencers. He texted asking them to join in an Instagram live. If they accepted and came on live, he would level baseless allegations. If they didn’t agree to live as he was the stranger, he projected them as scammers, " said Joe Praveen Michael, an event manager.

Social Media Giants Seek Futher Extension in Deadline to Comply with Government Rules

 

Social media companies such as Facebook, Twitter, YouTube, Instagram, and WhatsApp will lose their status as ‘intermediaries” that granted them legal protection for the user content posted on their platforms.

Till 26th May 2021, they were enjoying the legal immunity offered by Section 79 of the Information Technology Act, 2001. They were only obligated for taking down any illegal content that they noticed on their own, or when it was highlighted to them by the state, or the courts, or any responsible/aggrieved party. Now it’s a civil and criminal liability on them for any illegal post, be it in words, or a picture or a video.

Nobody in the information transmission business enjoys such immunities from legal claims of defamation, etc. For example, while newspapers and broadcasters have always operated under the threat of legal liability for defamation and other speech related offences, intermediaries have escaped liability despite behaving as publishers because of the immunity offered by Section 79. 

As soon as these laws came into force from 26th May, the companies were unnerved and requested for further extension to implement the norms. Some of these platforms requested for more time up to six months for furnishing compliance and some social media firms (user base of 50 lakhs and above) stated that they will wait for further instructions from their company headquarters in the USA. 

“They do business in India, earn good revenues, but grievance redressal will have to await instructions from the US. Some platforms, such as Twitter, keep their own fact-checkers whose names (are) neither made public nor is there any transparency as to how they are selected and what is their standing,” security analyst stated.

“Though they claim the protection of being an intermediary, they exercise their discretion to also modify and adjudicate upon the content through their own norms without any reference to Indian Constitution and laws. One can appreciate fake posts or a post injuring the dignity of women or promoting terrorism etc., but to be judgmental on free expression of views by coloring them by a self-appointed norm is something that travel beyond the mandate of exemption, which they are doing,” security expert added.

Concerns Raised as Postal Service of America Monitors Social Media Accounts of the Natives

 

A program that monitors and collects the Social Media posts of the American public even on issues related to planned protest, has secretly been carried out by the U.S. Postal Service law enforcement. 

According to a government report issued by Yahoo News on 16th March, the surveillance technique, classified as the Internet Covert Operations Program (ICOP), tracks social networking operations. Though details of the monitoring effort, known as the ICOP, have not been published before. The work includes making analysts trawl through social media pages to search for the details that the paper identifies as "inflammatory" postings. The software forms part of the activities of USPS, the U.S. Postal Inspection Service (USPIS). 

The USPIS tracked social media profiles of expected demonstrations domestically and internationally on 20 March, although, as per the bulletin, it was the same date which was expected to hold the World Rally for Freedom and Democracy. The Department of Homeland Security circulated information about protests against lock-up measures. Facebook and other sites used by right-wing terrorist organizations, such as Parler and Telegram, were obtained by the agency. 

“ICOP analysts are currently monitoring these social media channels for any potential threats stemming from the scheduled protests and will disseminate intelligence updates as needed,” reads the bulletin. 

Also, the agency told that ICOP, “assesses threats to Postal Service employees and its infrastructure by monitoring publicly available open-source information.” 

This practice has been discussed by users of social media as a matter of concern. The Kentucky Rep. Thomas Massie voiced his concern about the transfer of the USPS via Twitter and said that for several years the USPS had been losing money... But where do they find the money for this monitoring service to run? 

According to their website, The Postal Inspection Service also examines details about illicit drugs, mail theft, identification theft, e-mail fraud, suspicious mail, disaster response, laundering of money, cyber criminality, and abuse of children, though it is not just the Postal Service that extends its social media tracking. 

DHS officials last month discussed its role in tracking social media for threats to domestic terrorism in a background appeal by journalists. “We know that this threat is fuelled mainly by false narratives, conspiracy theories and extremist rhetoric read through social media and other online platforms,” one of the officials said. 

The controversy over government surveillance of Americans' social media pages has been sparked following the Capitol Insurrection. As per a 2017 survey of the International Association of Chief of Police, over 70 percent of participating police forces use social media to collect information and track public opinion. The transparency report on Facebook mentions that somewhere between January and June 2019, the organization obtained more than 60 thousand government data requests.

Almost 80% Of Indians Consider Moving To Alternatives After “Take It or Leave It Policy” WhatsApp

 

WhatsApp, the most popular messaging platform is suffering from the biggest storm with its users because of its new set of policies, although WhatsApp (organization) has stalled its upcoming terms and conditions until May. Even in India, WhatsApp users are jumping on alternatives including Telegram and signal messaging platforms. 

