Large-scale hacking continued be on everyone’s minds this week as countless companies and organizations have continued to struggle with a number of major hacks. Now that Microsoft patches have been out for some time, a number of national and criminal actors are becoming increasingly aggressive about exploiting a set of Microsoft Exchange Server bugs that were already being actively attacked by the Chinese group Hafnium. . Meanwhile, the White House is analyzing a response to Russia’s recent SolarWinds espionage campaign, which has compromised data on numerous US government agencies and private companies around the world. For the Biden administration, the risk is that too much repression could erode the rules and be seen as hypocritical, given that the US and virtually every government is engaged in digital espionage.
The criminal hackers also continued their anger of extortion related to the violation of the network equipment and the firewall manufacturer Accellion. The world of digital chess is in a riot and is leaning towards digital harassment, due to the accusations of a chess star Twitch and YouTube that a provocateur who cheated in a match lost by the master. Google researchers have also developed evidence of the concept of the browser to raise awareness of the threat that speculative attacks, such as those that exploit the infamous vulnerability of the “Spectrum” vulnerability, present on the web three years later.
The Brave browser, focused on privacy, launched its own search engine this week, meant to give Google a run for its money without aspiring so much data about users. And we took another look at the top five password managers to use right now. Now is a good time to look at them, especially since Netflix could prevent password sharing.
And there are more! Every week we gather all the news that we did not cover in depth. Click on the titles to read the full stories. And stay safe there.
The hackers breached video surveillance company Verkada on Monday, Bloomberg reported, gaining access to a “super administrator” account that allowed them to view more than 150,000 live streams and video archives from Verkada customers. Exhibited organizations included prisons, schools and hospitals – such as Madison County Prison in Huntsville, Alabama and Sandy Hook Elementary School – as well as technology companies such as Tesla and Cloudflare. More than 100 Verkada employees have had access to thousands of customer streams – an additional surprising and probably annoying revelation for customers. Tillie Kottman, a hacker who claimed responsibility for the violation, said in a post on Mastodon on Friday that officials raided their apartment in Lucerne, Switzerland and confiscated their electronic devices. It appears that the search warrant was linked to an alleged hack last year and not to the Verkada violation.
Security researchers warned this week that full public exploitation of proof of concept for Microsoft Exchange Server’s recently modified vulnerabilities could jeopardize a hacking frenzy that has already escalated in recent days. On Wednesday, independent security researcher Nguyen Jang uploaded such an exploit on the Github code storage platform. Within hours, Github had eliminated the post. The incident has sparked controversy in the security community, as Microsoft owns both Github and Exchange Server. The idea that a corporate commander could control Github content or invade the open source community has caused major controversy during Microsoft’s acquisition of the service.
“We understand that publishing and distributing code of proof of concept has educational and research value to the security community, and our goal is to balance that benefit with keeping the ecosystem safer,” a spokesman said Thursday. on Github. “In accordance with our policies of acceptable use, we have disabled the essentials following reports that it contains evidence of the concept code for a recently revealed vulnerability that is being actively exploited.”