• Martin Kienzle

Security and privacy news, 3/7/2021

Security

Hacks


The big news last week: Move over, SolarWinds: 30,000 orgs’ email hacked via Microsoft Exchange Server flaws with Thousands of Microsoft Customers May Have Been Victims of Hack Tied to China; in particular Microsoft Exchange zero-day vulnerabilities exploited in attacks against US local governments. This has led CISA to issue emergency directive to agencies: Deal with Microsoft Exchange zero-days now, with suggestions to Check to see if you’re vulnerable to Microsoft Exchange Server zero-days using this tool as Microsoft patches Exchange software flaws targeted by Chinese hackers

And Solarwind is still creating news: SolarWinds security fiasco may have started with simple password blunders and Breached software firm SolarWinds faces SEC inquiry after insider stock sales


Leading experts to tell us that China’s and Russia’s Spying Sprees Will Take Years to Unpack


In another development, Gab blames reported hack of 40 million posts on ‘demon hackers’ with Trump’s is one of 15,000 Gab accounts that just got hacked and to top it off, Gab's CTO Introduced a Critical Vulnerability to the Site


Illustrating the dismal state of software security, the good guys get hacked: Accellion zero-day claims a new victim in cybersecurity company Qualys as well as the bad guys: Maza Russian cybercriminal forum suffers data breach



Technology


In the security arms race, while some are improving security;


others keep undermining it


Security environment


It’s not just security technology, but the continuous changes of its use that create never ending risks:

What hacking attacks can teach us about defending networks


Data losses


If Data is the world’s most valuable (and vulnerable) resource, why is it so poorly protected?


Privacy

Google plans to stop targeting ads based on your browsing history and promises Google says it won’t adopt new tracking tech after phasing out cookies A common reaction appears to be that Google is policing itself on privacy because it knows it has to and not everyone is convinced Stop Letting Google Get Away With It


To counter one way of privacy invasion, Brave Is Building a Privacy-Focused Search Engine to Counter Google but there are still other ways that are hard to avoid:


In happy developments: New Apple iOS 14.5 Beta Feature Notifies Users if They're Being Tracked and LinkedIn stops collecting tracking data ahead of iOS 14 changes

And finally to deter a completely different type of privacy invasion: A hip-fired electromagnetic anti-drone rifle!


Regulation

FTC Shuts Down Massive Robocall Charity Scam and senators are proposing a set of additional actions

Finally, we should expect more regulatory moves from the new administration