Security and privacy news, 4/18/2021
On the Hafnium front, Cyber criminals are installing cryptojacking malware on unpatched Microsoft Exchange servers. People could protect themselves with a Download that covers 114 CVEs including new Exchange Server bugs For those who don’t do it themselves, The FBI got a court order to delete backdoors from hacked Exchange servers
It never seems to end: Cyberattack on UK university knocks out online learning, Teams and Zoom The newly announced vulnerabilities show why:
Google Sites blight: Over 100,000 web pages for business form searches overrun with backdoor RATs
IoT devices show additional vulnerabilities: These new vulnerabilities put millions of IoT devices at risk, so patch now and Critical security alert: If you haven't patched this old VPN vulnerability, assume your network is compromised
A Stanford study says Some FDA-approved AI medical devices are not ‘adequately’ evaluated, so it’s good to hear that Medtronic partners with cybersecurity startup Sternum to protect its pacemakers from hackers
For enterprises, Microsoft Defender for Endpoint now protects unmanaged BYO devices
The ongoing scourge of Ransomware: The internet's biggest security crisis is getting worse. We need a way out Meeting the Ransomware Gang Behind One of the Biggest Supply Chain Hacks Ever illustrates some new extreme tactics.
It’s good to know that there are good guys among the hackers as well:
For a complete guide on how consumers can stay saft on the Internet, look at this recent post on PCguide!
Google seemed to dominate the privacy news last week. To start, let’s look at What would the internet look like without third-party cookies? Reacting to Google’s proposed scheme, 'FLoC off!' Vivaldi declares as it says no to Google's tracking system and Brave browser disables Google's FLoC tracking system
An interesting new book shows How biased AI can hurt users or boost a business's bottom line This being a hot topic, why is Google poisoning its reputation with AI researchers?
Given their history on the topic, it’s surprising thatGoogle is making another attempt at personal health records The data to be collected are too tempting. But who will trust them?
Not to be left out of the news, Amazon tried to coerce Ecobee into collecting private user data, the WSJ reports
In prior weeks, we’ve heard a lot of discussion about police use of face recognition. Here’s a reason why this is problematic: Wrongfully arrested man sues Detroit police over false facial recognition match
As usual, the EU is pushing forward with privacy and data protection: EU plan for risk-based AI rules to set fines as high as 4% of global turnover, per leaked draft with support from their representatives: MEPs call for European AI rules to ban biometric surveillance in public In addition, Ireland opens GDPR investigation into Facebook leak
Thankfully, there is movement in the US as well: