Privacy and security news, 2 14 2021

Hacks, leaks, breaches, security holes


The Solarwinds hack appears to have opened a window on a pervasive problem. It appears that some of the vulnerabilities were well-known: Russian hackers used a technique experts had warned about for years. Why wasn’t the U.S. government ready? And a key opening was discussed years ago: Golden SAML: Newly Discovered Attack Technique Forges Authentication to Cloud Apps


This leads to the belief that Supply chain security is actually worse than we think Some of those problems appear to have gone on for a long time The Long Hack: How China Exploited a U.S. Tech Supplier And it doesn’t just affect data centers: With one update, this malicious Android app hijacked millions of devices


Ransomware appears to have entered an arms race Free decrypter released for Avaddon ransomware victims... aaand, it's gone! Even if they can’t recover their data CD Projekt Red says it was hacked but won't pay the ransom


An alarming hack last week did not just affect the digital domain, but hit physical systems: Florida city attacked by a hacker trying to poison its drinking water While this was detected by an alert employee, there is some blame to go around Breached water plant employees used the same TeamViewer password and no firewall

As usual, a broad range of hacks came to light last week:


The continuing disclosure of vulnerabilities illustrates the risk of hacks to come


Some vulnerabilities are disclosed, others are traded The Untold History of America’s Zero-Day Market The never-ending news is leading to data breach 'fatigue' that reduces Wall Street punishment for cybersecurity failures


Privacy & surveillance


The controversies about face recognition and other biometric technologies continue. While Sweden’s data watchdog slaps police for unlawful use of Clearview AI and Minneapolis prohibits use of facial recognition software by its police department , Clearview AI Thinks The Solution to Dating Is Facial Recognition. Not wanting to fall behind Amazon’s Halo, Facebook's Reportedly Working on a Smartwatch so It Can Hoover Up Your Health Data Too. And for athletes, As biometrics boom, who owns athletes’ data? It depends on the sport.


The surveillance technologies are getting more sophisticated

Attacking the final frontier: Thought-detection: AI has infiltrated our last bastion of privacy


While some intrusions are becoming more invasive

there is some push to limit the privacy incursions


Government regulation


Some regulations are advancing privacy

It’s interesting to see how private companies are asking for more regulations Facebook and Snap Inc call for a GDPR-aligned Australian Privacy Act while others are pushing back Huawei files lawsuit disputing FCC 'security threat' designation