Security News

Instagram gives users Sensitive Content Control

Plus, hackers bypass Windows Hello, and Venmo finally ditches that global social feed

This week, parent company Facebook announced that it was rolling out Sensitive Content Control on Instagram, a filter to limit the amount of potentially upsetting content that the platform suggests to users in the Explore tab. Users are encouraged to click on the Explore tab when they want to discover other interesting accounts they do not yet follow. The types of accounts and content on Instagram varies greatly. The platform considers sexually suggestive or violent content to be sensitive. “We believe people should be able to shape Instagram into the experience that they want,” Facebook wrote in the announcement. Instagram does not allow hate speech, bullying, or any content that might present a risk of harm, but some of the “allowed” content may still be somewhat disquieting to certain users. The new Sensitive Content Control feature allows those users to ensure they will not be presented with anything potentially upsetting. 

Hackers trick Windows Hello facial-rec tech

By using just two photos, white hat hackers were able to bypass Windows Hello facial-recognition tech and unlock a user’s system. The Windows security gate uses an infrared sensor to identify a user’s face, so all the hackers had to do was manipulate a USB webcam to deliver the images they needed, and the system was fooled into thinking the owner’s face was present. “We created a full map of the Windows Hello facial-recognition flow and saw that the most convenient for an attacker would be to pretend to be the camera, because the whole system is relying on this input,” said one of the hackers. Microsoft has already patched the vulnerability. For more, see Wired

Venmo removes global social feed

As part of several updates that Venmo announced this week, the controversial global social feed that allows anyone to see the details of everyone else’s payments will be removed from the money-transfer platform. “As part of our ongoing efforts to continually evolve the Venmo platform, while staying true to the heart of the Venmo experience, we are removing the global feed, and the friends feed is now the only social feed that will appear in the app,” the company posted in a blog. Other changes to the app include easier navigation, an option to pay with up to 4 kinds of cryptocurrency, and expanded privacy controls. The company says the updated features will be rolling out over the next two weeks. 

TSA issues second Security Directive to pipelines

Earlier this week, the Transportation Security Administration (TSA), a branch of the U.S. Department of Homeland Security, issued a second Security Directive to owners and operators of critical pipelines that transport hazardous materials. The initial Security Directive was issued in May, following the Colonial Pipeline attack. It required pipeline operators to report cyber incidents to CISA, designate a Cybersecurity Coordinator, review security practices, and identify any remediation measures that need to be addressed. The second directive requires pipeline owners to implement specific mitigation measures, develop a recovery plan, and conduct a cybersecurity architecture design reviews.

Blogger discovers “slow red-pill” tactic used by extreme right

Publishing his findings on collaborative platform Do Not Research, author and artist Joshua Citarella identified a strategy that he believes the far right is using on Instagram to radicalize followers. Citarella calls the tactic the “slow red-pill.” It consists of extremist right groups setting up profiles that seem to be standard rightwing “MAGA” accounts. For the most part, these accounts post common conservative memes with no extremist views, but once a week, the accounts put up a strongly extremist post. The point, Citarella maintains, is to gradually radicalize followers over the course of about a year. Towards the end of the profile’s lifespan, the posts get more and more radical more frequently, until the profile owner erases the account and starts anew. 

This week’s ‘must-read’ on The Avast Blog

We've taken a deep dive into the inner workings, targets, and risks associated with the NSO Group’s Pegasus, a spyware tool that can be deployed on Android and Apple smartphones with a great deal of stealth.