Again, a brief weekly digest of some interesting news around the technology world.
Let's get started.
Microsoft Exchange Hack
Literally the security world is scrambling again over the Microsoft Exchange hack. After all, which company do not use MS Exchange as their core email infrastructure?
CNN provided a very good summary of what had happened so far. Obviously it got political as Microsoft is indicating that this is a state sponsored attack. The attacking group, called HAFNIUM by Microsoft, is using 4 on-premise MS Exchange vulnerabilities to attack very sensitive targets in the United States, including disease researchers, law firms, education institutions, NGOs, policy think tanks and defense contractors. Apart from defense contractors, probably the rest does not have a very solid security defence framework nor a very good response team.
It also looks like HAFNIUM is using VPS servers in the United States.
Once an attack is successful, HAFNIUM can download both contact list and email contents.
Traditionally, emails are not encrypted, because of the complexities around key exchange and the fact that there are multiple standards competiting with each other (think PGP and GPG). No matter how organisations are closing off the vulnerabilities, I believe it is time for everyone to honor S/MIME and email encryptions. It is no easy feast because traditionally internal emails (emails exchanged among colleagues) can be easily configured to encrypt by default, however, cross-company trust is not easy to establish unless all email signing certificates are trusted by common certificate authorities, just like TLS enabled websites.
Certificate authorities should start to think seriously about email certificate, as it can be a big business to them as well. Think of the number of certificates that they need to issue every day if you want a certificate for every employee in the world...
More sanctions for Huawei
Looks like the Biden administration has just added another sanction to Huawei's suppliers, restricting companies from supplying items that can be used for 5G devices.
The list would still go on-and-on... A lot of 5G materials are actually shared with 4G materials as well, so it means 4G is also out of sight for Huawei.
Think about the consequences...