New FileFix Variant Delivers StealC Malware Through Multilingual Phishing Site

Cybersecurity researchers have warned of a new campaign that's leveraging a variant of the FileFix social engineering tactic to deliver the StealC information stealer malware. "The observed campaign uses a highly convincing, multilingual phishing site e.g., fake Facebook Security page, with...

Brave Software: Browser is not following proper flow for redirection cause open redirect

Summary: Brave browser is not following proper flow for redirection. Browser is directly redirecting to the site that is present in redirect parameter without confirming from the main site server. I have found this vulnerability and this is affecting Facebook. Facebook use l.facebook.com/l.php?u=...

Fb_Friend_List_Scraper - OSINT Tool To Scrape Names And Usernames From Large Friend Lists On Facebook, Without Being Rate Limited

OSINT tool to scrape names and usernames from large friend lists on Facebook, without being rate limited. Getting started: Install using pip: python -m pip install fb-friend-list-scraper Script is now installed as fbfriendlistscraper Run with -h or --help to show usage information. Usage: usage:...

Facebook phish claims “Someone tried to log into your account”

Watch out for bogus Facebook phishing messages winging their way to your mailbox. The ruse is quite simple: The mail senders are relying on the recipient’s sense of panic to respond without thinking about it. The mail looks professional enough, and seeks to imitate what would be a fairly typical...

Facebook Security Debacles: 2019 Year in Review

Facebook Security: 2019 Year in Review Facebook spent the past year both trying to deal with the consequences of the Cambridge Analytica scandal that rocked its public relations in 2018, as well as other issues afflicting the social media platform – from data security challenges to political...

Facebook Finally Fixes Its Two-Factor Mess

A Wawa breach, Russian spies, and more of the week's top security news...

Facebook Stored Millions of Instagram Users' Passwords in Plaintext

Facebook late last month revealed that the social media company mistakenly stored passwords for "hundreds of millions" of Facebook users in plaintext, including "tens of thousands" passwords of its Instagram users as well. Now it appears that the incident is far worse than first reported. Faceboo...

A Year Later, Cybercrime Groups Still Rampant on Facebook

Almost exactly one year ago, KrebsOnSecurity reported that a mere two hours of searching revealed more than 100 Facebook groups with some 300,000 members openly advertising services to support all types of cybercrime, including spam, credit card fraud and identity theft. Facebook responded by...

Should you delete yourself from social media?

You're feeling like you've had enough. All the recent news—from Facebook's Cambridge Analytica snafu to various abuses of Twitter vulnerabilities—has you wondering: Should I delete myself from social media? Social networking does have its positive aspects. You can stay in touch with distant or no...

I got emails - G Suite Vulnerability

After recent finding about Uber and SendGrid bug, I decided to check other third party applications that were also used for similar cases. During the investigation, some third party applications were found to be vulnerable including G Suite. The initial research of this vulnerability started when...

The Web in conditions of competitive Race conditions）vulnerability-vulnerability warning-the black bar safety net

In order to improve developer and network security personnel on the conditions of the competitive attacks of vigilance,I wrote this blog. I think not many people know about this problem,to this end, I researched some of the points system is susceptible to conditions of competition to attack the C...

How Certificate Transparency Monitoring Tool Helped Facebook Early Detect Duplicate SSL Certs

Earlier this year, Facebook came across a bunch of duplicate SSL certificates for some of its own domains and revoked them immediately with the help of its own Certificate Transparency Monitoring Tool service. Digital certificates are the backbone of our secure Internet, which protects sensitive...

Comodo's so-called 'Secure Internet Browser' Comes with Disabled Security Features

Beware Comodo Users! Have you Safeguarded your PC with a Comodo Antivirus? Then you need to inspect your system for privacy and security concerns. First of all, make sure whether your default browser had been changed to "Chromodo" -- a free browser offered by Comodo Antivirus. If your head nod is...

[Responsible disclosure] How I could have removed all your Facebook notes

Note: This is being published with the permission of Facebook under the responsible disclosure policy. The vulnerability is now fixed. Summary: This blog post is about an Insecure direct object reference vulnerability in Facebook Notes using which attacker could have removed all your notes just b...

Komodia Website Under DDoS Attack

Komodia.com, home to the SSL interception module at the heart of the Superfish adware dustup, is currently under a distributed denial-of-service attack. As of 2 p.m. Eastern time, its home page had been replaced with a notice that the site was offline because it was under attack. “Some people say...

Snowden's disclosures haven't changed much about Facebook Security

Mark Zuckerberg is continually denying working with the NSA or any other Government Intelligence Agency in serving out data they gathered through extended surveillance, and even he expressed his indignation over the damage the Government is creating for all, on the phone call to the US President...

Hacking Facebook Account with just a text message

Can you ever imagine that a single text message is enough to hack any Facebook account without user interaction or without using any other malicious stuff like Trojans, phishing, keylogger etc. ? Today we are going to explain you that how a UK based Security Researcher, "fin1te" is able to hack a...

Slideshow: Scenes from CanSecWest 2013

VIEW SLIDESHOW Scenes from CanSecWest 2013 The CanSecWest security conference in Vancouver last week included technical presentations on bypassing ASLR and DEP and the intricacies of Android research, as well as a fascinating talk on the red team exercises Facebook’s security team runs. We put...

How-To Video: Securing Facebook

Facebook’s active-user count is rapidly approaching one billion. The world’s largest social network, which has long been a popular target and platform for attackers, will only become a more relevant outlet for scams and other fraud as it continues to grow. While the target grows, so too does the...

How to Win Friends and Steal Their Facebook Accounts

CANCUN–Facebook is a lot of things, and one of the things that it’s become of late is a fertile green field for attackers and scammers of all stripes. The Koobface worm is perhaps the most famous threat to hit the network, but the more mundane ones, such as scammers generating fake profiles...