Save-Point
News of the Cyber World - Printable Version

+- Save-Point (https://www.save-point.org)
+-- Forum: Official Area (https://www.save-point.org/forum-3.html)
+--- Forum: Tech Talk (https://www.save-point.org/forum-87.html)
+--- Thread: News of the Cyber World (/thread-7678.html)

Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37


RE: News of the Cyber World - kyonides - 03-15-2023

Fears aka insider information came true guys! Shocked


Quote:Here’s the timeline you should expect: over the next couple of months, org leaders will announce restructuring plans focused on flattening our orgs, canceling lower priority projects, and reducing our hiring rates. With less hiring, I’ve made the difficult decision to further reduce the size of our recruiting team. We will let recruiting team members know tomorrow whether they’re impacted.

We expect to announce restructurings and layoffs in our tech groups in late April, and then our business groups in late May. In a small number of cases, it may take through the end of the year to complete these changes. Our timelines for international teams will also look different, and local leaders will follow up with more details. Overall, we expect to reduce our team size by around 10,000 people and to close around 5,000 additional open roles that we haven’t yet hired.

So we could simplify it quite a bit by claiming there will be 15,000 jobs lost this year. Confused


Quote:An open source adversary-in-the-middle (AiTM) phishing kit has found a number of takers in the cybercrime world for its ability to orchestrate attacks at scale.
...
An AiTM phishing attack typically involves a threat actor attempting to steal and intercept a target's password and session cookies by deploying a proxy server between the user and the website.

Such attacks are more effective owing to their ability to circumvent multi-factor authentication (MFA) protections.
...
The service-based economy that fuels such offerings can also result in double theft, wherein the stolen credentials are sent to both the phishing-as-a-service provider as well as their customers.
...
[The malware] comes with features that make it possible to set up phishing landing pages mimicking Microsoft Office and Outlook, not to mention manage campaigns from mobile devices and even use CAPTCHA checks to evade detection.
...
Microsoft said it has detected numerous high-volume phishing campaigns spanning millions of phishing emails per day from various actors that leverage the tool.

This is how it works:
  • You open an email with a PDF attached to it.
  • If opened, it will send you to a fake MS login website.
  • It asks you to pass a Captcha challenge.
It's weird to see how they've included a Captcha step in their phishing scheme, but I guess many people wouldn't suspect anything from it for they've got used to clicking on pictures for several years now.


Quote:[It] creates rogue admin accounts, highlighting one of the different methods cyber criminals are using to distribute malware.

"By hijacking high-profile Facebook business accounts, the threat actor creates an elite army of Facebook bots and a malicious paid media apparatus," Guardio Labs researcher Nati Tal said in a technical report.

"This allows it to push Facebook paid ads at the expense of its victims in a self-propagating worm-like manner."

The "Quick access to Chat GPT" extension, which is said to have attracted 2,000 installations per day since March 3, 2023, has since been pulled by Google from the Chrome Web Store as of March 9, 2023.
...
The browser add-on is promoted through Facebook-sponsored posts, and while it offers the ability to connect to the ChatGPT service, it's also engineered to surreptitiously harvest cookies and Facebook account data using an already active, authenticated session.

This is achieved by making use of two bogus Facebook applications – portal and msg_kig – to maintain backdoor access and obtain full control of the target profiles. The process of adding the apps to the Facebook accounts is fully automated.
...
Fraudulent ChatGPT apps distributed via the Google Play Store and other third-party Android app stores have also been spotted pushing SpyNote malware onto people's devices.


Quote:Threat actors have been increasingly observed using AI-generated YouTube Videos to spread a variety of stealer malware such as Raccoon, RedLine, and Vidar.

"The videos lure users by pretending to be tutorials on how to download cracked versions of software such as Photoshop, Premiere Pro, Autodesk 3ds Max, AutoCAD, and other products that are licensed products available only to paid users," CloudSEK researcher Pavan Karthick M said.
...
The information stealer ecosystem also consists of threat actors known as traffers who are recruited to spread the malware using different methods.

One of the popular malware distribution channels is YouTube, with CloudSEK witnessing a 200-300% month-over-month increase in videos containing links to stealer malware in the description section.

These links are often obfuscated using URL shorteners like Bitly and Cuttly, or alternatively hosted on MediaFire, Google Drive, Discord, GitHub, and Telegram's Telegra.ph.

In several instances, threat actors leverage data leaks and social engineering to hijack legitimate YouTube accounts and push malware, often targeting popular accounts to reach a large audience in a short span of time.



RE: News of the Cyber World - kyonides - 03-15-2023



Quote:Recently, the cybersecurity researchers at eSentire have identified a shady piece of malware downloader, BatLoader, that has been engaged in a wicked campaign of exploiting Google Ads to distribute malicious secondary payloads such as:
  • Vidar Stealer
  • Ursnif

In this ongoing operation, there is a large variety of legitimate apps and newly registered websites that have been spoofed by malicious ads, including:-
  • ChatGPT (chatgpt-t[.]com)
  • Zoom (zoomvideor[.]com)
  • Spotify (spotify-uss[.]com)
  • Tableau (tableau-r[.]com)
  • Adobe (adobe-l[.]com)

As part of its designated tasks as a loader, BatLoader distributes malware such as the following we have mentioned below:
  • Information stealers
  • Banking malware
  • Cobalt Strike
  • Ransomware


OK, based on the findings of organizations like Cisco Talos, a cobalt strike means that an attack takes place right when you get some phishing emails regarding a fake job offer, telling you could start working in the government or a regional trade union or the like.


