Privacy and Security News 1 10 2021


Privacy and security on the Internet

More on the Solarwinds hack


After early rumors, FBI, NSA say ongoing hacks at US federal agencies ‘likely Russian in origin’ We’re also learning some more details, such as a Russian-Owned Software Company May Be Entry Point for Huge U.S. Hacking However, some of the entries may also have been enabled by careless users: CISA: SolarWinds hackers also used password guessing to breach targets


On the whole, though, there seems to be an agreement SolarWinds: The more we learn, the worse it looks


Other hacks


Hackers are finding ever new ways to break into systems. Here are three new ones

· A crypto-mining botnet is now stealing Docker and AWS credentials

· Malware uses WiFi BSSID for victim identification

· New side-channel attack can recover encryption keys from Google Titan security keys


This week’s hacking victims range from consumers - Italian mobile operator offers to replace SIM cards after massive data breach - to the government Investigation launched into vulnerabilities found within US Judiciary case file system and to executives of already victimized companies Some ransomware gangs are going after top execs to pressure companies into paying


Consumer surveillance


Amazon continues to look for creative ways to collect data to feed our digital twins, from what we wear For Amazon’s $25 custom T-shirt, your body is a wonderland (of data) to when we sleep Amazon reportedly developing radar-equipped sleep apnea tracker

When Facebook acquired WhatsApp, they promised to keep separate the user data of the two services. Not only did Facebook change its mind Facebook practically forces WhatsApp users to share data with Facebook, there is a claim that WhatsApp Has Shared Your Data With Facebook for Years, Actually


Many governments promised not to use Covid tracing data for anything else. It appears that this promise is to be taken with a grain of salt: Singapore police had used COVID-19 contact tracing data in murder probe

With all the complaints about Apple’s requirements for privacy labels, it is encouraging to hear that Google to add App Store privacy labels to its iOS apps as soon as this week


Surveillance technology becoming more capable


Technology on its own is usually neutral and can be put to beneficial uses as well as to invade privacy. As technology advances, it is important to remain vigilant about new uses. Here some technology innovations to watch:

· Facial recognition: Now algorithms can see through face masks

· Intel is using its RealSense tech for facial recognition

· Australian researchers identify Facebook mobile data can be used for COVID-19 tracing

· Researchers design AI that can infer whole floor plans from short video clips


Finally, while it is impossible to escape the dragnet of the data collectors, there are ways to limit their haul: These 6 browser extensions will protect your privacy online