Facebook, WhatsApp, and Instagram apps were down earlier today, prompting thousands of complaints. Users had trouble loading contents, downloading images, and sending images and audio. Some users report that they could not log in to their accounts.
Based on Downdetector, Facebook has more than 7,000 reports starting around 9:00 A.M. (EST). Instagram and WhatsApp also have high downtime reports at the same time. Most of the users affected were in the Northeast region of the US. Users in Florida and Georgia reported that they are also affected. According to the site’s outage map, users in the UK, South America, and Japan were also affected.
According to the Independent report, Facebook’s “Platform Status” page still indicates a “Healthy” status on its page, as of 12:16 PM (EST).
Users share their frustration on Twitter with hashtags #instagramdown, #facebookdown, and #whatsappdown that are trending worldwide.
Earlier this year, Facebook has announced that it is integrating the messaging function for all three social media platforms. The integration will be completed by 2020. Facebook CEO Mark Zuckerberg assured that Instagram and Whatsapp have relative autonomy.
With the decision to integrate, Zuckerberg faces scrutiny on the security measures among the three social apps. The backlash against the integration happened when all three social media apps were down last March.
Social Media Apps’ Outage in March
Last March 13, the social media trio had the largest service outages in terms of numbers of report. The outage lasted almost 24 hours with news outlets considering it as the biggest interruption suffered by Facebook.
Facebook tweeted an apology the next day, claiming that the outage was caused by the server configuration change. During the outage, Facebook was quick to update users that the cause was not a Distributed Denial of Service or DDoS attack through a tweet.
Facebook needed to contain panic because last October, almost 30 million users’ personal information were hacked. According to CNN Business, Facebook wasn’t ruling out the possibility of other “smaller-scale attacks” at that time.
Prior to Facebook’s official statement on what happened, speculations ranged from a cyber attack to a border gateway protocol (BGP) routing leak.
Aside from the downtime in March, Instagram also had an outage last June 14. Users’ feeds were not loading even after refreshing the app. Instagram’s error page which displays the message, “We’re sorry, but something went wrong. Please try again.”, were repeatedly shown to the users.
WhatsApp also had an outage last June 6. Users experienced delays in sending and receiving messages. Relative to Instagram and Facebook’s outages, WhatsApp’s June outage was small, with only 850 complaints in Downdetector. Most users affected were in the UK with the outage lasting for more than half an hour.
Aside from frustrated users, Facebook also has to answer to its advertisers and small business owners. Some businesses rely on Facebook and Instagram Ads. Others rely on the messaging features of Facebook, Instagram, and WhatsApp to conduct business transactions. Thus, a few hours’ of outages can mean huge losses for them.
In 2016, Facebook launched its Marketplace feature. Users can buy and sell products to other users. Aside from corporations advertising, small business owners were able to set up online shops. All of which are affected whenever Facebook has outages.
Another issue would be messaging services. Since Facebook has taken over the messaging services of Messenger, Instagram, and WhatsApp, any business that uses these apps will be affected too. Communications through these apps are not feasible.
Imagine if you’ve got a scheduled delivery for your business and could not open any of the trio’s messaging app to retrieve the address and confirm deliveries. The business will not only lose revenue but also its customer base.
Last March 13, any ad campaigns that needed to be posted were derailed due to the server configuration problem. However, those ads were still billed to the advertisers. Facebook reportedly planned to refund its advertisers for the March 13 outage.
A digital production company named Wonghaus Ventures reportedly lost $10,000 in revenue due to the March 13 outage. Another company, called AJsmart, a product design studio, saw a loss in terms of customer engagement during the time of the outage.
Frustrations over losses were high, but another issue was that advertisers were not notified about what was happening. According to a report from Adweek, media buyers and advertisers were kept in the dark. There was no information coming in on what was happening and for how long it will last. Advertisers weren’t able to strategize on what to do next.
As of writing, there are no reports yet from Facebook as to the reason for the July 3 outage.
