Ransomware attacks continue, now getting government interest

Security

After Solarwinds and Hafnium, now we have even bigger supply chain attack using Kaseya software:

• A Large Ransomware Attack Has Ensnared Hundreds of Companies [Update: Make That 1,000+ Companies]

• REvil ransomware attacks systems using Kaseya’s remote IT management software

• Kaseya urges customers to immediately shut down VSA servers after ransomware attack

The size and scope of this attack finally got the US government involved: Biden Launches Federal Probe Into International Ransomware Attack That Hit 1,000+ Companies

And it’s not that the previous supply chain attacks are over: SolarWinds Hackers Continue Assault With New Microsoft Breach as Ransomware gangs are taking aim at 'soft target' industrial control systems

The ever-increasing attacks are driving broad changes in the IT security environment:

• Cyber insurance isn't helping with cybersecurity, and it might be making the ransomware crisis worse, say researchers

• Ransomware attacks driving cyber reinsurance rates up 40%

• Ransomware Attacks Could Mean a Big Crackdown on Bitcoin

While some defensive technologies emerge

• Ransomware Groups Can't Hide Their Identity Using DoubleVPN Anymore

• Ransomware: This new free tool lets you test if your cybersecurity is strong enough to stop an attack

• Lorenz ransomware attack victims can now recover files with this free decryption too

in practice, they’re never enough.

Beyond commercial ransomware, governments are continuing their hacking attacksL

• Fancy Bear Is Trying to Brute-Force Hundreds of Networks

• Chinese hacking group impersonates Afghan president to infiltrate government agencies

While a lot of the big news was about attacks on businesses and governments, vulnerabilities of consumer technologies, and attacks on consumers continue unabated:

· Attackers use ‘offensive AI’ to create deepfakes for phishing campaigns

• Hackers exploited two flaws in event that remotely wiped Western Digital devices

• Don’t Let Your iPhone Even Get Near This Cursed Wifi Network

• Microsoft Tries, Fails to Patch Critical Windows Vulnerability. Chaos Ensues

• Google removes popular Android apps that stole Facebook passwords

• Microsoft warns of Windows ‘PrintNightmare’ vulnerability that’s being actively exploited

• Google outlines new security practices for Nest devices

• These Nine Android Apps May Have Stolen Your Facebook Login Information

Privacy

The most significant and least well publicized issue with privacy with consumer devices: the personal data they store are very hard to erase: Thinking about selling your Echo Dot—or any IoT device? Read this first

The news about face recognition continues to be mixed, with the government not sure being what to do:

• Federal agencies use facial recognition from private companies, but almost nobody is keeping track

• Federal agencies need stricter limits on facial recognition to protect privacy, says government watchdog

• Maine bans facial recognition technology from schools and most police work

• Senators Send Letters to Uber and Lyft Over Face-Tracking Ad Tablets

Regulation

Several significant regulatory announcements came out of the German government:

• German competition watchdog launches Apple investigation

• Bundestag votes for the right to updates and “fair consumer contracts”

• German government bodies urged to remove their Facebook Pages before next year

In addition, Dutch court will hear another Facebook privacy lawsuit

Antitrust

In a new approach we’ll start to look at anti-trust issues the seeing lots of public discussion:

• Amazon reportedly pressuring suppliers for a discounted stake in their businesses

• Judge dismisses FTC’s initial antitrust complaint against Facebook

• Monopoly or Not, the Data Shows Facebook Dominates in Social Media

• FTC charges Broadcom with 'illegally monopolizing' the chip industry

• People Who Hate Walled Gardens Aren’t Going to Like Where Google’s Taking the Play Store