Category: Facebook

Meta, the parent company of Facebook, has introduced a new AI model to the world that can identify objects in an image. The newly developed AI model is known as the “Segment Anything Model” (SAM for short) and can understand objects inside images and videos.

The ability to detect specific objects is called segmentation, and Meta seems to be democratizing its AI development for analyzing objects on ocean floors, various underwater photography sceneries, space, and country borders.

According to the press release made by Meta last week, the accurate segmentation technology is an AI-trained infrastructure model induced with large amounts of data to perform specialized tasks.

The WhatsApp parent company says that SAM and its Segment Anything 1-billion mask dataset (SA-1B) are available under a permissive open-license framework for research, and the dataset has approximately 11 million licensed and privacy-preserving images in its final dataset.

Now, the big question is, what if this technology falls into the wrong hands? Criminals can use this tech to find out objects and things from selfie photos taken in bedrooms and restrooms by celebrities and then blackmail them.

NOTE – Irrelevant to the article topic, we have received info that the social media networking giant is planning to start a fresh round of layoffs. In this layoff spree, about 4,000-4,500 employees across the world can receive the “pink slip,” starting from April 20th of this year. Mostly, those working in the technical departments of FB, Instagram, Reality Labs, and WhatsApp will be affected. Those involved in various AI projects are safe for now, and new hirings are on the horizon. American news resource Vox was the first to report this development and expects that the layoff email will be sent to employees in the early hours of Thursday between 4:00 am to 5:00 am. This was an expected move, especially after the Meta founder Mark Zuckerberg announced in March this year that his company intended to eliminate around 10,000 jobs in the next 3 months. Interestingly, in February this year, Amazon announced its plan to lay off around 9,000 employees and is anticipated to divert the investments to the development of AI models.

The post Facebook introduces new AI model capable of detecting objects in images appeared first on Cybersecurity Insiders.

CommScope, an American company that is in the business of providing network infrastructure, was reportedly hit by a ransomware attack. Afterward, cybercriminals leaked data of thousands of the company’s employees onto the dark web, including social security numbers and bank account details of employees involved in the R&D of infrastructure products. It is confirmed that unauthorized access occurred on the servers of CommScope on March 27th of this year, and the criminals managed to obtain full names, postal addresses, email addresses, personal numbers, and other sensitive details.

German-based company Rheinmetall has become a victim of a cyber attack recently, and hackers fraudulently accessed data related to industrial customers, largely from the automobile sector. However, the servers related to the military division remained untouched, and thus, a large-scale business embarrassment was averted. Spiegel, the German news website, was the first to report the incident, and more details are awaited.

The third news item concerns a lawsuit related to Facebook owner Meta. According to the latest media update provided by the social media giant, the business has agreed to pay $725 million as it failed to protect the data of its users from the Cambridge Analytica data scandal. Those who had Facebook accounts from May 24th, 2007, to Dec 22nd, 2022, will be eligible to gain some monetary benefits from the settled amount. The company has created a separate page for users to claim the benefit, and you can find more details on the company’s website.

According to preliminary inquiries launched by the Slovenian government, Chinese hacking group Vixen Panda, aka APT15, was reportedly involved in the cyber attack that took place on the Slovenian Foreign Ministry.

The news is out that a ransomware attack launched by the BlackCat/Alphv gang has crippled the entire computer network platform of American software and technology consulting firm NCR. This resulted in the disruption of the Aloha Point of sale platform, causing trouble for customers and business owners involved in digital banking, POS Systems, and payment processing across restaurants, retailers, and healthcare. NCR Corporation has announced that it has taken all necessary measures to contain the malware spread and assured that the incident will never be repeated.

The post Cyber Attack news headlines trending on Google appeared first on Cybersecurity Insiders.

The domain name registrar Freenom, whose free domain names have long been a draw for spammers and phishers, has stopped allowing new domain name registrations. The move comes just days after the Dutch registrar was sued by Meta, which alleges the company ignores abuse complaints about phishing websites while monetizing traffic to those abusive domains.

Freenom’s website features a message saying it is not currently allowing new registrations.

Freenom is the domain name registry service provider for five so-called “country code top level domains” (ccTLDs), including .cf for the Central African Republic; .ga for Gabon; .gq for Equatorial Guinea; .ml for Mali; and .tk for Tokelau.

Freenom has always waived the registration fees for domains in these country-code domains, presumably as a way to encourage users to pay for related services, such as registering a .com or .net domain, for which Freenom does charge a fee.

On March 3, 2023, social media giant Meta sued Freenom in a Northern California court, alleging cybersquatting violations and trademark infringement. The lawsuit also seeks information about the identities of 20 different “John Does” — Freenom customers that Meta says have been particularly active in phishing attacks against Facebook, Instagram, and WhatsApp users.

The lawsuit points to a 2021 study (PDF) on the abuse of domains conducted for the European Commission, which discovered that those ccTLDs operated by Freenom made up five of the Top Ten TLDs most abused by phishers.

“The five ccTLDs to which Freenom provides its services are the TLDs of choice for cybercriminals because Freenom provides free domain name registration services and shields its customers’ identity, even after being presented with evidence that the domain names are being used for illegal purposes,” the complaint charges. “Even after receiving notices of infringement or phishing by its customers, Freenom continues to license new infringing domain names to those same customers.”

Meta further alleges that “Freenom has repeatedly failed to take appropriate steps to investigate and respond appropriately to reports of abuse,” and that it monetizes the traffic from infringing domains by reselling them and by adding “parking pages” that redirect visitors to other commercial websites, websites with pornographic content, and websites used for malicious activity like phishing.

