Categories
Computing

How to create a Facebook group

Are you interested in cultivating an online community about one of your hobbies? Do you just need a way to organize a family event or book club? If so, you may want to consider creating a Facebook group. Facebook groups can provide a central, online location for gathering and communicating with your friends and family or for meeting new people to discuss your shared interests or plan an event together. It can be a great way to cultivate a sense of community online.

Plus, creating a Facebook group is incredibly easy.

What is the difference between a page and a group on Facebook?

The main difference between a Facebook page and a group comes down to privacy and visibility.

A Facebook page is essentially designed to maximize visibility, and you can’t really make them private. That’s because they’re more for businesses and public figures. Pages are for use cases in which a person, brand, or company wants to be seen and wants to attract as many customers and fans as possible. Usually, anyone can like or follow a page to keep up with the goings on of the brand or person that page represents.

Facebook groups are different. Groups actually offer the option to be made private and/or given limited visibility because not all groups want to attract lots of attention from everyone on Facebook. Some groups are for small, specific interests and some groups may want to limit membership to select people. Groups are more about cultivating community rather than promoting a brand, and sometimes setting privacy limits can help keep those communities safe.

How do I start a Facebook group: on desktop web

Starting a Facebook group is actually a fairly easy process. Here’s how to do it on a PC via the desktop website version of Facebook.

Step 1: Open up your desktop web browser, go to Facebook.com, and log in to your account if you’re not already logged in.

Step 2: Select the Menu icon in the top right. This icon looks like series of nine dots arranged in a square.


screenshot

Step 3: From the menu that appears, under the Create header, choose Group.

The drop down menu for Facebook for desktop web's main Menu.

screenshot

Step 4: On the Create group screen, add your group’s name, choose a privacy level, and invite your friends (if you’d like).

For privacy levels, you can choose between Public and Private. Public means anyone on Facebook can view the posts in your group and see who is in your group. Private means that only members of that group can view the posts in it and see who the other members are.

If you choose Private, you’ll then have to select the level of visibility of the group: Visible or Hidden. Visible means anyone on Facebook can find this group, and Hidden means only group members can find it.

The Create group screen on Facebook for desktop web.

screenshot

Step 5: Then choose the Create button at the bottom of the Create group screen. That’s it! You’ve now created a Facebook group!

A newly created Facebook group on Facebook for desktop web.

screenshot

How do I start a Facebook group: on the mobile app

Alternatively, if you’d rather use the Facebook mobile app to create a Facebook group, you can do that too. It’s pretty similar to the desktop web method. These instructions should work for both Android and iOS devices. Here are the basics of creating a Facebook group via the mobile app:

Open the Facebook mobile app on your device and then select the Menu icon (three lines) > Groups > Plus sign icon > Create group.

Then, on the Create group screen, you’ll add a group name, choose your privacy level, and choose your visibility level if needed. Select the Create group button at the bottom of the screen. At this point, your group will have been created, and you’ll be prompted to invite people to join and start setting up your group page.

Editors’ Choice




Repost: Original Source and Author Link

Categories
Security

Microsoft says it caught an Austrian spyware group using Windows 0-day exploits

Microsoft’s security and threat intelligence teams have reportedly caught an Austrian company selling spyware based on previously unknown Windows exploits.

The new details were released on Wednesday in a technical blog post from Microsoft’s Threat Intelligence Center (MSTIC), published to coincide with written testimony given by the software company to a House Intelligence Committee hearing on commercial spyware and cyber surveillance.

The spyware developer — officially named DSIRF but which Microsoft tracks under the codename KNOTWEED — made spyware known as Subzero that was used to target law firms, banks, and consultancy firms in the UK, Austria, and Panama, Microsoft said. Analysis from MSTIC found that exploits used by DSIRF to compromise systems included a zero-day privilege escalation exploit for Windows and an Adobe Reader remote code execution attack. Microsoft says that the exploit being used by DSIRF has now been patched in a security update.

DSIRF claims to help multinational corporations perform risk analysis and collect business intelligence, but Microsoft (and other local news reporting) have linked the company to the sale of spyware used for unauthorized surveillance. Per Microsoft’s blog post:

MSTIC has found multiple links between DSIRF and the exploits and malware used in these attacks. These include command-and-control infrastructure used by the malware directly linking to DSIRF, a DSIRF-associated GitHub account being used in one attack, a code signing certificate issued to DSIRF being used to sign an exploit, and other open-source news reports attributing Subzero to DSIRF.

The new information about Microsoft’s tracking and mitigation of DSIRF / KNOTWEED’s exploits was published at the same time as a written testimony document submitted to the hearing on “Combatting the Threats to U.S. National Security from the Proliferation of Foreign Commercial Spyware,” held July 27th.

Microsoft’s written testimony described a largely unregulated commercial spyware industry where private actors were free to contract with repressive regimes around the world.

“Over a decade ago, we started to see companies in the private sector move into this sophisticated surveillance space as autocratic nations and smaller governments sought the capabilities of their larger and better resourced counterparts,” the testimony reads.

“In some cases, companies were building capabilities for governments to use consistent with the rule of law and democratic values. But in other cases, companies began building and selling surveillance as a service … to authoritarian governments or governments acting inconsistently with the rule of law and human rights norms.”

To combat the threat to free expression and human rights, Microsoft is advocating that the United States help advance the debate around spyware as a “cyberweapon,” which could then be subject to global norms and regulations in the way that other classes of weaponry are.

In the same hearing, the Intelligence Committee also received testimony from Carine Kanimba, daughter of imprisoned Rwandan activist Paul Rusesabagina, who was credited with saving as many as 1,200 Rwandans in the 1994 genocide. While advocating for her father’s release, Kanimba’s phone was believed by researchers to have been infected with NSO Group’s Pegasus spyware.

“Unless there are consequences for countries and their enablers which abuse this technology, none of us are safe,” Kanimba said.

NSO Group was also referenced by Citizen Lab senior researcher John Scott-Railton, another expert witness giving testimony to the committee. Scott-Railton described a shifting global landscape in which access to the most sophisticated and intrusive digital surveillance techniques — once only available to a handful of nation states — was becoming much more widespread due to the involvement of “mercenary spyware companies.”

The greater ability of these tools means that even US officials were more likely to be targeted, as reportedly happened to nine State Department employees working in Uganda whose iPhones were hacked with NSO’s Pegasus.

“It is clear that the United States government is not immune from the mercenary spyware threat,” Scott-Railton said.

Repost: Original Source and Author Link

Categories
Security

This anti-hacker group helps you escape ransomware for free

This week marks the sixth anniversary of the No More Ransom project, an initiative aimed at helping ransomware victims.

Operating as an online platform to help anyone who’s experiencing trouble after their system has been infected by some form of ransomware, No More Ransom was formed as a joint venture between law enforcement (Europol and the Dutch National Police) alongside IT security firms (Kaspersky and McAfee).

Getty Images

As reported by Bleeping Computer, when it started out, the program only supplied a total of four ransomware decryptors. However, since launching in 2016, that number has soared to over 100 free decryption tools that can help combat numerous strains of ransomware.

“Six years later, No More Ransom offers 136 free tools for 165 ransomware variants, including Gandcrab, REvil/Sodinokibi, Maze/Egregor/Sekhmet, and more,” Europol said in a press release.

In total, No More Ransom has allowed more than 10 million individuals to successfully decrypt their infected files via free decryptors. Without access to such tools, the only remaining option would be to pay the cybercriminals behind the ransomware who are using innocent people’s files as leverage for a payday.

And that payday is substantial, to say the least. Upon No More Ransom entering its fifth anniversary last year, it was revealed that the initiative “prevented criminals from earning almost a billion euros through ransomware attacks.”

No More Ransom’s premise is simple but effective. Its Crypto Sheriff tool uploads two encrypted files alongside the ransomware note, after which it attempts to match them via a database of tools that can provide a solution. Once a match has been established, a compatible ransomware decryptor will be shared with the victim. Here, a detailed set of instructions within a manual can help the individual in unlocking their files.

A depiction of a hacked computer sitting in an office full of PCs.
Getty Images

Alternatively, if the search is unable to locate a suitable decryptor, victims will be encouraged to regularly check again due to the frequency of unlock tools being added to the system.

While programs like No More Ransom are useful in battling the ever-growing threat of ransomware, the groups behind the malicious software that holds files and folders hostage aren’t sitting idly by.

