Now Online Safety Act is law, UK has ‘priorities’ – but still won’t explain ‘spy clause’
The UK government has set out plans detailing how it will use the new law it has created to control online platforms and social media – with one telling exception. The Draft Statement of Strategic Priorities for online safety places an emphasis on platform providers preventing online harms in the first place, and collaborating with regulator Ofcom on how the new law – the Online Safety Act – will be implemented. But it provides little detail about how it will use the more controversial aspects of the legislation. The set of priorities lists activities that might take place on online platforms. It expects platform providers “to take proactive steps to reduce the risks their services are used to carry out the most harmful illegal activity.”
Apple Pay, Cash App, and other digital wallets will be regulated more like banks now
Major digital payment providers will soon be subject to bank-like supervision from the US Consumer Financial Protection Bureau (CFPB). On Thursday, the CFPB issued a final rule that will regulate digital payment apps that process over 50 million transactions each year, covering services like Apple Pay, Google Wallet, PayPal, Cash App, and others. The new rule is meant to ensure digital payment providers adhere to the same laws as credit unions and large banks. It will give the CFPB the authority to oversee their compliance with federal laws surrounding privacy, fraud, and other rules through “proactive examinations.” This follows the CFPB’s initial proposal to regulate digital payment providers last year, which would’ve covered a wider swath of companies processing more than 5 million transactions a year.
Don’t install Bing Wallpaper until you check out everything it does under the hood
Back in August, we heard reports of Bing Wallpaper asking people to sideload a Bing extension onto Chrome. It definitely raised an eyebrow at the time, but little did we know that this would be the tip of the iceberg. After Microsoft released Bing Wallpaper for public use a few days ago, it turns out that it runs some pretty shady code that people using the app should definitely know about.
Ubuntu Linux has a worrying security flaw that may have gone unseen for a decade
A critical security vulnerability has been discovered in the Ubuntu Linux operating system that may have been lurking undetected for over 10 years. The flaw, which affects the operating system’s file system permissions, could potentially allow attackers to escalate their privileges and gain unauthorized access to sensitive data.
NIST Sets Up New Task Force on AI and National Security
The National Institute of Standards and Technology (NIST) has launched a task force to address the intersection of artificial intelligence and national security. This new initiative aims to develop policies and frameworks to ensure that AI technologies are used responsibly and effectively in safeguarding national interests, while mitigating associated risks.
A new ‘ultra-secure’ phone carrier says it can make you harder to track
A new cell phone carrier is launching with an interesting pitch: it says it will offer secure cell service that limits how much personal data users give up, as reported earlier by 404 Media. The service, called Cape, is geared toward “high-risk” individuals like politicians, journalists, activists, and others. Cape is a mobile virtual network operator (MVNO) that uses UScellular’s network. But since it runs its mobile own core, Cape says it can control the technology powering the mobile network and “implement protections over what data enters and leaves your phone.” When signing up for the service, Cape says it will ask users for the “minimum amount of personal information” and will store it “for as little time as possible.”
DARPA-backed voting system for soldiers abroad savaged
An electronic voting project backed by DARPA – Uncle Sam’s boffinry nerve center – to improve the process of absentee voting for American military personnel stationed abroad has been slammed by security researchers. In February, VotingWorks, a non-profit election technology developer, showed off a prototype of an encrypted voting system. With funding support from DARPA, the project aims to make it easier for service personnel to vote in US elections when stationed outside of the United States. According to the Federal Voting Assistance Program, about three quarters of the 1.3 million active duty military members are eligible to cast absentee ballots, but many face barriers that hinder participation in elections.
Microsoft president asks Trump to “push harder” against Russian hacks
Microsoft’s president has called on Donald Trump to “push harder” against cyber attacks from Russia, China, and Iran amid a wave of state-sponsored hacks targeting US government officials and election campaigns. Brad Smith, who is also the Big Tech company’s vice chair and top legal officer, told the Financial Times that cyber security “deserves to be a more prominent issue of international relations” and appealed to the US president-elect to send a “strong message.” “I hope that the Trump administration will push harder against nation-state cyber attacks, especially from Russia and China and Iran,” Smith said. “We should not tolerate the level of attacks that we are seeing today.”
Volunteer DEF CON hackers dive into America’s leaky water infrastructure
A plan for hackers to help secure America’s critical infrastructure has kicked off with six US water companies signing up to let coders kick the tires of their computer systems and fix any vulnerabilities. Launched at this year’s DEF CON, the Franklin project is a scheme to shore up key systems by using the skills of top hackers. As the conference’s founder, Jeff Moss, explained to The Register at the time, it’s an attempt not only to strengthen US resilience to online attacks, but also to chronicle what is being done in a yearly “Hacker’s Almanack” so that others can learn essential skills.
Software company providing services to US and UK grocery stores says it was hit by ransomware attack
A major software supply-chain company, which counts US and UK grocery stores and Fortune 500 firms as clients, said it was hit by a ransomware attack this weekend. The hackers hit Blue Yonder — an Arizona-based software firm acquired by Panasonic in 2021 — affecting a private cloud computing service the company provides some customers, but not the company’s public cloud environment. A Blue Yonder spokesperson did not answer questions about which clients were affected, including those in the United States. But messages Blue Yonder sent to customers CNN reviewed show the company is scrambling to work with US-based clients to mitigate any impacts on customers.
