Security and privacy news, 3/14/2021
Security
The Hafnium hack and the Verkada hack dominated the security news last week. It appears that the Hafnium hack is even worse than the Solarium hack. While the White House appears to discuss ways to detect hacks earlier, the question should be how these hacks can be prevented in the first place. This would require a complete reordering of priorities of the software industry. Until then, their customers bear the costs of their sloppy software.
Hafnium
The reports were increasingly alarming:
At Least 10 Hacking Groups Are Exploiting Microsoft Exchange Server Flaws
Microsoft Exchange server hack: Banking agency on 'heightened alert' after cyberattack
Even the White House warns of ‘active threat’ following Microsoft Outlook breach
Going beyond spying, Microsoft Exchange attacks: Watch out for this new ransomware threat to unpatched servers
Naturally, Microsoft urges enterprises to act quickly to secure Exchange as attacks mount but it looks like a lot of damage is already done.
If you’d like to know more detail, here is Everything you need to know about the Microsoft Exchange Server hack
Verkada
In this hack, an Exposed admin password leads to massive surveillance camera breach at hundreds of businesses As a consequence, Hackers Gain Access to Surveillance Camera Live Feeds at Hospitals, Prisons, Schools, even Tesla factories’ security cameras caught up in wider hack .The Hacked Surveillance Camera Firm Shows Staggering Scale of Facial Recognition Now, the Feds Eye Swiss Hacker Tied to Major Security Cam Breach
And it goes on …
And if these two big hacks were not enough, many others, possibly more limited, came to light:
Microsoft's March Patch Tuesday: Critical remote code execution flaws, IE zero-day fixed
Malicious apps on Google Play dropped banking Trojans on user devices
UnityMiner cryptocurrency malware hijacks QNAP storage devices
Gab Social Network Briefly Shuts Down After Hacker Strikes Again
It’s good to know that ‘blaming the intern’ won’t save startups from cybersecurity liability
The risks from unsecured software range from global scope The Dire Possibility of Cyberattacks on Weapons Systems to our homes: How these unusual smart devices can be hacked and what it means for the IoT
With all that’s going on are Top 10 cybersecurity lessons learned one year into the pandemic really enough?
Privacy
The news about Sky’s encrypted phones show the two sides of secure encryption: Encrypted Phone Firm 'Sky': Someone Sold Compromised Versions of Our App with the result that Belgian Police Say They Decrypted Half a Billion ‘Sky’ Messages, Arrested 48 People and US charges CEO of company selling encrypted devices to drug traffickers
Also, Florida Prison System Bought Location Data from Apps.
Police involvement in surveillance leaves some people to believe that Police Surveillance Can't Be Reformed. It Must Be Abolished
On the business side of surveillance, T-Mobile to Share Customers' Web Browsing Data With Advertisers Unless They Opt Out. But Google Can Be Sued for Tracking Users in Private Browsing Mode, Judge Says
Reflecting different business interests, The data privacy Cold War is here. Which side are you on?
Regulation
With the wide ranging discussions on consumer privacy, This Democrat has a federal privacy bill Republicans might actually like. Let’s hope for some progress!
As autonomous devices become more prevalent, they will get regulated more tightly: