article thumbnail

The UK Bans Default Passwords

Schneier on Security

The UK is the first country to ban default passwords on IoT devices. On Monday, the United Kingdom became the first country in the world to ban default guessable usernames and passwords from these IoT devices. Unique passwords installed by default are still permitted. This sort of thing benefits all of us everywhere.

Passwords 336
article thumbnail

France’s second-largest telecoms provider Free suffered a cyber attack

Security Affairs

is a French telecommunications company, subsidiary of Iliad S.A. that provides voice, video, data, and Internet telecommunications to consumers in France. “No passwords” , “no bank cards” , “no content of communications (emails, SMS, voice messages, etc.)” Free S.A.S.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Ukrainian telecommunications operators hit by DarkCrystal RAT malware

Security Affairs

The Ukrainian CERT-UA warns of attacks against Ukrainian telecommunications operators involving the DarkCrystal RAT. The Governmental Computer Emergency Response Team of Ukraine (CERT-UA) is warning of a malware campaign targeting Ukrainian telecommunications operators with the DarkCrystal RAT. Pierluigi Paganini.

article thumbnail

European Telecommunications Standards Institute (ETSI) suffered a data breach

Security Affairs

The European Telecommunications Standards Institute (ETSI) disclosed a data breach, threat actors had access to a database of its users. Threat actors stole a database containing the list of users of the portal of the European Telecommunications Standards Institute ( ETSI ).

article thumbnail

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Security Affairs

Russia-linked APT group Sandworm has hacked eleven telecommunication service providers in Ukraine between since May 2023. The Russia-linked APT group Sandworm (UAC-0165) has compromised eleven telecommunication service providers in Ukraine between May and September 2023, reported the Ukraine’s Computer Emergency Response Team (CERT-UA).

article thumbnail

Can We Stop Pretending SMS Is Secure Now?

Krebs on Security

From there, the attacker can reset the password of any account which uses that phone number for password reset links. Most large and legacy telecommunications providers validate transfer requests related to their customers by consulting NPAC , or the Number Portability Administration Center. ” WHAT CAN YOU DO?

article thumbnail

New U.K. Law Bans Default Passwords on Smart Devices Starting April 2024

The Hacker News

National Cyber Security Centre (NCSC) is calling on manufacturers of smart devices to comply with new legislation that prohibits them from using default passwords, effective April 29, 2024.

Passwords 138