Facebook announced yesterday that it's removed four distinct "networks of accounts, Pages and Groups" from Facebook and Instagram for engaging in "coordinated inauthenticity." Three of the networks originated in Iran, the fourth in Russia. Two of the Iranian networks advanced a pro-Iranian, anti-Israeli and anti-US line; their audience was principally in the US and the Francophone regions of the Middle East and North Africa. The third promoted similar content to a Latin American audience. The Russian network pursued Moscow's now-familiar strategy of deepening existing fissures in American civil society.
Facebook also said it will begin labeling content from state-controlled media not to censor them, but to hold them to a "higher standard of transparency," the Telegraph reports.
NordVPN, TorGuard, and VikingVPN are said (by Ars Technica and others) to have experienced breaches that leaked encryption keys. NordVPN and TorGuard have issued statements intended to reassure users that their security has not been seriously compromised.
Avast has suffered more issues with its CCleaner product. The breach, which Avast says is now fixed, appears connected to exploitation by foreign intelligence services. ZDNet says Czech intelligence services identified the culprit as China. KrebsOnSecurity points to a common factor in the NordVPN and Avast breaches: forgotten user accounts.
The European Data Protection Supervisor has released an update on its ongoing investigation of Microsoft's contracts with various European institutions. That investigation remains incomplete, but the EDPS says it has "serious concerns" over the adequacy of contractual provisions designed to ensure compliance with data protection rules.