As well as the Indian government has strongly recommended Facebook-owned platform to re-consider upcoming policies. 

India alone comprises a large number of WhatsApp's userbase. Recently in response to cyberMedia Analysis (CMR) research, 79% of WhatsApp users are only in eight cities of India, including Delhi, Mumbai, Kolkata, Chennai, Bengaluru, Hyderabad, Pune, and Ahmedabad. Out of this huge percentage, 28% of people are reconsidering to depart the platform after the execution of its ‘take it or depart it coverage’ in Might 2021. 

Further, 51% of users have stated that they are reconsidering whether they should use this platform or not and would choose Telegram as its alternative or other messaging apps whereas 28% of respondents stated that they are not going to proceed with WhatsApp in any respect. 

In new terms and conditions of WhatsApp, it will share credentials of people with its parent company ‘Facebook’. Although the company has stated that it will not affect your private chat lives with your family and friends in any approach. The larger concern is that there is no specific technique that will decide this out. The new policies are not applied on the European market due to its (EU’s) stern privateness pointers that WhatsApp has obeyed to adjust. 

The government of India has explicitly highlighted in its response to WhatsApp, “the platform can’t unilaterally put in such coverage in its greatest market and that WhatsApp is obliged to respect the privateness of its largest person base”. 

“What’s outstanding is, most Indians (76%) had been conscious of the coverage,” Prabhu Ram, Head, Trade Intelligence Group (IIG), CMR instructed Monetary Categorical On-line. 

“WhatsApp has been the default messaging software for shoppers, much more than the conventional SMS. It was free, it was intimate, and it was one thing we owned. However now due to this take it or depart its coverage, the shoppers have gotten conscious that it was not free, in any case.” He added.

Learn how to Hide your WhatsApp Profile Picture and Why ?

 

The latest statistics of the messaging app usage have shown that WhatsApp has 2.0 billion users worldwide, which doesn't come as a surprise given the tremendous popularity and wide-acceptance of the messaging platform. 

Moreover, it is interesting to note that now businesses around the world have also integrated WhatsApp communication for purely work-related purposes, wherein people connect with one another because they are working in the same organization. 

However, it doesn’t necessarily mean that they can trust every person in their organization or that they do. Sometimes what happens is that one never wishes to show his or her display picture to the people whom they rarely know but are required to communicate with them through WhatsApp because of their professional work. 

Now, everyone doesn’t know how to hide their profile picture from unknown users, hence everyone who has their number or with whom they had a little dialogue on WhatsApp is able to see their profile picture and can also potentially take a screenshot of the same. Have you been in one such situation? If yes, we are here to educate you regarding the same. Do you know WhatsApp provides its users with very neat privacy features which allow us to save our privacy from non-friendly contacts, while letting your friends see your profile picture, at the same time? 

How to do it? 


To access the privacy features of WhatsApp in its entirety, follow the steps given below. 

First Open WhatsApp and go to ‘Settings’. 

Now click on ‘Account’ and then click on ‘Privacy’. 

Then, tap on Profile Photo.  

Now you must be able to see that the default setting here allows 3 options to choose first, “Everyone”, second, “My Contact’’ and third, “No One’’. 

So now what you have to do just select the second option “My Contact’’, this privacy feature will only allow your saved contact number to see your profile picture, while others will be seeing a grey avatar on your profile, instead of the picture you had put on display. And, if you wish to not reveal your profile picture to anyone then you can select the third option “Nobody”. This will hide your picture from everyone on the messaging app. 

To your dismay, unfortunately, currently, there is no option that will allow you to hide your profile picture from a particular bunch of users like it does for story privacy settings.

Indian Prime Minister Announces a New Cyber Security Policy for the Country


On the celebration of India's 74th Independence Day, the Prime Minister of India Narendra Modi announced his plans about bring up a new cybersecurity policy for the country. 

While addressing the nation, in his speech he highlighted the threats radiating from cyberspace that could affect India's society, economy, and development. 

He emphasized the fact that dangers from cyberspace can jeopardize every one of these parts of Indian life and they shouldn't be taken for granted. The prime minister's comments come against the ever-increasing cyber threats and psychological warfare radiating from nations like Pakistan and China. 

As per news reports, during the border tensions at Ladakh, China and Pakistani social media activists had apparently joined hands to dispatch fake news and misinformation campaigns against India. 

At the point when the conflict happened along the Pangong Lake on 5-6 May, Weibo, the Chinese version of Twitter, had featured images of Indian fighters tied up and lying on the ground, with correlations made to Bollywood's 'muscular portrayal' of the Indian Armed forces.

 "The government is alert on this," Modi reassured the nation, later adding that the government will soon come out with a strong policy on this.

