Security News

The UK Government confirmed today that a threat actor recently breached the country's Ministry of Defence and gained access to part of the Armed Forces payment network.The attacked system contained personal data belonging to active and reserve personnel as well as some recently retired veterans.

An advanced persistent threat group that has a track record of targeting India and Afghanistan has been linked to a new phishing campaign that delivers Action RAT. According to Cyble, which attributed the operation to SideCopy, the activity cluster is designed to target the Defence Research and Development Organization, the research and development wing of India's Ministry of Defence. Known for emulating the infection chains associated with SideWinder to deliver its own malware, SideCopy is a threat group of Pakistani origin that shares overlaps with Transparent Tribe.

The UK Ministry of Defence has suspended online application and support services for the British Army's Capita-run Defence Recruitment System and confirmed to us that digital intruders compromised some data held on would-be soldiers. The extent and method of the attack remains under investigation by the MoD and Capita.

A second leak of Afghan interpreters' personal data was reportedly committed by the Ministry of Defence, raising further questions about the ministry's commitment to the safety of people in Afghanistan, some of whom are its own former employees. The BBC reported overnight that the details of a further 55 Afghans - claimed to be candidates for potential relocation - had been leaked through the classic cc-instead-of-bcc email blunder, echoing the previously reported breach of 250 interpreters' data through a similar failure.

The UK's Ministry of Defence has launched an internal investigation after committing the classic CC-instead-of-BCC email error - but with the names and contact details of Afghan interpreters trapped in the Taliban-controlled nation. The horrendous data breach took place yesterday, with Defence Secretary Ben Wallace promising an immediate investigation, according to the BBC. Included in the breach were profile pictures associated with some email accounts, according to the state-owned broadcaster.

The Ministry of Defence has paid out the first bug bounties to ethical computer hackers who probed web-accessible systems for vulnerabilities, according to a cheery missive from HackerOne. A month-long "Hacker security test" culminated in a couple of dozen folk being handed unspecified rewards - and marking the first public confirmation of HackerOne's UK government partnership.

The Ministry of Defence has ordered its contractors not to answer certain questions on the UK's once-in-a-decade census - despite threats of £1,000 fines being handed to people who don't complete the national survey. The Ministry of Defence has taken a curious line against the census, urging defence personnel and contractors to give incomplete answers to four questions - and to ignore one altogether.

The Ministry of Defence's multibillion budget overrun has been caused in part because of its spending splurge on flashy new "Cyber" capabilities, according to the National Audit Office. The MoD faces a budget black hole measured in billions thanks to its profligacy - and even the announcement of a cash top-up of £4bn per year between now and 2024, on top of its £41.2bn annual budget, won't be enough to plug it, according to the auditors.

The UK's Ministry of Defence has launched a bug bounty scheme, promising privateer pentesters they won't be prosecuted if they stick to the published script. The MoD has joined forces with bug bounty platform HackerOne, with the scheme seemingly being aimed at those who probe external web-facing parts of the ministry's sprawling digital estate.

Worried about identifiable personal data from your coronavirus contact-tracing app making it into a British government database? Fear not! The Ministry of Defence is sanitising it all first. Public fears are already running high after official COVID-19 contact tracing app maker NHSX's CEO admitted to Parliament that data harvested by the app would be retained after the pandemic ends for "Research".