If you work in cybersecurity, chances are you're pretty tired by now. On the heels of Russia's devastating Solarwinds hack that came to light in December, Chinese hackers have mounted what appears to be a full-on assault against Microsoft Exchange Servers, hitting at least 30,000 servers in the United States alone. China's spies will whittle down the target list from there for further compromise, but this mess is still going to take a very long time to clean up.
Speaking of messes, apps in both the App Store and Google Play Store still leak too much data too much of the time, according to a new study from mobile security firm Zimperium. Thanks to misconfigured cloud settings, tens of thousands of apps on both platforms inadvertently expose user information like financial data and medical test results. A different category of mistake was found over at far-right platform Gab, which got hacked very very thoroughly, apparently due to a coding error introduced by the platform's CTO.
Cybersecurity entrepreneur turned man on the run John McAfee was indicted Friday for his alleged involvement in two cryptocurrency scams. Twitch released its first transparency report this week after a decade of, well, not doing that. Microsoft has started testing its decentralized IDs in the real world, if you wanted to put your college diploma on the blockchain. We took a look at how Myanmar's citizens are dealing with a prolonged internet shutdown during that country's military coup. And we published our sixth installment of 2034, a fictional account of a near-future war with China that feels all too real.
And there's more! Each week we round up all the news we didn’t cover in depth. Click on the headlines to read the full stories. And stay safe out there.
Conservative lawmakers in Utah have passed a handful of anti-pornography laws in the last few years, including the declaration of a public health crisis in 2016. Now they've kicked things up a few notches. Measure HB72 won approval in the state senate this week, and in the house last month, meaning it's headed for the governor's desk for a signature. The law would mandate that every new smartphone and tablet sold in the state would come with a preinstalled adult content filter activated by default. This makes no sense on a few levels—logistical, constitutional, ethical—but fortunately also seems to have little chance of any near-term effect; the bill stipulates that its requirements don't go into effect until five other states have passed identical legislation, and even then it seems unlikely that Apple and Google and the Electronic Frontier Foundation and basically anyone within a thousand yards of the intersection of civil liberties and technology would acquiesce to Utah's demands.
As classes have gone remote, educators have increasingly relied on intrusive software that surveils students in their homes. Motherboard this week talked to university students around the world about how they've gotten around exam proctoring software in particular, using everything from FaceTime and flash cards to taping notes on the wall out of view of a laptop's webcam. Given how easy it is to get around the monitoring, it hardly seems worth the trade-off in privacy that installing it requires.
The iOS jailbreaks keep on coming. Last weekend, the Unc0ver team released its latest effort, which liberates Apple devices from iOS 11 through iOS 14.3. (But not, it should be noted, iOS 14.4, which was released in February.) The usual caveat of “you probably shouldn't do this unless you absolutely know what you're doing” applies.
While everyone has their hands full with the Microsoft Exchange Server hacks this week, the Solarwinds campaign continues to simmer in the background. This week, Microsoft and security firm FireEye both shared new details about malware strains the Russia-linked group used to get such devastating access to so many targets. The more researchers can discern about the Solarwinds team's methods, the faster and more effectively they can remediate the problem—and prevent it from happening again.