Get subscribed to our newsletter
Get interesting updates to your email inbox.
The security breach Facebook announced Friday that affected 50 million users was a setback for the social media giant, which has been working for months to regain customers’ trust over how it handles their data.
In addition to the 50 million users whose log-on information could have been accessed by hackers, the company required as a precaution another 40 million to log on to be able to get on their accounts. Facebook said it reported the breach of the company’s code, which the firm said it fixed, to law enforcement.
The social media company was not sure Friday whether any personal information had been gathered or misused, but it scrambled to address the issue, which was discovered earlier in the week. Facebook users may find they have to relink their Facebook accounts to their Instagram accounts, and possibly to third-party apps, which users often log on to with their Facebook accounts.
In a call Friday with reporters, Guy Rosen, Facebook vice president of product management, said that the breach appeared to be very broad with no specific country targeted. “We’ll update with what we learn,” he said.
Focus on elections
The breach came just weeks before the U.S. midterm elections, something the company has been keenly focused on.
More than 300 Facebook workers are scouring the platform, looking for false news, fake accounts and disinformation campaigns by foreign state-sponsored operatives that may be trying to sway voters. Facebook executives have said that they did not do enough to address these issues in the run-up to other elections such as the 2016 U.S. presidential race and that they are working to fix them.
In addition, Facebook’s relationship with its 2 billion users took a hit last spring when it was disclosed that an outside researcher who was given access to Facebook data used the information for political campaigns. As a result, the company contacted users whose information might have been seen or used by the outside firm Cambridge Analytica.
“We have a responsibility to protect your data, and if we can’t, then we don’t deserve to serve you,” Facebook CEO Mark Zuckerberg said in a statement posted to his Facebook page in March.
‘View As’ tool
The company said hackers exploited the privacy feature known as “View As,” which lets users see how their own profiles would look to other people. Facebook said hackers were then able to use the security flaw to steal log-in keys, called access tokens, that could allow them to access people’s accounts.
“We’re a big fan of ‘View As’ here at EFF,” said Gennie Gebhart, associate director of research at the Electronic Frontier Foundation, the digital civil liberties group. “It’s one good way to make sure that your privacy settings are the way you want them to be. I can see what my friends see or friends of friends see.”
But by checking what a friend can see, the “View As” tool actually made one’s friend vulnerable to this hack.
A relatively new feature that allowed users to upload “Happy Birthday” videos was part of a combination of three bugs that contributed to the vulnerability, the social media firm said.
“It’s one of those weird things that daisy-chained together,” Gebhart added.
Facebook said it was shutting down “View As” until further notice.
The hackers “used the access tokens to query data, but there are no public reports of abusing the access to post updates to timelines or spread disinformation,” said Travis Smith, principal security researcher at Tripwire, a security firm. “This could be because they were only after data or it could be that their attack was cut off midstream by Facebook before they could reach their ultimate goal.”
Affected Facebook users should take some additional steps, said Gary Davis, the chief consumer security evangelist at security firm McAfee, who wrote about the Facebook hack in a blog post.
Among them, users should change their log-in information. “Since this flaw logged users out, it’s vital you change up your log-in information,” he wrote.
He also stressed users should update their Facebook apps as soon as possible.
“Facebook has already issued a fix to this vulnerability, so make sure you update immediately,” he wrote. (VOA)
Microsoft has disrupted the activities of a China-based hacking group, gaining control of the malicious websites the group used to attack organisations in the US and 28 other countries around the world.
The Microsoft Digital Crimes Unit (DCU) said in a statement that a federal court in Virginia granted its request to seize websites of the hacking group called 'Nickel', enabling the company to cut off Nickel's access to its victims and prevent the websites from being used to execute attacks.
Follow NewsGram on LinkedIn to know what's happening around the world.
"We believe these attacks were largely being used for intelligence gathering from government agencies, think tanks and human rights organisations," said Tom Burt, Corporate Vice President, Customer Security and Trust at Microsoft.
Obtaining control of the malicious websites and redirecting traffic from those sites to Microsoft's secure servers will help the company protect existing and future victims while learning more about Nickel's activities.
Also Read : Fortnite : A Gold Mine for Hackers
"Our disruption will not prevent Nickel from continuing other hacking activities, but we do believe we have removed a key piece of the infrastructure the group has been relying on for this latest wave of attacks," Burt said late on Monday.
To date, in 24 lawsuits - five against nation-state actors -- Microsoft has taken down more than 10,000 malicious websites used by cybercriminals and nearly 600 sites used by nation-state actors.
"We have also successfully blocked the registration of 600,000 sites to get ahead of criminal actors that planned to use them maliciously in the future," the tech giant informed.
"We believe these attacks were largely being used for intelligence gathering from government agencies, think tanks and human rights organisations."Unsplash
In some observed activity, Nickel malware used exploits targeting unpatched on-premises Exchange Server and SharePoint systems.
