|
Cyber Daily: Suspected China Hack of Microsoft Shows Signs of Prior Reconnaissance | Privacy 'Noise' in U.S. Census
|
|
|
|
|
|
Hello. Government and private-sector investigators of the breach of Microsoft Exchange Server in March suspect personal data taken in earlier huge hacks or scraped off social-media sites aided attackers, The Wall Street Journal reports.
Other news: How a leaked collection of Facebook data affects you; Senators seek more details in SolarWinds and Microsoft hacks; malware invades Android phones; French school hacks; privacy "noise" in U.S. Census.
|
|
|
|
|
The hack on computer systems using Microsoft Exchange Server was discovered in March. PHOTO: GERARD JULIEN/AGENCE FRANCE-PRESSE/GETTY IMAGES
|
|
|
Big data: U.S. government officials and Microsoft are still working to understand how a network of suspected Chinese hacking groups carried out an unusually indiscriminate and far-reaching cyberattack on Microsoft Exchange email software, more than a month after the discovery of an operation that rendered hundreds of thousands of small businesses, schools and other organizations vulnerable to intrusion.
A leading theory has emerged in recent weeks, according to people familiar with the matter: The suspected Chinese hackers mined troves of personal information acquired beforehand to carry out the attack. The data collections might have been personal data taken in earlier huge hacks, such at Equifax Inc. or Marriott International Inc., or scraped off social-media sites.
Read the full story.
|
|
“We face sophisticated adversaries who, we know, have collected large amounts of passwords and personal information in their successful hacks.” — Anne Neuberger, President Biden’s deputy national security adviser for cyber and emerging technology
|
|
|
|
More Cyber and Privacy News
|
|
|
|
Personal data about 533 million Facebook users was leaked online. PHOTO: DADO RUVIC/REUTERS
|
|
|
In a scrape: Facebook doesn't plan to notify the 533 million users of its social platforms that their data has been posted online in recent days. The data comes from a 2019 incident in which unknown parties exploited a vulnerability of Facebook platforms that has since been fixed, the company said. The parties scraped and collected several pieces of personal information about individuals. (Reuters)
|
|
What about me? Security experts say that scammers could use the information for nefarious purposes like spam email and robocalling. Regulators in Europe have asked Facebook for more details about the data leak. Facebook said in an April 6 blog post that the data leak reflects the ongoing need to police actions of bad actors on its platform. (WSJ)
|
|
|
Here is what you need to know.
👉 At haveibeenpwned.com, you can enter your phone number or email address and see whether your data was contained in data leak.
👉 The troves included phone numbers, email addresses, birthdays, hometowns, relationship statuses and more from users in several countries world-wide.
👉 “It’s a fallacy to believe that old data is bad data,” said Alex Holden, chief information security officer of Hold Security LLC. “For example, the LinkedIn breach from the early 2010s was used by the Guild of the Grumpy Old Hackers to guess former President Donald Trump’s Twitter username and password in 2016.”
👉 “While we can’t always prevent data sets like these from recirculating or new ones from appearing, we have a dedicated team focused on this work,” Facebook said in the blog post.
|
|
Senators want answers. Sens. Gary Peters (D., Mich.), in blue mask, and Rob Portman (R., Ohio) sent letters to senior U.S. cybersecurity officials seeking details and documents about the SolarWinds and Microsoft hacks. (NextGov)
|
|
|
-
The letters from the top members of the Senate's Homeland Security and Governmental Affairs Committee also requested information about the so-called Einstein system that protects perimeters of federal agencies. Responses are due by April 20.
|
|
|
Android phone malware: Smartphones from Germany's Gigaset AG are at risk after hackers compromised the company's system update server. Since late March, users have reported seeing their phones open browsers to display gaming ads. Gigaset is investigating, a spokesman said. (BleepingComputer)
|
|
|
Hacks on French schools: Cyberattacks on France's distance-learning network have disrupted the country's abrupt back-to-remote-learning move this week, Education Minister Jean-Michel Blanquer said. France returned to online schooling amid a surge in Covid-19 infections. (Associated Press)
|
|
Census 'noise.' The U.S. Census Bureau faces fire from civil rights groups and others for how it is protecting the privacy of respondents to the 2020 survey. The bureau said it is introducing digital "noise" into the data to obscure telling details about individuals but maintain accurate information about the U.S. population. Critics say the method will reduce the quality of the data in ways that could affect segments of the population. Commerce Secretary Gina Raimondo on Wednesday defended the technique. (Associated Press)
|
|
40%
|
Percentage of 856 professionals who say mobile devices are the biggest security threat to their companies, according to a Verizon Communications Inc. survey of workers in Australia, the U.S. and the U.K. responsible for mobile and Internet-of-Things devices.
|
|
|
|
|
|
|
|