Tag Archives: Social Networking

Posted on Author Atlantic Computer Services Categories Blog

FBI Considers Aging App To Be A Counterintelligence Threat

FaceApp is in the news again, and as before, not for a good reason.

Several months ago, watchdog groups around the world sounded the alarm about the Russian-made app, which raised curious eyebrows.

It just takes a photo you upload to it and ages you, what’s the harm in that?

According to the FBI, quite a bit, actually.  The FBI has been quietly investigating the app. They have concluded that considering its ties to Russia, it poses a potential counterintelligence threat, given the data it collects and the policies surrounding them.

It is easy to see where the concerns stem from.  According to the app’s terms of service, any photos uploaded to the server for ‘agification’ become the property of the owners of the app.  They can do whatever they want with them.

Ostensibly this clause was included to allow the development team to use altered photos as part of their ongoing marketing campaign, designed to push the app onto even more devices. However, given the conclusion of Intelligence Agencies around the world that Russia meddled in the 2016 US elections, this can be a big problem. The TOS could clearly and easily be abused to serve political ends.

Part of the FBI’s recent published notice about the app reads as follows:

“If the FBI assesses that elected officials, candidates, political campaigns, or political parties are targets of foreign influence operations involving FaceApp, the FBI would coordinate notifications, investigate and engage the Foreign Influence Task Force as appropriate.”

With the 2020 election cycle beginning to heat up in the US, tensions are running high and apps like this one are facing understandably increased scrutiny.  While it’s true that simply being an active participant on social media poses more risk to the average user, the concerns here certainly seem justified.  If you haven’t downloaded the app yet, it bears thinking about before you take the plunge.

0
Posted on Author Atlantic Computer Services Categories Blog

Be Careful Holiday E-cards Could Contain Malware Or Viruses

There’s a war on Thanksgiving and Christmas, but it’s taking a very different form than what commonly gets reported in the news media.

This war is being waged by hackers and scammers, and they’re waging it by poisoning Holiday eCards designed to facilitate the distribution of malware.

 

BleepingComputer discovered the trend, noting an uptick of emails bearing headings like “You Have Received a Thanksgiving Day Greeting Card!”

Inside these emails, recipients find a word file bearing titles like “Thanksgiving-eCard.doc,” with the body of the email providing helpful instructions.

All the user must do to see their eCard is open the doc and click the enable content button.  Of course, doing so doesn’t display an eCard at all, but rather, installs whatever malware the email sender has decided to embed.

The Holidays are a time when everybody tends to let down their guard.  After all, who doesn’t enjoy getting fun, festive cards?  That’s exactly what the hackers are relying on.  It’s a clever bit of social engineering that has been finding success, which is only encouraging the hackers to employ the strategy even more.

Even if you haven’t received an email like this, it’s likely that you know someone who has.  Spread the word so more people are aware of the threat.  It’s such a shame that things like this are a reality that dampens the spirit of the season, but that’s the reality.  The more people we can alert to the dangers, the smaller the impact will be.

Stay on your guard, let all your employees know, and keep a watchful eye out.  As ever, the best defense is vigilance.  Don’t open emails from people you don’t know, and certainly don’t open any attachments that may be embedded in those emails.  That’s the key to having a hassle-free Holiday season this year.

0
Posted on Author Atlantic Computer Services Categories Blog

Twitter Making Changes To Their Political Ad Rules

Social media has been at the center of several high-profile political dramas of late. The major platforms came under fire for not doing enough to monitor political ads and other content.  The major players on the social media landscape are all responding in different ways to the backlash. Recently, Twitter announced some new policies that will likely be in place before the time you read these words.

Beginning on November 22nd on Twitter, the company’s new political content and cause-based advertising policies will forbid the paid promotion of certain content. This includes any content that references government officials, ballot measures, referendums, regulations, legislation, candidates, political parties, or government officials.  This change essentially renders it pointless for candidates for political office, or for PACs and Super PACs that may be supporting them to purchase Twitter ads.

As details about the company’s new policies came to light, even supporters of the idea were quick to criticize. They pointed out that issue-based advertisers would also be punished by the changes. Twitter’s CEO Jack Dorsey clarified. He said that issue-based advertisers will be restricted, rather than banned outright. He also said going forward, they will be unable to target users based on demographic factors like race, age, or specific location. Although general location (state and province-level) would still be allowed.

This is a decent compromise position that doesn’t leave issue-based advertisers thrilled. However it is broadly seen as a step in the right direction.  One thing the new policy change doesn’t address though, is the matter of disinformation on the platform, which tends to spread like wildfire.

All in all, the changes are generally positive, but they should be seen as a first step only.  Social media has unfortunately become a cesspool of misinformation, and no one seems to have any good ideas on how to go about changing that.

 

0
Posted on Author Atlantic Computer Services Categories Blog

Another WhatsApp Vulnerability Has Been Found

WhatsApp is the most popular messaging platform in the world.

Unfortunately, that means it’s got a giant bullseye on it where hackers are concerned.

In recent months, the company has faced no end of troubles as a raft of vulnerabilities have been exposed and exploited by hackers from every corner of the globe.

The company is still reeling from the blowback associated with these various issues, but their troubles don’t seem to be over yet.  Just last month, WhatsApp quietly found and patched another vulnerability.  This one is tracked as CVE-2019-11931. It is a stack-based buffer overflow issue relating to the way that older WhatsApp versions parsed MP4 metadata, allowing attackers to launch denial-of-service or remote code execution attacks.

All a hacker needed in order to exploit the flaw was a target’s phone number and a specially crafted MP4 file. It just had to be constructed in such a way that it installed a backdoor upon opening.  From there, a wide range of malware could be installed at the hackers’ leisure.  Worse, this vulnerability was found in both the consumer and Enterprise versions of WhatsApp for all major platforms, including Windows, iOS, and Android.

An advisory bulletin was recently published by WhatsApp’s parent company, Facebook. See the list of versions they provided below.

The list of affected versions are as follows:

  • Business for iOS versions prior to 2.19.100
  • Business for Android versions prior to 2.19.104
  • Windows Phone versions prior to and including 3.18.368
  • Enterprise Client versions prior to 2.25.3
  • iOS versions prior to 2.19.100
  • Android versions prior to 2.19.274

If there’s a silver lining here, it is that the company has confirmed that there have been no instances of this exploit having been used ‘in the wild’ and the company has already issued a patch.  If you’re one of WhatsApp’s legions of users, check to be sure you’re running the latest version. If not, update immediately to be on the safe side.

0
Posted on Author Atlantic Computer Services Categories Blog

Discord Users Be Careful Of Malware And Information Theft

Do you use the Discord chat service?

If so, be advised that malware developers have been using the service to not only host various types of malware, but also to use it as a command and control server.

In addition, they are abusing the chat client to force it to perform a variety of malicious behavior.

Unfortunately, this is not a new problem.  Anyone familiar with the chat service knows that it has a long history of being abused.  Although designed primarily as a chat service, Discord also allows its members to use a chat channel where other users can download them.

Users can even right click on a hosted file to get a sharable download link. This is, in practice, one of the ways that hackers are abusing the system.  Of significance, these sharable links work even for non-Discord users, which gives malicious actors a convenient place to stash harmful files to be spread far and wide via email campaigns.

Even more interesting is the fact that the uploader can delete the file inside Discord itself, but the URL can still be used to download it.  This means that although the chat service gives the outward appearance of deleting the file, it still exists on the server. That gives malware developers an incredibly convenient, completely anonymous method of hosting their files.

In addition to that, Discord contains a feature called ‘Webhooks’ that allow third-party applications or websites to send messages to a Discord channel.  When a user creases a Webhook, the server owner will be given a special URL that is used with the Discord API to send messages to a specified channel.  In this case though, if a user has been previously infected by a hacker’s malware, this service can be used to exfil collected data directly to the attacker.

All this to say, if you use Discord, beware.  To say that the chat service has problems is an understatement.

0
1 5 6 7 8 9 11