Security News
Following California’s lead, a new UK law would ban default passwords in IoT devices.
The CMA's claims come in the wake of yesterday's call by the UK's data watchdog, the Information Commissioner's Office, for Google and co to sort out the privacy risks posed by ads. In June the CMA consulted on initial commitments offered by Google and the feedback from third parties was... they needed a bit of work.
A company repeatedly endorsed by ministers backing the UK's Online Safety Bill was warned by its lawyers that its technology could breach the Investigatory Powers Act's ban on unlawful interception of communications, The Register can reveal. SafeToNet, a content-scanning startup whose product is aimed at parents and uses AI to monitor messages sent to and from children's online accounts, had to change its product after being warned that a feature developed for the government-approved app would break the law.
A UK Department for Transport website was caught serving porn earlier today. Uk website was seen serving porn today, as confirmed by BleepingComputer.
A new British IoT product security law is racing through the House of Commons, with the government boasting it will outlaw default admin passwords and more. The Product Security and Telecommunications Infrastructure Bill was introduced yesterday and is intended to drive up security standards in consumer tech gadgetry, ranging from IoT devices to phones, fondleslabs, smart TVs, and so on.
The Ministry of Justice has secured a set of Wi-Fi access points that potentially gave admin access to industrial control equipment after a tipoff by The Register. Four unsecured wireless networks named "Boiler Pump 1" to "Boiler Pump 4" were freely accessible in the Royal Courts of Justice until The Register told officials what was happening.
The UK's National Cyber Security Centre says it warned the owners of more than 4,000 online stores that their sites were compromised in Magecart attacks to steal customers' payment info. In Magecart attacks, threat actors inject scripts known as credit card skimmers into compromised online stores to harvest and steal the payment and/or personal info submitted by customers at the checkout page.
If you run a small online business powered by the Magento ecommerce platform, Britain's National Cyber Security Centre is begging you to make sure it's fully patched ahead of Black Friday. "Retailers are urged to ensure that Magento - and any other software they use - is up to date," said the GCHQ offshoot in a statement today, adding it had notified 4,151 online stores that their Magento installations were vulnerable to compromise by criminals.
"FBI and CISA have observed this Iranian government-sponsored APT group exploit Fortinet vulnerabilities since at least March 2021 and a Microsoft Exchange ProxyShell vulnerability since at least October 2021 to gain initial access to systems in advance of follow-on operations, which include deploying ransomware," CISA said. The Iranian state hackers focus their attacks on US critical infrastructure sectors and Australian organizations.
The UK government has published guidance describing what technologies may be caught within the National Security and Investment Act 2021, which is set to give ministers the power to halt mergers and acquisitions. The guidance says that "If an entity you are acquiring performs a certain activity, it could put you in scope of the National Security and Investment Act and you may be legally required to tell the government about it. This guidance tells you what these activities are."