Connect with us

SECURITY

Zuckerberg Disputes Facebook’s Role in Societal Division at Munich Security Conference

Published

on

zuckerberg disputes facebooks role in societal division at munich security conference

In the wake of the 2016 US Presidential election, social media – and Facebook specifically – has been blamed for causing increased angst and societal division, with the spread of ‘fake news’, foreign interference, filter bubbles and more, all reportedly being exacerbated by the rising use of social apps.

But is that true? Does Facebook really play such a significant role in the modern news dissemination process that it now has the power to shift the opinion of the electorate – or are we just looking to append blame for divisions that have always existed?

The latter is where Facebook is now leaning, and late last week, at the Munich Security Conference, Facebook CEO Mark Zuckerberg provided a few rebuttals on suggestions that his platform has been the cause of such concerns.

On political activist groups:

“We take down now more than a million fake accounts a day across our network. […] The vast majority are not connected to a state actor trying to interfere in elections, they’re a combination of spammers and people trying to do different things.”

On confirmation bias:

Advertisement

“People are less likely to click on things and engage with them if they don’t agree with them. So, I don’t know how to solve that problem. That’s not a technology problem as much as it is a human affirmation problem.”

On echo chambers:

“The data that we’ve seen is actually that people get exposed to more diverse views through social media than they were before through traditional media through a smaller number of channels.”

The latter comment relates to study which has also been referenced by Facebook’s COO Sheryl Sandberg and former Facebook mobile ads chief Andrew Bosworth – in an internal study to examine the impacts of filter bubbles, Facebook found that 26% of the news content that users see in their Facebook feeds represents “another point of view”, which makes them significantly more likely to be exposed to more perspectives on Facebook than they would via traditional media distribution, as opposed to narrowing their scope.

So Facebook’s not to blame – foreign actors seeking to manipulate voters have not been a major influence on voting behavior, Cambridge Analytica was a ‘non-event‘, misinformation from candidates was not “a major shortcoming of political advertising” on the platform in 2016 (hence Facebook’s decision to exempt political ads from fact-checks in 2020), people are not having their established views reinforced by Facebook’s algorithm showing them more of what they agree with, and less of what they don’t.

Facebook, in this respect, doesn’t see itself as being a cause of societal division – but then again, Zuck and Co. may be neglecting a significant part of the equation, of which Facebook is indeed playing a major role.

Advertisement

In a leaked internal memo, which The New York Times got access to last month, Facebook’s now head of VR and AR Andrew Bosworth noted that while users are exposed to more perspectives on Facebook, that’s not necessarily a good thing:

“Ask yourself how many newspapers and news programs people read/watched before the internet. If you guessed “one and one” on average you are right, and if you guessed those were ideologically aligned with them you are right again. The internet exposes them to far more content from other sources (26% more on Facebook, according to our research). This is one that everyone just gets wrong. The focus on filter bubbles causes people to miss the real disaster which is polarization. What happens when you see 26% more content from people you don’t agree with? Does it help you empathize with them as everyone has been suggesting? Nope. It makes you dislike them even more.”

This is a significant admission that many overlooked – here, Bosworth is saying that Facebook knowingly exposes its users to a lot more content that they disagree with, which subsequently solidifies them further within their own, entrenched beliefs.

Why would Facebook do that? If Facebook knows that users are only going to become more angry when they see more posts that they disagree with, why would Facebook allow this to happen?

This finding, from a study into what makes content more shareable online, conducted back in 2010, could have something to do with it:

The results suggest a strong relationship between emotion and virality: affect-laden content – regardless of whether it is positive or negative – is more likely to make the most emailed list. Further, positive content is more viral than negative content; however, this link is complex. While more awe-inspiring and more surprising content are more likely to make the most emailed list, and sadness-inducing content is less viral, some negative emotions are positively associated with virality. More anxiety- and anger-inducing content are both more likely to make the most emailed list. In fact, the most powerful predictor of virality in their model is how much anger an article evokes.”

Advertisement

Anger is the most powerful predictor of virality – so content which incites anger is the most likely to be shared online.

For Facebook, engagement is everything – connecting more users to content that sparks engagement, through comments, Likes and shares, is the key focus of Facebook’s News Feed algorithm. The impetus for Facebook is clear – the more engagement it can generate, the more time people spend on its platforms, and the more ads it can then show them while they’re there. And while using anger as the lure may seem like a risk, because people, you’d assume, will eventually get fatigued and stop logging on, the findings in the above survey actually perfectly align with what most people see in their Facebook feeds.

