In a new attack, SolarWinds 0-day gave Chinese hackers privileged access to customer servers. For this new attack, Microsoft attributes new SolarWinds attack to a Chinese hacker group. Agreeing, UK and White House blame China for Microsoft Exchange Server hack, and the DOJ charges four members of Chinese government hacking group
With Kaseya patch, IT teams begin the long slog to recovery. However, now as the
In the ongoing ransomware war, Phishing continues to be one of the easiest paths for ransomware: Report. Beyond that, though, administrative SW tools are a major entry point:
The Everyday IT Tools That Can Offer ‘God Mode’ to Hackers. Looking to create additional pressure for payment, This ransomware gang hunts for evidence of crime to pressure victims into paying a ransom
As the scope of the attacks widens, some people suggest a Darwinian approach: May ransomware blight all the cyber stragglers and let God sort them out
In the international cyber warfare arena, several attacks by Russians made the news:
As part of the original attack by Russian hackers, The SolarWinds Hackers Used an iOS Flaw to Compromise iPhones.
However, they were not alone:
Two new vulnerabilities were discovered in Microsoft software:
With all those security issues, IT security skills will continue to be in great demand: What Will Be the Highest-Paying IT Career 5 Years From Now?
The big privacy news is about commercial spyware being sold to governments who abuse it. There is the Pegasus software by NSO iPhones no match for NSO spyware, despite Apple’s security claims In case you’re curious, This tool tells you if NSO’s Pegasus spyware targeted your phone, though there may be no guarantee. In addition, Candiru is pushing its own spy software: Microsoft, Google, Citizen Lab blow lid off zero-day bug-exploiting spyware sold to governments
This is more evidence that Private Espionage Is Booming. The US Needs a Spy Registry
The private use of face recognition is seeing a Backlash to retail use of facial recognition after Michigan teen unfairly kicked out of skating rink, However, if you Want to know how federal law enforcement uses facial recognition? Tough luck.
In their quest to collect even more consumer data, Amazon Considered Developing an Alexa-Powered Smartwatch for Kids and Amazon Gets the Go-Ahead to Track Your Sleep With Radar
After some requests to specific firms, China will tighten data privacy rules for tech companies seeking foreign investment
In Europe, Ireland must ‘swiftly’ investigate legality of Facebook-WhatsApp data sharing, says EDPB. Meanwhile, Google fined $592M in France for breaching antitrust order to negotiate copyright fees for news snippets