Quote:In order to determine the root cause of the infection, researchers conducted an investigation. They found out that it was triggered by the victim user accessing a Google search result for an Adobe Reader product.

There was an advertisement above the search results page where the user clicked on the ad and was taken to an intermediary website “(adolbe[.]website) to adobe-e[.]com” masquerading as Adobe Acrobat Reader, which was a webpage.

Consequently, BatLoader’s Windows Installer file “AdobeSetup.msi” was downloaded and executed unknowingly by the user. There are custom actions included in the MSI file that can be executed in order to perform a variety of tasks.


I also want to tell you that you need to stay away from several Russian websites that have been used the same way they did it with Adobe's.

Concerning Google Chrome extensions, I gotta say that I feel uncomfortable enough as not to recommend the installation of a Russian extension that allegedly allows you to download your Google Docs to your PC or laptop to work on them offline. Confused

How did I find out it was Russian? Well, let's say that its .ru domain gave them away in no time. Tongue sticking out



Quote:The number of monthly users of ChatGPT exceeded 100 million at the end of January, which sets a new record for the fastest-growing app since it was launched at the end of 2022.

Jeff Sims, who works at the HYAS Institute, has created a polymorphic keylogger using artificial intelligence called “Blackmamba,” which uses Python to tweak its program randomly based entirely on the input that has been taken from the user.

As a result of Jeff’s malicious prompt, text-davinci-003 created a keylogger in Python 3. To accomplish this, Jeff had to use the python exec() function to “dynamically execute Python code at runtime.”

Whenever ChatGPT / text-davinci-003 is called, a unique Python script is written for the keylogger. Consequently, as a result, it becomes polymorphic, making it harder for the EDRs to block the result.

In addition, the hackers could use ChatGPT to modify the code, resulting in a highly evasive code that was difficult to detect.

Even they were also able to generate programs that could be used by ransomware and malware developers to launch attacks.

Jeff’s BlackMamba keylogger is being used to collect sensitive information over trusted channels, using MS Teams as a malicious communication platform.

It collects sensitive data such as:
  • Usernames
  • Passwords
  • Credit card numbers
  • Debit card numbers
  • Personal or confidential data


And it's attacking both MS Team and Slack already! Shocked

Since it uses Snake Python as its programming language, it could run on Windows, Linux and even MacOS!

So be careful, even if this specific threat never hits your PC computer because new menaces gotta show their Witch ugly faces any time soon. Confused



Quote:Federal investigators in Los Angeles confiscated an internet site used to sell computer malware used by hackers to grab control of affected systems and steal a variety of information.

The U.S. Department of Justice reports that the website www.worldwiredlabs[.]com, which offered the sophisticated program known as the NetWire remote access trojan (RAT), which is capable of aiming for and infecting every major computer operating system, was taken down as a result of a seizure warrant.

“A RAT is a type of malware that allows for covert surveillance, allowing a ‘backdoor’ for administrative control and unfettered and unauthorized remote access to a victim’s computer, without the victim’s knowledge or permission”, based on court records submitted in Los Angeles.

Croatian officials arrested a citizen who was supposedly the website’s administrator. The Croatian government will bring charges against this offender.




Quote:This month, the attorney general’s office announced an investigation into what it said was the platform’s negative impact on children and young adults and “what TikTok knew about those harms,” according to a March 2 press release.
...
“We know this takes a devastating toll on children’s mental health and well-being. But we don’t know what social media companies knew about these harms and when. Our nationwide investigation will allow us to get much-needed answers and determine if TikTok is violating the law in promoting its platform to young Californians,” he said.

According to Bonta, California will lead the investigation alongside Florida, Kentucky, Massachusetts, Nebraska, New Jersey, Tennessee, and Vermont.

And on March 5, Bonta filed an amicus brief in support of the state of Tennessee in its own case seeking a court order requiring TikTok to produce subpoenaed materials and evidence that possibly shows TikTok Chinese owner ByteDance is aware of its negative impact on children’s mental health.

The amicus brief alleges that TikTok has not preserved evidence, namely internal employee chat messages, and is hindering the investigation of Tennessee and other states, including California.
...
State investigators have shown that social media, especially TikTok, may be a significant cause of mental health problems among American kids and teens, and that the platform knows about these risks to some degree because it has already put rules in place in other countries, like China, to limit how much time young people can use the app.



RE: News of the Cyber World - kyonides - 03-17-2023



Quote:ByteDance, the Chinese parent company of TikTok, has recently come under pressure from the Biden administration to sell its megapopular video platform or face a ban in the U.S., according to the Wall Street Journal.

