MoviePass Settles with FTC Over Fraud, Data Security Issues

MoviePass, which shut its doors in January 2019, just settled with the Federal Trade Commission over allegations that it prevented customers from using the service as advertised and did not protect their data privacy. The company offered users one movie ticket per day for any movie at any theater for $9.95 a month but soon had to raise subscription fees and limit movie tickets. The FTC accused the company of deceptively marketing its services, invalidating customer passwords to prevent users from obtaining tickets, and failing to secure user data. Continue reading MoviePass Settles with FTC Over Fraud, Data Security Issues

Netflix Battles New Rivals, Cracks Down on Password Sharing

Netflix, with 207.6 million global subscribers, still dominates streaming video. But the growing number of rivals, including Disney+, HBO Max, Paramount+, Apple TV+, Amazon Prime Video and Hulu, is beginning to chip away at its position. Netflix reported four million new subscribers in Q1 2021, below the six million it predicted; it expects only one million new customers in the current quarter. It is also cracking down on password-sharing, but co-chief executive Reed Hastings said the process won’t be aggressive. Continue reading Netflix Battles New Rivals, Cracks Down on Password Sharing

Netflix Running Test to Curb Unauthorized Password Sharing

Netflix is reportedly considering a move to enforce one of its terms of service: that a customer’s account credentials cannot be shared with individuals beyond the account holder’s household. The company recently introduced a limited test that displays a warning that reads, “if you don’t live with the owner of this account, you need your own account to keep watching.” It next prompts viewers with three options: to get an email or text verification code to authenticate the account, click on a button to verify later, or sign up for a new account. Continue reading Netflix Running Test to Curb Unauthorized Password Sharing

Twitter Hack Technique Is Being Replicated for Other Attacks

Last month, three alleged hackers were arrested for manipulating Twitter to control 45 accounts of high-profile figures including Jeff Bezos, Joe Biden and Elon Musk. Now, the technique these young malefactors used — dubbed “phone spear phishing” — is being used by so many other bad actors that experts dub it a crime wave. Phone spear phishing, also known as “vishing,” a mashup of “voice phishing,” has been used this last month to attack banks, web hosting companies and cryptocurrency exchanges, said investigators. Continue reading Twitter Hack Technique Is Being Replicated for Other Attacks

Latest Twitter Hack Puts Spotlight on Internal Security Issues

Since 2015, Twitter chief executive Jack Dorsey and the company board have been warned annually about internal cybersecurity risks. In fact, there are about 1,500 employees plus contractors with the power to make changes in 186 million daily user accounts, and the company had experienced breaches due to internal sources. Then, on July 15, hackers tricked employees to compromise 130 Twitter accounts, including those of Jeff Bezos, Joe Biden, Barack Obama and Elon Musk, stealing data from eight unidentified accounts. Continue reading Latest Twitter Hack Puts Spotlight on Internal Security Issues

ThiefQuest Is New Ransomware and Spyware Aimed at Macs

K7 Labs malware researcher Dinesh Devadoss discovered a new form of malware aimed at Mac computers. ThiefQuest (originally dubbed EvilQuest, until researchers discovered that’s the name of a Steam game) isn’t simply ransomware but also contains spyware that allows it to exfiltrate an infected computer’s files, search it for passwords and cryptocurrency wallet data, and nab passwords and credit card numbers. Even after a computer reboots, the spyware lingers as a backdoor that could be used for a second-stage attack. Continue reading ThiefQuest Is New Ransomware and Spyware Aimed at Macs

Apple Drops iCloud Encryption Plan Based on FBI Concerns

According to six sources, in response to FBI concerns, Apple dropped the plan to allow iPhone users to encrypt backups in its iCloud service. Although this took place two years ago, it is just now being reported. Stress between Apple’s stance on privacy and law enforcement’s push to have access to its phones re-emerged a few weeks ago when a Saudi Air Force officer killed three Americans at Naval Air Station Pensacola. U.S. attorney general William Barr and President Donald Trump urged Apple to unlock the killer’s two iPhones. Continue reading Apple Drops iCloud Encryption Plan Based on FBI Concerns

