Security News
The risk of running obsolete code and hardware was highlighted after attackers exfiltrated data from a UK supplier of high-security fencing for military bases. The initial entry point? A Windows 7 PC. While the supplier, Wolverhampton-based Zaun, said it believed that no classified information was downloaded, reports indicated that attackers were able to obtain data that could be used to gain access to some of the UK's most sensitive military and research sites.
The National Cyber Security Centre provides details on prompt injection and data poisoning attacks so organizations using machine-learning models can mitigate the risks. Large language models used in artificial intelligence, such as ChatGPT or Google Bard, are prone to different cybersecurity attacks, in particular prompt injection and data poisoning.
London's Metropolitan Police has said a third-party data breach exposed staff and officers' names, ranks, photos, vetting levels, and salary information. The supplier did not store police addresses, phone numbers or financial account details so it appears that data remains secure.
The Cisco Talos report exposes new malware used by the group to target Internet backbone infrastructure and healthcare organizations in the U.K. and the U.S. Two reports from cybersecurity company Cisco Talos provide intelligence about a new attack campaign from the North Korean threat actor Lazarus. The researchers observed the Lazarus group successfully compromise an internet backbone infrastructure provider in the U.K. in early 2023, deploying a new malware dubbed QuiteRAT. The initial compromise was done via exploitation of the CVE-2022-47966 vulnerability, which affects Zoho's ManageEngine ServiceDesk.
The open source project has recently announced a secure communications framework, designed for decentralized peer-to-peer use through a multi-hop mesh routing system that combines strong encryption with untraceability. This same state is, of course, the one demanding that to "Protect children," it should get access to whatever encrypted citizen communication it likes via the Online Safety Bill, which is now rumored to be going through British Parliament in October.
The UK Electoral Commission discovered last year that it was hacked the year before. That's fourteen months between the hack and the discovery.
Norfolk and Suffolk police have stepped forward to admit that a "Technical issue" resulted in raw data pertaining to crime reports accidentally being included in Freedom of Information responses. "A technical issue has led to some raw data belonging to the constabularies being included within the files produced in response to the FoI requests in question. The data was hidden from anyone opening the files, but it should not have been included."
Every year local government bodies or councils across Britain contact residents, asking them to update their voter details on the electoral register if these have changed. What's worse is, failure to respond to this notice by visiting the website can, at least in theory, lead to a criminal penalty-a fine up to £1,000, according to the Electoral Commission website.
The UK's Electoral Commission has been the subject of an online attack that may have exposed the names and addresses of voters, as well as the Commission's email system and unspecified other systems. In a public notice on its site, the Commission said that the intrusion was identified in October 2022, after suspicious activity was detected on its systems, but that it was clear that the attackers had first accessed those systems more than a year earlier, in August 2021.
The UK Electoral Commission disclosed a massive data breach exposing the personal information of anyone who registered to vote in the United Kingdom between 2014 and 2022. The disclosure comes ten months after the Commission first detected the breach and two years after the initial breach occurred, raising questions about why it took so long to report the incident to the public.