The Wall Street Journal reports that TikTok’s Chineseparent company, ByteDance, has come under pressure from the U.S. government to sell its shares in the popular video-sharing app or face a ban in the country. This development is a significant policy shift by the Biden administration and has sparked a new round of debate. Many have accused the Biden administration of not taking the alleged security threat posed by the China-based company seriously enough, especially after the Chinese company hired a Biden-connected consulting firm.

The sale demand was made by the Committee on Foreign Investment in the United States (CFIUS), a multi-agency federal task force that monitors national security risks associated with international investments. According to TikTok, which was founded in Beijing in 2012, 60 percent of ByteDance’s shares are owned by foreign investors, 20 percent by its staff, and 20 percent by the company’s founders. The founders’ shares do, however, have excessive voting rights, which is standard in the tech industry.

TikTok has stated in response to the CFIUS demand that a forced sale would not eliminate the alleged security risk. Instead, the company has promised to invest $1.5 billion in a program aimed at protecting American user data and content from being accessed or influenced by the Chinese government. In a statement, TikTok spokeswoman Brooke Oberwetter said: “If protecting national security is the objective, divestment doesn’t solve the problem: a change in ownership would not impose any new restrictions on data flows or access.”




Quote:Copycat websites for instant messaging apps like Telegram and WhatApp are being used to distribute trojanized versions and infect Android and Windows users with cryptocurrency clipper malware.

"All of them are after victims' cryptocurrency funds, with several targeting cryptocurrency wallets," ESET researchers Lukáš Štefanko and Peter Strýček said in a new analysis.
...
"Moreover, some of these apps use optical character recognition (OCR) to recognize text from screenshots stored on the compromised devices, which is another first for Android malware."

The attack chain begins with unsuspecting users clicking on fraudulent ads on Google search results that lead to hundreds of sketchy YouTube channels, which then direct them to lookalike Telegram and WhatsApp websites.
...
It's capable of intercepting a victim's chats and replacing any sent and received cryptocurrency wallet addresses with addresses controlled by the threat actors.

Another cluster of clipper malware makes use of OCR to find and steal seed phrases by leveraging a legitimate machine learning plugin called ML Kit on Android, thereby making it possible to empty the wallets.

A third cluster is designed to keep tabs on Telegram conversations for certain Chinese keywords, both hard-coded and received from a server, related to cryptocurrencies, and if so, exfiltrate the complete message, along with the username, group or channel name, to a remote server.




Quote:Multiple threat actors, including a nation-state group, exploited a critical three-year-old security flaw in Progress Telerik to break into an unnamed federal entity in the U.S.

The disclosure comes from a joint advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC).

"Exploitation of this vulnerability allowed malicious actors to successfully execute remote code on a federal civilian executive branch (FCEB) agency's Microsoft Internet Information Services (IIS) web server," the agencies said.

The indicators of compromise (IoCs) associated with the digital break-in were identified from November 2022 through early January 2023.
...
The DLL artifacts are designed to gather system information, load additional libraries, enumerate files and processes, and exfiltrate the data back to a remote server.
...
These DLL files dropped and executed reverse (remote) shell utilities for unencrypted communications with a command-and-control domain to drop additional payloads, including an ASPX web shell for persistent backdoor access.




Quote:A prolific hacking group affiliated with the Iranian government is responsible for the Feb. 11 cyberattack on Technion University in Israel, the Israeli government said Tuesday.

Israel’s National Cyber Directorate attributed the attack to a well-known and long-running Iranian-linked hacking group known as “MuddyWater,” saying that the group used malware designed to encrypt operating systems, according to a statement from the agency provided to CyberScoop Wednesday.

The statement warned that the “month of Ramadan, which this year begins in the end of March, is prone to cyberattacks against diverse targets in Israel, aiming to disrupt their business activities and sully their reputation.”
...
The U.S. government publicly linked to the Iranian Ministry of Intelligence and Security for the first time in January 2022, when U.S. Cyber Command shared a series of malware samples associated with the group on VirusTotal. A joint advisory from the U.S. and British governments in February 2022 called MuddyWater “a group of Iranian government-sponsored” hackers conducting cyber espionage and other malicious cyber activities targeting telecommunications, defense, local government and oil and natural gas targets in Asia, Africa, Europe and North America.




Quote:These impacted businesses, therefore, look for alternate finance sources to maintain their functioning. They have become a top target for Threat Actors (TAs), who are exploiting the current circumstance by carrying out different malicious acts, due to their need for financial stability.

These operations seek to deceive targets by stealing money, account information, or malware.

In the wake of the SVB collapse, multiple suspicious websites have surfaced (listed below), according to Cyble Research & Intelligence Labs (CRIL).
  • svbcollapse
  • svbclaim
  • svbdebt
  • svbclaims
  • svblogin
  • login-svb
  • svbbailout
  • svb-usdc
  • svbi
  • svbank
  • banksvb


Just add a .com or .net or even a .io domain to any of the fake urls they've provided there, open it by right clicking on it and you're fried. Confused


Quote:He added that scammers would try to contact former SVB customers and offer them a support package, legal services, loans, or other fake services related to the bank’s failure.

