If you heard rumblings this week that Netflix is lastly cracking down on password sharing within the United States and different markets, you heard wrong—but only for now. The firm informed WIRED that whereas it plans to make an announcement within the subsequent few weeks about limiting account sharing, nothing has occurred but. Meanwhile, lawmakers in Congress are eager to overhaul systems for dealing with secret US government data as categorised paperwork hold turning up within the incorrect locations.

We did a deep dive this week right into a ransomware attack that crippled the digital infrastructure of London’s Hackney Council. The assault occurred greater than two years in the past, nevertheless it was so impactful that the native authority remains to be working to recuperate. A venture that’s trying far into the long run, in the meantime, is developing prototype pursuit satellites for real-world testing that would sometime be utilized in area battles.

In different army information from the skies, we examined the situation with the apparent Chinese spy balloon over the US and the professionals and cons of utilizing balloons as espionage instruments. And if you wish to enhance your private digital safety this weekend, we’ve bought a roundup of the most important software updates to install right away, together with fixes for Android and Firefox vulnerabilities.

Plus, there’s extra. Each week we spherical up the tales we didn’t cowl in-depth ourselves. Click on the headlines to learn the total tales. And keep secure on the market.

If you’re on the lookout for legit software program downloads by looking Google, your clicks simply bought riskier. The spam- and malware-tracking nonprofit Spamhaus says it has detected a “massive spike” in malware unfold by way of Google Ads previously two months. This contains “malvertizing” that seems to be genuine downloads of instruments like Slack, Mozilla’s Thunderbird e mail consumer, and the Tor Browser. Security agency SentinelOne further identified a handful of malicious loaders unfold by way of Google Ads, which researchers collectively dubbed MalVirt. They say MalVirt loaders are used to distribute malware like XLoader, which an attacker can use to steal information from an contaminated machine. Google informed Ars Technica in a press release that it’s conscious of the malvertizing uptick. “Addressing it is a critical priority, and we are working to resolve these incidents as quickly as possible,” the corporate mentioned.

The Federal Trade Commission this week issued its first-ever positive beneath the Health Breach Notification Rule (HBNR). Online pharmacy GoodRx was ordered to pay a $1.5 million positive for allegedly sharing its customers’ treatment information with third events like Meta and Google with out informing these customers of the “unauthorized disclosures,” as is required beneath the HBNR. The FTC’s enforcement motion follows investigations by Consumer Reports and Gizmodo into GoodRx’s data-sharing practices. In addition to violating the HBNR, GoodRx misrepresented its claims of HIPAA compliance, the FTC alleges. GoodRx claims it mounted the problems on the coronary heart of the FTC’s grievance years in the past and rejects any request for forgiveness. “We do not agree with the FTC’s allegations and we admit no wrongdoing,” a spokesperson informed Gizmodo. “Entering into the settlement allows us to avoid the time and expense of protracted litigation.” 

Microsoft this week introduced that it had disabled accounts of risk actors who managed to get verified beneath the Microsoft Cloud Partner Program. Posing as reliable companies, the risk actors used their verified account standing to create malicious OAuth functions. “The applications created by these fraudulent actors were then used in a consent phishing campaign, which tricked users into granting permissions to the fraudulent apps,” Microsoft mentioned in a weblog detailing the difficulty. “This phishing campaign targeted a subset of customers primarily based in the UK and Ireland.” The firm says the folks behind the phishing assaults doubtless used their entry to steal emails and that it has notified all victims.

Researchers on the safety agency Saiflow this week exposed two vulnerabilities in variations of the open supply protocol used within the operation of many electric-vehicle charging stations, referred to as the Open Charge Point Protocol (OCPP). By exploiting weak cases of the OCPP customary, which is used to speak between chargers and administration software program, an attacker may take over a charger, disable teams of chargers, or siphon off electrical energy from a charger for their very own use. Saiflow says it’s working with EV charger firms to mitigate the dangers of the vulnerabilities.

The 37 million prospects uncovered by the most recent T-Mobile hack might not be the one folks impacted by the breach. Google this week knowledgeable prospects of the Google Fi cellular service that hackers had obtained “limited” account data, together with cellphone numbers, SIM serial numbers, and details about their accounts. The hackers didn’t entry cost data, passwords, or the contents of communications, like textual content messages. Still, it’s attainable the knowledge may have been used for SIM swap attacks. TechCrunch experiences that the intrusion was detected by Google Fi’s “primary network provider,” which observed “suspicious activity relating to a third-party support system.” The timing of the hack, which comes two weeks after the newest T-Mobile breach, suggests the 2 are associated.