[ad_1]
Widespread hacking continued be on everyone’s mind this week as countless businesses and organizations continued to grapple with a series of major hacks. Now that Microsoft’s patches have been out for some time, an array of domestic and criminal players are increasingly aggressive in exploiting a set of Microsoft Exchange Server bugs that were already actively attacked by the Chinese group Hafnium. Meanwhile, the White House is mulling over a response to Russia’s recent and high-profile SolarWinds spy campaign that compromised data from numerous U.S. government agencies and private companies around the world. For the Biden administration, the risk is that too strong retaliation could erode standards and be seen as hypocritical given that the United States and virtually all governments engage in digital espionage.
Criminal hackers also continued their rampage of extortion linked to breach of network equipment and firewall maker Accellion. The world of digital chess is in turmoil and is looming over digital harassment, following accusations by a Twitch and YouTube chess star that an upstart challenger cheated in a match the master lost. And Google researchers developed a proof-of-concept browser exploit to raise awareness of the threat speculative execution attacks, such as those that exploit the notorious “Specter” vulnerability, still pose to the Web three years later.
The privacy-focused Brave browser launched its own search engine this week, which aims to give Google a run for its money without sucking up so much user data. And we took another look at the top five password managers to use right now. Now is a good time to refresh them, especially since Netflix can crack down on password sharing.
And there’s more! Each week, we collect all the news that we haven’t covered in depth. Click on the titles to read the full stories. And stay safe there.
Hackers raped video surveillance services company Verkada on Monday, Bloomberg reported, accessing a “super administrator” account that allowed them to view more than 150,000 live streams as well as video archives of Verkada customers. Organizations on display included prisons, schools, and hospitals – like Madison County Jail in Huntsville, Alabama, and Sandy Hook Elementary School – as well as tech companies like Tesla and Cloudflare. More than 100 Verkada employees gained access to thousands of customer feeds – a surprising and possibly disturbing further revelation for customers of customers. Tillie Kottman, a hacker who claimed responsibility for the breach, said in a Mastodon article on Friday that officials raided their apartment in Lucerne, Switzerland, and confiscated their electronics. The search warrant was apparently linked to an alleged hack last year, not the Verkada violation.
Security researchers warned this week that a full public proof of concept exploit for newly patched Microsoft Exchange Server vulnerabilities would further escalate a hacking frenzy that had already escalated in recent days. On Wednesday, independent security researcher Nguyen Jang posted such a feat on the code repository Github. Within hours, Github had deleted the message. The incident has fueled controversy within the security community as Microsoft owns both Github and Exchange Server. The idea that a corporate overlord could control content on Github, or otherwise encroach on the open source community, caused major controversy when Microsoft acquired the service.
“We understand that the publication and distribution of proof of concept exploit code has educational and research value for the security community, and our goal is to balance this benefit with protecting the broader ecosystem. “a Github spokesperson told Motherboard on Thursday. “In accordance with our acceptable use policies, we have disabled the bulk following reports that it contains proof of concept code for a recently disclosed vulnerability that is being actively exploited.”
[ad_2]
Source link