• Martin Kienzle

The Kaseya vulnerabilities were well known before the attack

Security


As we’re learning more about the Kaseya hack, it appears that their software might have been used in 2019 already to distribute malware Former Employees: Kaseya Was Aware of Security Flaws Before REvil Hack and even the latest flaw had been reported before it was exploited White hats reported key Kaseya VSA flaw months ago. Ransomware outran the patch So much for due diligence. And now, Kaseya delays patch fixing zero-day attack as issues hit SaaS rollout As usual, once a hack is known, Scam artists exploit Kaseya security woes to deploy malware and Bogus Kaseya VSA patches circulate, booby-trapped with remote-access tool


Taking a broad view of the ransomware problem, This Crowdsourced Ransomware Payment Tracker Shows How Much Cybercriminals Have Heisted.

As Banning victims from paying ransoms might reduce attacks, but it won't stop them a new type of occupation is becoming important: Ransomware as a service: negotiators between hackers and victims are now in high demand

The desperation of some ransomware victims is driving them to futile attempts mitigating the damage: Ransomware-hit law firm gets court order asking crooks not to publish the data they stole


In the spirit of bipartisanism, Russian hackers reportedly attacked GOP computer systems


In another example of an old hack failing to be resolved, Morgan Stanley announces breach of customer SSNs through Accellion FTA vulnerability


As part of an ongoing campaign, These phishing emails want to deliver password-stealing malware to energy companies and their suppliers


While most of security news is about hacks of businesses, the exposure of consumer data is truly astounding: These Companies' Data Breaches Impact Their Users the Most


Privacy


As open source projects are acquired by commercial companies, new privacy conflicts emerge: Audacity owner will revise its privacy policy following spyware concerns

Some time ago, The NY Times read 150 Privacy Policies. They Were an Incomprehensible Disaster. Picking up on this, some people propose to Kill the standard privacy notice How likely is that going to happen?

As Apple’s newest privacy changes mean more rework for the ad industry it’s interesting to see Who's Buying Your Social Media Data


Regulation

Last week, we saw state level efforts to improve privacy

Antitrust

On the antitrust front, the White House is looking to move at multiple fronts:


In addition, 36 states launch antitrust suit against Google over the Play Store (update)