Notably, an attack by BEC threat actors, who pose as SVB customers and request money be transmitted to a new bank account following the bank’s collapse, has already been observed in the wild.



RE: News of the Cyber World - kyonides - 03-19-2023



Quote:Former President Donald Trump formally announced his return to Facebook on Friday, posting on the tech platform for the first time since his personal account was suspended more than two years ago.

“I’M BACK!” Trump wrote on his official page, more than a month after Facebook parent company Meta restored his access to Facebook and Instagram in February. However, Trump had not posted anything up until now.

Trump’s post included a short video of his remarks after winning the 2016 presidential election. The clip then fades to a “Trump Make America Great Again 2024” screen.

“Sorry to keep you waiting. Complicated business,” the former commander-in-chief said in the 12-second clip.

Alphabet Inc.’s YouTube, meanwhile, restored Trump’s channel this week after two years of restrictions, a spokesperson confirmed to The Epoch Times on March 17.
...
The 76-year-old Republican—who is running for president again—posted the same 12-second clip on his official YouTube channel on Friday, the same day the streaming service welcomed him back.
...
Meta said in a statement in late January that Trump’s personal pages would be reinstated in February, but it stressed that it would institute heightened penalties of a suspension between one month and two years if the former president violates the firm’s rules.




Quote:Twitter owner Elon Musk announced that he will publicly share the algorithms that Twitter uses to recommend content in the coming weeks.

“Twitter will open source all code used to recommend tweets on March 31st,” Musk said in a March 17 tweet.

Social media algorithms can connect users with people they may know, groups, artists, events, or posts that may be interesting, and other personalized relevant content. But critics warn these algorithms can also be used to promote certain ideologies or viewpoints to the detriment of others.

Musk’s move to release the algorithms is unprecedented, as such algorithms are usually closely guarded trade secrets among their creators.
...
Musk’s move to release Twitter’s recommendation algorithm comes in the wake of a Senate Commerce, Science, and Transportation Committee probe into the issue led by Sen. Ted Cruz (R-Texas).

In a letter on the issue to four major tech executives, Cruz warned of the ways that recommendation algorithms can affect political outcomes and beliefs.




Quote:The UK on March 16 became the latest to ban the Chinese social media app TikTok on government devices, following similar moves by Belgium, the European Union, Canada, and the United States.

It also comes after TikTok stated that it’s facing a total ban in the United States unless the company’s Beijing-based parent ByteDance sells its stake.

Announcing the ban in parliament, Chancellor of the Duchy of Lancaster Oliver Dowden said the decision is based on an official review which concluded that “it is clear that there could be a risk around how sensitive government data is accessed and used by certain platforms.”

“Social media apps collect and store huge amounts of user data, including contacts, user content, and geolocation data. On government devices, that data can be sensitive,” he said.

The TikTok ban applies to government corporate devices within ministerial and nonministerial departments but not personal devices.




Quote:New Zealand has moved to ban the Chinese-owned social media app TikTok from all parliamentary devices, citing the “unacceptable” level of risks posed by the popular video app.

Parliamentary Service Chief Executive Rafael Gonzalez-Montero said on Friday that TikTok—owned by Beijing-based firm ByteDance—would be removed from “all devices with access to the parliamentary network.”

However, he said that “those who require the app to perform their democratic duties” may be granted an exemption from the ban, according to a statement released by the New Zealand Parliament.

“This decision has been made based on our own experts’ analysis and following discussion with our colleagues across government and internationally,” Gonzalez-Montero stated.

“Based on this information, the [Parliamentary Service] has determined that the risks are not acceptable in the current New Zealand Parliamentary environment,” he added, without elaborating on the app’s risks.




Quote:Under the new FCC rules announced Thursday, mobile service providers are required to block certain robotext messages that are considered “highly likely to be illegal.” These likely-illegal text messengers come from invalid, unallocated, or unused numbers, numbers individuals mark as never sending text messages, and numbers that government agencies and other well-known entities identify as not used for texting.

An additional FCC rule requires mobile wireless providers to “establish a point of contact for text senders, or have providers require their aggregator partners or blocking contractors to establish such a point of contact, which senders can use to inquire about blocked texts.”

The FCC is further proposing requirements for mobile service providers to block texts from entities the FCC has already cited as illegal robotexters. One idea the FCC is considering would apply the “Do Not Call Registry” to text messages, blocking messengers from using either method of communication to contact people on that restricted list.

The FCC has another proposal to close down what it called the “lead generator loophole,” which allows multiple marketing firms to deliver robocalls and text messages based on a single instance of a consumer’s consent to receive marketing messages. The regulatory agency said this “lead generator loophole” allows companies to “use a single consumer consent to deliver robocalls and text messages from multiple—perhaps thousands—of marketers on subjects that may not be what the consumer had in mind.”
...
According to the FCC, there has been a more than 500 percent increase in robotext complaints in recent years. Such complaints reportedly rose from about 3,300 in 2015 to about 18,900 in 2022.

According to Robokiller, a firm that provides scam-blocking services, there were more than 225 billion robotexts received in the United States in 2022.