Apart from this, phishing attacks offering info on Covid-19 and equipment, or free testing with the aim to steal personal information have additionally been on a steady rise in India over the last few months. 

As indicated by a Kaspersky report, there is a 37% increase in cyber-attacks against Indian companies in April-June quarter, when compared with January-March quarter, with the reason being the implementation of a nationwide lockdown from March which made organizations and companies permit their employees to work from home.

Beware of Stalkerware That Has Eyes On All of Your Social Media!


Dear social media mongers, amidst all the talk about the Coronavirus and keeping your body’s health in check, your digital safety needs kicking up a notch too.

Because, pretty recently, security researchers discovered, what is being called as a “Stalkerware”, which stalks your activities over various social platforms like WhatsApp, Instagram, Gmail, Facebook, and others.

‘MonitorMinor’, per the sources, is definitely the most formidable one in its line.

Stalkerware are “monitoring software” or ‘Spyware’ that are employed either by people with serious trust issues or officials who need to spy for legitimate reasons.

Via this extremely creepy spyware kind, gathering information like the target’s ‘Geographical location’ and Messaging and call data is a cakewalk. Geo-fencing is another spent feature of it.

This particular stalkerware is hitting the headlines this hard because, MonitorMinor has the competence to spy on ‘Communication channels’, like most of our beloved messaging applications.

The discoverers of this stalkerware issued a report in which they mentioned that in a “clean” Android system, direct communication between applications is blocked by the “Sandbox” to kill the possibilities of the likes of this spyware gaining access to any social media platform’s data. This is because of the model called “Discretionary Access Control” (DAC).

Per sources, the author of the stalkerware in question manipulates the “SuperUser-type app” (SU utility) (if present) allowing them root-access to the system.

The presence of the SU utility makes all the difference for the worse. Because owing to it and its manipulation, MonitorMinor gains root access to the system.

The applications on the radar are BOTIM, Facebook, Gmail, Hangouts, Hike News & Content, Instagram, JusTalk, Kik, LINE, Skype, Snapchat, Viber, and Zalo-Video Call.

From lock patterns to passwords, MonitorMinor has the power to dig out files that exist in the system as ‘data’. And it obviously can use them to unlock devices. This happens to be the first stalkerware to be able to do so, mention sources.

Per reports, the procedure is such that the “persistence mechanism” as a result of the malware manipulates the root access. The stalkerware then reverts the system section to read/write from the initial read-only mode, copies itself on it, deletes itself from the user section, and conveniently goes back to read-only mode again.

Reports mention that even without the root access, MonitorMinor can do a consequential amount of harm to targets. It can control events in apps by manipulating the “Accessibility Services”. A “keylogger” is also effected via the API to permit forwarding of contents.
Unfortunately, victims can’t do much to eradicate the stalkerware form their systems, yet.

Other functions of the stalkerware include:
• Access to real-time videos from the device’s camera
• Access to the system log, contact lists, internal storage contents, browsing history of on Chrome, usage stats of particular apps
• Access to sound recordings from the device’s microphone
• Control over the device’s SMS commands.

The security researchers released a report by the contents of which, it was clear that the installation rate of it was the maximum in India, closely followed by Mexico and then Germany, Saudi Arabia, and the UK.

The researchers also per reports have reasons to believe that possibly the MonitorMinor might have been developed by an Indian because they allegedly found a ‘Gmail account with an Indian name’ in the body of MonitorMinor.

Beware of Fake Videos on Facebook and WhatsApp!


Beware! People who have blind faith in the internet and tend to believe almost anything that they view or come across online, for there has surfaced a new medium for fearless dissemination of misinformation.

Fake news and modified pictures have already been wreaking havoc on social media and real lives of people for quite a long time now; leading to serious after-effects and reactions. Mob lynching, hate speeches and violent masses are few of the many upshots of such news and pictures.

At a time when the county was freshly getting used to fighting fake news and misinformation, a leading player joined the race, which goes by the name of “deepfake”.

Deppfake videos employ artificial intelligence to alter fake videos in such a way that they seem real to viewers. These videos are crafted with such ability that it becomes difficult for people to identify any possible lacunae.

These videos are so absolutely deceitful that the common person viewing them can’t remotely recognize or realize if, then what is wrong with them.

In latest times, the concept of morphed images is not new and hence people started to rely more on videos. But with deepfake, altering videos is possible too. In fact the operator could even manipulate actions and what is being said in the video.


Like every other fad that social media and its users accept with open arms, deepfake videos have a strong probability of making significant trouble on platforms like WhatsApp and Facebook to name a few.

Another issue with these videos is the resolution they are available in. Most videos that are found on Facebook or WhatsApp are quite low on quality and hence it becomes all the more challenging to identify their bogusness.