Security firm Kaspersky has observed how ransomware gangs are now evolving their “cross-platform capabilities,” as well as “updated business processes.”

“If last year we said ransomware is flourishing, this year it’s in full bloom,” the company stated. Elsewhere, throughout 2021, ransomware resulted in $49.2 million being extracted from victims. And that number is only attributed to publicly disclosed incidents — who knows what the overall figure amounts to.

Editors’ Choice




Repost: Original Source and Author Link

Categories
Security

A Russian-backed malware group is spoofing pro-Ukraine apps, Google finds

“All warfare is based on deception,” Sun Tzu wrote in The Art of War. Some 2,500 years later, the maxim applies to the virtual battlefield as well as the physical.

As the war in Ukraine rages on, researchers from Google have discovered malware from a Russian state-backed group disguised as a pro-Ukraine app. The details were revealed in a blog post published by Google’s Threat Analysis Group (TAG), which specializes in tracking and exposing state-sponsored hacking.

According to TAG, the Cyber Azov app — which invokes Ukraine’s far-right military unit, the Azov Regiment — was actually created by Turla, a Kremlin-backed hacking group known for compromising European and American organizations with malware.

A web page screenshot shows an app labelled “Azov” in the Cyrillic alphabet, with a description asking users to “Join Cyber Azov and help stop Russian aggression against Ukraine”

Screenshot taken from the Cyber Azov website.
Image: Google Threat Analysis Group

Per TAG’s research, the app was distributed through a domain controlled by Turla and had to be manually installed from the APK application file rather than being hosted on the Google Play Store. Text on the Cyber Azov website claimed the app would launch denial-of-service attacks on Russian websites, but TAG’s analysis showed that the app was ineffective for this purpose.

Meanwhile, analysis of the APK file on VirusTotal indicates that many of the biggest anti-malware providers flag it as a malicious app containing a Trojan.

TAG’s blog post suggests that the number of users who installed the app is small. However, the Cyber Azov domain was still accessible to The Verge on Tuesday morning, meaning more Android users could be tricked into downloading an app. A Bitcoin address listed on the website to solicit donations had not made or received any transactions at time of publication, lending support to the assessment that the malicious app has not achieved a wide reach. (On the other side of the conflict, Bitcoin and other cryptocurrencies have provided one revenue stream for the Ukrainian government and military thanks to the efforts of the Ukraine-based Kuna exchange.)

Besides malicious Android apps, TAG also flagged the exploitation of the recently discovered Follina vulnerability in Microsoft Office, which allows hackers to take over computers using maliciously crafted Word documents. The vulnerability had been used by groups linked to the Russian military (GRU) to target media organizations in Ukraine, Google researchers said.

The spoof app uploaded by Turla taps into a significant trend in the cyber dimension of the Russia-Ukraine conflict, namely the participation of a large decentralized base of digital volunteers hoping to aid the Ukrainian cause. Early in the conflict, Anonymous-linked groups scored a number of victories against Russian companies by hacking and leaking sensitive data, although it is unclear what material effect this has had on the course of the war.

Throughout the invasion, Ukraine’s “IT army” has made headlines by carrying out a string of denial-of-service attacks, loosely coordinated through a government-endorsed Telegram channel — an organizational strategy that analysts have described as a groundbreaking approach to cyber and information warfare.

Repost: Original Source and Author Link

Categories
Security

Hacking group posted fake Ukrainian surrender messages, says Meta in new report

A Belarus-aligned hacking group has attempted to compromise the Facebook accounts of Ukrainian military personnel and posted videos from hacked accounts calling on the Ukrainian army to surrender, according to a new security report from Meta (the parent company of Facebook).

The hacking campaign, previously labeled “Ghostwriter” by security researchers, was carried out by a group known as UNC1151, which has been linked to the Belarusian government in research conducted by Mandiant. A February security update from Meta flagged activity from the Ghostwriter operation, but since that update, the company said that the group had attempted to compromise “dozens” more accounts, although it had only been successful in a handful of cases.

Where successful, the hackers behind Ghostwriter had been able to post videos that appeared to come from the compromised accounts, but Meta said that it had blocked these videos from being shared further.

The spreading of fake surrender messages has already been a tactic of hackers who compromised television networks in Ukraine and planted false reports of a Ukrainian surrender into the chyrons of live broadcast news. Though such statements can quickly be disproved, experts have suggested that their purpose is to erode Ukrainians’ trust in media overall.

