This is your easyDNS #AxisOfEasy Briefing for the week of July 29th 2024 our Technology Correspondent Joann L Barnes and easyCEO Mark E. Jeftovic send out a short briefing on the state of the ‘net and how it affects your business, security and privacy.

To Listen/watch this podcast edition with commentary and insight from Joey Tweets, and Len the Lengend click here.

In this issue: 

• Hackers Exploited Google’s Weakness to Access Third-Party Services
• Meta’s $1.4 Billion Settlement with Texas Sets Record in Biometric Privacy Case
• Tech Showdown: OpenAI’s SearchGPT Challenges Google
• Censorship Under the Guise of “Credibility”
• Dr. Michael Geist Explains the Impact of Canadian Digital Policy on Content Creators and Consumers

Elsewhere Online:

• Mandrake Spyware Infects 32,000 Via Google Play Apps
• WhatsApp Flaw Lets Python, PHP Scripts Run Unchecked on Windows
• ModiLoader Phishing Attacks Persist Against Polish SMBs
• Zscaler Reports Record $75 Million Ransom Payment
• Senate Passes Controversial Kids’ Safety Bills

Hackers Exploited Google’s Weakness to Access Third-Party Services

Last week, Google revealed a security flaw in its Workspace account creation process. This vulnerability allowed hackers to bypass email verification and create potentially harmful accounts. The issue was discovered by a reader who received a notice from Google about a suspicious Workspace account linked to their email. The problem began in late June, affecting “a few thousand” accounts.

Google’s Director of Abuse and Safety Protections, Anu Yamunan, explained, “The tactic here was to create a specifically-constructed request by a bad actor to circumvent email verification.” The attackers used this method to access third-party services through Google’s “Sign In with Google” feature.

None of the affected accounts misused Google’s services. However, they impersonated domain holders to access other platforms. Google acted swiftly, fixing the issue within 72 hours and adding extra protections to prevent future incidents. The company emphasized that the affected domains were not previously linked to Workspace accounts.
This incident is unrelated to a recent problem where cryptocurrency-related domains were compromised during a transition to Squarespace, which has since been resolved.

Read: https://krebsonsecurity.com/2024/07/crooks-bypassed-googles-email-verification-to-create-workspace-accounts-access-3rd-party-services/

Meta’s $1.4 Billion Settlement with Texas Sets Record in Biometric Privacy Case

Meta Platforms, formerly Facebook, has agreed to a record $1.4 billion settlement with Texas over unauthorized biometric data collection, marking the largest settlement obtained by a single state. The lawsuit, filed in 2022 by Texas Attorney General Ken Paxton, accused Meta of using facial recognition technology to collect biometric data from over 20 million Texans without consent. This data, extracted from photos and videos uploaded by users, was central to the case, highlighting significant privacy concerns.

The legal action focused on Meta’s use of the “tag suggestions” feature, introduced in 2011 and discontinued in 2019, which automatically identified and suggested tags for people in photos, thus capturing biometric identifiers. This lawsuit is particularly notable as it was the first major case brought under Texas’s 2009 Capture or Use of Biometric Identifier Act, which mandates that companies obtain lawful consent before collecting or storing biometric data. The Act allows for damages of up to $25,000 per violation, underlining the financial and legal stakes for Meta.

Despite the settlement, Meta did not admit to any wrongdoing. A company spokesperson expressed satisfaction in resolving the matter and hinted at future investments in Texas, including potential data center developments. This case underscores broader concerns about how tech giants handle sensitive user data, especially in light of regulatory frameworks like Texas’s biometric law. Meta’s five-year payment plan begins with the first installment due within 30 days of the settlement agreement, reflecting the ongoing scrutiny over privacy rights and corporate responsibility.

Read: https://www.zerohedge.com/political/meta-agrees-pay-texas-14-billion-settlement-biometric-data-lawsuit

Tech Showdown: OpenAI’s SearchGPT Challenges Google

OpenAI is testing a new feature called SearchGPT, aiming to challenge Google’s dominance in online search. This new AI search tool promises “timely answers” and allows users to ask follow-up questions. Currently, it’s available to a small group for testing, with others able to join a waitlist.

