A hosting data center, (the largest in Europe and the third-largest in the world) for the French hosting provider OVH suffered a fire that knocked out several customers’ data and websites. While this is more on the Operations side, it does fall under one of those extreme circumstances that ideally you would have a backup plan to cover: https://blog.malwarebytes.com/malwarebytes-news/2021/03/ovh-cloud-datacenter-destroyed-by-fire/.
Hackers gained access to 150,000 live video feeds managed by a startup called Verkada, which provides video camera management-as-a-service solutions. The reason for the attack? According to one of the hackers, to demonstrate the effect of surveillance and a touch of anarchism: https://www.bloomberg.com/news/articles/2021-03-09/hackers-expose-tesla-jails-in-breach-of-150-000-security-cams?sref=ylv224K8.
The saga of the hacked Microsoft Exchange servers continues. First covered in the news round-up of March 2, the story has widened into a mass intrusion into hundreds of thousands of organizations running Microsoft Exchange servers, not just by a Chinese group but by attackers worldwide. The primary vulnerability allows relatively easy access to user emails or the ability to upload webshells. https://krebsonsecurity.com/2021/03/warning-the-world-of-a-ticking-time-bomb/
(Technical details are included here: https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/)
Unusual phishing attack that targets higher-placed personnel and executives (often known as ‘whaling) that includes a fake Google reCAPTCHA form before asking for victims’ credentials: https://threatpost.com/google-recaptcha-phishing-office-365/164566/
In other news, I see that Blackhat is scheduled on-site in Las Vegas in 2021. As it’s now been a year since the ramp-up of the pandemic, I will be curious to see which organizations choose to have a virtual or in-person conference. Those that are later in the summer may stand a chance. Virtual conferences work well but, of course, are not a full replacement for in-person events.