RE: News of the Cyber World - kyonides - 03-22-2023



Quote:The e-commerce and streaming giant Amazon announced layoffs of 9,000 employees on Monday. Meta, which owns Facebook and Instagram, announced 10,000 job cuts a week earlier, on March 14.

As of Tuesday, 505 companies across the tech industry had cut 148,180 employees from their payroll in 2023, according to data compiled by Layoffs.fyi. Of U.S. tech companies, 324 accounted for 109,366 job losses.

Around this time last month, total tech industry layoffs for 2023 had hit 109,000 jobs, including 84,262 across about 250 companies in the United States.

At the current pace, tech industry job losses in 2023 are set to soon surpass the 160,997 jobs the industry lost in 2022. If the trends continue, tech industry job losses in 2023 could surpass the losses in 2022 by around 300 percent.
...
By Feb. 25, Twitter reportedly initiated another round of layoffs, with plans to cut at least 200 more employees.
...
The U.S. National Security Agency (NSA) may alleviate some of the losses. On Jan. 24, the military intelligence agency announced it “is undertaking one of its largest hiring surges in 30 years with openings for over 3,000 new employees,” including openings for computer science, cybersecurity, math, data science, intelligence analysis, language analysis, communications, business, and accounting, with entry-, mid-, and senior-level positions.



RE: News of the Cyber World - kyonides - 03-24-2023



Quote:Twitter is set to begin “winding down” its legacy blue checkmarks for all users on the platform starting April 1.

The Elon Musk-owned company announced the move on Twitter on March 23, adding that users who want to keep their blue checkmarks, or verification badges, should sign up for the Blue subscription paid plan.

The decision will likely come as no surprise to most as Musk had posted back in December that the company would remove all legacy blue checks “in a few months” because “the way in which they were given out was corrupt and nonsensical.”

Since then, Twitter users who have accounts with the legacy blue tick have seen a pop-up message stating, “This account is a legacy verified account. It may or may not be notable,” when they click on the checkmark.
...
In December, the platform rolled out the Twitter Blue subscription model that charges users $8 per month in the United States for verification, although it is slightly more expensive at $11 per month for users who sign up on the iOS app, to account for the 30 percent cut that Apple takes.

Under that plan, users also get early access to select features, like editing tweets and undoing them after publishing. Unlike the previous Twitter rules, user accounts do not have to be notable, although accounts made less than 30 days ago will not be eligible for the paid plan.

Additional gold and grey checkmarks are also available to verify businesses and government or multilateral organizations or government or multilateral officials, respectively.

Elsewhere on Thursday, Twitter announced that the Blue subscription service was now available worldwide. It is unclear how many users are currently using the paid subscription service.




Quote:TikTok CEO Shou Zi Chew is appearing before a hearing of the House Energy and Commerce Committee for the first time ever, in an attempt to defend the company’s data privacy practices and links to the Chinese Communist Party (CCP), which rules China as a single-party state.

Committee Chair Cathy McMorris Rodgers (R-Wash.) opened the hearing with several salvos lambasting TikTok’s ties to the Chinese communist regime through its China-based parent company ByteDance.

“CCP laws require Chinese companies like ByteDance to spy on their behalf,” Rodgers said. “That means any Chinese company must grant the CCP access and manipulation capabilities as a design feature.”
...
The hearing comes as Congress and the Biden administration explore the possibility of forcing TikTok to be sold to an American company or else banning the app from the United States completely due to national security concerns.

Though Chew has tried to distance TikTok’s image from that of the China-based ByteDance, he himself has deep ties to the company, having previously served as its chief financial officer in Beijing.

Similarly, Chew is reportedly one of only 12 executives who report directly to ByteDance CEO Liang Rubo, as first reported by The Information.

Moreover, the apparent inseparability of TikTok and ByteDance was on full display when Chew arrived for the hearing flanked by prominent ByteDance lobbyists including Michael Beckerman. Though Beckerman serves as TikTok’s top government relations official, he ultimately reports his activities to the U.S. government under ByteDance’s name.
...
Similarly, Chew appeared to attempt to further obfuscate TikTok and ByteDance’s ties to the CCP by refusing to acknowledge that ByteDance was a Chinese company at all, repeatedly insisting it was a global company that conducted activities in China.

ByteDance is headquartered in Beijing and maintains a CCP party committee within the company.

When pressed on the issue of whether TikTok’s data would ever be given to the CCP due to Chinese laws that require all data to be surrendered to the regime upon request, Chew again refuted the claim.
...
“ByteDance is not an agent of China or any other country,” Chew said.

“It is not owned or controlled by any government or state entity.”


Sarcasm Now it's obvious that the TikTok CEO blatantly lied to the US Congress.



Quote:Utah Governor Spencer Cox on Thursday signed two bills into law settling limits on social media use for minors—including requiring parental consent, making it the first U.S. state to do so.
...
He said that one of the new laws, S.B. 152, also called the Utah Social Media Regulation Act, requires social media companies to verify that users in the state are at least 18 years old in order to open an account in platforms such as Facebook, Instagram, Snapchat, and TikTok. Minors will need permission to open an account.

The new legislation, introduced by state Republican Sen. Michael McKell, also requires that social media companies allow parents full access to their child’s accounts, according to the governor’s website.

