Facebook will have to pay $90 million in a class action settlement. Even though the social media giant never admitted wrongdoing, Mark Zuckerberg’s social media platform, owned by Meta, agreed to settle. The plaintiffs and Facebook reached an agreement to avoid additional costs and risks associated with going on a trial. Even though Meta has been throu

Last week on Malwarebytes Labs: FBI warns of scammers soliciting donations for UkraineMicrosoft autopatch is here…but can you use it?Prometheus ransomware’s flaws inspired researchers to try to build a near-universal decryption toolRotten apples banned from App storeHackers can take over accounts you haven’t even created yetRansomware Ta

Facebook is once again the launchpad for a large-scale phishing campaign, according to researchers at PIXM. The campaign, which first shows signs of life back in September 2021, has generated millions of page views and ad referral revenue “estimated to be millions of USD at this scale of operation”. Credential harvesting on a grand scale Re

Tor has a storied reputation in the world of online privacy. The open-source project lets people browse the Internet more anonymously by routing their traffic across different nodes before making a final connection between their device and a desired website. It’s something we’ve discussed previously on Lock and Code, and something that, sometimes

An investigation of the infamous “Is That You?” video scam led Cybernews researchers into exposing threat actors who are poisoning Facebook Original post @ https://cybernews.com/security/exposed-the-threat-actors-who-are-poisoning-facebook/ An investigation of the infamous “Is That You?” video scam has led Cybernews researchers to a cybercriminal stron

Last week on Malwarebytes Labs: Fake reCAPTCHA forms dupe users via compromised WordPress sitesHow COVID-19 fuelled a surge in malwareWhy MRG-Effitas matters to SMBs“Look what I found here” phish targets Facebook usersAirTag stalking: What is it, and how can I avoid it?Long lost @ symbol gets new life obscuring malicious URLsGmail-linked Facebook accounts

A security researcher has disclosed how he chained together multiple bugs in order to take over Facebook accounts that were linked to a Gmail account. Youssef Sammouda states it was possible to target all Facebook users but that it was more complicated to develop an exploit, and using Gmail was actually enough to demonstrate the impact of his discoveries.

Facebook-themed messages are a frequent source of bogus links from both spam and compromised accounts. Whether you receive the messages via SMS, the Messenger app, or just inside regular web chat, it pays to be careful. A wide variety of attacks use bogus messages as their launchpad, and the risk of account compromise is ever-present. Phishing is not the onl

Last week on Malwarebytes Labs: Google, Apple, and Microsoft step hand in hand into a passwordless futureOpenSea warns of Discord channel compromiseAvoid these Instagram “Get rich with Bitcoin” scamsSteer clear of fake premium mobile app unlockersHow Instagram scammers talk users out of their accountsRansomware: April 2022 reviewThe $43 billion Business E

Experts investigate how stolen Facebook accounts are used as part of a well-established fraud industry inside Facebook. No eyebrows were raised in Quriums security operation center when the independent Philippine media outlet Bulatlat once again got DDoSed, as they are a frequent target of such digital attacks. However, when we noticed that the attack tra

A real world scam which sucks the fun out of craft fairs has caused nothing but stress for victims. It may sound bizarre, but it’s actually a fairly popular attack focused on small/self-run business owners selling their own creations. Are you ready for a trip to the craft fair? You’re a small business owner. You sell a variety of craft-style items, the

We’ve seen multiple hijacked profiles on Facebook recently claiming to be account recovery services. These bogus account recovery services aren’t here to help. They’re actually just trying to scare users into falling for phishing attempts. The people behind these scams target Facebook pages belonging to musicians, products, and businesses of a

Some major tech companies have unwittingly opened harassment and exploitation opportunities to the women and children who they have pledged to protect. This happened because they provided information in response to emergency data requests from legitimate law enforcement accounts that hackers had compromised. This finding came from four federal law enforcemen

Tragic tales are being posted to Facebook, combined with the offer of a giveaway. However, some are perhaps not quite what they seem. The PS5 is still one of the hottest bits of tech around, and near-total lack of availability, combined with a high sale price, means that some people will do whatever they can to obtain one. As a result, PS5 scams are rife.

p>A credential-stealing Windows-based malware, Spyware.FFDroider, is after social media credentials and cookies, according to researchers at ThreatLabz. The version analyzed by the researchers was packed with Aspack. The spyware is offered on download sites pretending to be installers for freeware and cracked versions of paid software. The analyzed versio