Plus, some hackers get hacked and Amazon prepares to roll out Sidewalk
In an effort to staunch the flow of misinformation and disinformation surrounding the U.S. presidential election results, Facebook has tweaked its News Feed algorithm to pull more postings than usual from mainstream news sources like The New York Times, NPR, and CNN. The Verge reported this week that Facebook has had this plan in place for weeks, considering it a “break glass in case of emergency” situation. When Joe Biden was announced by multiple credible sources as the winner of the election, current president Donald Trump refused to accept the results and still, as of this writing, continues to undermine the integrity of the election process by falsely claiming foul play. At this, Facebook management decided it was time to “break the glass.” The temporary measure involves adjusting the News Feed to give more weight to “news ecosystem quality” scores, a metric Facebook uses to quantify the legitimacy of news sources. The change resulted in Facebook users seeing more actual news articles and less of the hyper-partisan pages that peddle false or misleading content. Avast Security Evangelist Luis Corrons acknowledged that this is a very delicate matter. “On one hand, we live in a world where it is really easy to spread misinformation, so any help to filter out fake news is welcome,” he said. “On the other hand, it is also dangerous as users do not have any control over what news is actually being filtered out. What if the system starts to filter certain types of news that are not fake, just not politically correct? Or that go against certain interests? It’s like the old saying – ‘who watches the watchers?’” Researchers found an unsecured cloud database used by hackers to store about 350,000 stolen Spotify passwords. The passwords themselves were not pulled from Spotify but gathered from other data leaks. The hackers used credential stuffing to see if any of the leaked passwords were reused for Spotify accounts. When Spotify learned of the discovery, it prompted a password reset for all the affected users, which suddenly rendered the hackers’ database of 350,000 passwords to be no longer valid. Read more on CNET. Over the next few months, Amazon plans to launch Amazon Sidewalk, a feature SlashGear believes will be very controversial because it will create a second localized network in the user’s home over which the user has very little control. In addition, Sidewalk requires access to the home Wi-Fi, leading a compliant user to allow a self-governed local network to access essentially all connected devices in the home. Amazon’s goal with Sidewalk is to create a special network of Echo and Ring devices that are in close proximity to each other – including the devices in neighboring homes – which will work to achieve collaborative goals, like localized device-finding and more. Sidewalk is turned on by default, so users who are not interested must disable the feature themselves under Account Settings in the Amazon Alexa app. One or more malicious browser extensions are impacting the Microsoft Edge search function so that Google searches are redirected to browser hijacker OKsearch. Ars Technica reported that a Reddit discussion amongst Edge users effectively narrowed down the offending malware to five shady knock-off extensions – NordVPN, Adguard VPN, TunnelBear VPN, The Great Suspender, and Floating Player–Picture-in-Picture Mode. Edge users with any of these extensions are advised to remove them immediately. Preying on the fears and anxieties of the day, many phishing scams are pretending to offer U.S. federal assistance to American citizens suffering pandemic lockdown hardships. Bleeping Computer detailed two such scams this week. The first scam claims to be from a fabricated government program offering up to $5,800 in cash payments, and its goal is to harvest the user’s sensitive information including birthdate, social security number, driver’s license number, and address. The second scam impersonates the Pandemic Unemployment Assistance (PUA) program, a real government organization being controlled at the state level. The email baits users to “verify recent activity” by clicking a link, which then asks them for their username and password. Users are advised not to be fooled by this type of ruse. The holiday season is upon us, and many of us are wondering how to celebrate with our loved ones while also keeping things as safe as possible. Here are seven tips on how to host a virtual holiday this year.Spotify hackers get hacked
Amazon prepares to roll out Sidewalk
Malicious extension hijacks Edge search function
Phishing scams pose as U.S. federal assistance
This week’s ‘must-read’ on The Avast Blog