TechCrunch: MoviePass exposed thousands of unencrypted customer card numbers. “Mossab Hussein, a security researcher at Dubai-based cybersecurity firm SpiderSilk, found an exposed database on one of the company’s many subdomains. The database was massive, containing 161 million records at the time of writing and growing in real time. Many of the records were normal computer-generated logging messages used to ensure the running of the service — but many also included sensitive user information, such as MoviePass customer card numbers.”
Security & Legal Issues
Security & Legal issues and news. May be about patches, hacks, or court decisions.
Neowin: Mozilla and Google stop Kazakh government from intercepting traffic
Neowin: Mozilla and Google stop Kazakh government from intercepting traffic. “Mozilla has announced that it, and Google, have deployed technical solutions within Firefox and Chrome to stop the Kazakh government from intercepting internet traffic inside the country. According to Censored Planet, the government in Kazakhstan began using a fake root CA certificate to intercept HTTPS connections.”
New law to impose tax on social media ads, online services: Egypt’s finance minister (Ahram Online)
Ahram Online: New law to impose tax on social media ads, online services: Egypt’s finance minister. “Egypt’s Minister of Finance Mohamed Maait has announced that his ministry is close to finalising a draft law which will impose a tax on social media advertisements and services offered through online platforms.”
New York Times: State Attorneys General Said to Be Near Formal Investigation of Tech Companies
New York Times: State Attorneys General Said to Be Near Formal Investigation of Tech Companies. “The state attorneys general in more than a dozen states are preparing to begin an antitrust investigation of the major tech companies, according to two people briefed on the discussions, increasing pressure on the firms.”
CNET: Instagram will pay researchers to uncover abuse of users’ personal data
CNET: Instagram will pay researchers to uncover abuse of users’ personal data. “Instagram will pay a bounty to security researchers who find evidence that third-party apps are misusing your personal data. The program aims to encourage experts outside of Instagram and its parent company Facebook to tackle a major problem the social network faces: apps that scrape user data or try to trick you into sharing passwords and other sensitive information.”
The Verge: YouTube sues alleged copyright troll over extortion of multiple YouTubers
The Verge: YouTube sues alleged copyright troll over extortion of multiple YouTubers. “YouTube is going after an alleged copyright troll using the Digital Millennium Copyright Act’s (DMCA) provisions, alleging that Christopher Brady used false copyright strikes to extort YouTube creators, harming the company in the process. Now, YouTube is suing Brady, using the DMCA’s provisions against fraudulent takedown claims, seeking compensatory damages and an injunction against future fraudulent claims.”
Billions of records exposed: 2019 on track to be worst year ever for data breaches (USA Today)
USA Today: Billions of records exposed: 2019 on track to be worst year ever for data breaches . “The number of data breaches resulting in exposed records is up by 54% year over year in the first half of 2019, and the number of records exposed in those breaches is up by 52%. More than 3,800 data breaches were reported in the first six months of this year, and just eight of those exposed more than 3.2 billion records, nearly 80% of all records exposed so far in 2019.”