Lenovo Patches Security Flaw Exposing 36TB Of Financial Data In The Wild
The compromised data include sensitive financial information like card numbers and financial records.
A recent breach that has exposed more than 36TB of data owned by users of specific network-attached storage devices has been confirmed by the computer tech giant, Lenovo, and said that a vulnerability in some of their products “could allow an unauthenticated user to access files on NAS shares via the API.”
Security researchers from Vertical Structures, who made the discovery, said that they found “about 13,000 spreadsheet files indexed, with 36 terabytes of data available. The number of files in the index from scanning totaled to 3,030,106.” Worse, these data include sensitive financial information like card numbers and financial records.
According to a security notification from Lenovo, the breach affected both Iomega and LenovoEMC NAS products. Vertical Structures was able to track down the source, a legacy Iomega storage product acquired by EMC and co-branded Lenovo-EMC in a joint venture. They added that it is “trivially easy” to exploit that application programming interface (API) and allow attackers to access the data stored upon any of several Lenovo-EMC network-attached storage (NAS) devices.
Discovery was verified by WhiteHat Security
Researchers from Vertical Structures said they commissioned the help of WhiteHat Security, a security firm known to have patched up network-related vulnerabilities in the past, to verify their discovery because “of its world-renowned reputation in helping secure applications, to work together to verify the vulnerability found.”
“Verifying vulnerabilities is a very important step in securing applications, networks, and devices. After all, on an average day, WhiteHat scanners discover hundreds upon hundreds of new potential vulnerabilities,” they added.
After the team has notified Lenovo of their discovery of the said vulnerability, they said that the company swiftly responded and took measures to mitigate the impacts of the vulnerability.
When asked for comments regarding the problem, Simon Whittaker, cybersecurity director at Vertical Structures, said that “this is definitely a huge problem but one which we see every day.”
“Many organizations fear change and are cautious about retiring old devices. If they can’t replace devices, then they should be using threat modeling techniques to consider how better to protect them and ideally removing them from internet access completely,” he added.
In order to let their users utilize their services, Lenovo pulled three of its old versions out of retirement and brought them back to life while they are patching the said vulnerability. Lenovo then pulled old software from version control to investigate any other potential vulnerabilities to fix and release updates.
“High” severity problem
In a security advisory that Lenovo released, they said that vulnerability has “high” severity and they advised their users to “update to the firmware level (or later) described for your system in the Product Impact section,” and if update is not feasible, “partial protection can be achieved by removing any public shares and using the device only on trusted networks.”
In the advisory, Lenovo lists the products that were impacted by the said flaw. They include:
- px12-350r and ix12-300r, version 18.104.22.168808
- HMND (Home Media Network Hard Drive) Cloud Edition, version 22.214.171.124221
- StorCenter ix2-200, Cloud Edition, version 126.96.36.199221 StorCenter ix4-200d, Cloud Edition, version 188.8.131.52221 StorCenter ix2-200, version 184.108.40.206227
- StorCenter ix4-200d, version 220.127.116.11227
- StorCenter ix4-200rl, version 18.104.22.168227
For their security advisory, Lenovo disclaims that “the information provided in this advisory is provided on an “as is” basis without any warranty or guarantee of any kind” and advised users to “please remain current with updates and advisories from Lenovo regarding your equipment and software” for more recent and updated information about the problem.
As part of their report, Verticle Structures said that there are a lot of things tech companies can learn from what happened in Lenovo. They characterized Lenovo’s approach to the problem as “professional” and hoped that other companies experiencing similar problems could learn from them.
“Not only did they have a clearly stated vulnerability disclosure policy on their site with contact information, but they responded quickly and worked with WhiteHat and Vertical Structure to understand the nature of the problem and quickly resolve it,” said Vertical Structures.
“In sharing this story, both WhiteHat and Vertical Structure hope companies are inspired to always keep cybersecurity top of mind to keep up with the constant barrage of new vulnerabilities and exposures,” they added.
