Security News

Attackers accessed UK military data through high-security fencing firm's Windows 7 rig
2023-09-04 15:25

The risk of running obsolete code and hardware was highlighted after attackers exfiltrated data from a UK supplier of high-security fencing for military bases. The initial entry point? A Windows 7 PC. While the supplier, Wolverhampton-based Zaun, said it believed that no classified information was downloaded, reports indicated that attackers were able to obtain data that could be used to gain access to some of the UK's most sensitive military and research sites.

UK’s NCSC Warns Against Cybersecurity Attacks on AI
2023-09-01 18:35

The National Cyber Security Centre provides details on prompt injection and data poisoning attacks so organizations using machine-learning models can mitigate the risks. Large language models used in artificial intelligence, such as ChatGPT or Google Bard, are prone to different cybersecurity attacks, in particular prompt injection and data poisoning.

More UK cops' names and photos exposed in supplier breach
2023-08-29 11:35

London's Metropolitan Police has said a third-party data breach exposed staff and officers' names, ranks, photos, vetting levels, and salary information. The supplier did not store police addresses, phone numbers or financial account details so it appears that data remains secure.

Cisco Talos Research: New Lazarus Group Attack Malware Campaign Hits UK & US Businesses
2023-08-25 22:04

The Cisco Talos report exposes new malware used by the group to target Internet backbone infrastructure and healthcare organizations in the U.K. and the U.S. Two reports from cybersecurity company Cisco Talos provide intelligence about a new attack campaign from the North Korean threat actor Lazarus. The researchers observed the Lazarus group successfully compromise an internet backbone infrastructure provider in the U.K. in early 2023, deploying a new malware dubbed QuiteRAT. The initial compromise was done via exploitation of the CVE-2022-47966 vulnerability, which affects Zoho's ManageEngine ServiceDesk.

Last rites for the UK's Online Safety Bill, an idea too stupid to notice it's dead
2023-08-21 08:31

The open source project has recently announced a secure communications framework, designed for decentralized peer-to-peer use through a multi-hop mesh routing system that combines strong encryption with untraceability. This same state is, of course, the one demanding that to "Protect children," it should get access to whatever encrypted citizen communication it likes via the Online Safety Bill, which is now rumored to be going through British Parliament in October.

UK Electoral Commission Hacked
2023-08-16 11:17

The UK Electoral Commission discovered last year that it was hacked the year before. That's fourteen months between the hack and the discovery.

You're not seeing double – yet another UK copshop is confessing to a data leak
2023-08-15 11:28

Norfolk and Suffolk police have stepped forward to admit that a "Technical issue" resulted in raw data pertaining to crime reports accidentally being included in Freedom of Information responses. "A technical issue has led to some raw data belonging to the constabularies being included within the files produced in response to the FoI requests in question. The data was hidden from anyone opening the files, but it should not have been included."

UK gov keeps repeating its voter registration website is NOT a scam
2023-08-13 11:07

Every year local government bodies or councils across Britain contact residents, asking them to update their voter details on the electoral register if these have changed. What's worse is, failure to respond to this notice by visiting the website can, at least in theory, lead to a criminal penalty-a fine up to £1,000, according to the Electoral Commission website.

UK voter data within reach of miscreants who hacked Electoral Commission
2023-08-08 15:52

The UK's Electoral Commission has been the subject of an online attack that may have exposed the names and addresses of voters, as well as the Commission's email system and unspecified other systems. In a public notice on its site, the Commission said that the intrusion was identified in October 2022, after suspicious activity was detected on its systems, but that it was clear that the attackers had first accessed those systems more than a year earlier, in August 2021.

UK Electoral Commission data breach exposes 8 years of voter data
2023-08-08 14:06

The UK Electoral Commission disclosed a massive data breach exposing the personal information of anyone who registered to vote in the United Kingdom between 2014 and 2022. The disclosure comes ten months after the Commission first detected the breach and two years after the initial breach occurred, raising questions about why it took so long to report the incident to the public.