tech:

taffy

Facebook Employees Victim Of ‘Zero Day’ Exploit, User Data Safe

facebook

[Techtaffy Newsdesk]

Facebook was targeted in a sophisticated attack in January, says the company in a blog post. There is no evidence that Facebook user data was compromised in this attack.

Facebook Security flagged a suspicious domain in the company’s corporate DNS logs and tracked it back to an employee laptop. A forensic examination of the laptop showed up a malicious file, and a company-wide search flagged several other compromised employee laptops.

After analyzing the website where the attack originated, Facebook found it was using a previously unseen ‘zero-day’ exploit to bypass the Java sandbox (built-in protections) to install the malware. Facebook reported the exploit to Oracle, and they confirmed its findings and provided a patch on February 1, 2013, that addresses this vulnerability.

Facebook has began an investigation, and is working with its internal engineering teams, security teams at other companies, and with law enforcement authorities.

Facebook Bug Bounty Program

Facebook has a bug bounty program that invites security researchers to look into Facebook vulnerabilities. The company’s Responsible Disclosure Policy says “If you give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our service during your research, we will not bring any lawsuit against you or ask law enforcement to investigate you,” and showcases a list of people for making a responsible disclosure to the company.

The rewards? Facebook offers a $500 minimum reward, with the bounty going higher for ‘severe or creative’ bugs.

 

Just in

Apple sued in a landmark iPhone monopoly lawsuit — CNN

The US Justice Department and more than a dozen states filed a blockbuster antitrust lawsuit against Apple on Thursday, accusing the giant company of illegally monopolizing the smartphone market, writes Brian Fung, Hannah Rabinowitz and Evan Perez.

Google is bringing satellite messaging to Android 15 — The Verge

Google’s second developer preview for Android 15 has arrived, bringing long-awaited support for satellite connectivity alongside several improvements to contactless payments, multi-language recognition, volume consistency, and interaction with PDFs via apps, writes Jess Weatherbed. 

Reddit CEO Steve Huffman is paid more than the heads of Meta, Pinterest, and Snap — combined — QZ

Reddit co-founder and CEO Steve Huffman has been blasted by Redditors and in media reports over his recently-revealed, super-sized pay package of $193 million in 2023, writes Laura Bratton. 

British AI pioneer Mustafa Suleyman joins Microsoft — BBC

Microsoft has announced British Artificial Intelligence pioneer Mustafa Suleyman will lead its newly-formed division, Microsoft AI, according to the BBC report. 

UnitedHealth Group has paid more than $2 billion to providers following cyberattack — CNBC

UnitedHealth Group said Monday that it’s paid out more than $2 billion to help health-care providers who have been affected by the cyberattack on subsidiary Change Healthcare, writes Ashley Capoot.