Privacy and security news, 2/21/2021

Security

Supply chain attacks

This week’s roundup of news shows again the incredible vulnerability of pretty much all the software that’s out there. Some attacks are quite elaborate: Microsoft: SolarWinds attack took more than 1,000 engineers to create with serious consequences Microsoft says SolarWinds hackers downloaded some Azure, Exchange, and Intune source code But there were other attacks as well:


Software security defects


Breaches & leaks

Data breach warning after California DMV contractor hit by file-stealing ransomware and the warning appears to become reality Ransomware Gang Says It's Selling Data from Cyberattack That California DMV Warned About

The leaks are happening globally


Hacks

While the US charges two more members of the 'Lazarus' North Korean hacking group, as one of the most prolific hacking syndicates, in Europe France: Russian state hackers targeted Centreon servers in years-long campaign. Chances are that the 270 addresses that are responsible for 55% of all cryptocurrency money laundering are also located all over the globe.


For a quite some time, Apple appeared to be less susceptible to hacks. Not anymore!


Phishing

Postmates workers are getting scammed out of their earnings by phishing schemes and This phishing email promises you a bonus - but actually delivers this Windows trojan malware. To avoid being scammed, it’s good to know: These are the most common techniques used to attack your PC,


Surveillance

Once it data available, it can and will “repurposed”, both by government Ring Users Gave LAPD Footage of Black Lives Matter Protests and business More bosses are using software to monitor remote workers. Not everyone is happy about it

There appears to be no way for browsers to escape surveillance. As cookies are controlled, Tracker pixels in emails are now an ‘endemic’ privacy concern and New browser-tracking hack works even when you flush caches or go incognito

Using its monopoly like market position, WhatsApp details what will happen to users who don’t agree to privacy changes

As some data use can be beneficial, Balancing Privacy With Data Sharing for the Public Good remains a difficult proposition



Regulations

As usual, European regulators are on the job:


As we know by now, Private firms can't protect us from digital attacks. Government must step in.