Widespread hacking continued be on everyone’s mind this week, as countless businesses and organizations continued to grapple with a slew of major hacks. Now that Microsoft’s fixes have been out for some time, an array of nation states and criminal actors become more aggressive on the farm a set of Microsoft Exchange Server bugs that were already under active attack speak Chinese group Hafnium. Meanwhile, the White House is considering a response to Russia’s recent and high-profile SolarWinds spy campaign this compromised data in many US government agencies and private companies around the world. For the Biden administration, the risk is that too strong retaliation could erode standards and be seen as hypocritical given that the United States and virtually all governments engage in digital espionage.
Criminal hackers also continued their rampage of extortion linked to a Accellion network equipment and firewall manufacturer violation. The digital chess world is in an uproar, and is addressing digital harassment, over accusations by a Twitch and YouTube chess star that a upstart challenger cheated in a match that the master lost. And Google researchers have developed a proof of concept browser exploit to raise awareness of the threat of speculative execution attacks, like those who exploit the famous “Specter” vulnerability, are still posing on the Web three years later.
Brave browser focused on privacy launched its own search engine this week, it aims to give Google a run for its money without sucking up so much user data. And we took another look at the five best password managers to use now. It’s a good time to refresh them, especially given that Netflix can crack down on password sharing.
And there’s more! Each week, we collect all the news that we haven’t covered in depth. Click on the titles to read the full stories. And stay safe there.
The hackers breached video surveillance services company Verkada on Monday, Bloomberg Reporterd, accessing a “Super Admin” account that allowed them to view more than 150,000 live streams as well as video archives of Verkada customers. Organizations on display included prisons, schools, and hospitals – like Madison County Jail in Huntsville, Alabama and Sandy Hook Elementary School – as well as tech companies like Tesla and Cloudflare. More than 100 Verkada employees gained access to thousands of customer feeds – a surprising and possibly disturbing further revelation for customers of customers. Tillie Kottman, a hacker who claimed responsibility for the breach, said in a Mastodon article on Friday that officials raided their apartment in Lucerne, Switzerland, and confiscated their electronics. The search warrant was apparently linked to an alleged hack last year, not the Verkada violation.
Security researchers warned this week that a full public proof of concept exploit for newly patched Microsoft Exchange Server vulnerabilities would further escalate a hacking frenzy that had already escalated in recent days. On Wednesday, independent security researcher Nguyen Jang posted such a feat on the code repository Github. Within hours, Github had deleted the message. The incident has fueled controversy within the security community as Microsoft owns both Github and Exchange Server. The idea that a corporate overlord might control content on Github, or otherwise intrude on the open source community, caused a major controversy upon acquisition of the service by Microsoft.
“We understand that the publication and distribution of proof of concept exploit code has educational and research value for the security community, and our goal is to balance this benefit with protecting the ecosystem in its together, ”said a spokesperson for Github. says Motherboard Thursday. “In accordance with our acceptable use policies, we have disabled the bulk following reports that it contains proof of concept code for a recently disclosed vulnerability that is being actively exploited.”