By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Hundreds of millions of phone numbers linked to Facebook accounts were left exposed on an unprotected server in the latest massive security breach to plague the embattled tech giant. Up to 419 million phone numbers were stored on a database housed on multiple servers including the numbers of an estimated 133 million US-based users alone. The revelation comes just weeks after Facebook was slapped with a record $5 billion fine by the US Federal Trade Commission for violating users’ privacy rights.
Each phone record was tied to a user’s unique Facebook ID (a long, public number associated with the account), which can then quickly and easily be used to ascertain yet more personal information such as a user’s name, gender and location by country.
This, in turn, can expose users to spam calls and allow hackers to launch SIM-swapping attacks whereby cell phone carriers are tricked into providing a target’s phone number to an attacker. The unscrupulous hacker can then force-reset the password on any online account registered with that number.
This particular method of attack was used against none other than Twitter CEO Jack Dorsey, whose own Twitter account was hijacked. The company announced on Wednesday that it was temporarily disabling the text-to-tweet function due to “vulnerabilities that need to be addressed by mobile carriers.”

Representatives from top tech companies, including Google, Microsoft, and Twitter, met at Facebook’s headquarters on Wednesday with government officials to discuss security ahead of the 2020 election, according to a recent report. According to Reuters, Facebook said the companies and government agencies were working together to develop strategies to block previous weaknesses and avoid future threats with the first primary just five months away. The meeting at Facebook’s Menlo Park, California, offices involved officials from the Department of Homeland Security, the Federal Bureau of Investigation and the Office of the Director of National Intelligence, Bloomberg first reported. Richard Salgado, Google's Director of Law Enforcement and Information Security, told FOX Business that collaboration with law enforcement and other tech companies is key to protect election integrity in the U.S. "At Google, we've invested in robust systems to detect phishing and hacking attempts, identify foreign interference on our platforms, and protect campaigns from digital attacks. But technology is only part of the solution," Salgado told FOX Business in an emailed statement. An anonymous source told Bloomberg about the private, full day of meetings focused on how tech companies are preparing security measures ahead of the 2020 election to prevent against similar disinformation campaigns that were led by Russians organized during the 2016 election cycle. The companies also discussed how they would work with government agencies to keep their sites secure. Representatives from Microsoft and Twitter confirmed to FOX Business that the companies both participated in the talks. The Twitter spokesperson also said the company is “committed to doing our part,” in regard to maintaining the integrity of its site during the 2020 presidential election. For more turn to OUR FORUM.

Exploit reseller Zerodium on Tuesday announced higher going rates for Android vulnerabilities, with the firm now paying out up to $2.5 million for so-called zero-click zero-days, reports Motherboard. As the value of Android exploits increases, the market health of zero-days designed to thwart iOS protections stagnates due to what can be characterized as a supply glut. Zerodium, for example, pays out $2 million for zero-click vectors targeting iPhone, and decreased payouts for one-click attacks from $1.5 million to $1 million, the report said.  Zero-click exploits refer to vulnerabilities that can be leveraged to hack a device without user interaction, while zero-days are defined as bugs, exploits and other flaws that are as yet unknown to platform operators. Zero-days are particularly prized assets for hackers — both lawful and nefarious — looking to break into locked-down devices like iPhone. "The zero-day market is flooded by iOS exploits, mostly Safari and iMessage chains, mainly due [to] a lot of security researchers have turned their focus into full-time iOS exploitation," said Zerodium founder Chaouki Bekrar. "They've absolutely destroyed iOS security and mitigations. There are so many iOS exploits that we're starting to refuse some of them."  The director of the exploit buyer Crowdfense, Andrea Zapparoli Manzoni, agrees with Bekrar's assessment of the market, but notes, not all iOS chains are "intelligence-grade." Still, it appears the supply of vulnerabilities more than sates demand.  Bekrar added that Android is becoming increasingly difficult to crack, in part due to fragmentation. The multi-version, multi-device nature of Google's operating system has long been considered a weakness in terms of consistency and stability, but it is this very "feature" that might prove useful in protecting against widespread attack, the report said. "Learn more at OUR FORUM.

