If you hear With rumors this week that Netflix was finally ending password sharing in the United States and other markets, you heard wrong — but only for now. The company told WIRED that it plans to make an announcement about restricting account sharing in the next few weeks, but nothing has happened yet. Meanwhile, lawmakers in Congress are eager to improve systems for handling classified U.S. government information as classified documents continue to be misplaced.
This week we took a deep dive into the ransomware attack that crippled London’s Hackney Council digital infrastructure. The attack took place two years ago, but it was so significant that the local authority is still working to recover. A more forward-looking project, meanwhile, is developing real-world test satellites that could one day be used in space wars.
In other military news from the skies, we examine the pros and cons of China’s spy balloon deployment over the US and the use of balloons as a surveillance tool. And if you’re looking to improve your personal digital security this weekend, we’ve got a roundup of the most important software updates to install right away, including fixes for Android and Firefox vulnerabilities.
Plus, there’s more. Each week we collect stories that we haven’t delved into ourselves. Click on headlines to read full stories. And stay safe out there.
If you’re looking for legitimate software downloads by searching Google, your clicks are more at risk. Spamhaus, a non-profit that tracks spam and malware, says it has seen a “significant increase” in malware spread through Google ads in the past two months. This includes “distortion” that looks like downloading legitimate tools like Slack, Mozilla’s Thunderbird email client, and the Tor browser. Security firm SentinelOne has identified a handful of malicious loaders distributed via Google ads, which researchers collectively call malware. Malware loaders are used to distribute malware such as XLoader, which an attacker can use to steal data from an infected machine. Google said in a statement to Ars Technica that it was aware of the increase in crashes. “Resolving the issue is a critical priority, and we are working to resolve these incidents as soon as possible,” the company said.
The Federal Trade Commission this week issued the first fine under the Health Breach Notification Rule (HBNR). Online pharmacy GoodRx was fined $1.5 million for sharing its users’ drug information with third parties such as Meta and Google without notifying its users of “unauthorized disclosures” as required by the HBNR. The FTC’s enforcement action follows investigations by Customer Reports and Gizmodo into GoodRx’s data sharing practices. In addition to violating the HBNR, GoodRx misrepresented its claims about HIPAA compliance, the FTC alleges. GoodRx says it fixed the issues at the heart of the FTC’s complaint years ago and rejects any admission of wrongdoing. “We disagree with the FTC’s allegations and deny any wrongdoing,” a spokesperson told Gizmodo. “Entering into the settlement allows us to avoid the time and expense of a lengthy trial.”
Microsoft announced this week that it has disabled the accounts of malicious actors who were able to authenticate through the Microsoft Cloud Partner Program. By masquerading as legitimate businesses, threat actors have used their authenticated account status to create malicious OAuth applications. “Apps created by these fraudulent actors were used in a license phishing campaign, tricking users into granting licenses to fraudulent apps,” Microsoft said in a blog post detailing the issue. “This phishing campaign primarily targeted a group of customers based in the United Kingdom and Ireland.” The company said the people behind the phishing attack used it to steal emails and notified all victims.
Researchers at security firm Cyflow this week uncovered two vulnerabilities in versions of the open-source protocol used by many electric-vehicle charging stations called Open Charge Point Protocol (OCPP). By exploiting vulnerabilities in the OCPP standard, which is used to communicate between chargers and management software, an attacker can hijack the charger, disable charging groups, or siphon electricity from the charger for their own use. Saiflow said it is working with EV charger companies to reduce the risk of exposure.
The 37 million customers exposed in the recent T-Mobile hack may not be the only ones affected by the breach. Google this week notified customers of its Google Fi mobile service that hackers had access to “limited” account information, including phone numbers, SIM card numbers and account information. Hackers did not access payment information, passwords or communications content such as text messages. Still, the data can be used for SIM swap attacks. TechCrunch reports that the attack was discovered by Google Fi’s “major network provider” and noticed “suspicious activity related to third-party support systems.” The timing of the hack, which comes two weeks after the latest T-Mobile breach, suggests the two are related.
