Widespread piracy continued be on everyone’s mind this week as countless companies and organizations continued to fight a lot of hackers. Now that Microsoft’s patches have been out for a while, a number of the nation’s criminal and state actors are becoming increasingly aggressive in exploiting a set of Microsoft Exchange Server bugs that were already being actively attacked. by the Chinese group Hafnium. Meanwhile, the White House is reflecting on the response to Russia’s recent SolarWinds espionage campaign that compromised data from numerous U.S. government agencies and private companies around the world. For the Biden administration, the risk is that too strong retaliation could erode the rules and make it hypocritical, as the U.S. and virtually every government is engaged in digital espionage.
Criminal hackers have also continued their extortion related to the violation of network equipment and firewall maker Accellion. The world of digital chess is in turmoil and leaning toward digital harassment over allegations of a chess star on Twitch and YouTube that an advanced challenger tricked into a game the master lost. And Google researchers developed a proof-of-concept explorer to raise awareness about the threat that speculative execution attacks, such as those that exploit the infamous “Specter” vulnerability, still pose on the network three years later.
The privacy-focused Brave browser has launched its own search engine this week, which aims to give Google a good amount of money without aspiring to so much user data. And we took a look at the top five password managers to use right now. Now is a good time to analyze them, especially considering that Netflix may be cracking down on password sharing.
And there is more! Every week we gather all the news that we don’t cover in depth. Click on the headlines to read the full news. And stay safe.
Bloomberg reported Monday that hackers breached video surveillance services company Verkada, which gained access to a “super administrator” account that allowed them to view more than 150,000 live feeds, as well as video files from Verkada customers. . Among the organizations on display were prisons, schools and hospitals – such as Madison County Jail in Huntsville, Alabama and Sandy Hook Elementary School – as well as technology companies such as Tesla and Cloudflare. More than 100 Verkada employees had access to thousands of customer flows, an additional surprising and probably disturbing revelation for customers ’customers. Tillie Kottman, a hacker who claimed responsibility for the offense, said Friday in a Mastodon post that officials stormed her apartment in Lucerne, Switzerland and confiscated her electronic devices. Apparently, the search warrant was related to an alleged hacking last year and not to Verkada’s breach.
Security researchers warned this week that a full-fledged public proof-of-concept test for recently fixed Microsoft Exchange Server vulnerabilities would cause a hacking frenzy that had already escalated in recent days. On Wednesday, independent security researcher Nguyen Jang posted such an exploit on the Github code repository platform. Within hours, Github had removed the post. The incident sparked controversy in the security community, as Microsoft owns Github and Exchange Server. The idea that a corporate gentleman could control Github content or invade the open source community caused a great deal of controversy during the acquisition of the service by Microsoft.
“We understand that publishing and distributing proof-of-concept operating code has educational and research value for the security community, and our goal is to balance that benefit with keeping the broader ecosystem safe,” he said. said a Github spokesman on the motherboard Thursday. “In accordance with our acceptable use policies, we disabled the essential after we reported that it contained conceptual code evidence for a recently revealed vulnerability that is being actively exploited.”