These days political or any other kind of speeches of influential personalities are circulated generously across all of social media. With threat actors like deepfake videos, the ordinary speeches could be malformed to enflame the masses.

Sources mention that genuine looking fake porn videos could also be circulated online via deepfake. Especially the porn clips that are recorded through spy cameras can be effortlessly manipulated into any sort of personal or professional hazard.

The extremely effective notion of targeted adverting refers to placing information according to the needs of the audience. Deepfake videos open new avenues for negative targeted advertising and people who are looking forward to creating unrest in otherwise peaceful situations.

These videos are outstandingly dangerous because along with being imperceptible as fake they also hold the capacity to instigate populaces for a cause that may not even exist.


Facebook and Google- The Kingpins Who Generated Millions of Ad Revenue This Year!


This fiscal year has been quite a success for all the social media platforms in terms of online digital advertising revenue generation.

Digital advertising revenue is the income that businesses earn via displaying paid advertising advertisements on their social media platforms or websites.

Per sources, Facebook and Google rose big time on the online revenue charts of the year 2018-2019. Facebook gathered 2,233 and as compared to the Rs. 6389 crore of the last fiscal year, Google landed itself a sum of Rs. 9,203 crore in ad revenue.

According to reports the social media giant’s ad revenue partly builds up of the advertisement that Indians “spend” on trendy social applications like Messenger, Instagram, and other third-party affiliations and applications.

Per sources, over 4.39 billion people use the internet all over the world today. Digital advertising hence, is more than a fitting alternative for the online world. The field is growing at a flying rate. According to a major report, the expenditure of ads is likely to multiply exponentially in a couple of years.

Reports also say that Facebook and Google collectively have a share of 68 percent in India’s online advertising sphere. They also plan on expanding it, given the compelling competition from Amazon and other similar entities.

The Indian division of Facebook, Facebook Indian Online Service Pvt. Ltd., cites that it gives the ad inventory amount back to the main company, which adds somewhere up to Rs.1,960 crore in the latest fiscal year. The amount that contributed to the net revenue of this Indian division was Rs. 263 crore.

Per sources, Facebook’s revenue from online ad ventures had an overall rise of 71 percent this “year-on-year”, only to reach a glorious Rs. 892 crore in this fiscal year.

This made the profit for the social media colossus rise by 84 percent which amounts up to Rs. 105 crore, mentioned the reports.
Google India Pvt. on the other hand as per what the reports mentioned displayed Rs. 1, 097 crores as its “net sales” from online advertisements.

The overall revenue for this search engine master totaled Rs.4,147 crore which was half of what it acquired in the previous fiscal year. Nevertheless, its profit experienced a 16 percent hike equalling to Rs. 473 crore, sources indicated.

Social Media Regulations: Need 3 Months To Frame Rules, Centre Informs SC



NEW DELHI: The Centre on Monday informed the Supreme Court that it would need 3 more months to finalize the process of updating and notifying the intermediary guidelines for social media in India, as per the reports by PTI. These new rules will be aimed at curbing the alleged exploitation of various social media platforms like Facebook and WhatsApp; major issues like fake news, hate speech, defamatory posts, and anti-national activities will be regulated by the updated guidelines which are expected by the last week of January.

After the top courts inquired about the steps taken on this subject, an affidavit had been filed, in which the government said that the country witnessed an exponential increase in the kind of posts and messages that incite hatred, disrupts social harmony and threatens country’s integrity, and therefore, a greater control over the internet is required to safeguard national security.

On the basis of the appeals filed by social media giants like WhatsApp, Facebook, and Twitter, who argued that the cases will probably have national security implications, the court assembled all the related cases and transferred them to the High Courts. After the government provides the court a draft of revised intermediaries guidelines, the next hearing will take its course, which is expected on January 15.

The Internet has become a powerful tool which can potentially cause “unimaginable disruption to the democratic polity”, The Ministry of Electronics and Information Technology told the court.

Although technology has facilitated economic growth and progress, it also heightened the concerns regarding social harmony and national security. “As the internet has emerged as a potent tool to cause unimaginable disruption to the democratic polity, it was felt that the extant rules be revised for effective regulation of intermediaries, keeping in view the ever-growing threats to individual rights and the nation’s integrity, sovereignty, and security,” remarked the ministry in the affidavit. “After collating and analyzing all the details from stakeholder participation and inter-ministerial consultation, the deponent has bonafide belief that a further period of three months would be required for finalizing and notifying the final revised rules in accordance with law.”

Prior to Tamil Nadu’s agreement on transferring the cases to the top courts, the Attorney Journal said, “WhatsApp and Facebook after coming to India can't say they can't decrypt information.”