The details of the latest Ghostwriter hacks were published in the first installment of Meta’s quarterly Adversarial Threat Report, a new offering from the company that builds on a similar report from December 2021 that detailed threats faced throughout that year. While Meta has previously published regular reports on coordinated inauthentic behavior on the platform, the scope of the new threat report is wider and encompasses espionage operations and other emerging threats like mass content reporting campaigns.

Besides the hacks against military personnel, the latest report also details a range of other actions conducted by pro-Russian threat actors, including covert influence campaigns against a variety of Ukrainian targets. In one case from the report, Meta alleges that a group linked to the Belarusian KGB attempted to organize a protest event against the Polish government in Warsaw, although the event and the account that created it were quickly taken offline.

Although foreign influence operations like these make up some of the most dramatic details of the report, Meta says that it has also seen an uptick in influence campaigns conducted domestically by repressive governments against their own citizens. In a conference call with reporters Wednesday, Facebook’s president for global affairs, Nick Clegg, said that attacks on internet freedom had intensified sharply.

“While much of the public attention in recent years has been focused on foreign interference, domestic threats are on the rise globally,” Clegg said. “Just as in 2021, more than half the operations we disrupted in the first three months of this year targeted people in their own countries, including by hacking people’s accounts, running deceptive campaigns and falsely reporting content to Facebook to silence critics.”

Authoritarian regimes generally looked to control access to information in two ways, Clegg said: firstly by pushing propaganda through state-run media and influence campaigns, and secondly by trying to shut down the flow of credible alternative sources of information.

Per Meta’s report, the latter approach has also been used to restrict information about the Ukraine conflict, with the company removing a network of around 200 Russian-operated accounts that engaged in coordinated reporting of other users for fictitious violations, including hate speech, bullying, and inauthenticity, in an attempt to have them and their posts removed from Facebook.

Echoing an argument taken from Meta’s lobbying efforts, Clegg said that the threats outlined in the report showed “why we need to protect the open internet, not just against authoritarian regimes, but also against fragmentation from the lack of clear rules.”

Repost: Original Source and Author Link

Categories
Security

US blames North Korean hacker group for $625 million Axie Infinity theft

The US Treasury Department blames North Korean hacking group Lazarus for stealing $625 million in cryptocurrency from the Ronin network, the blockchain backing the Axie Infinity play-to-earn crypto game, according to a report from Vice. On Thursday, the Department of Treasury updated sanctions to include the wallet address that received the funds and attributed it to the Lazarus group.

In an updated post about the incident, the Ronin network, which is owned by developer group Sky Mavis, explains the US Department of Treasury and FBI have pinned the attack on Lazarus. “We are still in the process of adding additional security measures before redeploying the Ronin Bridge to mitigate future risk,” the post reads. “We expect to deliver a full post mortem that will detail security measures put in place and next steps by the end of the month.” Ronin says it will bring its bridge back online “by the end of the month.” The bridge allows users to transfer funds between other blockchains and Axie Infinity and has been blocked off since the attack.

As noted by Vice, the flagged wallet address currently contains over $445 million USD (148,000 Ethereum) and sent almost $10 million (3,302.6 ETH) to another address less than a day ago. Crypto transaction tracker Etherscan labels the address as “reported to be involved in a hack targeting the Ronin bridge.”

On March 29th, hackers made off with $625 million worth of Ethereum in one of the biggest crypto heists to date. According to cryptocurrency investigation group Chainanalysis, the Lazarus group is tied to North Korea’s intelligence agency and was responsible for seven attacks last year. The group gained notoriety for hacking Sony Pictures in 2014, leaking The Interview, a comedy set in North Korea directed by Seth Rogen. It later used Trojan malware to steal millions from ATMs across Asia and Africa in 2018 and has also been linked to WannaCry ransomware.

Repost: Original Source and Author Link

Categories
Security

Costa Rican president says country is ‘at war’ with Conti ransomware group

Ransomware — and particularly the Conti ransomware gang — has become a geopolitical force in Costa Rica. On Monday, the new Costa Rican president Rodrigo Chaves, who began his four-year term only 10 days ago, declared that the country was “at war” with the Conti cybercriminal gang, whose ransomware attack has disabled agencies across the government since April.

