In one of the largest public data breaches, a collection containing more than 87 gigabytes of personal information was leaked online.

The data dump, titled “Collection #1,” was hosted on the cloud service Mega, and had 772,904,991 email addresses, and 21,222,975 passwords. The treasure trove of private information was discovered by Troy Hunt, a security researcher and founder of the “Have I Been Pwned” service…

https://www.cnet.com/news/massive-breach-leaks-773-million-emails-21-million-passwords/

Almost 773 million unique email addresses and just under 22 million unique passwords were found to be hosted on cloud service MEGA.

In a blog post, security researcher Troy Hunt said the collection totalled over 12,000 separate files and more than 87GB of data…

https://www.zdnet.com/article/over-87gb-of-email-address-and-passwords-exposed-in-collection-1-dump/

Last Friday, Judge Kandis Westmore ruled in a US federal court in California that police cannot compel suspects to unlock their phones using biometrics like face recognition, iris scans, or fingerprints, as that would be in violation of their Fifth Amendment protections against self-incrimination…

https://thenextweb.com/us/2019/01/15/us-police-cant-force-you-to-unlock-your-phone-with-fingerprints-or-face-recognition/

Federal authorities and private researchers are alerting companies to a wave of domain hijacking attacks that use relatively novel techniques to compromise targets at an almost unprecedented scale.

The attacks, which security firm FireEye said have been active since January 2017, use three different ways to manipulate the Domain Name System records that allow computers to find a company’s computers on the Internet. By replacing the legitimate IP address for a domain such as example.com with a booby-trapped address, attackers can cause example.com to carry out a variety of malicious activities, including harvesting users’ login credentials. The techniques detected by FireEye are particularly effective, because they allow attackers to obtain valid TLS certificates that prevent browsers from detecting the hijacking…

https://arstechnica.com/information-technology/2019/01/a-dns-hijacking-wave-is-targeting-companies-at-an-almost-unprecedented-scale/

Managing fake news is a problem troubling most tech giants. While fake news has already troubled Facebook, the next victim of this problem seemed Google! All it took for a malefactor to spread wrong information was to exploit a vulnerability targeting Google search results. As a result, Google search would begin displaying incorrect results to the search query…

https://latesthackingnews.com/2019/01/11/a-google-search-vulnerability-allowed-for-search-results-to-be-spoofed-to-spread-fake-news/

Netflix freeloaders and Amazon Prime parasites, the jig is up.

At the Consumer Electronics Show (CES) 2019 this week, a UK startup flaunted an AI-driven tool that allows streaming platforms to get finer insights into their users’ account behavior. Its chief aim is to allow media-service providers – such as Netflix, Hulu, Amazon Prime, etc – to detect whether their users are sharing passwords with more people than they should…

https://www.iflscience.com/technology/people-who-use-someone-elses-netflix-password-weve-got-bad-news/

Last year, Amazon made waves in the smart home space by acquiring Ring for over $1 billion. Known for home security doorbells, a new report today claims that the company has a lax stance towards privacy that allowed more employees than seemingly necessary to access customers’ live camera feeds.

According to The Intercept, Ring’s engineers and executives have “highly privileged access” to live camera feeds from customers’ devices. This includes both doorbells facing the outside world, as well as cameras inside a person’s home. A team tasked with annotating video to aid in object recognition captured “people kissing, firing guns, and stealing…”

https://9to5google.com/2019/01/10/ring-camera-live-feed-access/

After big names like Whatsapp, Snapchat, and Facebook, VPNs are the most searched-for applications in the world. “VPN” is the second-highest non-branded search term behind “games”, and free apps completely dominate the search results. The most popular applications have amassed hundreds of millions of installs between them worldwide, yet there seems to be very little attention paid to the companies behind them, and very little scrutiny done on behalf of the marketplaces hosting them…

https://hackernoon.com/whos-really-behind-the-world-s-most-popular-free-vpns-d74bafc82178

If you have lost your laptop or had it stolen while being logged in, you can use this guide to use your Microsoft account to find and lock it remotely.

Alongside the long list of security features, such as built-in antivirus, anti-ransomware, and firewall, Windows 10 also includes “Find my device,” which is a feature that allows you to locate and lock your computer in case it’s lost or stolen…

https://www.windowscentral.com/how-lock-your-windows-10-pc-remotely