Freenom has not yet responded to requests for comment. But attempts to register a domain through the company’s website as of publication time generated an error message that reads:

“Because of technical issues the Freenom application for new registrations is temporarily out-of-order. Please accept our apologies for the inconvenience. We are working on a solution and hope to resume operations shortly. Thank you for your understanding.”

Image: Interisle Consulting Group, Phishing Landscape 2021, Sept. 2021.

Although Freenom is based in The Netherlands, some of its other sister companies named as defendants in the lawsuit names are incorporated in the United States.

Meta initially filed this lawsuit in December 2022, but it asked the court to seal the case, which would have restricted public access to court documents in the dispute. That request was denied, and Meta amended and re-filed the lawsuit last week.

According to Meta, this isn’t just a case of another domain name registrar ignoring abuse complaints because it’s bad for business. The lawsuit alleges that the owners of Freenom “are part of a web of companies created to facilitate cybersquatting, all for the benefit of Freenom.”

“On information and belief, one or more of the ccTLD Service Providers, ID Shield, Yoursafe, Freedom Registry, Fintag, Cervesia, VTL, Joost Zuurbier Management Services B.V., and Doe Defendants were created to hide assets, ensure unlawful activity including cybersquatting and phishing goes undetected, and to further the goals of Freenom,” Meta charged.

It remains unclear why Freenom has stopped allowing domain registration, but it could be that the company was recently the subject of some kind of disciplinary action by the Internet Corporation for Assigned Names and Numbers (ICANN), the nonprofit entity which oversees the domain registrars.

In June 2015, ICANN suspended Freenom’s ability to create new domain names or initiate inbound transfers of domain names for 90 days. According to Meta, the suspension was premised on ICANN’s determination that Freenom “has engaged in a pattern and practice of trafficking in or use of domain names identical or confusingly similar to a trademark or service mark of a third party in which the Registered Name Holder has no rights or legitimate interest.”

ICANN has not yet responded to requests for comment.

A copy of the amended complaint against Freenom, et. al, is available here (PDF).

Facebook, the business subsidiary of Meta platform, has agreed to pay $725 million as a penalty to settle a long pending legal battle related to its Cambridge Analytica Data Scandal. The proposed settlement, reported 1st by Reuters, is yet to be approved by San Francisco’s US District Court and might take at least a few more weeks to turn into an executable decision.

To those uninitiated, Facebook(FB) sold its user information to a company named Cambridge Analytica (now defunct in business) and that company engaged some researchers in the year 2014-15 to get the pulse of US Populace on US 2016 Polls through a quiz app named “thisisyourdigitallife” where information such as page likes, DoBs, genders, locations, and their interest in Donald Trump or Hillary Clinton was collected after building their virtual profile.

Cambridge Analytica was found in the year 2013, owned by a British Legal Consultancy Firm, SCL Group.

And as the whole procedure was being conducted for political advertising and without the consent of the social media giant’s users, it was genuinely illegal.

A class action suit was filed in the year 2018, but the Mark Zuckerberg led company shrugged it off in the year 2019 by saying that its 300,000+ consumers who took part in the survey did not have any right to show privacy interest in the content they have generated to be shared with friends and the world via social media. It also mentioned in its reply to the lawsuit that it banned the company in the year 2015 for disobeying its platform policies and also deleted all the data that was collected during the tenure.

Zuckerberg testified before the congress about the data scandal and also appeared for the special scrutiny by United States SEC and UK’s Information Commissioner. The Federal Trade Commission of America imposed a penalty of $5 billion on the messaging platform. But FB found some loopholes and appealed for more time for introspection.

Meta issued a public summary on the case in early 2022 and admitted that it has taken steps to contain the sharing of user info on third party apps.

 

The post Facebook to pay $725m penalty to settle Cambridge Analytica Data Scandal on a legal note appeared first on Cybersecurity Insiders.

New malware is on the prowl and is seen spreading malicious software in disguise of applications meant for teaching, reading, and other education-related activities. In particular, the apps targeted users from Vietnam and infected about 300,000 devices in over 71 countries just to steal Facebook(FB) credentials.

ZIMPERIUM is the firm that conducted the study and discovered the infection in the wild in 2018. The company named the malevolent software “Schoolyard Bully” and Google removed it from its play-store in early 2019.

Surprisingly and as expected, the malware is circulating on Android devices and spreading through 3rd party app stores available on the web.

As of now, Schoolyard Bully is caught infecting Vietnam’s smart device populace, and the reason is unknown. But is discovered stealing FB credentials such as email and passwords, device names, device RAM, Device API, usernames, and account IDs from connected devices operating in over 71 countries.

In other news related to the malware and stealing info from android OS loaded devices, some hackers are found using platform certificates often used by OEM vendors to digitally sign core systems apps.

And if threat actors gain permission for such access, then their developed applications can gain system-level access, allowing them to install or delete packages, manage ongoing calls and messaging, gather data about the device and send it to remote servers.

Lukasz Siekierski, a Reverse Engineer at Google, confirmed the news and added that cyber crooks were seen compromising Samsung, LG, and MediaTek certificates that allow signing Android malware.

Google took measures to keep the OEMs informed about the certification abuse and is urging them to rotate their platform certificates, check for any leaks, and keep a tab of apps that have legible access to their core system platforms.

 

The post Malware steals Facebook account details from 300,000 devices appeared first on Cybersecurity Insiders.