In a forceful statement made to press on May 16th, President Chaves also said that Conti was receiving help from collaborators within the country and called on international allies to help.

“We’re at war and this is not an exaggeration,” Chaves told local media. “The war is against an international terrorist group, which apparently has operatives in Costa Rica. There are very clear indications that people inside the country are collaborating with Conti.”

President Chaves’ declaration of war against Conti comes in the face of unusually belligerent rhetoric from the ransomware group, which stated its intent to “overthrow the government by means of a cyberattack.” In a message posted to the Conti website, the ransomware group urged citizens of Costa Rica to pressure their government to pay the ransom, which has been doubled from an initial $10 million to $20 million.

Over the period of the attack, the US government has also offered a bounty of up to $10 million for information that could identify or locate the main coordinators of the Conti group’s operations or $5 million for information leading to the arrest of any Conti member.

The severe impact of Conti’s attack on the Costa Rican government points to the continued ability of the largest ransomware groups to operate on a scale that can pose a threat to nation states and draw on funding reserves that allow them to buy their way into some of the most sensitive computer systems by bribing those with access.

“We’re at the point now where these ransomware groups make billions of dollars, so their ability to get access to these [networks] is only limited by their own desire,” said Jon Miller, CEO and co-founder of anti-ransomware software platform Halcyon. “Month after month, more of these groups are coming online. This is a drastically growing problem.”

As the Costa Rican crisis continues, more knock-on effects are reaching citizens of the country. Statements made by Chaves put the number of government agencies hit at 27, including the Finance Ministry and the Ministry of Labor and Social Security. One of the effects was that the government was unable to collect taxes through traditional means, Chaves said.

So far, the Costa Rican president has remained intransigent that the government will pay nothing to the ransomware gang. With neither side appearing to budge, the situation has reached a standoff — but one that will be closely watched by other governments hoping to avoid a similar fate.

Repost: Original Source and Author Link

Categories
Security

A teen is reportedly the mastermind behind the Lapsus$ hacking group

In recent weeks, the Lapsus$ hacking group has taken credit for accessing company data from Nvidia, Samsung, Ubisoft, Okta, and even Microsoft, and according to a new Bloomberg report, an England-based teenager might be the person heading up the operation.

“Four researchers investigating the hacking group Lapsus$, on behalf of companies that were attacked, said they believe the teenager is the mastermind,” Bloomberg said. However, the teenager, who apparently uses the online aliases “White” and “breachbase,” has not been accused by law enforcement, and the researchers “haven’t been able to conclusively tie him to every hack Lapsus$ has claimed,” Bloomberg said.

The teenager is apparently based about five miles outside of Oxford University, and Bloomberg says it was able to speak to his mother for ten minutes through a “doorbell intercom system” at the home. The teenager’s mother told the publication she did not know of allegations against him. “She declined to discuss her son in any way or make him available for an interview, and said the issue was a matter for law enforcement and that she was contacting the police,” Bloomberg said.

Lapsus$ apparently doesn’t just consist of the England-based teenager, though. Bloomberg reports that one suspected member is another teenager in Brazil and that seven unique accounts have been linked with the group. One of the members is apparently such a capable hacker that researchers thought the work was automated, one person involved in research about the group told Bloomberg.

According to cybersecurity expert Brian Krebs, a core member of Lapsus$, who may have used the aliases “Oklaqq” and “WhiteDoxbin,” also purchased Doxbin, a website where people can post or search for the personal information of others for the purposes of doxing. This WhiteDoxbin individual apparently wasn’t the best admin and had to sell the site back to its previous owner, but leaked “the entire Doxbin data set,” which led to the Doxbin community doxing WhiteDoxbin, “including videos supposedly shot at night outside his home in the United Kingdom,” Krebs reported.

Krebs also reports that this person may have been behind the EA data breach that took place last year. What may connect the person between Bloomberg and Krebs’ is the name “breachbase.”

From Krebs:

Back in May 2021, WhiteDoxbin’s Telegram ID was used to create an account on a Telegram-based service for launching distributed denial-of-service (DDoS) attacks, where they introduced themself as “@breachbase.” News of EA’s hack last year was first posted to the cybercriminal underground by the user “Breachbase” on the English-language hacker community RaidForums, which was recently seized by the FBI.