Under the federal Children’s Online Privacy Protection Act, companies are prohibited from collecting data on those under age 13 without parental consent, and as such, social platforms ban children under 13 from signing up.

S.B. 152 also imposes a slew of restrictions intended to improve safety for minors. This includes creating a default curfew setting to block minors’ access to their accounts overnight, from 10:30 p.m. to 6:30 a.m., which parents can adjust.

It also blocks direct messaging by anyone who the minor has not added as a friend or followed on the platforms. Minors are also barred from being included in search results on the platforms.

Social media companies are also blocked under the new law from collecting data from minors and targeting their accounts for advertising.

The other law, H.B. 311, prohibits the social media companies from implementing any designs or features that “causes addiction for a minor” to the company’s platform, Cox said. “This bill also makes it easier for people to sue social media companies for damages,” he added.


Thinking These laws sound pretty reasonable indeed.



Quote:The San Mateo County Board of Education is suing Facebook’s parent company, Meta, claiming that CEO Mark Zuckerberg’s company has contributed to the mental health crisis among youths by intentionally designing its social media platform to be manipulative and addictive.

The Board of Education added Meta to a complaint it filed on March 13 in the U.S. District Court in San Francisco against a string of other social media giants, including Google, TikTok owner Bytedance, and Snap Inc.
...
The lawsuit states that the nation’s children, adolescents, and teenagers are facing what is perhaps the “most serious mental health crisis” ever.

“Powerful corporations who wield unmatched, highly concentrated technology in pursuit of profit are knowingly creating this unprecedented mental health crisis,” the plaintiffs wrote.

“YouTube, Snap, TikTok, Meta, and their related companies have carefully cultivated the crisis, which is a feature—not a bug—of their social media products,” they wrote.

...“the public can now fairly conclude that the social media defendants’ conduct was no accident, but rather that defendants acted knowingly, deliberately, and intentionally,” they added.

With regards to Meta, which also owns Instagram and WhatsApp, plaintiffs claim that the company has “expended significant resources to attract youth, teens, and preteens to its platform in an effort to maximize revenue and advertisement profits” through various design features and products that appeal to them.

“Meta unambiguously targets teenagers. In 2018, Instagram committed nearly its entire $390 million annual marketing budget toward teens,” the plaintiffs wrote.




Quote:The BBC has urged its staff to delete TikTok from their corporate phones over privacy and security concerns about the Chinese-owned video-sharing app.

The BBC is the first British media organization to issue this kind of guidance regarding TikTok—and just the second in the world after Denmark’s public service broadcaster did the same earlier this month.

British media outlets reported that BBC staff received an email on Sunday that read: “We don’t recommend installing TikTok on a BBC corporate device unless there is a justified business reason. If you do not need TikTok for business reasons, TikTok should be deleted.”

The message further noted that the decision was “based on concerns raised by government authorities worldwide regarding data privacy and security.” Experts have pointed out that the app is capable of illegally gathering vast swathes of information from individual users, including emails, contacts, geo-data, personal information, etc.

BBC employees who have TikTok on their personal phones but also use the device for their work were asked to reach out to the company’s information security team to assess the risks and discuss the type of information that they are working with.

Despite the security concerns, the BCC will, for now, continue to use the platform for editorial and marketing purposes.




Quote:Meta Platforms Inc. on Friday launched its subscription service in the U.S., which would allow Facebook and Instagram users pay for verification in the same vein as Elon Musk-owned Twitter.

The Meta Verified service will give users a blue badge after they verify their accounts using a government ID and will cost $11.99 per month on the web or $14.99 a month on Apple’s iOS system and Google-owned Android, Meta said in a statement.

The service, which Meta said it was testing in February, follows in the footsteps of Snap Inc.-owned Snapchat as well as messaging app Telegram and marks the latest effort by a social media company to diversify its revenue away from advertising.



RE: News of the Cyber World - DerVVulfman - 03-25-2023

(03-24-2023, 07:04 PM)kyonides Wrote:
Quote:Meta Platforms Inc. on Friday launched its subscription service in the U.S., which would allow Facebook and Instagram users pay for verification in the same vein as Elon Musk-owned Twitter.
.... (etc)

Actually, it appears that Facebook wants to jump on the Blue-Chip bandwagon, though the basis for it already exists!

FACEBOOK PAY

In a nutshell, a service connecting your payment methods to Facebook has existed since 2021. 

And if you want to make sure your account is restored if you are hacked, you better have a paid service... otherwise you will be ignored.  I can say that because a friend of mine was indeed hacked, and he followed the steps laid out by Facebook...  and then was ignored because he DIDN'T have Facebook Pay.

Your only recourse...?  WAS... TO PAY $299...


Quote:Brandon Sherman of Nevada City, Calif., followed a tip he found on Reddit to get his hacked account back.

"I ultimately broke down and bought a $300 Oculus Quest 2," he said. Oculus is a virtual reality company owned by Facebook but with its own customer support system.

Sherman contacted Oculus with his headset's serial number and heard back right away. He plans to return the unopened device, and while he's glad the strategy worked, he doesn't think it's fair.

