Urgent! Update WhatsApp NOW to add new sticker support

Yes, you should update WhatsApp.

But not for the reasons they’re telling you.

1 min read

Facebook sponsored posts selling access to hacked PayPal accounts

Have you ever been curious just how much vetting Facebook does before it accepts cash for an ad or a sponsored post?

Judging by what’s popping up in some users’ newsfeeds, the answer is not that much.

49 sec read

Smashing Security #126: Zombie chickens and fast-food victims

What’s the worst that can happen if you join a Hollywood hard man’s Facebook page? What drove a man to hijack a website’s name at gunpoint? And can you solve the mystery of the Canadian Hamburglar?

Find out in the award-winning “Smashing Security” podcast with Graham Cluley, Carole Theriault, and special guest Mark Stockley from Naked Security.

2 min read

Scammer posed as actor Jason Statham to steal from fan

A British fan of actor Jason Statham was fooled into thinking she had formed an online relationship with the Hollywood hard man, after joining a Facebook fan page for the “Fast and Furious” star… and ended up losing hundreds of thousands of pounds.

1 min read

So, how’s Facebook going to screw us next?

Facebook may have to pay up to US $5 billion due to an FTC inquiry into the social network’s privacy practices. But you can bet your bottom dollar we haven’t seen the last of the social network’s dodgy dealings.

57 sec read

Facebook hoovered up 1.5 million users’ email contacts without permission… “unintentionally”

Just another day at Facebook.

Yes, they stole 1.5 million people’s address books without asking permission, but hey they say it was “unintentional” so….

1 min read

Facebook’s role in Brexit – and the threat to democracy

British investigative journalist Carole Cadwalladr gave a passionate speech at the TED conference in Vancouver this week. You should watch it.

49 sec read

540 million Facebook records left exposed due to sloppy third-party developer security

Security researchers have discovered a huge amount of data containing information about tens of thousands of Facebook users, left available for anyone to access – no password required.

The culprits? Third-party developers.

2 min read

Some 2000 Facebook staff had access to millions of Facebook users’ passwords… stored in plaintext

Stretching back as far as 2012, Facebook has been storing the passwords of hundreds of millions of users unencrypted, in plaintext.

And those passwords were searchable by Facebook staff…

2 min read


Google and Facebook scammed out of $123 million by man posing as hardware vendor

Even the most tech savvy companies in the world can fall for business email compromise.

A Lithuanian man has this week pleaded guilty to tricking Google and Facebook into transferring over $100 million into a bank account under his control after posing as a company that provided the internet giants with hardware for their data centers.

Read more in my article on the Tripwire State of Security blog.

0 sec read


Facebook sues quiz app developers who allegedly stole users’ private data through browser plugins

Facebook is taking a stand against a pair of Ukrainian app developers who it claims scraped personal information from users’ profiles.

Read more in my article on the Hot for Security blog.

0 sec read

Facebook Messenger bug made it possible for hackers to see who you have been chatting with

A security researcher has revealed details of a flaw in Facebook Messenger that made it possible for “any website to expose who you have been messaging with.”

1 min read

Facebook isn’t letting you opt-out of having people search for you by your phone number

If you really must use Facebook, don’t give it your phone number – not even for 2FA.

2 min read

Smashing Security #117: SWATs on a plane

Why is Tampa’s mayor tweeting about blowing up the airport? Are hackers trying to connect with you via LinkedIn? And has Maria succeeded in her attempt to survive February without Facebook?

All this and much much more in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Plus, after last week’s discussion about the legal battle between Mondelez and Zurich Insurance, we have a chat with security veteran Martin Overton to take a deeper look into cyberinsurance.

1 min read

Smashing Security #116: Stalking debtors, Facebook farce, and a cyber insurance snag

How would *you* track someone who owed you money? What was the colossal flaw Facebook left on its website for anyone to exploit and hijack accounts? And what excuse are insurance companies giving for not paying victims of the NotPetya malware millions of dollars?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Joe Carrigan of the Information Security Institute at Johns Hopkins University.

1 min read

Twitter follow bots cut off from API, as accounts disabled for spreading misinformation from Iran and elsewhere

ManageFlitter, Statusbrew, and Crowdfire have had their access to the Twitter API revoked for allegedly helping users abuse the service, aggressively and repeatedly following and unfollowing large numbers of other accounts – a tactic frequently employed by Twitter spammers.

Meanwhile, Twitter and Facebook share details of the accounts they have shut down after finding they were spreading misinformation in the run-up to the US midterm elections.

1 min read