Widespread hacking continued be on everyone’s mind this week as countless businesses and organizations continued to tackle a series of major hacks. Now that Microsoft’s patches have been out for some time, an array of domestic and criminal players are become more aggressive on the farm a set of Microsoft Exchange Server bugs that were already under active attack speak Chinese group Hafnium. Meanwhile, the White House is considering a response to Russia’s recent and high-profile SolarWinds spy campaign this compromised data in many US government agencies and private companies around the world. For the Biden administration, the risk is that too strong retaliation could erode standards and be seen as hypocritical given that the United States and virtually all governments engage in digital espionage.
Criminal hackers also continued their rampage of extortion linked to a violation of network equipment and Accellion firewall manufacturer. Digital chess world is in turmoil and looms over digital harassment, amid accusations by a star upstart challenger cheated in a match that the master lost. And Google researchers have developed a proof of concept browser exploit to raise awareness of the threat that speculative executions attack, like those who exploit the famous “Specter” vulnerability, still pose on the Web three years later.
Brave browser focused on privacy launched its own search engine this week, it aims to give Google a run for its money without sucking up so much user data. And we took another look at the five best password managers to use now. It’s a good time to refresh them, especially given that Netflix can crack down on password sharing.
And there’s more! Each week, we collect all the news that we haven’t covered in depth. Click on the titles to read the full stories. And stay safe there.
Hackers raped video surveillance services company Verkada on Monday, Bloomberg reported, accessing a “super administrator” account that allowed them to view more than 150,000 live streams as well as video archives of Verkada customers. Organizations on display included prisons, schools, and hospitals – like Madison County Jail in Huntsville, Alabama, and Sandy Hook Elementary School – as well as tech companies like Tesla and Cloudflare. More than 100 Verkada employees have gained access to thousands of customer feeds – a surprising and possibly disturbing further revelation for customers of customers. Tillie Kottman, a hacker who claimed responsibility for the breach, said in a Mastodon article on Friday that officials raided their apartment in Lucerne, Switzerland, and confiscated their electronics. The search warrant was apparently linked to an alleged hack last year, not the Verkada violation.
Security researchers warned this week that a full public proof of concept exploit for newly patched Microsoft Exchange Server vulnerabilities would further escalate a hacking frenzy that had already escalated in recent days. Independent security researcher Nguyen Jang posted such a feat on the Github code repository platform on Wednesday. Within hours, Github had deleted the message. The incident has fueled controversy within the security community as Microsoft owns both Github and Exchange Server. The idea that a corporate overlord might control content on Github, or otherwise intrude on the open source community, caused a major controversy upon acquisition of the service by Microsoft.
“We understand that the publication and distribution of proof of concept exploit code has educational and research value to the security community, and our goal is to balance this benefit with protecting the ecosystem within the meaning large, “said a spokesperson for Github. says Motherboard Thursday. “In accordance with our acceptable use policies, we have disabled the bulk following reports that it contains proof of concept code for a recently disclosed vulnerability that is being actively exploited.”