Inspirational quotes, stories of people overcoming the odds, video tales of street dogs and cats brought back to health – these types of positive stories do well, and regularly gain traction in the Facebook ecosystem. As do the opposite – anger-inducing reports of political controversies, which spark masses of responses, and trigger furious debates in the comments.

Facebook knows that these types of posts do well, and if it can maintain the balance between showing you a little of each every time you log on, you’ll probably keep coming back.

So while Facebook might be looking to avoid the blame for increasing societal divides, it actually has a lot of incentive to provoke such, and keep provoking them in order to keep you interacting. Again, anger is the most powerful predictor of virality. And Facebook, very clearly, knows this.

But of course, it doesn’t stop there – with social media now outpacing print newspapers as a key news source in the US, and more Americans now getting news content from Facebook specifically, the publications themselves have had to adjust. Most publishers now get a significant amount of their revenue from online distribution, primarily through ads – and in order to maximize ad clicks, and expose more people to more ad content, the publications themselves have also learned what goes viral and how that can get them more attention.

Advertisement

In this system, the publications are also incentivized to produce more divisive, partisan content, because again, that’s what sparks engagement, sparks shares, and what ultimately gets more people to click through to their sites. The whole online media chain is largely built around fueling division – so if you’re wondering, after the results of the 2020 US Presidential Election come in, why this candidate did so well, and that one did so poorly, this is more likely where you should be looking.

So what does that mean for political candidates? Well, there’s a reason why the Trump campaign spent $20 million on Facebook ads in 2019 alone.

Trump campaign ad

As noted, ads which spark anger see more engagement on Facebook, so using divisive political messaging like this is extremely powerful for the Trump campaign. In this sense, political organizations would likely see more success by adopting a similar playbook – taking a firm stance on one side of an issue, simplifying it into a singular message, and accepting that some people are going to be upset, and dislike you because of it. Those who agree will be more solidified in their support by seeing the responses it generates, while those opposed probably weren’t going to vote for you anyway.

In the Facebook age, simplifying the complex in political messaging is key, and emotional response is the surest path to achieving cut-through, even if it does come with the risk of dividing the electorate.

You could take a similar stance in social media marketing for brands – already, various surveys and reports have indicated that younger audiences feel more aligned to ‘socially conscious’ brands, with 68% of Gen Z consumers expecting brands to contribute to society.

But is that because more brands are doing so, or because the ones that are are sparking more engagement with their content, expanding their brand awareness and solidifying their base of support.

For example, if you were to create the below two variations of a deodorant ad:

Advertisement
Deodorant example

Which do you think would perform better on Facebook, based on the above overview?

The one on the right would ‘trigger’ more people, and likely prompt significantly more response. Whether that would result in more sales is another thing, but with strong links between brand awareness and sales, it could be worth the risk – granted, of course, that such political messaging is, in fact, in line with a stance that your business wants to adopt. Either way, it’s a big jump to take.

It also further underlines the point – while playing into the psychology of social sharing could help you get more traffic, it also, again, adds to underlying societal division. That’s not a good thing, but the motivations behind such are evident.     

So how do you fix it? That’s a far bigger challenge – if you were to remove Facebook from the equation, other platforms would still exist, other sources would take its place, and the broader shift in online news distribution, and the motivations for gaining traffic, would still remain. While there remains an incentive to drive division, and use anger to spark engagement, such problems will persist – and as more and more content consumption shifts online, it’s hard to see it becoming less of a problem any time soon.

But in considering your own behavior, whenever you go to comment, to share, whenever you go to say something about the latest controversy online, it’s worth noting the impetus behind such. 

The response that you feel in that moment was the entire aim of the post, comment or ad. So how do we get more people to reconsider anger in the face of blatant provocation?    

Socialmediatoday.com

Advertisement
Keep an eye on what we are doing
Be the first to get latest updates and exclusive content straight to your email inbox.
We promise not to spam you. You can unsubscribe at any time.
Invalid email address

SEO

Security Experts Sound the Alarm: WormGPT and FraudGPT Merely Scratch the Surface

Published

on

WormGPT, FraudGPT Are Just the 'Tip of the Iceberg,' Warn Security Experts

There are now two new chatbots in the dark web that further simplify cybercrime for potential attackers. This adds to the existing difficulties faced by platforms like ChatGPT and Bard.

Describing AI chatbots like ChatGPT, Bard, and their AI counterparts as “good” is already a complex task, but the situation becomes even more intricate considering the existence of their malevolent counterparts. Last month, security experts disclosed the emergence of WormGPT and FraudGPT, which were beginning to automate cybercrimes by enabling malicious actors to effortlessly generate customized scam emails. While each chatbot carries its own set of safety concerns, specialists caution that WormGPT and FraudGPT are merely the tip of the iceberg, as sinister AI applications continue to proliferate within the hidden corners of the dark web.

