Security News

Proposed UK Law Bans Default Passwords
2021-11-26 13:43

Following California’s lead, a new UK law would ban default passwords in IoT devices.

#UK
Privacy Sandbox saga continues: UK watchdog extracts more commitments from Google over ad tech
2021-11-26 13:33

The CMA's claims come in the wake of yesterday's call by the UK's data watchdog, the Information Commissioner's Office, for Google and co to sort out the privacy risks posed by ads. In June the CMA consulted on initial commitments offered by Google and the feedback from third parties was... they needed a bit of work.

Government-favoured child safety app warned it could violate the UK's Investigatory Powers Act with message-scanning tech
2021-11-26 12:23

A company repeatedly endorsed by ministers backing the UK's Online Safety Bill was warned by its lawyers that its technology could breach the Investigatory Powers Act's ban on unlawful interception of communications, The Register can reveal. SafeToNet, a content-scanning startup whose product is aimed at parents and uses AI to monitor messages sent to and from children's online accounts, had to change its product after being warned that a feature developed for the government-approved app would break the law.

UK government transport website caught showing porn
2021-11-25 19:33

A UK Department for Transport website was caught serving porn earlier today. Uk website was seen serving porn today, as confirmed by BleepingComputer.

#UK
UK.gov emits draft IoT and smartphone security law for Parliamentary scrutiny
2021-11-25 09:30

A new British IoT product security law is racing through the House of Commons, with the government boasting it will outlaw default admin passwords and more. The Product Security and Telecommunications Infrastructure Bill was introduced yesterday and is intended to drive up security standards in consumer tech gadgetry, ranging from IoT devices to phones, fondleslabs, smart TVs, and so on.

UK Ministry of Justice secures HVAC systems 'protected' by passwordless Wi-Fi after Register tipoff
2021-11-23 10:15

The Ministry of Justice has secured a set of Wi-Fi access points that potentially gave admin access to industrial control equipment after a tipoff by The Register. Four unsecured wireless networks named "Boiler Pump 1" to "Boiler Pump 4" were freely accessible in the Royal Courts of Justice until The Register told officials what was happening.

UK govt warns thousands of SMBs their online stores were hacked
2021-11-22 20:05

The UK's National Cyber Security Centre says it warned the owners of more than 4,000 online stores that their sites were compromised in Magecart attacks to steal customers' payment info. In Magecart attacks, threat actors inject scripts known as credit card skimmers into compromised online stores to harvest and steal the payment and/or personal info submitted by customers at the checkout page.

Ecommerce platforms (cough, Magento) need patching before Black Friday, warns UK's National Cyber Security Centre
2021-11-22 17:14

If you run a small online business powered by the Magento ecommerce platform, Britain's National Cyber Security Centre is begging you to make sure it's fully patched ahead of Black Friday. "Retailers are urged to ensure that Magento - and any other software they use - is up to date," said the GCHQ offshoot in a statement today, adding it had notified 4,151 online stores that their Magento installations were vulnerable to compromise by criminals.

US, UK warn of Iranian hackers exploiting Microsoft Exchange, Fortinet
2021-11-17 14:44

"FBI and CISA have observed this Iranian government-sponsored APT group exploit Fortinet vulnerabilities since at least March 2021 and a Microsoft Exchange ProxyShell vulnerability since at least October 2021 to gain initial access to systems in advance of follow-on operations, which include deploying ransomware," CISA said. The Iranian state hackers focus their attacks on US critical infrastructure sectors and Australian organizations.

UK government publishes guidance on security rules for tech takeovers
2021-11-17 11:46

The UK government has published guidance describing what technologies may be caught within the National Security and Investment Act 2021, which is set to give ministers the power to halt mergers and acquisitions. The guidance says that "If an entity you are acquiring performs a certain activity, it could put you in scope of the National Security and Investment Act and you may be legally required to tell the government about it. This guidance tells you what these activities are."