Security News

The Cisco Talos report exposes new malware used by the group to target Internet backbone infrastructure and healthcare organizations in the U.K. and the U.S. Two reports from cybersecurity company Cisco Talos provide intelligence about a new attack campaign from the North Korean threat actor Lazarus. The researchers observed the Lazarus group successfully compromise an internet backbone infrastructure provider in the U.K. in early 2023, deploying a new malware dubbed QuiteRAT. The initial compromise was done via exploitation of the CVE-2022-47966 vulnerability, which affects Zoho's ManageEngine ServiceDesk.

The open source project has recently announced a secure communications framework, designed for decentralized peer-to-peer use through a multi-hop mesh routing system that combines strong encryption with untraceability. This same state is, of course, the one demanding that to "Protect children," it should get access to whatever encrypted citizen communication it likes via the Online Safety Bill, which is now rumored to be going through British Parliament in October.

The UK Electoral Commission discovered last year that it was hacked the year before. That's fourteen months between the hack and the discovery.

Norfolk and Suffolk police have stepped forward to admit that a "Technical issue" resulted in raw data pertaining to crime reports accidentally being included in Freedom of Information responses. "A technical issue has led to some raw data belonging to the constabularies being included within the files produced in response to the FoI requests in question. The data was hidden from anyone opening the files, but it should not have been included."

Every year local government bodies or councils across Britain contact residents, asking them to update their voter details on the electoral register if these have changed. What's worse is, failure to respond to this notice by visiting the website can, at least in theory, lead to a criminal penalty-a fine up to £1,000, according to the Electoral Commission website.

The UK's Electoral Commission has been the subject of an online attack that may have exposed the names and addresses of voters, as well as the Commission's email system and unspecified other systems. In a public notice on its site, the Commission said that the intrusion was identified in October 2022, after suspicious activity was detected on its systems, but that it was clear that the attackers had first accessed those systems more than a year earlier, in August 2021.

The UK Electoral Commission disclosed a massive data breach exposing the personal information of anyone who registered to vote in the United Kingdom between 2014 and 2022. The disclosure comes ten months after the Commission first detected the breach and two years after the initial breach occurred, raising questions about why it took so long to report the incident to the public.

Discover the new shadow IT guidance published by the U.K.'s NCSC. Use this guide to better identify and reduce the levels of shadow IT within your organization. A new publication from the U.K.'s National Cyber Security Centre provides guidance to organizations concerned with shadow IT, which most of the time results from non-malicious intent of employees.

All appointments for Swiss Schengen tourist and transit visa applicants have been cancelled across the UK. TLSContact, the Swiss government's chosen IT provider for facilitating visa applicants...

In March, the U.K. government released a white paper promoting the country as a place to "Turbocharge growth" in AI. According to the white paper, 500,000 people in the U.K. are employed in the AI industry, and AI contributed £3.7 billion to the national economy in 2022. In response, on July 18, the independent research body Ada Lovelace Institute, in a lengthy report, called for a more "Robust domestic policy" in order to regulate AI through legislation that clarifies and organizes the U.K.'s effort to promote AI as an industry.