This Free Service Detects And Blocks Suspicious Behaviors Of Android Apps
This service is still on the beta phase but they promise to release improvements and expand their territorial reach.
As a smartphone owner, you can have a plethora of apps available for download via Google Play Store or Apple App Store. However, not all of these apps are secured and are safe to be installed on your devices. Some of them are either fake apps posing as a legitimate version of another app, or worse; they could be carriers of infectious malware that could potentially put your device or yourself in harm’s way.
Amid the risk of threat actors and hackers invading someone’s phone or tablet, leading tech company, Upstream, launched an online index that screens, catalogs, and blocks suspicious Android apps in the market around the world.
“The information on the Secure-D Index, currently in beta, allows anyone to easily find what apps pose a threat to their privacy and pocket, in one place, for free. Data is openly available to the whole mobile industry, from app developers, ad networks and publishers, to media, advertisers and mobile network operators that all fall prey to mobile ad fraud.”
The Secure-D Index is still in beta and is currently being tested. Nonetheless, the company and the platform promise to help resolve the problem of malicious apps that serve as a trojan horse for a more significant and more destructive attack against people’s privacy.
Currently, the platform included an aggregate list of suspected malicious Android Apps, and the index is growing every day as the platform continue to scan the internet to flag these unwanted applications. For each app, the Secure-D Index center features pertinent information such as the number of downloads, market infection rate, and markets where the app is active.
The data is available to 17 regions, and they are working on expanding their reach shortly. They are available in countries like the US, Russia, India, Germany, South Africa, and Egypt, covering up to 1.3 billion mobile data subscribers.
The number of the listed apps in the platform is currently at 1,500, with malicious apps estimating to 13.5 billion downloads. The platform allows users to check whether the apps are available on Google Play, have been removed from Google Play, or are distributed through third-party app stores.
Furthermore, along with the entry of each malicious app, the index also includes data such as the developer’s website, whenever the information is available.
“Secure-D leads the fight against malware, an ever-growing threat for mobile security worldwide. We believe a crucial part of this fight is awareness, which mobile users and, surprisingly, a large part of the industry lacks,” Dimitris Maniatis, Head of Secure-D at Upstream said
“At Upstream, we have been steadily and openly sharing Secure-D’s proprietary findings on suspicious and fraudulent apps in an effort to eliminate digital mobile fraud. The publication of these findings through our Secure-D Index highlights the level of awareness we aim to achieve and the transparency we believe is required to more effectively target the shady practices of threat actors that prey on a whole ecosystem.”
The platform is available for everyone where the Index is available, and it is free of charge, according to the press release of the company. Users can access the top 20 most active malware from the previous day and register for free to access full data — either global or country-specific — see historical data, or search for a specific app.
In 2018 alone, Secure-D having processed over 1.8 billion mobile transactions, detected and blocked over 63,000 malicious apps in 16 countries. They added that the platform is currently processing and blocking an average of 170 malicious applications every day.
Earlier this year, Secure-D reported on the suspicious background activity of 4shared, a popular file-sharing app, Vidmate, a video downloader, and Weather Forecast a preinstalled app on Alcatel devices. They said that all these apps were previously available at Google Play Store and had more than 600,000 downloads before their platform was able to flag their suspicious behavior. The company said that in these three cases alone, Secure-D detected and blocked near 250 million suspicious mobile transactions
“By providing information on suspicious apps freely to the public via Secure-D Index, Upstream aims to further protect mobile subscribers, operators, and advertisers from the ever-growing threat of mobile ad fraud, whose value is currently estimated at $40 billion,” they added.
‘User Data Are Not Transferred To Russia,’ Says FaceApp
The popular photo-manipulation app, Face App, has taken social media platforms like Facebook, Twitter, and Instagram by storm. And with “by storm,” it means that a lot of people, including celebrities and famous individuals, have jumped on the bandwagon to see how they would look like when they grow old.
There are a lot of things interesting about the app; it can manipulate a photo that a user submits to make a realistic version of the picture as the face ages. There is no surprise as to why Face App has gained popularity among young users around the world.
