• Martin Kienzle

Security and privacy news, 3/14/2021

Security


The Hafnium hack and the Verkada hack dominated the security news last week. It appears that the Hafnium hack is even worse than the Solarium hack. While the White House appears to discuss ways to detect hacks earlier, the question should be how these hacks can be prevented in the first place. This would require a complete reordering of priorities of the software industry. Until then, their customers bear the costs of their sloppy software.


Hafnium


The reports were increasingly alarming:

Even the White House warns of ‘active threat’ following Microsoft Outlook breach


Going beyond spying, Microsoft Exchange attacks: Watch out for this new ransomware threat to unpatched servers


Naturally, Microsoft urges enterprises to act quickly to secure Exchange as attacks mount but it looks like a lot of damage is already done.


If you’d like to know more detail, here is Everything you need to know about the Microsoft Exchange Server hack


Verkada


In this hack, an Exposed admin password leads to massive surveillance camera breach at hundreds of businesses As a consequence, Hackers Gain Access to Surveillance Camera Live Feeds at Hospitals, Prisons, Schools, even Tesla factories’ security cameras caught up in wider hack .The Hacked Surveillance Camera Firm Shows Staggering Scale of Facial Recognition Now, the Feds Eye Swiss Hacker Tied to Major Security Cam Breach


And it goes on …


And if these two big hacks were not enough, many others, possibly more limited, came to light:


It’s good to know that ‘blaming the intern’ won’t save startups from cybersecurity liability


The risks from unsecured software range from global scope The Dire Possibility of Cyberattacks on Weapons Systems to our homes: How these unusual smart devices can be hacked and what it means for the IoT


With all that’s going on are Top 10 cybersecurity lessons learned one year into the pandemic really enough?


Privacy


The news about Sky’s encrypted phones show the two sides of secure encryption: Encrypted Phone Firm 'Sky': Someone Sold Compromised Versions of Our App with the result that Belgian Police Say They Decrypted Half a Billion ‘Sky’ Messages, Arrested 48 People and US charges CEO of company selling encrypted devices to drug traffickers


Also, Florida Prison System Bought Location Data from Apps.


Police involvement in surveillance leaves some people to believe that Police Surveillance Can't Be Reformed. It Must Be Abolished


On the business side of surveillance, T-Mobile to Share Customers' Web Browsing Data With Advertisers Unless They Opt Out. But Google Can Be Sued for Tracking Users in Private Browsing Mode, Judge Says

Reflecting different business interests, The data privacy Cold War is here. Which side are you on?


Regulation


With the wide ranging discussions on consumer privacy, This Democrat has a federal privacy bill Republicans might actually like. Let’s hope for some progress!


As autonomous devices become more prevalent, they will get regulated more tightly: