In the latest weekly update, ISMG editors discuss top takeaways from Ukraine's cyber defense success, how a European regulator suspended Facebook data transfers to the United States, and the state of the EU General Data Protection Regulation on its five-year anniversary.
A new OAuth-related vulnerability in an open-source application development framework could expose Facebook, Google, Apple and Twitter users to account takeover, personal data leakage, identity theft, financial fraud and unauthorized actions on other online platforms, security researchers said.
Social media giant Meta took down hundreds of fake Facebook and Instagram accounts used by South Asia advanced persistent threat groups to glean sensitive information and coax users into installing malware. It found activity by threat actors affiliated with India and Pakistan.
U.S. law enforcement says a troll farm operated by the Chinese Ministry of Public Security used fake Facebook and Twitter accounts to disseminate propaganda and harass dissidents located in the United States. The troll farm was part of a Chinese effort known as the 912 Special Project Working Group.
There's much national security ado about how much user data gets collected by the Chinese-owned, wildly popular video-sharing app TikTok. But as France's ban of "recreational apps" from government-issued devices highlights, a bigger-picture approach for combating surveillance is required.
The French government imposed a ban on TikTok and other social media apps after concluding that "recreational apps" lack sufficient "levels of cybersecurity and protection of data to be deployed on administrative equipment," said Stanislas Guerini, the minister of transformation and public service.
Twitter says its source code was leaked by an unknown user on the popular open-source code collaboration platform GitHub. The social media giant requested a subpoena from a federal court Monday to force GitHub to provide details about the person behind the partial code leak.
TikTok CEO Shou Chew appeared Thursday before the U.S. congressional panel to defend his company against accusations that it's imperiling Americans' national security, privacy and mental health. Lawmakers pressed Chew on the company's Chinese ownership, source code and privacy practices.
TikTok says the Biden administration has demanded that the company's Chinese owners divest their stake in the company or risk seeing the app get banned in America. The U.S., Canada, EU, U.K. and New Zealand have all banned the use of TikTok on government devices, citing national security concerns.
Federal regulators initiated a probe of social media after accusing firms such as Facebook of presiding over a surge in advertising fraud including ads for sham healthcare products. Sham ads "can pose real dangers," including by spreading health disinformation, said Commissioner Rebecca Slaughter.
Business social media platform LinkedIn continues to pay dividends for North Korean hackers, including one group historically concentrated on South Korean targets that has expanded into pursuing security researchers and media industry workers in the West.
Records of more than half a million customers of a lending service owned by India's largest private sector bank are apparently downloadable for free on a criminal data breach forum. HDFC Bank says it detected a data breach at one of its service providers that processes customer information.
The European Commission has directed employees to remove the ByteDance-owned, short-form video app TikTok from their phones and corporate devices, citing security concerns. The decision follows similar bans in the U.S. and other countries, driven by fears of Chinese hacking and influence.
Twitter says it will turn off SMS second-factor authentication for all but paying customers starting March 20 in a decision provoking concerns that many customers will be less secure than before. Twitter says 2.6% of active Twitter accounts have activated second-factor authentication.
Spain's high court has approved the U.S. Department of Justice's request that British national Joseph James O'Connor be extradited to face charges that he helped hack Twitter in 2020 to perpetrate a cryptocurrency scam. The final extradition decision now rests with the Spanish government.