https://www.nrk.no/trondelag/dataangrep-mot-hurtigruten_-sensitive-opplysninger-om-ansatte-i-hurtigruten-er-publisert-pa-dark-web-1.15404764

Opplysninger fra fem skip har havnet på avveie. Hurtigruten har sendt brev til gjester og ansatte som er rammet av dataangrepet.

[D]e som brøt seg inn fikk tilgang til fullt navn, fødselsnumre og info om ansettelsesforhold til medlemmer av besetningen.

Det inkluderer arbeidsavtaler, sykemeldinger, dokumentasjon til Nav og andre HR-relaterte forhold.

Informasjonen var lagret på servere om bord på skipet.

https://nrkbeta.no/2021/03/09/microsoft-exchange-la-igjen-bakdor-hos-trondersk-kollektivselskap/

Norske virksomheter har den siste uken jobbet mot klokka med å installere en kritisk sikkerhetsoppdatering. De som ikke er raske nok kan bli ofre for spionasje og løsepengevirus.
Norsk sikkerhetsmyndighet (NSM) advarer om at en mye brukt Microsoft-løsning for e-post bør anses som «mulig kompromittert» om nødvendige sikkerhetsoppdateringer ikke ble gjort innen onsdag i forrige uke.

Søndag kveld viste undersøkelser gjort av sikkerhetsselskapet Defendable at minst 269 Microsoft-servere i Norge fortsatt manglet disse oppdateringene.

https://krebsonsecurity.com/2021/03/at-least-30000-u-s-organizations-newly-hacked-via-holes-in-microsofts-email-software/

At least 30,000 organizations across the United States — including a significant number of small businesses, towns, cities and local governments — have over the past few days been hacked by an unusually aggressive Chinese cyber espionage unit that’s focused on stealing email from victim organizations, multiple sources tell KrebsOnSecurity. The espionage group is exploiting four newly-discovered flaws in Microsoft Exchange Server email software, and has seeded hundreds of thousands of victim organizations worldwide with tools that give the attackers total, remote control over affected systems.

By all accounts, rooting out these intruders is going to require an unprecedented and urgent nationwide clean-up effort. Adair and others say they’re worried that the longer it takes for victims to remove the backdoors, the more likely it is that the intruders will follow up by installing additional backdoors, and perhaps broadening the attack to include other portions of the victim’s network infrastructure.

KrebsOnSecurity has seen portions of a victim list compiled by running such a tool, and it is not a pretty picture. The backdoor web shell is verifiably present on the networks of thousands of U.S. organizations, including banks, credit unions, non-profits, telecommunications providers, public utilities and police, fire and rescue units.

“It’s police departments, hospitals, tons of city and state governments and credit unions,” said one source who’s working closely with federal officials on the matter. “Just about everyone who’s running self-hosted Outlook Web Access and wasn’t patched as of a few days ago got hit with a zero-day attack.”

https://www.bbc.com/news/technology-56321567

The European Banking Authority’s email servers have been compromised in a global Microsoft Exchange cyber-attack.

The EU body said personal data may have been accessed from its servers. And it had pulled its entire email system offline while it assessed the damage.

https://www.jwnenergy.com/article/2021/3/5/gates-backs-icelandic-startup-that-turns-carbon-di/

Reykjavik-based Carbfix captures and dissolves CO₂ in water, then injects it into the ground where it turns into stone in less than two years.

https://digitstodollars.com/2021/03/05/youre-on-allocation/

The current shortage is driven by two things: Covid and manufacturing is hard. Last year, factories in China started shutting down early in the year. By the time they started re-opening later in the year, factories everywhere else had shut down, or at least drastically scaled back. So many Chinese factories did not scale production up in a hurry. The result was reduced output everywhere. Then early this year it became clear that pandemic was under control in China and vaccines were coming soon everywhere, and that demand for many electronic devices was stronger than ever. Companies across the supply chain suddenly had to race to catch up, but often found their suppliers were not back to producing at full scale. This caused wrinkles to spread across the industry. Finally, it appears now that shipping has become a bottleneck with air freight prices sky high (pun intended) and US ports still dealing with scaled back working conditions. You could probably also throw in the US-China Trade War, but let’s not go down that particular rabbit hole now, just chalk it up to further complicating the situation.

The best example of this, and one we commonly hear, is the proverbial $2 electric motor which prevents completion of a $50,000 car. Now multiply this by 10,000 companies all hindered in their ability to ship because of some shortage from someone else’s factory.

https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea

Google can choose to dismantle the old scaffolding for surveillance without replacing it with something new and uniquely harmful.

We emphatically reject the future of FLoC. That is not the world we want, nor the one users deserve. Google needs to learn the correct lessons from the era of third-party tracking and design its browser to work for users, not for advertisers.

https://academictimes.com/first-vaccine-to-fully-immunize-against-malaria-builds-on-pandemic-driven-rna-tech/

Consistently ranked as one of the leading causes of death around the world, malaria doesn’t have an effective vaccine yet. But researchers have invented a promising new blueprint for one — with properties akin to the novel RNA-based vaccine for COVID-19.

https://arstechnica.com/tech-policy/2021/02/citibank-just-got-a-500-million-lesson-in-the-importance-of-ui-design/

Citibank was trying to make $7.8M in interest payments. It sent $900M instead.

https://www.drammen.kommune.no/om-kommunen/aktuelt/hackerangrep/

Drammen kommune har vært utsatt for et hackerangrep på en mindre del av infrastrukturen for vann og avløp.
Kommunen har kontroll på situasjonen, og alle vann- og avløpssystemer fungerer som normalt. Ingen av kommunens innbyggere er berørt av situasjonen, og ingen personopplysninger er på avveie.