Well, looks like we’ve had our summer doesn’t it? While that may be a little disappointing, we can assure you this week’s edition of tech news certainly isn’t. Pop the kettle on (bit chilly isn’t it?) and enjoy your latest read:
Security researchers have discovered failings in two home electric car chargers.
The researchers were able to make the chargers switch on or off, remove the owner's access, and show how a hacker could get into a user's home network.
Most of the faults have now been fixed but owners are being told to update their apps and chargers, to be safe.
It comes as proposed new legislation on cyber-security for appliances - including chargers - is published.
Two home chargers, Wallbox and Project EV - both approved for sale in the UK by the Department for Transport - were found to be lacking adequate security when used with an accompanying app for smartphones.
Both Pen Test Partners and BBC Click contacted the firms to give them the chance to fix the problems before publishing the security flaws.
Russian hackers behind the massive SolarWinds cyber-espionage campaign broke into the email accounts of some of the most prominent US federal prosecutors’ offices last year, the Department of Justice has said.
The department said 80% of Microsoft email accounts used by employees in the four US attorney offices in New York were breached. All told, the DoJ said 27 US attorney offices had at least one employee email account compromised.
The justice department said on Friday it believes the accounts were compromised from 7 May to 27 December last year. That timeframe is notable because the SolarWinds attack, named for the company which made the affected product and which infiltrated dozens of companies and think tanks as well as at least nine government agencies, was discovered and publicized in mid-December.
The Ministry of Defence (MoD) has for the first time paid bounties to hackers for finding vulnerabilities in its computer networks before they could be exploited by the UK's adversaries.
Just over two dozen civilian hackers were permitted to take part in the 30-day programme after undergoing background checks with HackerOne, a company that specialises in bug bounty competitions.
In an announcement on Tuesday, the ministry's chief information security officer, Christine Maxwell, said the security test was "the latest example of the MoD’s willingness to pursue innovative and non-traditional approaches" to securing its networks.
Bug bounty programmes offer hackers a financial reward for discovering and disclosing software vulnerabilities so they can be fixed rather than exploited by hostile states.
Video-conferencing firm Zoom has agreed to pay $86m (£61.9m) to settle a class action privacy lawsuit in the US.
The lawsuit alleged that Zoom had invaded the privacy of millions of users by sharing personal data with Facebook, Google and LinkedIn. It also accused Zoom of misstating that it offers end-to-end encryption and for failing to prevent hackers from "zoombombing" sessions.
The firm denied any wrongdoing, but has agreed to boost its security practices.
The preliminary settlement, which also includes a provision that Zoom will give its staff specialised training in data handling and privacy, is still subject to approval by US District Judge Lucy Koh in San Jose, California.
A Zoom spokesman said: "The privacy and security of our users are top priorities for Zoom, and we take seriously the trust our users place in us. "We are proud of the advancements we have made to our platform, and look forward to continuing to innovate with privacy and security at the forefront."
