Security News

Facebook spends $50 million on metaverse research

Plus, BloodyStealer hits play, while Instagram Kids hits pause

Facebook announced this week that it will invest $50 million in global research and partner collaboration to build a responsible foundation for what it sees as “the next computing platform” – the metaverse. According to the announcement, the metaverse is “a set of virtual spaces where you can create and explore with other people who aren’t in the same physical space as you.” Facebook has already begun building in this area with the Oculus VR headset. While many metaverse products won’t be fully realized for another decade or so, Facebook says it will work with government, industry, and academia to ensure the tech is built in a way that’s empowering for all, particularly in the areas of economic opportunity, privacy, safety and integrity, and equity and inclusion. 

Avast Security Evangelist Luis Corrons thinks this is a step in the right direction. “With new technologies and tools to communicate with each other,” he commented, “new challenges appear. Usually we become aware of them while they are happening, as we have seen with privacy, cyberbullying, the spread of fake news, hate speech, etc. Trying to anticipate some of those challenges beforehand, and create tools to address them, is a sensible approach.”

SonicWall patches critical SMA vulnerabilities

Internet security company SonicWall posted a security notice this week about a “critical arbitrary file delete vulnerability” in the SMA 100 series appliances. The Smart Mobile Access (SMA) series includes SMA 200, 210, 400, 410, and 500v. The flaw, when exploited, could allow an unauthenticated user the ability to delete arbitrary files from an SMA 100 series appliance and potentially gain administrator access to the device. SonicWall reported there is no evidence the vulnerability has been exploited in the wild. The company also released a patch users can install to protect themselves and their files.

BloodyStealer malware attacks gaming platforms

A new malware dubbed BloodyStealer, which can be bought on the dark web, siphons personal information from gaming platforms such as Steam, Epic Games Store, and EA Origin. Kaspersky security researchers detected the malware targeting victims in Europe, Latin America, and the Asia-Pacific region. According to Bleeping Computer, gamers are usually targeted by threat actors with malware-laced game cheat tools. Once the system is infected, BloodyStealer can grab cookies, passwords, forms, bank cards from browsers, system information, screenshots, certain gaming sessions, files from the desktop, and logs from the memory.

Scalper bots target graphic cards

In the Top 5 Scalper Bots Quarterly Index, a tracking report that identifies the hottest products targeted by scalper bots, bot mitigation platform Netacea reported that $110 Air Jordan Retro 1 High OG sneakers were the most popular item bought and scalped, sometimes fetching amounts seven times the original price tag. The second most bought and scalped item was the PS5. Third was graphic cards suitable for gaming, fourth was Yeezy Boost 700 MNVN sneakers, and fifth was graphic cards marketed for cryptocurrency mining. On the topic of retailers, Netacea CTO Andy Still commented “In addition to supply chain issues adding to the challenges of the last two years, [retailers] increasingly face the risk of bots buying their most popular items before their customers.” For more, see ZDNet.

Instagram Kids hits pause

Head of Instagram Adam Mosseri posted that while the company still believes it should build Instagram Kids, it is pausing work on the social media space intended specifically for tweens. CNN Business reported that the announcement comes after lawmakers pressured Instagram to back down on the effort, and new questions arose about the impact social media photo sharing has had on teen girls. “We’ll use this time to work with parents, experts and policymakers to demonstrate the value and need for this product,” Mosseri wrote in the announcement. He said the company is still invested in building parental supervision tools and continuing its focus on teen safety.

This week’s ‘must-read’ on The Avast Blog

It’s true: There are more women in tech than before. And it's also true: There are still not many women in senior leadership positions. Read up as we walk through how to change that.