InfoSecBulletin Cybersecurity for mankind
Apple opposes the UK government’s idea to pre-approve new security features from tech companies. If the UK Home Office rejects an update, it cannot be released in any other country, and the public will not be informed.
The government is seeking to update the Investigatory Powers Act (IPA) 2016. The Home Office said it supported privacy-focused tech but added that it also had to keep the country safe.
CISA Flags Craft CMS Code Injection Flaw Amid Active Attacks
B1ack’s Stash Releases 1 Million Credit Cards on a Deep Web Forum
Cisco Confirms
Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks
AWS Key Hunter
Test this free automated tool to hunt for exposed AWS secrets
Check Point Flaw Used to Deploy ShadowPad and Ransomware
CVE-2024-12284
Citrix Issues Security Update for NetScaler Console
CISA and FBI ALERT
Ghost ransomware to breach organizations in 70 countries
Hacker chains multiple vulns to attack Palo Alto Firewall
150 Gov.t Portal affected
Black-Hat SEO Poisoning Indian “.gov.in, .ac.in” domain
CVE-2018-19410 Exposes 600 PRTG Instances in Bangladesh
A government spokesperson said: “We have always been clear that we support technological innovation and private and secure communications technologies, including end-to-end encryption, but this cannot come at a cost to public safety.”
The House of Lords will discuss the proposed changes tomorrow. Apple says the UK government’s actions are unprecedented and too much.
“We’re deeply concerned the proposed amendments to the Investigatory Powers Act (IPA) now before Parliament place users’ privacy and security at risk,” said Apple in a statement.
“It’s an unprecedented overreach by the government and, if enacted, the UK could attempt to secretly veto new user protections globally preventing us from ever offering them to customers.”
BBC report said, “It is critical that decisions about lawful access, which protect the country from child sexual abusers and terrorists, are taken by those who are democratically accountable and approved by Parliament.”
Critics have called the current Act a “snoopers charter”. Apple has previously criticized similar proposals to expand its scope. Apple announced in July 2023 that it might remove services like FaceTime and iMessage from the UK if it had to compromise on future security.
The proposed UK law would cover all Apple products, not just FaceTime and iMessage.
In January, civil liberties groups such as Big Brother Watch, Liberty, Open Rights Group, and Privacy International issued a joint statement opposing certain parts of the bill.
The groups are worried that the proposed changes would make technology companies, even those outside the country, have to tell the government about any plans to enhance security or privacy on their platforms so the government can stop these changes.
“They claimed this would lead to private companies becoming extensions of the surveillance state and undermining the security of devices and the internet.”
The proposed changes are based on a review of current laws. They include updates regarding how intelligence agencies collect data and use internet connection records.
