Security news aggregator

Latest coverage for Social Media

Covers how social media can expose personal data, spread scams, enable account takeover, and provide channels for influence or abuse.

7 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Social media comprises online services where people and organizations publish content, communicate, and form networks. The term covers public posts, private messages, groups, live streams, advertising systems, and the APIs and third-party applications that process platform data.

For security teams, these platforms expose identity, relationship, and behavioral information that can support targeted phishing, impersonation, or social engineering. Compromised accounts may be used to distribute malicious links or fraud, while excessive sharing and poorly controlled integrations can expose personal or corporate data. Relevant controls include strong authentication, phishing-resistant account recovery, least-privilege access for connected applications, monitoring for brand and executive impersonation, and clear retention and privacy policies. Public posts and platform telemetry can also provide threat intelligence, but collection and use may be constrained by privacy obligations and applicable data-protection rules.

Showing 7 most recent headlines Filtered view

Customer data collection and retention requirements also increased, including for crypto operators India's Computer Emergency Response Team (CERT-In) has given many of the nation's IT shops a big job that needs to be done in a hurry: complying with a new set of rules that require organizations to report 20 different types of infosec incidents within six hours of detection, be they a ransomware attack or mere compromise of a social media account.…

Krebs on Security 4 years, 2 months ago

Fighting Fake EDRs With ‘Credit Ratings’ for Police

When KrebsOnSecurity last month explored how cybercriminals were using hacked email accounts at police departments worldwide to obtain warrantless Emergency Data Requests (EDRs) from social media and technology providers, many security experts called it a fundamentally unfixable problem. But don't tell that to Matt Donahue, a former FBI agent who recently quit the agency to launch a startup that aims to help tech companies do a better job screening out phony law enforcement data requests -- in part by assigning trustworthiness or "credit ratings" to law enforcement authorities worldwide.