Security and privacy news, 3/14/2021

Security

The Hafnium hack and the Verkada hack dominated the security news last week. It appears that the Hafnium hack is even worse than the Solarium hack. While the White House appears to discuss ways to detect hacks earlier, the question should be how these hacks can be prevented in the first place. This would require a complete reordering of priorities of the software industry. Until then, their customers bear the costs of their sloppy software.

Hafnium

The reports were increasingly alarming:

• It's Open Season for Microsoft Exchange Hacks

• Microsoft Exchange Server hacks ‘doubling’ every two hours

• At Least 10 Hacking Groups Are Exploiting Microsoft Exchange Server Flaws

• Microsoft Exchange server hack: Banking agency on 'heightened alert' after cyberattack

Even the White House warns of ‘active threat’ following Microsoft Outlook breach

Going beyond spying, Microsoft Exchange attacks: Watch out for this new ransomware threat to unpatched servers

Naturally, Microsoft urges enterprises to act quickly to secure Exchange as attacks mount but it looks like a lot of damage is already done.

If you’d like to know more detail, here is Everything you need to know about the Microsoft Exchange Server hack

Verkada

In this hack, an Exposed admin password leads to massive surveillance camera breach at hundreds of businesses As a consequence, Hackers Gain Access to Surveillance Camera Live Feeds at Hospitals, Prisons, Schools, even Tesla factories’ security cameras caught up in wider hack .The Hacked Surveillance Camera Firm Shows Staggering Scale of Facial Recognition Now, the Feds Eye Swiss Hacker Tied to Major Security Cam Breach

And it goes on …

And if these two big hacks were not enough, many others, possibly more limited, came to light:

• Microsoft's March Patch Tuesday: Critical remote code execution flaws, IE zero-day fixed

• iPhone, iPad and Mac security: Apple releases fixes for bug that could allow code execution via malicious web content

• Malicious apps on Google Play dropped banking Trojans on user devices

• UnityMiner cryptocurrency malware hijacks QNAP storage devices

• Gab Social Network Briefly Shuts Down After Hacker Strikes Again

• This trojan malware is now your biggest security headache

It’s good to know that ‘blaming the intern’ won’t save startups from cybersecurity liability

The risks from unsecured software range from global scope The Dire Possibility of Cyberattacks on Weapons Systems to our homes: How these unusual smart devices can be hacked and what it means for the IoT

With all that’s going on are Top 10 cybersecurity lessons learned one year into the pandemic really enough?

Privacy

The news about Sky’s encrypted phones show the two sides of secure encryption: Encrypted Phone Firm 'Sky': Someone Sold Compromised Versions of Our App with the result that Belgian Police Say They Decrypted Half a Billion ‘Sky’ Messages, Arrested 48 People and US charges CEO of company selling encrypted devices to drug traffickers

Also, Florida Prison System Bought Location Data from Apps.

Police involvement in surveillance leaves some people to believe that Police Surveillance Can't Be Reformed. It Must Be Abolished

On the business side of surveillance, T-Mobile to Share Customers' Web Browsing Data With Advertisers Unless They Opt Out. But Google Can Be Sued for Tracking Users in Private Browsing Mode, Judge Says

Reflecting different business interests, The data privacy Cold War is here. Which side are you on?

Regulation

With the wide ranging discussions on consumer privacy, This Democrat has a federal privacy bill Republicans might actually like. Let’s hope for some progress!

As autonomous devices become more prevalent, they will get regulated more tightly:

• FAA's final drone rules start taking effect April 21st

• NTSB cites Tesla to make the case for stricter autonomous driving regulation