Pay TV and Cable Companies Aim To Limit Password Sharing

HBO, Netflix and major cable companies have joined forces to crack down on password sharing. The group is discussing ways to close that loophole, which, with piracy, is costing them a projected $6.6 billion in lost revenue this year. According to sources, among the potential measures are to require customers to periodically change their passwords, or to text codes to subscribers’ phones that they’d need to enter. Another option would be to make rules on devices that can be used to access a subscription outside the home. Continue reading Pay TV and Cable Companies Aim To Limit Password Sharing

Google Debuts New Tools to Protect Personal Data Privacy

For Cybersecurity Awareness Month, Google is introducing three tools to give users more control over their data when using Google Assistant, Google Maps and YouTube. Maps will roll out “incognito mode” for Android users this month and include iOS users soon. YouTube will feature the “rolling auto-delete” feature available for location and web data history. The company will also build its password checkup into account controls, to make it easier for the user to determine if her logins have been part of a security breach. Continue reading Google Debuts New Tools to Protect Personal Data Privacy

Exposed Database of Facebook User Data Is Found Online

More than 419 million records of Facebook users in the United States, United Kingdom and Vietnam — including Facebook IDs and user phone numbers — were recently found online (although Facebook disputes that number). The exposed server was reportedly not password-protected, which suggests the database was accessible to anyone. The server contained user data across multiple databases that could potentially enable spam calls and SIM-swapping attacks. According to Facebook, the breach involved user data collected prior to the introduction of new security measures. The company has since taken the exposed data set offline.  Continue reading Exposed Database of Facebook User Data Is Found Online

Cable Providers Update Boxes to Retain Fleeing Customers

With its Xfinity X1, Comcast has remade the traditional cable box, with a voice-enabled remote that allows search across live TV, on-demand and sources such as Netflix. It combines the multiple apps, passwords and monthly fees of streaming services into one place, with one bill. Perhaps we don’t need to get rid of cable, but rather to improve it. With the advent of ever-more choices from Apple, Amazon, Roku to Verizon and T-Mobile, the major cablecasters have the chance to bring their services into the modern TV age. Continue reading Cable Providers Update Boxes to Retain Fleeing Customers

‘Glitch’ Exposes Millions of Facebook Passwords Internally

Security researcher Brian Krebs revealed that up to 600 million passwords of Facebook users were mistakenly stored in plain text and accessible by up to 20,000 Facebook employees. The passwords were reportedly logged and stored without encryption. KrebsOnSecurity explained yesterday that in some cases, passwords were searchable as far back as 2012. Facebook says it has resolved a “glitch” that may be responsible for the problem and will be notifying users of Facebook, Facebook Lite and Instagram. The company said that its internal investigation did not uncover any misuse of the data. Continue reading ‘Glitch’ Exposes Millions of Facebook Passwords Internally

Congress Introduces IoT Bill to Protect Connected Devices

Congress introduced the Internet of Things Cybersecurity Improvement Act yesterday, in an effort to position legislative power behind securing connected devices. Defense Intelligence Agency director Lieutenant General Robert Ashley told lawmakers last year that IoT devices are considered one of the “most important emerging cyberthreats” to national security. Without a national standard for IoT security, we need to rely on steps taken by individual companies. The legislation, which was first introduced in 2017, would require security standards for IoT devices used by the federal government. Continue reading Congress Introduces IoT Bill to Protect Connected Devices

Password-Free Logins Getting Closer to Becoming a Reality

WebAuthn, with the approval of the World Wide Web Consortium (W3C) and the FIDO Alliance, just became an official web standard for password-free logins. After W3C and the FIDO Alliance first introduced it in November 2015, WebAuthn gained the support of many W3C contributors including Airbnb, Alibaba, Apple, Google, IBM, Intel, Microsoft, Mozilla, PayPal, SoftBank, Tencent and Yubico. With WebAuthn, which is supported by Android and Windows 10, users can log-in via biometrics, mobile devices or FIDO security keys. Continue reading Password-Free Logins Getting Closer to Becoming a Reality

Google Adopts Open-Source, Secure Password-Less Logins

The FIDO Alliance, a consortium for open source authentication standards, is trying to make passwords obsolete, expanding its secure login protocols. Its efforts were boosted by Google’s announcement that it added certified support for the FIDO2 standard, impacting the vast majority of devices running Android 7 or later. That means owners of these Android 7-based devices should be able to log in seamlessly without passwords on mobile browsers such as Chrome. Websites can now be designed to interact with FIDO2 management. Continue reading Google Adopts Open-Source, Secure Password-Less Logins