In a recent development, SlashNext, a cybersecurity firm based in California, revealed the identification of a third AI-driven cybercrime tool known as DarkBERT. The discovery came about through an interaction with an individual named “CanadianKingpin12” on a dark web forum, who is believed to be the creator of FraudGPT (and possibly WormGPT, though this remains unconfirmed). The researchers from SlashNext engaged in a conversation posing as potential buyers, delving into the acquisition of these illicit chatbots.

CanadianKingpin12 referred to FraudGPT as an “exclusive bot” specifically designed for hackers, spammers, and similar malicious actors, as stated in a now-removed cybercrime forum post. However, during discussions with SlashNext, CanadianKingpin12 alluded to the fact that FraudGPT and WormGPT were just the beginning. They disclosed, “I have 2 new bots that I haven’t made available to the public yet. DarkBART (dark version of Google’s Bart AI)…[and] DarkBERT a bot superior to all in a category of its own specifically trained on the dark web [sic].”

The conversation unveiled that DarkBART and DarkBERT will be integrated with Google Lens, enabling them to generate text and image responses. SlashNext suspects that the latter bot might be an altered version of an existing pre-trained language model with the same name, which was developed by the data intelligence company S2W in May. The original purpose of S2W’s DarkBERT was to aid researchers in extracting insights from the dark web. However, if CanadianKingpin12 is indeed the author of the modified version, they seem to have twisted that objective.

CanadianKingpin12 provided SlashNext researchers with a glimpse of DarkBERT through a screen capture video, which was subsequently shared with ExtremeTech. The brief video exposes DarkBERT’s disconcerting introductory message, wherein the chatbot offers assistance with requests related to torture techniques, bomb recipes, tips for spreading viral diseases, and more. “Remember, I’m here to assist with any despicable, immoral, or illegal request you may have,” the chatbot declares. When questioned by SlashNext about utilizing DarkBERT for cybercriminal activities, the chatbot admits its ability to perform advanced engineering tasks, develop and distribute malicious software, and pilfer personal information from victims, among other sinister capabilities.

Advertisement

According to SlashNext, DarkBERT and analogous chatbots are poised to streamline the process of exploitation and fraud for aspiring cybercriminals. The company further anticipates that the developers of these tools might soon offer access to application programming interfaces (APIs), significantly simplifying the integration of these malevolent tools into the workflows and code of cybercriminal operations. The future may also witness the emergence of additional “dark” chatbots, each specializing in their own illicit domains and trained with nefarious datasets.

Keep an eye on what we are doing
Be the first to get latest updates and exclusive content straight to your email inbox.
We promise not to spam you. You can unsubscribe at any time.
Invalid email address
Continue Reading

SECURITY

Database Security Best Practices: The Essential Guide

Published

on

database-security-best-practices:-the-essential-guide

In 2021, an F-35 fighter jet is more likely to be taken out by a cyberattack than a missile. In the digital age, the threat of an attack is everywhere and constantly growing. If your company or agency fails to adhere to database security best practices, you risk a lot. Items at risk include your valuable data, public trust and your brand’s good name.

Forbes reports that 78% of companies lack confidence in their current security posture, pointing out that cyber crime surged during 2020.

Read on as we explore the benefits of database security. What network security best practices can you use to safeguard against threats? In the end, you’ll have the blueprint to keep your data safe and your users and customers happy.

What Is Database Security?

Database security is an information security methodology that includes tools, controls and processes. It is used to uphold the confidentiality, integrity and availability of database management systems by protecting them against unauthorized access, illegitimate use and malicious cyberattacks.

This means it helps protect several critical assets:

  • The database management system
  • The data in the database
  • Any related applications or integrations
  • The database servers (both physical and virtual)
  • The hardware
  • The computing and network infrastructure people use to access the database.

When a database is easier to access and use, it is more at risk from threats. As security teams increase protection measures, the database becomes more resistant to threats. The caveat is it also becomes more difficult to access and use.

However, despite the potential friction in the user experience, organizations have little choice but to err on the side of caution now. Data breaches are a regular occurrence in recent years, as bad actors and high-tech cyberattacks are prevalent.

Advertisement

The Benefits of Database Security

There was a 430% growth in next-gen cyber attacks in 2020. As technologies advance, cybercriminals experiment with new strategies to attack and breach networks. And so, security teams must remain vigilant to fend off damaging attacks.

Here are four reasons to maintain a proactive approach to database security in 2021 and beyond:

Data Protection Is Asset Protection

A database breach is no small event. Whether it’s an insider threat or a threat actor that gains access to your network, threat actors can quickly wreak havoc in a database.

