New Facebook phishing scam could fool users into providing passwords

18 Feb 2019

Facebook on a laptop. Image: AllaSerebrina/Depositphotos

Researchers have uncovered a convincing new phishing scam that sees cybercriminals try to grab people’s Facebook passwords.

Last week, Apple and Google were called out by human rights organisations for hosting an app that could be used to track the movements of women in Saudi Arabia. The app, Absher, can monitor movements using a woman’s passport number.

A mysterious Instagram bug saw celebrities such as Ariana Grande lose millions of followers on the platform. Originally thought to be a ‘bot purge’, the company said the issue was, in fact, down to a glitch.

The ongoing EU copyright saga continues to unfold, as the final text of the polarising directive was approved on 13 February. It still has a while to go before becoming law, though.

Read on for a selection of the most notable enterprise stories of the last seven days.

Facebook phishing scam could easily fool users

A new Facebook phishing campaign spotted by researchers at password management firm Myki presents a persuasive disguise to users.

The “very realistic-looking” scheme presents convincing copies of single-sign-on Facebook login windows on dodgy websites. As the video below demonstrates, the login window looks close to identical to the real single-sign-in UI Facebook uses.

Australia says the cyberattack on its parliament was the work of a state actor

A couple of weeks ago, Australia’s main political parties and parliament were hit by a cyberattack on their networks, according to its Prime Minister, Scott Morrison.

The BBC reports the attack was first thought to only involve parliament’s servers, but political party networks are now understood to have been affected.

Morrison did not say which foreign state was suspected of carrying out the attack, but added: “We have put in place a number of measures to ensure the integrity of our electoral system.”

UK says Huawei 5G security risks can be managed

The National Cyber Security Centre (NCSC) in the UK says that any risks posed by Chinese firm Huawei can be managed, essentially allowing it to provide 5G infrastructure for the country.

This is a much more lenient attitude than the likes of Australia and the US, which have banned Huawei from supplying crucial 5G equipment.

According to Infosecurity Magazine, despite the NCSC’s recommendation, the UK government could still side with the countries that have imposed stricter sanctions.

Cybersecurity staffing shortages causing stress for organisations

A report from the Ponemon Institute shows that enterprise IT groups are struggling more than ever to respond to the growing volume of new vulnerabilities. 60pc of the more than 600 cybersecurity professionals surveyed listed “staffing” as a primary issue.

The under-staffing is also not limited to small businesses, as 72pc of those surveyed were from organisations with more than 1,000 employees.

Chinese facial recognition database exposes data of 2.5m people

SenseNets, one of the facial recognition databases that the Chinese government is reportedly using to track the Uyghur muslim population in the Xinjiang region of China, has been left open online for months. SenseNets claims to provide AI crowd analysis and facial recognition technology.

According to security researcher Victor Gevers, the data left open included highly sensitive information usually found on an ID card, not just benign usernames. There has been a number of reports of human rights abuses and in-depth surveillance carried out by Chinese authorities against Uyghur muslims in the country.

Facebook on a laptop. Image: AllaSerebrina/Depositphotos

Ellen Tannam was a journalist with Silicon Republic, covering all manner of business and tech subjects

editorial@siliconrepublic.com