Security News for the Week Ending December 1, 2023
Montana and Indiana TikTok Ban Stunts Unsurprisingly Fail in Court
Both Indiana and Montana passed laws completely banning TikTok – both at the app store and private citizen level. Given that these laws were political stunts designed to try and impress voters, it is not surprising that they failed in court. The courts struck down the law on multiple counts include First Amendment, Federal Preemption and the Dormant Commerce Clause. Not sure if the states plan to waste more taxpayer money appealing this. Credit: Law Professor Eric Goldman
UK Lawmakers Modifying Their Version of GDPR
The UK is calling the EU’s bluff and modifying their version of GDPR dispite objections from privacy advocates. The bill already cleared the lower house of Parliament. The bill gives the government sweeping new powers to access data and reduces citizen’s privacy rights. The EU’s “adequacy” decision of the UK’s current privacy laws expires in 2025 and the EU could decide not to renew it. If so, the migration of data between the EU and UK will grind to a halt, impacting UK businesses. Credit: Data Breach Today
Interpol Uses New Biometrics Database to Catch Crooks
Interpol has created a new biometrics app called “Biometric Hub” to collect all of the fingerprint and facial recognition data it already has in one place, making it easier for hackers to steal it. Oh, no, making it easier for border control to use it. I am sure it will be totally secure. Recently a wanted human smuggler tried to pass himself off as a migrant. When he tried to cross the border in Bosnia, his face popped up as a wanted fugitive and he was arrested. Credit: Dark Reading
60 US Credit Unions Offline Due to Ransomware at IT Provider
Another day, another third party breach. In this case, the credit union’s IT provider is Ongoing Operations, which, apparently, is neither ongoing, nor operating. But not to worry because they say they were hit by a sophisticated ransomware attack. Apparently due to not patching their Citrix servers. Note that HHS says that hospitals are also being attacked due to not patching their Citrix servers quickly enough either. It is unclear, but this may actually be a fourth party breach as Ongoing seems to be the vendor to FedComp, who actually provides services to the credit unions. Credit: The Register
Microsoft Pledges to Improve Security with “Secure Future” Program
Do you remember when Bill Gates wrote his famous security memo and the company finally started taking security more seriously? This is kind of like phase two of that. Given that Microsoft has a huge target painted on it, this seems like a smart move to reduce self inflicted pain and of course, it will use AI. One pillar of the program is to speed up patching CLOUD vulnerabilities by 50%. If you are still using on-premise software, sorry, this won’t help you. Credit: Bleeping Computer