Information from the U.K. National Cyber Security (NCSC) has highlighted beckoning manufacturers of smart devices to comply with new legislation prohibiting default passwords. The NCSC said the law named Product Security and Telecommunications Infrastructure act (or PSTI Act) will become a reality starting from April 29, 2024.  according to the agency, the law will assist consumers in choosing smart devices designed to provide ongoing protection against cyber attacks. The law implies that manufacturers supply only devices that use guessable default passwords, provide a point of contact to report security issues and ensure the availability of security updates within the expected time frame. The law applies to the listed products:
- Smart speakers, smart TVs and streaming devices
- Smart doorbells, baby monitors, and security cameras
- Cellular tablets, smartphones, and game consoles
- Wearable fitness trackers (including smartwatches)
- Smart domestic appliances (such as light bulbs, plugs, kettles, thermostats, ovens, fridges, cleaners, and washing machines).
New AI Security Guidelines Released for Critical Infrastructure by the U.S. Government
A U.S. Department of Homeland Security report on Monday (April 29 2024) states, “These guidelines are informed by the whole-of-government effort to assess AI risks across all sixteen critical infrastructure sectors, and address threats both to and from, and involving AI systems.” The government has claimed the guidelines aim to bolster critical infrastructure against artificial intelligence (AI)-related threats. The agency explained that it is working on facilitating safe, responsible, and trustworthy use of technology to avoid individuals’ privacy, civil rights, and civil liberties infringement. In addition to the revelation by the agency, the guidelines will also establish an organizational culture of AI risk management, help understand individual AI use context and risk profile, develop systems to assess, analyze, and track AI risks, and prioritize and act upon AI risks to safety and security.
Cybersecurity Researchers Discover Millions of Over 5 Years Malicious Imageless Containers Planted on Docker Hub
Cybersecurity researchers have uncovered a staggering revelation-over four million repositories in Docker Hub are imageless and devoid of context. This finding, reported by Andrey Polkovnichenko, a JFrog security researcher, points to a long-standing and widespread threat. Threat actors have been targeting Docker Hub for over five years, using these imageless containers as a tool for their malicious campaigns. Further investigation into these containers has revealed that they only contain documentation, with no connection to the container itself. Some attackers have even exploited these containers to carry out fraudulent activities, such as redirecting unsuspecting users to fraudulent sites.
The Royal Family of Great Britain has been attacked by the Snatch ransomware group.
A privately owned company called Black Diamond, which specializes in asset management has suffered a ransomware attack by Blackbasta. The company has over 200 employees and $19.2 million in revenue.
Frencken, a company specializing in mechatronics, precision mechanics, CNC milling and turning, assembly, cleanroom assembly, and cleanliness grade 1, suffered a ransomware attack from Snatch. The company has over 1,000 employees and a revenue of $587 million.
