NCSC
NEW UK LAW BANS DEFAULT PASSWORDS ON SMART DEVICES

The UK’s NCSC wants smart device manufacturers to follow new law banning default passwords. The law, known as the Product Security and Telecommunications Infrastructure act (or PSTI act), will be effective on April 29, 2024.

“From 29 April 2024, manufacturers of consumer ‘smart’ devices must comply with new UK law.” reads the announcement published by NCSC. “The law, known as the Product Security and Telecommunications Infrastructure act (or PSTI act), will help consumers to choose smart devices that have been designed to provide ongoing protection against cyber attacks.”

• Alert

ALERT
CISA issued Seventeen Industrial Control Systems Advisories

By infosecbulletin / Friday , May 17 2024

ISA issued seventeen advisories about Industrial Control Systems (ICS) on May 16, 2024. These advisories give important information about security...

Read More

• Vulnerabilities

Intel released 41 Security Advisories Over 90 Vulnerabilities

By infosecbulletin / Thursday , May 16 2024

Intel released 41 security advisories this Patch Tuesday, which contain information about over 90 vulnerabilities in their products. The company...

Read More

• Vulnerabilities

Adobe Patches Multiple Code Execution Flaws

By infosecbulletin / Thursday , May 16 2024

Adobe released security updates for the vulnerabilities in Adobe software. Bad actors could exploit some of these vulnerabilities taking control...

Read More

• Hot Topic
• International

FBI seized BreachForums, including telegram channel

By infosecbulletin / Wednesday , May 15 2024

FBI has seized hacking forum "BreachForums" popularly known as a Breached hacking forum in the underground market on Wednesday morning...

Read More

• Cyber Attack
• National
• Ransomware

Kaspersky report
Bangladesh faces over 34,000 ransomware attacks

By infosecbulletin / Wednesday , May 15 2024

Antivirus manufacturer Kaspersky inform that it has detected over 34,000 ransomware attacks targeting various organizations in Bangladesh from January to...

Read More

• Vulnerabilities

FortiOS & FortiProxy SSL-VPN Flaw Allows IP Spoofing

By infosecbulletin / Wednesday , May 15 2024

A vulnerability has been discovered in Fortinet’s FortiOS SSL-VPN and FortiProxy SSL-VPN. The flaw is identified as FG-23-225 which allows...

Read More

• Ransomware

Ransomware Activities this week: Threatmon report

By infosecbulletin / Wednesday , May 15 2024

According to the Threatmon advanced threat monitoring platform, LockBit is in the top position in the category of top active...

Read More

• International

ALERT
CISA Releases Four Industrial Control Systems Advisories

By infosecbulletin / Wednesday , May 15 2024

On Tuesday (May 14), CISA released four Industrial Control Systems (ICS) advisories which provide timely information about current security issues,...

Read More

• Vulnerabilities

Microsoft May 2024 Patch Tuesday fixes 61 flaws 2 zero-days

By infosecbulletin / Wednesday , May 15 2024

Microsoft patched May 2024 Tuesday including updates for 61 flaws and three publicly disclosed zero days. This update fixed Microsoft...

Read More

• National

Newly circulated reserve theft is false: Bangladesh Bank

By infosecbulletin / Tuesday , May 14 2024

On Tuesday (14.05.2024) Bangladesh Bank spokesperson Majbaul Haque said to media that the information published in the report is completely...

Read More

The U.K. is the first country to ban default passwords on IoT devices. This law stops manufacturers from providing devices with easily accessible passwords that can be shared.

The law applies to the following products:

Smart speakers, smart TVs, and streaming devices
Smart doorbells, baby monitors, and security cameras
Cellular tablets, smartphones, and game consoles
Wearable fitness trackers (including smart watches)

Smart domestic appliances (such as light bulbs, plugs, kettles, thermostats, ovens, fridges, cleaners, and washing machines)

Hackers could use these to get into a network or carry out cyber attacks.
Companies must provide a way to report security issues and specify how long the device will get important security updates.

The NCSC stated that the PSTI act applies to organizations that import or sell products for the UK market. This includes most smart devices made outside the UK. Manufacturers who do not comply with the act will be fined up to £10 million or 4% of their worldwide revenue.