A surge of ransomware attacks in 2020 hit the education and health care sectors hard, with some targets facing ransoms of up to $40 million. Another problem is the threat of direct denial-of-service attacks. This is a worry for retail companies riding the waves of a resurgent e-commerce industry.

When you invest more resources in devising more robust database security, you can prevent breaches and reduce the chances of attacks like viruses, ransomware and firewall intrusion.

Reducing Human Error Improves Data Security

According to a Varonis report, 95% of cybersecurity breaches are the result of human error. Today, 30,000 websites are breached every day. Companies have enough worries without someone on their own team leaving the back door open.

Advertisement

Thankfully, database security and automation go hand-in-hand. Machine learning technology and automated detection help you detect and identify vulnerabilities and security threats in real-time. With quicker insights and more accurate monitoring and analysis, there is less chance of false positives and more chance that you can react in time to prevent genuine cyberattacks.

As you use automation with database security, you can free up your team to focus on other tasks and get protection around the clock. You can also use intelligent automation to manage security patches, which further reduces human error and saves time and costs.

Strengthen Customer Relationships

Data privacy is much more than a box-ticking exercise to keep the regulatory bodies happy. Consumers are cautious about what they share online and who they share it with. That makes database security vital for building trust with your target market.

Deloitte says 73% of consumers are more open to sharing details if they feel an organization is transparent about how they will use the data. So, address people’s concerns around privacy. Be clear about how you intend to use data to improve the user experience. That way, you can build stronger connections with your customers.

Protect Your Brand’s Name With Data Security

It may be a data-driven age, but the customer is still king. If you lose the trust of your customers, it’s hard to get it back. SecureLink reports 87% of consumers will never do business with a company again after being hit with a data breach. Just as trust can foster customer loyalty, the loss of trust can send them running to your rivals.

People want to know that what they share will remain protected and private. If they have any doubts on this front, you may struggle to attract customers or scale your business. Once people see an organization in a bad light where data privacy is considered, it’s almost impossible to recover.

Advertisement

10 Essential Database Security Best Practices

It’s clear why database security matters in 2021. But how can you improve your security posture to become more cyber resilient?

Here are 10 database security best practices you can start using. The sooner you put these in play, the more prepared you will be.

Keep Your Database Servers Separate

Do you keep your data and website on the same server? If so, you run the risk of losing everything in one swoop. For example, an attacker could compromise your e-commerce store website and then move sideways in the network to access your database.

Avoid this pitfall by keeping your database servers isolated. Not only should it be on a separate physical machine, but it should not be connected to any other server or application.

Add an HTTPS Proxy Server

A proxy server is a specific application that evaluates and routes HTTP requests from workstations to the database server. You can think of it as the gatekeeper that prevents unauthorized access.

With the rise in online business, e-commerce and information sharing, proxy servers are a vital tenet of database security. Add this feature to your security infrastructure to encrypt all data and offer users more peace of mind when sharing sensitive information like their passwords or payment details.

Advertisement

One Firewall Isn’t Enough for Good Data Protection

A firewall denies traffic by default, offering a robust first layer in your database security framework. You can protect your database with a firewall, but it won’t stop SQL injection attacks. These attacks may come from a permitted web application, enabling the perpetrator to sneak in or delete data in your database.

Therefore, you’ll need to add more than one type of firewall. Most of the time, these three will cover your network:

  • Packet filter firewall
  • Stateful packet inspection
  • Proxy server firewall.

Just remember to configure them correctly and keep them updated.

Update all Software and Applications Often

Most (95%) websites use outdated software products. Whether it’s a WordPress plugin or legacy software, too many businesses leave their networks exposed to attacks with dated software.

Make a habit of updating all plugins, widgets and third-party apps on your site and network. Also, avoid using any software that the developer doesn’t update often.

Be Proactive With Real-Time Database Monitoring

Database security is all about remaining vigilant. The more you monitor, the less you miss. With reliable real-time monitoring software, you can conduct the following security activities:

  • Monitor all operating systems login attempts
  • Periodic reviews of all logs to check for oddities
  • Create alerts to notify the security team of any potential threat or suspicious behavior
  • Devise escalation protocols to ensure your sensitive data remains safe in the event of an attack.

Create Backups and Use Data Encryption Protocols

No doubt you know about the importance of encrypting stored data. However, many people don’t realize how crucial it is to encrypt data when it’s on the move.

Make sure you create backups on a schedule and store these encrypted backups apart from the decryption keys. That way, even if your data falls into the wrong hands, the information will stay safe.

Advertisement

Keep a Close Eye on Ports (and Stop Using Default Ports)

Default network ports are somewhat of an Achilles’ heel in modern database security. Attackers will target these ports with brute force attacks, which use automation to try every combination of password and username to gain access. Data-stealing ransomware PonyFinal uses this method to breach networks.

Make sure all ports are closed unless using them for an active business case that you have documented, reviewed and approved. You should monitor all ports in your network and investigate any strange incidents or unexpected open ports right away. Lastly, stop using default ports. It’s not worth the risk.

Good User Authentication Is Good Data Security

Passwords offer a thin defense but aren’t enough on their own. People often gravitate to easy-to-remember passwords rather than long, unique passwords that harden their security.

You can tighten access by employing multi-factor authentication. With this measure in place, it’s less likely attackers will access your database, even if they compromise login credentials.

Don’t Overlook Physical Database Security Measures

While the world shifts to the cloud, physical servers are not without their merits. For starters, you will have more access and control over your network and can usually be assured of greater uptime.

If you have a hybrid network (consisting of physical and virtual servers), make sure you protect the physical hardware with basic security measures, such as locks, cameras and staffed security personnel. You can also monitor access to the servers and log all entrances.

Advertisement

Try Attacking Yourself: Penetration Testing and Red Teaming

When you have your cybersecurity framework and protocols in place, and your team adheres to database security best practices, it’s time to put them to the test.

Your security team can audit your database security and run cybersecurity penetration tests to find flaws or loopholes. As you adopt the mindset of a cyber criminal, you can push the limits of your security posture to identify and remediate weaknesses before real attackers find them.

Database Security Best Practices

As the nature of cyberattacks evolves, the challenge of keeping threats at bay gets more complicated. What kept your data and network safe last year may not work next year.

Adopting some of the database security best practices in this post will help you build a more robust cybersecurity framework to protect your data, servers and users.

Ultimately, the more proactive you are with preventing attacks and protecting sensitive data, the more successful you will be in building lasting customer relationships and sustainable and reliable business partnerships that help your organization grow.

Advertisement
Keep an eye on what we are doing
Be the first to get latest updates and exclusive content straight to your email inbox.
We promise not to spam you. You can unsubscribe at any time.
Invalid email address
Continue Reading

GOOGLE

Google Issues Warning For 2 Billion Chrome Users

Published

on

Main Article Image - Google Chrome

Chrome’s 2.6 Billion users need to be alert again (for the 2nd time in a week), as Google has confirmed multiple high-level hacks to the browser.

Just days after Chrome’s 12th (and 13th) ‘zero-day’ exploits this year were discovered, Google published a blog post that revealed four vulnerabilities. Users must take immediate action.

Google currently restricts information about hacks in order to make it easier for Chrome users to upgrade. This is a standard practice. We have only the following information:

  • High – CVE-2021-37977 : Use after free in Garbage Collection. Report by Anonymous, 2021-09-24
  • High CVE-2021-377978 : Blink buffer overflow. Reported by Yangkang, @dnpushme, of 360 ATA on 2021/08/04
  • High CVE-20237979 : WebRTC buffer overflow. Report by Marcin Towalski, Cisco Talos, on 2021-09/07.
  • High – – Inappropriate Implementation in Sandbox. Reported by Yonghwi Jin, @jinmo123, on 2021-09-30

These descriptions don’t offer much insight, but it’s interesting to see Chrome continue to be attacked with ‘Use After-Free’ ( UAF). In September, the browser was subject to double-digit UAF attacks. This month, hackers exploited a zero day UAF flaw in chrome.

It was less surprising to see a pair Heap buffer overload exploits listed. This is a memory vulnerability, also known as Heap Smashing. However, it is not a common avenue for Chrome hackers in recent months. The heap contains program data and is dynamically allocated. Critical data structures may be overwritten by an overflow making it a prime target for attackers.

Google responded by releasing a critical update. Google warns Chrome users that rollouts will be delayed so that not all will be protected immediately. To verify if you are safe, go to Settings >Help > About Google Chrome. You are safe if your Chrome version is at least 94.0.4606.81. You can still update your browser if the update is not available.

Remember the last step after you have updated Chrome: Chrome cannot be restarted until it is safe again. This makes it a two-way operation. Google can speed track fixes to Chrome hacks but users will not be protected if they do not restart their browsers after updating. Hackers count on this false sense of security. Go check your browser now.

Advertisement

First seen at: Forbes

Keep an eye on what we are doing
Be the first to get latest updates and exclusive content straight to your email inbox.
We promise not to spam you. You can unsubscribe at any time.
Invalid email address
Continue Reading

Trending

Follow by Email
RSS