Loophole That Lets People Share Your Private Instagram Pics and Stories Isn’t a ‘Hack’—but Still, Heads Up

Here’s another reminder to be wary of what you share online: BuzzFeed News noticed on Monday that the way Instagram and its owner Facebook serve up media content allows for anyone who has access to a private photo or video to root around in the HTML code and copy-paste a direct link to it. Read More >>

Wikipedia Goes Dark Across Europe, Middle East After DDOS Attack

Wikipedia went offline Friday afternoon and into Saturday morning after a cyber attack forced an international shutdown. The outage affected millions of users across Europe and in parts of the Middle East. Read More >>

Report: Amazon Really Wants to Scan Your Soft, Soft Hands

Amazon is “quietly testing scanners that can identify an individual human hand as a way to ring up a store purchase” with the aim of rolling it out at retail locations, specifically its subsidiary Whole Foods, per a Tuesday report in the New York Post. Read More >>

XKCD Forum Breach Impacts More Than Half a Million Users

XKCD, a popular science and technology webcomic, is the latest site to have its user's information breached, resulting in 562,000 accounts having their usernames, passwords, and IP addresses exposed online. Read More >>

The Question of Whether or Not WeWork Is a Tech Company Has Been Answered

Is WeWork, the sprawling chain of coworking spaces expanding across America and elsewhere, a tech company? WeWork is sure scrambling to find reasons to claim so, because “tech” is apparently some kind of magic word that it thinks will justify its $47 billion (£38.5 billion) valuation. Its critics have instead characterised WeWork as a traditional real estate company in the risky business of signing cheap long-term leases and flipping them to customers as more expensive short-term leases, which would leave it scrambling to pay off its $47.2 billion (£38.6 billion) in liabilities in the event of a downturn, and which has masked this fact with cult-like branding and just saying the word “tech” over and over. Read More >>

Report: Huawei Could Get 90 More Days to Buy American Parts to Fill Pre-Blacklist Orders

Though US trade sanctions are still in effect, Huawei Technologies will have an additional 90 days to buy from American companies so it can wrap up work with existing customers, according to a Reuters report. Read More >>

Apple Sues Corellium for Selling Access to Cloud-Based ‘Perfect Replicas’ of iOS

Apple is suing a company, Corellium LLC, that it says is illegally reselling virtual copies of its iOS operating system under the pretence of legitimate security research, Bloomberg reported on Thursday. Read More >>

Capital One Really Dropped the Ball on the Anti-Hack Stuff: Report

Ahead of a massive data breach that exposed the personally identifiable information of more than 100 million people, a new report claims, Capital One may have failed to take measures to better detect potential hacks—which, from where now stand, seems like a pretty big misstep. Read More >>

Instagram Boots Ad Partner HYP3R for Reportedly Scraping Huge Amounts of User Data

Instagram has banned one of its owner Facebook’s official marketing partners, San Francisco-based HYP3R, after “a combination of configuration errors and lax oversight” on its behalf allowed HYP3R to scrape massive amounts of data on Instagram users, Business Insider reported on Wednesday. Read More >>

Windows Quietly Patches Bug That Could Reverse Meltdown, Spectre Fixes for Intel CPUs

Microsoft has fixed a “serious security flaw in Intel processors” that threatened to undo both companies’ work patching the Spectre and Meltdown vulnerabilities, Tom’s Guide reported on Tuesday. Read More >>

Google’s Project Zero Finds Six ‘Interactionless’ iOS Vulnerabilities Using iMessage App

Apple released bug fixes for five major security issues in iOS that can be exploited via its iMessage client app last week after they were discovered by researchers for competitor Google’s exploit-hunting Project Zero, though an additional issue was reported and not totally resolved in the iOS 2.4 update, according to the BBC. Read More >>

Google Sticks Another Knife in Flash’s Corpse

The killing blow to multimedia software Flash made contact with its skull in 2017, when maker Adobe announced that it would begin Flash’s “end-of-life” phase and stop updating and distributing it by the end of 2020. Flash – which nerds of a certain age cohort may remember from sites like Newgrounds or files like “annoying.swf” – has been riddled with security holes that allowed malware delivery since way before the Flash brand was officially retired in 2015, and it’s long been replaced in all but niche uses by successors like the open-source HTML5. Read More >>

Security Researcher Marcus Hutchins, Who Helped Stop WannaCry, Sentenced to Supervised Release

The security researcher who is credited with helping stop the WannaCry ransomware attack in 2017, Marcus Hutchins, was sentenced to time served and a year of supervised release this week after he pleaded guilty to unrelated malware charges earlier this year. Read More >>

Hackers Reportedly Break Into SyTech, a Contractor for Russia’s Federal Security Service

Hackers breached servers at a contractor for Russia’s Federal Security Service (FSB), SyTech, and stole about 7.5 terabytes of data after gaining access to the company’s entire network earlier this month, ZDnet reported on Saturday. Read More >>

Report: NSO Group’s Pegasus Spyware Can Break Into Cloud Services, Transmit User Data to Server

Israeli spyware company NSO Group’s powerful Pegasus malware – the same spyware implicated in a breach of WhatsApp earlier this year – is capable of scraping a target’s data from the servers of Apple, Google, Amazon, Facebook and Microsoft, according to a report in the Financial Times on Friday. Read More >>