Security and Privacy News, 3/21/2021
New impacts of the Solarwinds hack continue to surface: SolarWinds-linked hacking group SilverFish abuses enterprise victims for sandbox tests and Mimecast says SolarWinds hackers breached its network and spied on customers
The scope of the hafnium hack is also still increasing :
And if that were not enough, “Expert” hackers used 11 0-days to infect Windows, iOS, and Android users
Having found a repeat offender, Feds Indict Hacktivist Behind Verkada Surveillance Camera Breach
The boldness of random demands is increasing. After seeing that in 2020, Largest ransomware demand now stands at $30 million as crooks get bolder an even greater demand is issued: The Morning After: A ransomware gang is demanding $50 million from Acer And it’s not going to stop, as the FBI warns of rise in PYSA ransomware operators targeting US, UK schools
As we’re seen before, even crypto currencies are not safe: $5.7M stolen in Roll crypto heist after hot wallet hacked
New threats, loopholes, and risks
We’re being warned of two new phishing campaigns:
Big names are obviously big targets:
As digitization expands its scope, so are the targets for the bad guys:
With cars having lots of cameras, and being internationally connected, it was only a question of time for Tesla to become a National Security Threat to China!
Tallying the damage, FBI: One type of scam is costing business the most
With all those vulnerabilities, it’s a surprise that we don’t see more messages like these:
As cars are being mandated to connect to the Internet, their location information is hard to control: One company wants to sell the feds location data from every car on Earth
Face recognition as well seems to be unstoppable: American Airlines just revealed the future (you may feel very uncomfortable) and Does it keep COVID-19 out of buildings? Or is it really a facial recognition tool? This raises the question What Happens When Our Faces Are Tracked Everywhere We Go?
While Apple wins first battle in French fight over iOS 14 privacy protections, Google appears to be playing games: Google and the Age of Privacy Theater
With all that data in the data swamp, quality does not appear to matter much as shown by this entertaining story: Realtors keep pestering me. They say their software knows who I really am
Regulation & government actions
Google’s “privacy” actions are getting government attention: Google's plan to block third-party cookies has drawn attention from the DoJ for putting competitors at a disadvantage. Also, Google antitrust lawsuit amended to target Chrome’s Privacy Sandbox
Not to be left out, Facebook may soon face a UK antitrust investigation. Unhappy about California’s latest net neutrality law, AT&T lies about Calif. net neutrality law, claiming it bans “free data”
Hopefully, robocalls will become less profitable: FCC fines two Texas telemarketers $225 million for making 1 billion robocalls
In a novel move, California Passes New Regulation Banning 'Dark Patterns' Under Landmark Privacy Law. It will be interesting to see the legal definition of dark patterns.
Unsurprisingly, Signal's encrypted messaging app stops working in China