if you hear Rumors swirled this week that Netflix was finally cracking down on password sharing in the US and other markets, and you got it wrong — but only temporarily. The company told Wired that while it plans to make an announcement about limiting account sharing in the coming weeks, nothing has happened yet. Meanwhile, lawmakers in Congress are rushing to overhaul the system that handles classified U.S. government data as classified documents keep turning up in the wrong places.
This week we delved into the ransomware attack that crippled the digital infrastructure of Hackney Council in London. The attack happened more than two years ago, but the impact was such that local authorities are still trying to recover. Meanwhile, a future-looking project is developing prototype tracking satellites for real-world testing that could one day be used in space combat.
In other military news from the sky, we look at the apparent Chinese spy balloon over the US, and the pros and cons of using balloons as spying tools. If you want to improve your personal digital security this weekend, we’ve rounded up the most important software updates to install right now, including bug fixes for Android and Firefox.
Plus, there’s more. Each week we round up stories that we haven’t covered in depth ourselves. Click on a title to read the full story. And stay safe there.
If you’re searching Google for legitimate software downloads, your risk of clicking is even greater. Spamhaus, a spam and malware tracking nonprofit, said it had detected a “massive spike” in malware distributed through Google Ads over the past two months. This includes “malvertising” that appear to be genuine downloads for tools such as Slack, Mozilla’s Thunderbird email client, and the Tor browser. Security firm SentinelOne has further discovered a number of malicious loaders distributed through Google Ads, which researchers have collectively dubbed MalVirt. They say the MalVirt loader is used to distribute malware such as XLoader, which attackers can use to steal data from infected machines. Google told Ars Technica in a statement that it was aware of an increase in malvertising. “Resolving it is a top priority and we are working to resolve these incidents as quickly as possible,” the company said.
The FTC this week issued its first-ever fine under the Health Breach Notification Rule (HBNR). Online pharmacy GoodRx was ordered to pay a $1.5 million fine for allegedly sharing its users’ drug data with third parties such as Meta and Google without notifying those users of “unauthorized disclosures,” as required by HBNR. The FTC’s enforcement action follows investigations by Consumer Reports and Gizmodo into GoodRx’s data-sharing practices. In addition to violating the HBNR, GoodRx misrepresented its HIPAA compliance claims, the FTC alleges. GoodRx claims it addressed the heart of the FTC complaint years ago and has pleaded not guilty. “We disagree with the FTC’s allegations, and we do not admit to any wrongdoing,” a spokesperson told Gizmodo. “The settlement allows us to avoid the time and expense of protracted litigation.”
Microsoft announced this week that it has disabled the accounts of threat actors who were successfully verified under the Microsoft Cloud Partner Program. Impersonating legitimate businesses, threat actors use their verified account status to create malicious OAuth applications. “Apps created by these fraudsters were then used to agree to a phishing campaign that tricked users into granting permissions to the fraudulent apps,” Microsoft said in a blog detailing the issue. A subset of customers in the UK and Ireland.” The company said those behind the phishing attack may have used their access to steal emails and that all victims have been notified.
This week, researchers at security firm Saiflow exposed two vulnerabilities in a version of an open-source protocol used in the operation of many electric vehicle charging stations, called the Open Charge Point Protocol (OCPP). By exploiting a vulnerable instance of the OCPP standard used to communicate between chargers and management software, an attacker could take over a charger, disable a charger bank, or draw power from a charger for his own use. Saiflow said it is working with EV charger companies to mitigate the risk of the vulnerability.
The 37 million customers exposed by the recent T-Mobile hack may not be the only ones affected. Google notified customers of its Google Fi mobile service this week that hackers had obtained “limited” account information, including phone numbers, SIM card serial numbers, and their account information. The hackers did not have access to payment information, passwords or the content of communications, such as text messages. Still, it’s possible that this information could be used in a SIM swap attack. TechCrunch reported that the intrusion was detected by Google Fi’s “major network provider,” which noted “suspicious activity related to third-party support systems.” The timing of the hack came two weeks after the latest T-Mobile breach, suggesting the two are related.