Searching for textbooks and essays in electronic form on the Internet exposes students to a wide range of malicious attacks as Kaspersky Lab researchers found after analyzing data gathered over the past academic year. With the back to school season in full force and everyone looking around for the best possible price, some will end up trying their chances on the web instead of paying for educational materials out of their pocket. While this might look like a bargain at first, it also comes with a lot of dangers seeing that attackers will try their best to infect your computer with malware downloaders that can download and execute banking Trojans and ransomware or with worms capable of quickly spreading to all your contacts and all devices on your network. After taking a closer look at attacks using malicious documents with educational-related filenames and directed at Kaspersky users, the researchers discovered that threat actors targeted potential victims from the educational field over 356,000 times in total over the past academic year. "Of these, 233,000 cases were malicious essays that were downloaded to computers owned by more than 74,000 people and that our solutions managed to block," found Kaspersky. "About a third of those files were textbooks: we detected 122,000 attacks by malware that was disguised as textbooks. More than 30,000 users tried to open these files." While the MediaGet downloader will only download and install an unneeded torrent client, the two other downloaders are capable of dropping a huge range of malware strains on the victims' computers including but not limited to adware, crypto miners, spyware, banking Trojans, and, in the most serious cases, ransomware capable encrypting all their data. Stalk, on the other hand, a worm Kaspersky detects as Worm.Win32.Stalk.a also use spam emails to reach its victims' computers and will immediately attempt to infect any connected USB flash devices and as many devices on the same network as possible. In-depth details are posted on OUR FORUM.

Google is facing another internal crisis as employees demand answers from executives on how the company works with US immigration services. Workers have pressed management on whether the company will offer cloud services to Customs and Border Protection (CBP), concerned that their labor could be used to power Trump administration policies. But according to documents obtained by The Verge, similar deals are already in place that shows how lucrative and lasting those agreements can be. In 2017, a third-party software provider reached a nearly $750,000 deal to provide a Google cloud service to US Citizenship and Immigration Services (USCIS), a branch of the Department of Homeland Security. The contract was obtained through a Freedom of Information Act request by the activist group Mijente, which has pushed back on tech companies working with US immigration agencies. The document does not directly mention Google, but the contract provides a two-year license for Apigee Edge Private Cloud, part of a Google service for managing APIs. The contract was signed in September 2017, suggesting the service is still in use. While USCIS is seen as the bureaucratic counterpart to agencies like Immigration and Customs Enforcement (ICE) and CBP, responsible for managing asylum claims and related duties, the agency isn’t without controversy. Earlier this month, after the announcement of a Trump administration policy that would make it more difficult for poorer immigrants to become American citizens, acting director Ken Cuccinelli suggested changing the sonnet etched on the Statue of Liberty to “give me your tired and your poor who can stand on their own two feet and who will not become a public charge.” Wanna know more, please visit OUR FORUM.

If there’s one thing that Microsoft mobile fans want, it’s a phone from Microsoft. Without Windows phones, there are few options. The Galaxy Note 10 and other Samsung flagships are obvious choices for a Microsoft supported mobile in spirit. Yet, the desire is strong for a Microsoft Surface-like experience albeit with Android. It’s an alluring fantasy, but a fantasy nonetheless. Microsoft’s previous mobile efforts have been met with disaster. Windows Mobile failed to take off, Windows Phone/Windows 10 Mobile died in the crib, and Windows RT was similarly unsuccessful. There’s a compelling school of thought that says, why doesn’t Microsoft do what others have. Why not adopt Android? Much like with its Surface Pro line, you’d be pairing powerful hardware with software that people actually want. You’d get Microsoft hardware and software support, along with access to Android and the Google Play Store (and the US government’s unlikely to rip it out of your hands as well post-purchase.) It seems like a no-brainer, but its a lot more complicated than that. For Microsoft to be able to justify this thing (to users and bean counters both), it’s going to have to solve a unique problem that the market isn’t catering to at the moment. Microsoft’s brand alone is not enough to carry sales of a device. No, if Microsoft is releasing such a mobile phone, it would have to do so with a USP. A problem it intends to do solve that’ll draw a niche where it can build off on – else it’s just another Android Phone. One route they could take is the camera. Aside from the reputation of Lumia, Microsoft was making cool camera apps like Blink and Qik even before the Nokia purchase. To learn more visit OUR FORUM.

 

GTranslate