There is a problem though: you need to submit your photo to the app. This means that providing the chosen selfie, FaceApp will have access to your photo at their disposal. That’s why concerns were raised by security experts and data privacy advocates regarding the implication of sending a photo to an app.
One thing that concerns advocate and experts the most is the fact that the company that built and developed the app is from Russia. It is owned by a Russian company named Wireless Labs and has been downloaded by more than 100 million people via Google Play on the Android platform, and by over 50 million people across other platforms including Apple’s iOS.
The Russia issue
Many advocates have cited the human rights record of Russia, as well as the heightened citizen surveillance they have in their country. The fears of advocates and experts are amplified after the privacy terms and conditions for the app reveals that it sneakily includes a clause that would “grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you [the user or the owner of the photo].”
The polarizing opinions about FaceApp have opened the discussion on how people are carelessly sharing their photos on social media platforms and smartphone apps without a thorough understanding of the implications of such action. In an article published by Wired, they said that what FaceApp is doing is rather common than new.
They said that the same thing is happening when someone uploads a photo on Facebook and Instagram. Instead of demonizing FaceApp and singling it out, the article encourages users to be more vigilant with the data they share across all platforms.
However, security experts and advocates still press on the idea that FaceApp could be used by the Russian government in its surveillance and technology-versus-people agenda. However, FaceApp is strong in its position that it is protecting the privacy of their users, saying that they “perform[s] most of the photo processing in the cloud. We only upload a photo selected by a user for editing. We never transfer any other images from the phone to the cloud.”
“We might store an uploaded photo in the cloud. The main reason for that is performance and traffic: we want to make sure that the user doesn’t upload the photo repeatedly for every edit operation. Most images are deleted from our servers within 48 hours from the upload date. We don’t sell or share any user data with any third parties,” they added.
They also countered the claims that they can be used as Russia’s trojan horse and said that “even though the core R&D team is located in Russia, the user data is not transferred to Russia.”
Furthermore, they clarified that they don’t require users to log in their app for them to use it and while they ask for device permission to access the phone’s camera and photo roll, they only access those that are selected by the users for editing.
“You can quickly check this with any of network sniffing tools available on the internet,” they said.
Check Out What’s New:
- House Passes Raising Minimum Wage To $15 An Hour
- It: Chapter 2 Takes A Darker Twist (New Trailer)
- Dropping ‘Artificial Snow’ Could Stabilize Glaciers In Antartica, Study Suggests
- Israeli Researchers Test Drug That Starves Pancreatic Cancer Cells To Death
- Resident Evil 5 And 6 Invades Nintendo Switch This Fall
- Lenovo Patches Security Flaw Exposing 36TB Of Financial Data In The Wild
- Outpouring Support For KyoAni After Arson Attack
- This Free Service Detects And Blocks Suspicious Behaviors Of Android Apps
- ‘User Data Are Not Transferred To Russia,’ Says FaceApp
- ~$27.8 Million Worth Of Crypto Stolen From Japanese Crypto-Exchange, BitPoint
Arts & Entertainment3 weeks ago
‘Criminal Minds’ Season 15: A Tear-Jerking Finale Is Coming
Technology2 weeks ago
Google Stops Trends Alerts In New Zealand Following Criticisms From NZ Government
Business4 days ago
Political Stand-Off: Chinese-Canadian Goods
Science1 month ago
Norway’s Celebrity Beluga Whale ‘Hvaldimir’; A Russian Spy Or Child Therapist?
Technology3 weeks ago
Cloud Service Provider, ‘PCM’ Fell Victim To A Data Breach Aimed To Collect Gift Cards
Science3 weeks ago
Summer Penis Is Giving Men Big Dick Energy
Technology3 weeks ago
‘Google,’ ‘University of Chicago’ Faces Class Action Over ‘Electronic Health Record’ Breach
Technology3 weeks ago
‘Uncall’ Promises To Remove Your Number From Generic Robocall Lists And Dark Web Databases