Google said that it plans to make an announcement in the next few weeks about limiting account sharing. Meanwhile, lawmakers in Congress are poised to overhaul the U.S. government’s systems for handling classified data as classified documents continue to show up in the wrong places and leak onto the web.
The FTC is cracking down on GoodRx, Microsoft is dropping “verified” phishing scams, researchers are uncovering vulnerabilities in electric vehicle chargers, and more, Wired wrote on the topic.
Spam and malware tracking NGO Spamhaus reports that it has seen a “huge spike” in the spread of malware via Google ads over the past two months. This includes “malware” that looks like authentic downloads of tools such as Slack, Mozilla’s Thunderbird email client and the Tor browser.
Security firm SentinelOne further identified a handful of malicious bootloaders distributed through Google ads, which the researchers collectively dubbed MalVirt. They say the MalVirt loaders are used to spread malware such as XLoader, which an attacker can use to steal data from an infected machine.
This week, Microsoft announced that it has disabled the accounts of threat actors who were able to verify themselves under the Microsoft Cloud Partner Program. Posing as legitimate companies, threat actors used their verified account status to create malicious OAuth applications.
The 37 million customers put at risk by the latest T-Mobile hack may not be the only people affected by the breach. This week, Google informed customers of its Google Fi mobile service that hackers had obtained “limited” account information, including phone numbers, SIM card serial numbers and information about their accounts.
The hackers did not gain access to payment information, passwords or the content of messages, such as text messages. However, the information may have been used for SIM replacement attacks.