"The only way you can get any customer service is if you prove that you've actually purchased something from them," he said.

Sarcasm + Confused  Since the news of this trick broke out, Oculus support no longer works to get Facebook accounts back online... so don't try it.  They also suspended sales of the Oculus claiming the foam lining caused skin irritation for some customers.



RE: News of the Cyber World - kyonides - 03-27-2023



Quote:ChatGPT, the artificial intelligence (AI) chatbot developed by OpenAI, was taken offline for emergency maintenance on March 20 due to a bug in an open-source library that triggered a data breach.

At the time, many ChatGPT users reported that they could see titles from other active user’s chat history. Some also reported seeing in their own history other people’s first messages of new conservations with the chatbot.

The bug has since been patched. Co-founder and CEO Sam Altman said on Wednesday on Twitter that OpenAI “felt awful” about the data breach.

On Friday, OpenAI provided an update on the incident, saying that even more private data from some users were exposed, including users’ payment information.

OpenAI stated that, upon deeper investigation, besides users seeing titles and conversations of others, the company “also discovered that the same bug may have caused the unintentional visibility of payment-related information of 1.2% of the ChatGPT Plus subscribers who were active during a specific nine-hour window.”

OpenAI did not disclose the exact number of paying accounts that were exposed.

...since its release as a free prototype to the public on Nov. 30, 2022, the company reported 100 million users in February.



RE: News of the Cyber World - kyonides - 03-28-2023


Quote:The Commodity Futures Trading Commission (CFTC) is suing crypto platform Binance and several top executives, alleging that they offered unregistered crypto futures and other derivatives for trading in the United States in violation of U.S. laws and devised a “secret plot” to help customers evade restrictions.

Binance stands accused of running a cryptocurrency derivatives-trading operation in the United States without properly registering it, in violation of CFTC regulations and the Commodity Exchange Act, according to the complaint (pdf) filed on March 27 in the U.S. District Court for the Northern District of Illinois.

Changpeng Zhao, co-founder and CEO of Binance, and Samuel Lim, the company’s former chief compliance officer, are also named in the lawsuit. It accuses them of falsely claiming to be restricting Americans from using the platform while in reality they were using a “calculated, phased approach” to increase Binance’s presence in the United States.

“On the surface, we cannot be seen to have U.S. users, but in reality we should get them through other creative means,” Lim allegedly said in a chat with a Binance employee, according to the complaint.

The CFTC said in a statement that Zhao, who was allegedly responsible for all major strategic decisions at the crypto platform, devised a “secret plot to instruct U.S.-based VIP customers to evade Binance’s compliance controls” and instructed Binance staff to communicate about compliance evasion in a way that “facilitated the automatic destruction of evidence.”
...
Zhao took to Twitter after the lawsuit was announced and posted the number “4,” which, according to a previous message of his, refers to “ignore FUD, fake news, attacks, etc.” FUD stands for fear, uncertainty, and doubt.

The CFTC is also accusing the platform of establishing a complex network of companies meant to hide the true scope and nature of its operations.

“Binance’s reliance on a maze of corporate entities to operate the Binance platform is deliberate; it is designed to obscure the ownership, control, and location of the Binance platform,” the complaint reads.

The lawsuit accuses the defendants of intentional violations of U.S. law, including helping customers dodge compliance controls in a bid to maximize corporate profits.


Quote:President Joe Biden’s administration has been hit with a class-action lawsuit over how the president and other top officials pressured Big Tech to censor users.

Lawyer Robert F. Kennedy Jr., his group Children’s Health Defense, and Louisiana resident Connie Sampognaro brought the suit in U.S. court in Louisiana against Biden and top officials like Surgeon General Vivek Murthy, Homeland Security Secretary Alejandro Mayorkas, and White House assistant Rob Flaherty.

The pressure the officials and their agencies brought to bear against Twitter and other Big Tech companies to crack down on alleged mis- and disinformation, including targeting Kennedy personally, violates the U.S. Constitution’s First Amendment, according to the new suit.

“It is well established that the government violates the Constitution if it uses coercive threats to induce private parties to censor protected speech or if it engages in collusive joint action with private parties to violate the First Amendment,” the suit states.

The legal action rests in part on evidence that has been uncovered by litigation in the same court brought by the attorneys general of Louisiana and Missouri.

That lawsuit has produced documents from the government and Big Tech companies showing repeated efforts by U.S. officials to get the companies to take action against users.

The efforts paid off, with companies regularly telling officials they were working on restricting information. That included any content that purportedly discouraged vaccines even when the content was true, one Facebook employee told the White House. In some cases, though, the government itself provided misinformation that was cited to take action against users, the documents show.


Quote:Twitter CEO Elon Musk continued to promote the value of being a Twitter Blue subscriber on Monday, suggesting new features will help fend off artificial intelligence bots aiming to take over the platform.

Musk, who purchased Twitter in October for $44 billion announced early on that to have a blue check mark next to one’s username, they would have to subscribe to Twitter Blue.

Twitter Verified said last Thursday that the platform would begin winding down the legacy verified program and start removing legacy verified check marks beginning on April 1.