In other news, cybersecurity firm CrowdStrike faced backlash after offering $10 UberEats gift cards as an apology for a global IT outage caused by a faulty update. Some recipients found the vouchers had been canceled. According to an insider, CrowdStrike acknowledged the inconvenience, saying, “We recognize the additional work the July 19 incident has caused.”

Meanwhile, cloud security startup Wiz turned down a $23 billion acquisition offer from Alphabet, Google’s parent company. This offer was significantly higher than Wiz’s last valuation of $12 billion. However, CEO Assaf Rappaport stated in a letter to staff that they plan to focus on “reaching $1 billion in ARR and preparing for an IPO.”

Read: https://techcrunch.com/2024/07/27/openai-comes-for-google-with-searchgpt/

Censorship Under the Guise of “Credibility”

Jonathan Turley, a law professor at George Washington University, recently found himself under scrutiny from NewsGuard, a company that rates the “credibility” of media outlets. The incident occurred after Turley criticized NewsGuard in a previous article for its potential to stifle free speech.

Turley’s blog, Res Ipsa, was targeted for review, and the questions posed by NewsGuard were alarming. “For any site criticizing the media or the Biden administration, the most chilling words today are ‘I’m from NewsGuard and I am here to rate you,’” Turley wrote.

NewsGuard, co-founded by L. Gordon Crovitz and Steven Brill, aims to be the “Standard & Poor’s” of media, rating sites based on their “credibility” and “transparency.” However, Turley argues that this subjective system allows NewsGuard to silence opposing viewpoints.

“They have commoditized free speech in blacklisting and potentially silencing others,” Turley stated. “If you are the Standard & Poor’s of political discourse, you can rate sites out of existence by making them a type of junk bond blog.”

NewsGuard’s actions, according to Turley, are part of a larger censorship system that includes other organizations like the Global Disinformation Index (GDI). He believes that legislation is needed to prevent such groups from receiving federal funding and using their influence to silence dissenting voices.

Read: https://jonathanturley.org/2024/07/29/the-most-chilling-words-today-im-from-newsguard-and-i-am-here-to-rate-you/

Dr. Michael Geist Explains the Impact of Canadian Digital Policy on Content Creators and Consumers

In a recent podcast episode, a host discussed various legislative issues in Canada with Dr. Michael Geist, a law professor at the University of Ottawa. They explored troubling legislation that affects content creators and consumers, focusing on three key bills: S210, C18, and C11.

Bill S210 aims to protect children from explicit content on the internet by requiring age verification, but it raises privacy concerns and the risk of website blocking. It also lacks clear thresholds, potentially affecting major platforms like Google and Twitter.

Bill C18, the Online News Act, intends to support Canadian media by requiring tech giants like Google and Meta to pay for news content. Meta chose to block news links rather than comply, while Google negotiated a deal to pay $100 million annually. This bill highlights the tension between supporting legacy media and adapting to digital realities.

Bill C11, the Online Streaming Act, seeks to regulate streaming services like Netflix and YouTube to ensure they contribute to Canadian content. This bill has faced criticism for potentially impacting user-generated content and the role of the CRTC in regulating algorithms.

Geist emphasized the need for smart regulation that balances innovation and public interest without overly favoring legacy players or stifling new media. He also highlighted the importance of public engagement in legislative processes and the risks of over-politicizing digital policy.

Read: https://axisofeasy.com/aoe/bill-s210-online-news-act-online-streaming-act-and-whats-next-in-canada/

Elsewhere Online:

Mandrake Spyware Infects 32,000 Via Google Play Apps
Read: https://www.infosecurity-magazine.com/news/mandrake-spyware-infects-32000/?&web_view=true

WhatsApp Flaw Lets Python, PHP Scripts Run Unchecked on Windows
Read: https://latesthackingnews.com/2024/07/31/whatsapp-allows-python-php-script-execution-on-windows-without-warnings/

ModiLoader Phishing Attacks Persist Against Polish SMBs
Read: https://www.welivesecurity.com/en/eset-research/phishing-targeting-polish-smbs-continues-modiloader/

Zscaler Reports Record $75 Million Ransom Payment
Read: https://www.securityweek.com/company-paid-record-breaking-75-million-to-ransomware-group-report/

Senate Passes Controversial Kids’ Safety Bills
Read: https://reclaimthenet.org/senate-passes-kids-safety-bills-despite-privacy-digital-id-and-censorship-concerns