"However, we have not observed any new vulnerabilities in Microsoft products as part of these attacks. Microsoft has created unique signatures to detect and protect from known Nickel activity through our security products, like Microsoft 365 Defender," the company noted.
Nickel has targeted organisations in both the private and public sectors, including diplomatic organisations and ministries of foreign affairs in North America, Central America, South America, the Caribbean, Europe and Africa. (IANS/SP)
(Keywords : hacking, China, Microsoft, website, victim, intelligence, attack, malicious, traffic, server, company, disruption, lawsuits, cybercriminals, vulnerability.)
- Chinese Cyber Operations Scoop Up Data For Political, Economic ... ›
- Hackers Steal $120mn In Crypto From Blockchain-based DeFi ... ›
Chip manufacturer MediaTek on Monday announced that it is focused on making 2022 a year aimed at rapid growth, business success, substantial expansion in Research and Development capabilities.
MediaTek's plans to boost technology democratisation and enable access to disruptive connectivity with its range of mainstream to flagship 5G chips.
"We at MediaTek are focused on making 2022 a year aimed at rapid growth, business success, and substantial expansion in our R&D capabilities. For 2022, we are focused on further strengthening our presence in India, offering incredible experiences to customers, and supporting the country's technology initiatives with our expertise and collaboration with leading OEMs," Anku Jain, Managing Director, MediaTek India said in a statement.
Follow NewsGram on LinkedIn to know what's happening around the world.
In the flagship segment, MediaTek recently announced the Dimensity 9000 chip, which is a milestone of innovation and a rise to the incredible, built-to-power flagship 5G smartphones in the world, the company claims.
MediaTek Dimensity 9000 features a single Cortex-X2 performance core clocked at 3.05GHz, three Cortex-A710 cores at 2.85GHz and four Cortex-A510 efficiency cores at 1.8GHz.
It packs a 10-core Arm Mali-G710 that takes care of graphics processing, the report said.
The chipset also comes packed with MediaTek's fifth-generation APU with six total cores for AI processing.Unsplash
Also read: Realme Unveils First 5G Smartphone
The chipset also comes packed with MediaTek's fifth-generation APU with six total cores for AI processing.
The chipset can handle screens with up to a 180Hz refresh rate at Full HD+ resolutions. It is also the first chipset to have an 18-bit image signal processor, offering the ability to capture 4K HDR video using up to three cameras at the same time, or still photos using up to a massive 320MP sensor. (IANS/PR)
(Keywords: 5G, smartphones, Mediatek)
If the US loses Chinese companies, Wall Street will gradually alienate itself from the world's most prosperous market and the US will no longer be the true global financial centre, Chinese state media claimed.
Didi Chuxing, the Chinese ride-hailing giant, announced on Friday that the company is starting the work of delisting from the New York Stock Exchange (NYSE) and initiating preparations for listing in Hong Kong.
Follow NewsGram on Instagram to keep yourself updated.
One day before Didi made the statement, the US Securities and Exchange Commission (SEC) issued a mandate requiring foreign companies listed in the US to provide audits for inspection. Otherwise, they could be delisted from NYSE and Nasdaq in three years.
"The new SEC regulation clearly targets Chinese companies listed in the US. Analysts believe that it could lead to more than 200 companies being kicked off US exchanges," Global Times reported.
Also Read : The forgotten Indo-China War
Didi is the first Chinese company, which announced that it would delist from the NYSE after the SEC issued its new regulation. The company got listed in the US in June without the approval of Chinese regulatory authorities, sparking concerns that the information of hundreds of millions of Chinese users would be leaked to endanger China's national security. More than 20 apps linked to the company were subsequently removed from mobile stores. The SEC's new regulation has compressed Didi's space for financing in the US from the other direction, the report said.
It will become more difficult for Chinese digital technology and application companies to get listed in the US in the future.Unsplash
There have already been voices in the US demanding most of the "China concept stocks" be removed from the US. Scrutiny of "China concept stocks" is expected to get stricter. The US provides various excuses such as "financial security" and "national security" for such scrutiny, the report said.
It will become more difficult for Chinese digital technology and application companies to get listed in the US in the future. This will cause losses to both sides. But the tendency shows that China has greater initiative to adjust and adapt to new conditions, the report said.
Global Times said Chinese companies have other alternatives, and if they go back to China, they will greatly enhance the attractiveness of the mainland and Hong Kong capital markets, creating the possibility of gradually changing the global financial landscape. (IANS/SP)
(Keywords : Wall street, China, stocks, companies, businesses, losses, regulations, prosperous, technology, authorities, delisting.)
- Restored Ashoka Stupa in China symbolises India's propagation of ... ›
- Importance Of Tibet In India China Relations - NewsGram - Lens to ... ›