HackDig : Dig high-quality web security articles for hackers

Facebook patches Messenger audio snooping bug – update now!

byPaul DucklinModern telephony is full of anachronisms.For example, we still “dial” calls, and many phone apps still display the word “dialling” while they’re waiting for the person at the other end to pick up.But when was the last time you saw, let alone used, a phone that actually had a dial? And we still use idioms such as &#
Publish At:2020-11-20 14:55 | Read:177 | Comments:0 | Tags:Privacy Vulnerability Exploit Facebook Facebook Messenger vu

A flaw in Facebook Messenger could have allowed spying on users

Facebook has addressed a security vulnerability in its Messenger for Android app that could have allowed attackers to spy on users. Facebook has addressed a major security issue in its Messenger for Android app that could have allowed threat actors to spy on users by placing and connecting Messenger audio calls without their interaction. The vulnerabil
Publish At:2020-11-20 10:18 | Read:164 | Comments:0 | Tags:Breaking News Hacking Social Networks Facebook Facebook Mess

Unprotected database exposed a scam targeting 100K+ Facebook accounts

Researchers discovered an ElasticSearch database exposed online that contained data for over 100000 compromised Facebook accounts. Researchers at vpnMentor discovered an ElasticSearch database exposed online that contained an archive of over 100.000 compromised Facebook accounts. The archive was used by crooks as part of a global hacking campaign against
Publish At:2020-11-16 17:55 | Read:215 | Comments:0 | Tags:Breaking News Cyber Crime Social Networks data leak Elastics

Ragnar Locker ransomware gang advertises Campari hack on Facebook

​Ragnar Locker Ransomware operators have started to run Facebook advertisements to force their victims into paying the ransom. In November 2019, ransomware operators have started adopting a new double-extortion strategy first used by the Maze gang that sees threat actors also stealing unencrypted files before encrypting infected systems. Then the attacker
Publish At:2020-11-11 11:47 | Read:231 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Malware Security Social Ne

A week in security (October 26 – November 1)

We had a very busy week at Malwarebytes Labs. We offered advice on Google’s patch for an actively exploited zero-day bug that affects Chrome users, our podcast talked about finding consumer value in Cybersecurity Awareness Month with Jamie Court, we provided guidance about keeping ransomware cash away from your business, pointed out how scammers ar
Publish At:2020-11-02 15:41 | Read:282 | Comments:0 | Tags:Malwarebytes news covid-19 survey CVE-2020-14882 cybersecuri

S3 Ep4: Now THAT’S what I call a fire alarm! [Podcast]

byPaul DucklinThis week: Facebook scammers trick you with fake copyright notices, voice scammers automate their attacks on the vulnerable, how to tune up your mobile privacy, and (oh! no!) the best/worst IT helpdesk call ever.Presenters: Kimberly Truong, Doug Aamoth and Paul Ducklin.Intro and outro music: Edith Mudge.LISTEN NOWClick-and-drag on the soundwave
Publish At:2020-10-30 11:54 | Read:238 | Comments:0 | Tags:Android Facebook iOS Phishing Podcast Mobile Security phishi

A week in security (September 12 – September 18)

Last week on Malwarebytes Labs, we looked at journalism’s role in cybersecurity on our Lock and Code podcast, gave tips for safer shopping on Amazon Prime day, and discussed an APT attack springing into life as Academia returned to the real and virtual campus environment. We also dug into potential FIFA 21 scams, the return of QR code scams, Covid fatigue, a
Publish At:2020-10-19 16:17 | Read:259 | Comments:0 | Tags:A week in security a week in security awis facebook football

SILENTFADE a long-running malware campaign targeted Facebook AD platform

Facebook shared details about a long-running ad-fraud campaign that’s been ongoing since 2016 targeting Facebook users with SilentFade malware. Facebook detailed an ad-fraud cyberattack that’s been ongoing since 2016, crooks are using a malware tracked as SilentFade (short for “Silently running Facebook Ads with Exploits”) to steal Facebook credentials an
Publish At:2020-10-03 16:05 | Read:441 | Comments:0 | Tags:Breaking News Cyber Crime Facebook Hacking malware SilentFad

Instagram photo flaw could have helped malicious hackers spy via users’ cameras and microphones

A critical vulnerability in Instagram’s Android and iOS apps could have allowed remote attackers to run malicious code, snoop on unsuspecting users, and hijack control of smartphone cameras and microphones.The security hole, which has been patched by Instagram owner Facebook, could be exploited by a malicious hacker simply sending their intended victim
Publish At:2020-09-30 12:20 | Read:191 | Comments:0 | Tags:Featured Articles IT Security and Data Protection Facebook I

Beware Drive-By Downloads in Safari – Intego Mac Podcast Episode 154

The popular fitness tracking app Strava can assist stalkers; Facebook is irked about European regulators; a new Bluetooth vulnerability takes a new tack on attacks; and we look at some disturbing drive-by downloads that are coming from rogue Google ads.Strava and stalkersFacebook Says it Will Stop Operating in Europe If Regulators Don’t Back DownShortly afte
Publish At:2020-09-30 12:04 | Read:258 | Comments:0 | Tags:Intego Mac Security Podcast Bluetooth Facebook Google Intego

Report: Pandemic caused significant shift in buyer appetite in the dark web

Last year, credentials for PayPal, Facebook, and Airbnb were among the top goods on high demand in the dark web, aka the Internet’s underground market. But due to the COVID-19 outbreak, with most of the worldwide population sheltering, working, and studying indoors, many facets of life have made a full 180-degree turn—including the criminal world.
Publish At:2020-09-10 19:18 | Read:392 | Comments:0 | Tags:Cybercrime 2fa airbnb Cash App covid-19 Dark Web Dark Web Ma

A week in security (August 31 – September 6)

Last week on Malwarebytes Labs, we dug into security hubris on the Lock and Code podcast, explored ways in which Apple’s notarization process may not be hitting all the right notes, and detailed a new web skimmer. We also explained how to keep distance learners secure, talked about PCI DSS compliance, and revealed that SMB security posture is weakened by COV
Publish At:2020-09-07 13:06 | Read:272 | Comments:0 | Tags:A week in security facebook malware phish round up scam secu

Missing person scams: what to watch out for

Social media has a long history of people asking for help or giving advice to other users. One common feature is the ubiquitous “missing person” post. You’ve almost certainly seen one, and may well have amplified such a Facebook post, or Tweet, or even blog. The sheer reach and virality of social media is perfect for alerting others. It really is akin to
Publish At:2020-08-27 15:21 | Read:461 | Comments:0 | Tags:Cybercrime Social engineering abduction facebook fake missin

Facebook hoaxes back in the spotlight – what to tell your friends

byPaul DucklinAt the risk of giving you a feeling of déjà vu all over again……it’s time to talk about Facebook hoaxes once more.Looking at the Naked Security articles that people have not only searched for but also read in large numbers over the past few days tells us that we’re in what you might call a “market uptick” for
Publish At:2020-07-03 12:11 | Read:491 | Comments:0 | Tags:Facebook BFF Dance of the Pope Danske Bank Hoax Instant Bank

A week in security (June 8 – 14)

Last week on Malwarebytes Labs, we looked into nasty search hijackers that worried a lot of Chrome users; a list of considerations for MSPs when looking for an RMM platform; the complaint faced by ParetoLogic, the company that issues SpeedyPC, a product that claims to find and remove various PC errors; and a ransomware attack that affected car manufacturers
Publish At:2020-06-15 13:28 | Read:641 | Comments:0 | Tags:A week in security Babylon Health banking app Brave Brave br

Tools