In brief
Poor show: Well that went well. Like many others, you might have tried to use the UK government's postcode checker to find out the coronavirus restrictions in your area. If you did, you'll know it didn't work (because the servers ran out of memory). Solution? Take the whole site down. Congratulations.
Camera fine: The Belgian data protection regulator has fined a couple €1,500 for using surveillance cameras to film a public road and private property. GBA
Spoofed: Creating fake copies of websites is one of the favourite tricks used by attackers. Now the FBI is warning that their sites are being targeted, with multiple domain names being registered in an attempt to fool users. Password Managers will help protect against this technique.
Brexit: As the end of the UK's transition period approaches, researchers have warned that UK organisations face costs of up to £1.6 billion if a data sharing agreement with the EU isn't reached. NEF/UCL
Amazon WiFi: Amazon Echo owners in the US are about to be opted into a new service that uses their internet connections to create neighbourhood networks. The idea is to provide resilient connectivity in case of interruptions and to extend coverage for Amazon devices. Initially, 'Sidewalk' will only be available in the US. BBC
Apple: Another reminder that, while Apple's new M1-powered devices may offer excellent performance, that's not much use if they can't run your preferred apps. As Forbes reports, that's often the case. It's also worth bearing in mind that there are rumours that Apple is planning new MacBooks with a completely refreshed design.
Tesla: Researchers in Belgium took just minutes to steal a Tesla Model X by exploiting vulnerabilities in the car’s keyless entry system. The equipment costs about $200. YouTube
MeWe: You may have heard of Parler, which has become a refuge for Trump supporters who have deserted Twitter and Facebook. Now comes MeWe, which has grown even faster with 1.4 million downloads in November. Fortune (R)
Laser: Last year, researchers managed to use laser pointers to remotely control voice assistants, including Amazon Alexa and Google Home. This year, they're planning to show how their technique can be used to take control of security cameras. Intriguingly, while they know the approach works, they have yet to understand why. Dark Reading
Updates
A reminder about the critical importance of installing updates when vulnerabilities are discovered. Last year, Fortinet warned about an issue affecting its Fortinet VPNs - and repeated the warning at regular intervals. Despite this, many systems remained unpatched and the result is a set of stolen credentials for almost 50,000 installations belonging to banks, telecoms, and government organizations around the world. Bleeping Computer
MobileIron: Urgent warning from UK National Cyber Security Centre that state-backed attackers are actively using a vulnerability in the mobile device management solution to access networks across government, healthcare and other sectors. The issue was addressed by an update in June.
VMware: Workarounds published for critical command injection vulnerabilities in Workspace One Access, Access Connector, Identity Manager and Identity Manager Connector products.
Old Windows: Unofficial patch available through ACROS Security’s 0patch service for a previously unknown vulnerability in Windows 7 and Windows Server 2008 R2.
TikTok: Update to address two issues that could have allowed attackers to take over accounts with a single click for users who signed-up via third-party apps.