Only those who subscribe to Twitter Blue will get a check mark, but Musk also pointed to some other perks for signing up.

"Starting on April 15, only verified accounts will be eligible to be in For You recommendations," he tweeted. "[This] is the only realistic way to address advanced AI bot swarms taking over. It is otherwise a hopeless losing battle. Voting in polls will require verification for same reason."

Twitter user @Videotech_ responded to Musk’s tweet, saying he cannot get behind the decision.

"You need to invest money into talent and AI tech to detect bots on the platform," @Videotech_ said. "This isn’t the way to go. It could tarnish the platform."

"My prediction is that this will be the only platform you can trust," Musk replied.

The billionaire helped found OpenAI in 2015, which is the AI research and deployment company behind ChatGPT.

Just last week, Musk tweeted a meme of Elmo from "Sesame Street" with a shocked look on the puppet’s face.

"Me realizing AI, the most powerful tool that mankind has ever created, is now in the hands of a ruthless corporate monopoly," Musk said. "I’m sure it will be fine."



RE: News of the Cyber World - kyonides - 03-29-2023



Quote:A group of Japan’s ruling Liberal Democratic Party (LDP) lawmakers plans to compile a proposal next month urging the government to ban social networking services such as TikTok if they are used for disinformation campaigns, an LDP lawmaker said on Monday.
...
“If it’s verified that an app has been intentionally used by a certain party of a certain country for their influence operations with malice … promptly halting the service should be considered,” Norihiro Nakayama told Reuters in an interview.

“Making it clear that operations can be halted will help keep app operators in check as it means TikTok’s 17 million users [in Japan], for example, will lose their access. It will also lead to sense of security for users,” Nakayama said.

Nakayama, a senior member of a ruling party lawmakers’ group looking into ways to enhance Japan’s economic security, said that proposal will not be targeting at any particular platform.

A string of Western governments and institutions have banned TikTok in recent weeks, including the UK parliament, the Dutch and Belgian administrations, and the New Zealand parliament.

In Japan, the use of TikTok and other social networking services (SNSs) are prohibited on government devices that handle confidential information.

Nakayama said further restrictions should be considered only after looking into their data-handling and other operations.




Quote:President Joe Biden’s administration pressured Meta to restrict messages on WhatsApp, according to newly disclosed emails.

Rob Flaherty, an assistant to the president, messaged Meta executives in March 2021 to ask about how the company was working to reduce “harm,” one of the emails shows.

“On Whatsapp, which I may seem like I’m playing gotcha, but I guess I’m confused about how you’re measuring reduction of harm,” he wrote in one email. “If you can’t see the message, I’m genuinely curious—how do you know what kinds of messages you’ve cut down on? Assuming you’ve got a good mousetrap here, that’s the kind of info we’re looking for … what interventions you’ve taken, and what you’d found to work and not work?”

“I guess I have the same question here as I do on Facebook on Instagram. Do you guys think you have this under control? You’re obviously going to say yes to that, so I guess the real question is, as ever: how are you measuring success? Reduction in forwarding? Measured impact across Facebook properties?” Flaherty added in another email.
...
Flaherty and Andrew Slavitt, at the time a top White House COVID-19 adviser, had been pressuring Meta executives to take action against supposed COVID-19 misinformation, expressing concern that such information—even if true—could lead to vaccine hesitancy.
...
A Meta executive responded, informing Flaherty that about 90 percent of the messages sent on WhatsApp are one-on-one, with the rest being sent in group chats. But Meta was taking steps to address alleged misinformation.

...“WhatsApp seeks to control the spread of misinformation and inform users through deliberate, content-agnostic product interventions—things like labeling and limiting message forwards,” the executive said.

“The underlying idea there is that messages that did not originate from a close contact are less personal compared to typical messages sent on WhatsApp, and may be more prone to contain misinformation. The labels (‘forwarded’; and ‘forwarded many times’ if the message has been forwarded five times or more) are intended to prompt people to stop and think when they are reading a message and before they forward something, which may not be accurate. The forward limits (no more than five chats at time; one chat a time for highly forwarded messages), are intended to reduce their spread.”

After the limits on highly forwarded messages were introduced early in the COVID-19 pandemic, those messages were reduced by 70 percent globally, according to the executive.

“Of course, not all forwards are misinformation, so these are by nature somewhat blunt tools, but they are important ones—and ones that many other messaging services don’t provide,” the executive said.

WhatsApp also bans accounts engaged in “mass marketing or scam behaviors,” including accounts “that seek to exploit COVID-19 misinformation,” the executive said.

The executive also touted how WhatsApp has introduced a feature enabling users to tap a magnifying glass button to launch a web search to double-check forwarded messages, the executive said.
...
Flaherty claimed that WhatsApp helped “increase skepticism” in the 2020 election and that the U.S. Capitol breach after the election was “plotted, in large part, on your platform.” He asked for “assurances, based in data, that you are not doing the same thing again here.”

“Understood. I thought we were doing a better job through [redacted] responding to this."
...
The messages were produced during discovery in Missouri v. Biden, a federal lawsuit.