US and European Governments blame China for ransomware attacks, and other security and privacy news

Security


In a new attack, SolarWinds 0-day gave Chinese hackers privileged access to customer servers. For this new attack, Microsoft attributes new SolarWinds attack to a Chinese hacker group. Agreeing, UK and White House blame China for Microsoft Exchange Server hack, and the DOJ charges four members of Chinese government hacking group


With Kaseya patch, IT teams begin the long slog to recovery. However, now as the

Ransomware group REvil disappears from the internet, this Kaseya victim struggling with decryption after REvil goes dark



In the ongoing ransomware war, Phishing continues to be one of the easiest paths for ransomware: Report. Beyond that, though, administrative SW tools are a major entry point:

The Everyday IT Tools That Can Offer ‘God Mode’ to Hackers. Looking to create additional pressure for payment, This ransomware gang hunts for evidence of crime to pressure victims into paying a ransom


As the scope of the attacks widens, some people suggest a Darwinian approach: May ransomware blight all the cyber stragglers and let God sort them out


In the international cyber warfare arena, several attacks by Russians made the news:


However, they were not alone:



Two new vulnerabilities were discovered in Microsoft software:


With all those security issues, IT security skills will continue to be in great demand: What Will Be the Highest-Paying IT Career 5 Years From Now?


Privacy


The big privacy news is about commercial spyware being sold to governments who abuse it. There is the Pegasus software by NSO iPhones no match for NSO spyware, despite Apple’s security claims In case you’re curious, This tool tells you if NSO’s Pegasus spyware targeted your phone, though there may be no guarantee. In addition, Candiru is pushing its own spy software: Microsoft, Google, Citizen Lab blow lid off zero-day bug-exploiting spyware sold to governments


This is more evidence that Private Espionage Is Booming. The US Needs a Spy Registry


The private use of face recognition is seeing a Backlash to retail use of facial recognition after Michigan teen unfairly kicked out of skating rink, However, if you Want to know how federal law enforcement uses facial recognition? Tough luck.

In their quest to collect even more consumer data, Amazon Considered Developing an Alexa-Powered Smartwatch for Kids and Amazon Gets the Go-Ahead to Track Your Sleep With Radar


On the positive side, Verizon's Neighborhood Filter Blocks Spoofed Numbers From Nearby Area Codes and Now You Can Delete the Last 15 Minutes of Your Google Search History on iOS


Regulation


After some requests to specific firms, China will tighten data privacy rules for tech companies seeking foreign investment

In Europe, Ireland must ‘swiftly’ investigate legality of Facebook-WhatsApp data sharing, says EDPB. Meanwhile, Google fined $592M in France for breaching antitrust order to negotiate copyright fees for news snippets


Regulating facial recognition technology? It's the 'Wild West out there,' says US law boffin

2 views0 comments