The full picture surrounding Lapsus$ is still murky, but I strongly urge you to read both Bloomberg and Krebs’ reports to learn more about what may be going on.

Repost: Original Source and Author Link

Categories
Security

Seven teenagers arrested in connection with the Lapsus$ hacking group

City of London Police have arrested seven teenagers due to their suspected connections with a hacking group that is believed to be the recently prolific Lapsus$ group, BBC News reports.

“The City of London Police has been conducting an investigation with its partners into members of a hacking group,” Detective Inspector Michael O’Sullivan of the City of London Police said in a statement to The Verge. “Seven people between the ages of 16 and 21 have been arrested in connection with this investigation and have all been released under investigation. Our enquiries remain ongoing.”

Lapsus$ has taken responsibility for some major security breaches at tech companies, including Nvidia, Samsung, Ubisoft, Okta, and Microsoft. On Wednesday, reports surfaced indicating an Oxford-based teenager is the mastermind of the group. City of London Police did not say if this teenager was among those arrested.

At least one member of Lapsus$ was also apparently involved with a data breach at EA, cybersecurity expert Brian Krebs reported on Wednesday in an extensive article about the group. Vice corroborated the group’s involvement in that breach in its own article on Thursday, noting that it was “emblematic of Lapsus$’s subsequent and massive hacks.”

The suspected mastermind’s identity was apparently revealed by angry customers doxing him. According to Krebs’ report, the group’s leader purchased Doxbin, a site where people can share or find personal information on others, last year, but was a poor owner of the site. He apparently gave up control in January but leaked “the entire Doxbin data set” to Telegram, and the Doxbin community retaliated by doxing him.

BBC News says it spoke to the teenager’s father, who was apparently unaware of his involvement with the group. “I had never heard about any of this until recently. He’s never talked about any hacking, but he is very good on computers and spends a lot of time on the computer,” the father said, according to BBC News. “I always thought he was playing games. We’re going to try to stop him from going on computers.”

Update March 24th, 12:05PM ET: Added City of London Police statement and additional context about the group.

Repost: Original Source and Author Link

Categories
Security

Destructive hacking group REvil could be back from the dead

There was a period in 2021 when the computing world was gripped by fear of a dizzyingly effective hacking group fittingly named REvil — until its website was seized by the FBI and its members arrested by Russia’s security services, that is. Yet like a malevolent curse that just can’t be dispelled, it now seems the group’s websites are back online. Has the group returned to spread discord and wreak havoc once again?

In case you missed them the first time around, REvil came to global attention by hacking into various high-profile targets, pilfering secret documents, then threatening their release unless a ransom was paid. In a notable case, the group stole and published files from Apple supplier Quanta Computer, including some that spilled the beans on unreleased product designs.

Now, it looks like REvil’s sites on the dark web are back in action. According to Bleeping Computer, REvil’s websites are up and running and filled with information new and old, including a list of previous hacking victims alongside a couple of new ones. The hacking group’s domains are accessible through the Tor Browser, which masks URLs to facilitate user privacy.

Security researchers became aware of the new activity while monitoring the hacking forum RuTOR, where they saw an advertisement promoting REvil’s services with a new website that redirects to its old domain. The group’s updated services include an apparently improved version of the REvil ransomware, along with an 80/20 revenue-sharing model.

Does this mean that the original REvil crew has somehow been resurrected for another round of high-profile hacks and mischief? Well, that’s not entirely clear. Aside from the fact that the group was gutted by multiple law enforcement investigations around the world, there are other reasons to be suspicious.

For one thing, the website’s code is littered with references to other hacking groups, which might imply that a different malware gang has somehow taken control of REvil’s website. Another possibility is that the new site is a “honeypot” maintained by law enforcement or some other group and designed to capture information about potential clients of REvil.

For now, the mystery remains unsolved. But if REvil is indeed back from the grave — or another hacking group has decided to take it over — it doesn’t bode particularly well for the future, especially considering the havoc caused by hacking group LAPSUS$ in recent months. If you want to stay safe, you can start by ensuring you’re protected by one of the best antivirus apps available and avoid clicking suspicious links on the web or in your emails.

Editors’ Choice




Repost: Original Source and Author Link