Get subscribed to our newsletter
Get interesting updates to your email inbox.
After Facebook admitted that hackers broke into nearly 50 million users’ accounts by stealing their “access tokens” or digital keys, cyber experts on Saturday warned over 2.3 billion users to log out and log back into Facebook, or any of third-party apps that use Facebook login.
Facebook has reset the access tokens of almost 50 million accounts it knew were affected. It has also taken the precautionary step of resetting access tokens for another 40 million accounts that have been subject to “View As” look-up in the last year.
“For now, logging out and back in is all that is necessary. The truly concerned should use this as a reminder and an opportunity to review all of their security and privacy settings on Facebook and all other social media platforms,” Chester Wisniewski, Principal Research Scientist with global cyber security major Sophos, told IANS.
According to Dr Gary McGraw, Vice President of Security Technology, Synopsys (Software Integrity Group), this breach emphasises just how important software security is, and how subtle solid security engineering can be.
“When a feature like ‘View As’ can be turned on its head into an exploit, it indicates a design problem that led to unanticipated security vulnerability,” noted Dr McGraw.
“Design flaws like this lurk in the mind boggling complexity of today’s commercial systems, and must be systematically uncovered and corrected when software is being designed and built,” he added.
If you’ve ever wondered what keeps you logged into your account even after you restart your laptop/browser – those are access tokens (cookies).
They maintain a constant session even when your IP changes.
“In this case, hackers were able to steal these tokens, which basically means the hacker could fool Facebook servers to believe they are the authorised users of the target’s account that would give the attacker, complete access of the target’s account,” said Saket Modi, CEO and Co-Founder of Lucideus, an IT risk assessment and digital security services provider.
According to experts, they don’t know for how long the vulnerability existed, who the hackers were and the extent of damage that might have been caused in terms of stealing not only one’s profile data but, in this case, potentially the personal messages, pictures and chats, among others.
“As a precaution, all Facebook users must log out and re-login into all the gadgets that they have their Facebook session active like your cell phone (app or browser), laptop and desktop, etc,” Modi advised.
Facebook said it does not know who is behind this massive security attack.
“We’re working hard to better understand these details and “we will update this post when we have more information, or if the facts change,” said the company.
In the Cambridge Analytica scandal, data of nearly 87 million people was breached upon. (IANS)
Hackers have stolen crypto tokens worth $120 million from Blockchain-based decentralised finance (DeFi) platform BadgerDAO. Several crypto wallets were drained before the platform could stop the cyber attack. In a tweet, Badger said it has received reports of unauthorised withdrawals of user funds. "As Badger engineers investigate this, all smart contracts have been paused to prevent further withdrawals. Our investigation is ongoing and we will release further information as soon as possible," the company said late on Thursday.
According to the blockchain security and data analytics Peckshield, the various tokens stolen in the attack are worth about $120 million, reports The Verge. According to reports, someone inserted a malicious script in the user interface (UI) of their website. Badger has retained data forensics experts Chainalysis to explore the full scale of the incident and authorities in both the US and Canada have been informed. "Badger is cooperating fully with external investigations as well as proceeding with its own," it said. DeFi is a collective term for financial products and services that are open, decentralised and accessible to anyone. DeFi products open up financial services to anyone with an internet connection and they are largely owned and maintained by their users. While the attack didn't reveal specific flaws within Blockchain tech itself, it managed to exploit the older "web 2.0" technology that most users need to use to perform transactions, according to reports. (IANS/ MBI)
(Keywords: crypto wallets, BadgerDAO, decentralised finance, Blockchain, 120 million, crypto tokens, Hackers)
A total of 120 top Bollywood and other celebrities are expected to attend the wedding of film stars Katrina Kaif and Vicky Kaushal which is scheduled on December 9 in Rajasthan, said Rajendra Kishan, the District Collector (DC) of Sawai Madhopur district of the state on Friday. The District Collector told mediapersons: "These 120 guests shall follow all COVID-19 protocols and fully vaccinated guests will get entry in the much-hyped celebrity wedding."
Kishan said that the organisers have been asked to strictly follow all Covid-19 protocols. Also, those who are not vaccinated, will not be allowed without the negative RT-PCR test report, he added. "We have been informed by organisers that a total of 120 guests are invited to the wedding and the events will take place between December 7 to December 10," he added.
Earlier at 10.30 a.m., Kishan called a meeting which was attended by administrative, police and forest department officials, hotel and event managers to ensure adequate arrangements for crowd control, smooth regulation of traffic, and law and order situation amid the VIP movement. The wedding venue Fort Barwara, that has been converted into a heritage hotel, is situated in the panchayat samiti Chauth Ka Barwara. The venue is around 22 km away from Sawai Madhopur and is around 174 km from Jaipur. Sawai Madhopur district is famous for the Ranthambore National Tiger Reserve and as per reports, the guests are likely to be taken for a tiger safari. (IANS/ MBI)
(Keywords: Rajasthan, December 9, Vicky Kaushal, Katrina Kaif, film stars, celebrities, Bollywood, Katrina-Vicky)
The National Centre for Biological Sciences (NCBS), which confirmed the first two cases of the Omicron variant in Bengaluru on Thursday, is continuously monitoring the situation in four cities - Bengaluru, Hyderabad, New Delhi, and Pune. The NCBS is a part of a consortium of national laboratories performing genomic surveillance across four city clusters. The consortium was established four months ago with support from The Rockefeller Foundation's Pandemic Prevention Institute, and is led by the Centre for Cellular and Molecular Biology (CCMB) in Hyderabad.
Dr Rakesh Mishra at the CCMB said on Friday that the consortium is continuously monitoring the situation in all the four cities and has upscaled its efforts to sequence as many samples as possible Apart from the CCMB and the NCBS, the consortium includes CSIR-Institute of Genomics and Integrative Biology - IGIB in New Delhi and the Pune Knowledge Cluster, Indian Institute of Science Education and Research (IISER), Pune, and CSIR-National Chemical Laboratory in Pune.
The first case of the Omicron variant was detected in South Africa and reported to the World Health Organization on November 24. | Unsplash
The consortium is focused on upscaling genomic surveillance as part of national efforts led by the INSACOG - Indian SARS-CoV-2 Genomics Consortium - to respond to the Covid-19 pandemic. The consortium intensified its sequencing efforts after the World Health Organisation announced Omicron as a Variant of Concern. Such an intensified effort enabled the Bengaluru team at the NCBS, a member laboratory of INSACOG, in collaboration with Strand Life Sciences and the Bruhat Bengaluru Mahanagara Palike (BBMP), to detect, rapidly sequence and verify the existence of the omicron variant in samples from two Covid-19 infected individuals.
They hope this will aid in a rapid response to contain the spread of variants of concern. Prof Satyajit Mayor from the NCBS conveyed the information to local and national authorities, and the Indian government released a statement on December 2, all within four days of receiving the samples. Both SARS-CoV-2 genomes have also been uploaded to the global repository for SARS-CoV-2 sequences, GISAID, so that they can be publicly available to the scientific community, the NCBS said. (IANS/ MBI)
(Keywords: Hyderabad, New Delhi, Pune, Bengaluru, The National Centre for Biological Sciences, Situation, NCBS, Omicron)