Plus, Twitter sues the Texas Attorney General and T-Mobile announces it will share user data
A hacking collective facetiously calling itself “Advanced Persistent Threat 69420” has breached the video archives and live feeds of security software company Verkada Inc., gaining access to 150,000 active surveillance cameras and every video archived by Verkada customers.
The Silicon Valley-based company services a wide range of businesses and institutions including Tesla, Cloudflare, hospitals, prisons, police departments, and schools. One of the hackers told Bloomberg that the group simply found the credentials for a Verkada administrator account publicly exposed online and used used that to gain access. But shining a light on the security company’s poor security was only part of their intent. The hacker said the breach was “intended to show the pervasiveness of video surveillance and the ease with which systems could be broken into.” Certain subjects of the video footage, such as gym members and hospital patients, may not be aware they are being surveilled. Once Verkada learned of the hack, the login credentials were changed and the group lost the connection.
Microsoft issued a patch on Tuesday to fix a vulnerability recently exploited by the North Korean state-sponsored hacking group Lazarus, AKA Zinc. Members of the group posed as white hat hackers in order to gain the trust of security researchers and then attack them. Google and Microsoft announced the attacks in blog posts several weeks ago. The Lazarus group took measures to appear trustworthy and legitimate, going so far as to create Twitter personas and set up a research blog. Once trust was established with the researchers, they sent project files laced with malware that then attacked the researchers’ systems.
Some airlines, including Singapore Airlines, New Zealand Air, and Malaysia Airlines, have warned passengers about a security breach that may have impacted their data, after aviation IT provider SITA issued a press release earlier this month announcing it had become the victim of “a highly sophisticated attack” that involved certain passenger data. A spokesperson for SITA told ZDNet that the breached information does include airline passengers’ personal data. SITA, which claims to serve 90% of the world’s airlines, said the attack occurred February 24 this year. See the story in The Guardian for more.
Attorneys for social media giant Twitter filed a lawsuit this week seeking “declaratory and injunctive relief” from Texas Attorney General Ken Paxton. “Twitter seeks to stop AG Paxton from unlawfully abusing his authority as the highest law-enforcement officer in the State of Texas to intimidate, harass, and target Twitter in retaliation for Twitter’s exercise of its First Amendment rights,” reads the court filing. Twitter claims that Paxton launched an investigation into the platform and accused it of conspiracy in what was simply a punishing, retaliatory action for banning Trump from the service following his instigation and flaming of the violence of January 6. Paxton accused Twitter of politically conspiring with the other online services that banned Trump after the Capitol Hill riot, and he demanded Twitter and the other services hand over their content moderation policies for review. Read more about this story on CNET.
There are several US states which are on track to pass new data privacy laws during 2021. Here's what's happening at the state level.
A number of European Union institutions, including the European Commission, were targeted in a substantial cyberattack last week, though no major information breach has been detected as of yet.
The latest sizable data breach from Facebook can and should be a motivation for many people to move off SMS-based codes to authenticator apps.
The art world has been overtaken by tokens as of late — non-fungible tokens (NFTs), that is. We walk through this method of tracking the ownership of various digital goods and what it means for the rest of us who still primarily deal with the physical world.