"When you are trying to grow a social network as well as increase advertising revenue, security becomes not only a lower priority but sometimes a conflict of interest," the blog states.
Facebook continues to miss some key security issues on its pages, Barracuda says, and it outlined seven:
1. Fake Product Pages. "Knock-off luxury goods have always been popular scams," the blog noted. "If you actually get the product, which is a bit of a longshot, you are likely to find that the quality you expected from the brand is lacking at best. Facebook is rife with pages promoting these goods."
2. Manipulated Accounts Recommendations. "On social networks, those with less good motives have figured out how to game the recommendation system and use it to their advantage," the blog says. "This is very similar to how attackers have used search engine optimization to promote their malware. Friends are recommended in a variety of ways, but a simply exploited example is through shared apps. Spammer accounts sign up for the same popular apps that real users do and before too long they are showing up in your list of recommended friends."
3. Affiliate Spam. "Affiliate spam is a bigger and bigger part of the typical users incoming stream," Barracuda states. "They encourage or require the user to share it out to all their friends and say something like 'I love Olive Garden' before being redirected to a never-ending series of offers."
InformationWeek is conducting a survey on the current state of encryption within the enterprise: What assets are, and are not, being encrypted to reduce the risk of exposure? Where sensitive data is going unencrypted, what's holding you back? Upon completion, you will be eligible to enter a drawing to receive an Apple 32-GB iPod Touch. Take the survey now. Survey ends Dec. 2.
Dark Reading Tech Digest, Dec. 19, 2014Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Published: 2015-01-28 pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files.
Published: 2015-01-28 pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remote authenticated users to write to arbitrary files via an upload URL with a host other than pixabay.com.
Published: 2015-01-27 The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer length declaration for the Gstreamer bindings, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which trigger a heap-based buffer overf...
If you’re a security professional, you’ve probably been asked many questions about the December attack on Sony. On Jan. 21 at 1pm eastern, you can join a special, one-hour Dark Reading Radio discussion devoted to the Sony hack and the issues that may arise from it.