Privacy and security news, 2/21/2021
Supply chain attacks
This week’s roundup of news shows again the incredible vulnerability of pretty much all the software that’s out there. Some attacks are quite elaborate: Microsoft: SolarWinds attack took more than 1,000 engineers to create with serious consequences Microsoft says SolarWinds hackers downloaded some Azure, Exchange, and Intune source code But there were other attacks as well:
Software security defects
Breaches & leaks
Data breach warning after California DMV contractor hit by file-stealing ransomware and the warning appears to become reality Ransomware Gang Says It's Selling Data from Cyberattack That California DMV Warned About
The leaks are happening globally
While the US charges two more members of the 'Lazarus' North Korean hacking group, as one of the most prolific hacking syndicates, in Europe France: Russian state hackers targeted Centreon servers in years-long campaign. Chances are that the 270 addresses that are responsible for 55% of all cryptocurrency money laundering are also located all over the globe.
For a quite some time, Apple appeared to be less susceptible to hacks. Not anymore!
Postmates workers are getting scammed out of their earnings by phishing schemes and This phishing email promises you a bonus - but actually delivers this Windows trojan malware. To avoid being scammed, it’s good to know: These are the most common techniques used to attack your PC,
Once it data available, it can and will “repurposed”, both by government Ring Users Gave LAPD Footage of Black Lives Matter Protests and business More bosses are using software to monitor remote workers. Not everyone is happy about it
There appears to be no way for browsers to escape surveillance. As cookies are controlled, Tracker pixels in emails are now an ‘endemic’ privacy concern and New browser-tracking hack works even when you flush caches or go incognito
Using its monopoly like market position, WhatsApp details what will happen to users who don’t agree to privacy changes
As some data use can be beneficial, Balancing Privacy With Data Sharing for the Public Good remains a difficult proposition
As usual, European regulators are on the job: