Security News

Metaverse survey spurns Facebook

Plus, online shopping gets more dangerous and Twitter gets more safe.

In an anonymous survey conducted by Hong Kong-based Advokate Group, more than 1,200 U.S. consumers were asked questions about joining a metaverse. Over 77% admitted to being worried about Facebook owning the data. “Facebook has an impressive record of misusing users’ data,” commented Avast Security Evangelist Luis Corrons. “It is really hard to forget the Cambridge Analytics scandal. They’ve lost people’s confidence. However, billions of people still use Facebook, Instagram, and WhatsApp, so it seems people are concerned about their privacy, but not enough to stop giving up their data.” 

According to the survey, 87% of respondents said their first preference would be a metaverse based on a decentralized blockchain. When asked what types of metaverse activities interested them, the most popular choice was gaming, followed by hanging out with friends, work and meetings, attending concerts, workouts, and studying with classmates. When asked how many metaverses they plan to join in the next few years, 46% said one or two, 38% said three or four, 10% said five or six, and 7% said they don’t plan to join one at all. Read more details from the survey on ZDNet

Over 500 online shops hacked with card-skimming malware

Sansec, an e-commerce malware detection company, last week discovered a card-skimming scheme affecting over 500 stores. Attackers used a known leak in the Quickview plug-in of the Magento 1 ecommerce platform, using the combination of an SQL injection attack and a PHP Object Injection attack to gain control of the platform. When visitors enter payment card details during purchase, the malicious code sends their payment information to attacker-controlled servers. The hackers also programmed the code to create no less than 19 backdoors in the systems, which allow for easy reinfection. Magecart schemes like this have been increasing over recent years, including infected ATMs and gas pumps

Senators reveal CIA collected Americans’ data

A CIA mass surveillance program has swept up the personal data of some American citizens, claimed Senators Ron Wyden of Oregon and Martin Heinrich of New Mexico in a letter to the Privacy and Civil Liberties Oversight Board. The senators called the surveillance activity a “secret bulk collection program” that was authorized under presidential Executive Order 12333 in the early 1980s. Usually, such surveillance is monitored under the Foreign Intelligence Surveillance Act (FISA), but in their letter, the senators said this particular program operates “entirely outside the statutory framework that Congress and the public believe govern this collection, and without any of the judicial, congressional or even executive branch oversight that comes with FISA collection.” For more, see Cyberscoop

Meta to pay $90M in class-action lawsuit

The parent company of Facebook has agreed to pay out $90 million to settle a decade-long data privacy lawsuit over using cookies in 2010-2011 to track users across the internet even after they had logged out of Facebook. Meta submitted the proposed settlement earlier this week to the U.S. District Court for the Northern District of California. The case centered on Facebook’s use of proprietary browser plug-ins that tracked users’ visits to third-party sites. As part of the settlement, Meta says it will sequester and delete all the data at issue. “Reaching a settlement in this case, which is more than a decade old, is in the best interest of our community and our shareholders and we’re glad to move past this issue,” said a Meta spokesperson. See Variety for more on this story.

Twitter expands Safety Mode which allows autoblocking

This week, Twitter announced it would be expanding the beta of its Safety Mode feature to roughly 50% of users in the U.S., U.K., Canada, Australia, Ireland, and New Zealand. The feature allows users to temporarily autoblock any account that sends them harmful or abusive tweets. Originally rolled out last September, the beta has only been available to 750 users previously. Twitter spokesperson Tatiana Britt told The Verge that since the initial rollout, “We’ve learned that some people want help identifying unwelcome interactions. For this reason, our technology will now proactively identify potentially harmful or uninvited replies, and prompt people in the beta to consider enabling Safety Mode.” It remains to be seen whether or not the feature will come out of beta mode and go wide. 

This week’s ‘must-read’ on The Avast Blog

The FBI has issued another warning about a new series of ransomware attacks known as BlackByte. Here's what organizations can do to protect themselves.