Security News

The United Kingdom's National Cyber Security Centre, the government agency that leads the country's cyber security mission, is now scanning all Internet-exposed devices hosted in the UK for vulnerabilities. "These activities cover any internet-accessible system that is hosted within the UK and vulnerabilities that are common or particularly important due to their high impact," the agency said.

The UK's Home Secretary - the minister in charge of policing and internal security - has been forced to apologize for breaching IT security protocols in government. On another occasion, she accidentally forwarded official documents to a Member of Parliament from her Gmail account because she did not have her phone with her.

Britain's data watchdog has slapped construction business Interserve Group with a potential £4.4 million fine after a successful phishing attack by criminals exposed the personal data of up to 113,000 employees. The Information Commissioner's Office said the Berkshire-based company failed to exercise good security hygiene, missing alerts and more, and so was deemed to have broken data protection laws.

The major outage began around Monday evening but has continued well into today with Chase reporting some customers facing degraded performance while others seeing improvement. Chase UK's customers with a mobile-based current account have been experiencing an ongoing outage and degraded performance with the bank's app, making it difficult for them to access their accounts and funds.

The Data Access Agreement, by which the US and UK have agreed how one country can respond to lawful data demands from police and investigators in the other, took effect on Monday. The DAA spells out US and UK obligations under the Clarifying Lawful Overseas Use of Data Act, which the US Congress approved in 2018.

The City of London police announced on Twitter today the arrest of a British 17-year-old teen suspected of being involved in recent cyberattacks. While there are no details about the investigation, the arrest is believed to be tied to the Lapsus$ hacking group, which is suspected to be behind recent cyberattacks on Uber, Rockstar Games, and 2K. During last year's attacks, the Lapsus$ hacking group was said to be led by a threat actor named 'White' or 'BreachBase,' who was doxxed as allegedly a 16-year-old teen from the UK. This hacking group is responsible for numerous high-profile attacks, including Microsoft, Cisco, NVIDIA, Samsung, and Okta.

One of the UK's largest public transport operators, Go-Ahead Group, has fallen victim to a cyberattack. The Go-Ahead Group, which connects people across its bus and rail networks, reported it was "Managing a cyber security incident" after "Unauthorized activity" was detected on its network.

Getting its second reading in the House of Commons, the Data Protection and Digital Information Bill sets out how the UK plans to diverge from data protection legislation introduced during its membership of the European Union. The legal changes would improve the UK's ability to strike international data deals and make these partnerships more secure, allowing British businesses to seize billions of pounds of data trade as a reward of Brexit, according to Dorries.

A water company in the drought-hit UK was recently compromised by a ransomware gang, though initially it was unclear exactly which water company was the victim. Clop, a prolific Russian-speaking gang known for extorting industrial organizations, claimed on its website that it had broken into and stolen data from Thames Water - which supplies water to about 15 million people, including those in the capital, London.

A company supplying 330 million liters of drinking water to 1.6 consumers daily, has issued a statement confirming IT disruption from a cyberattack. As the announcement explains, the safety and water distribution systems are still operational, so the disruption of the IT systems doesn't impact the supply of safe water to its customers or those of its subsidiaries, Cambridge Water and South Staffs Water.