Security News
Two more organizations hit in the mass exploitation of the MOVEit file-transfer tool have been named - the Minnesota Department of Education in the US, and the UK's telco regulator Ofcom - just days after security researchers discovered additional flaws in Progress Software's buggy suite. Ofcom disclosed this week it is among the businesses and public bodies that have had their internal data stolen by crooks exploiting a MOVEit flaw.
A UK agency for freelance doctors has potentially exposed personal details relating to 3,200 individuals via unsecured S3 buckets, which one expert said could be used to launch ID theft attacks or blackmail. In the process, it discovered the Lantum S3 bucket, which was accessible and indexed on some IoT search engines.
The UK government will set a deadline for removing made-in-China surveillance cameras from "Sensitive sites." News of the not-very-imminent deadline came with on Tuesday with the publication of proposed amendments [PDF] to the Procurement Bill - legislation that will reform many aspects of the UK government's practices for buying stuff.
The bad news train keeps rolling for Capita, with more local British councils surfacing to say their data was put on the line by an unsecured AWS bucket, and, separately, pension clients warning of possible data theft in March's mega breach. Alison Parkin, director of financial services at Derby CC, said Capita supported its council tax and benefits service, and data left exposed was collected in early 2021.
Biometrics and surveillance camera commissioner Professor Fraser Sampson has warned that oversight of facial recognition is a risk just as the policing minister plans to "Embed" it into the force. Sampson's job, if you were wondering, is to encourage "Compliance with the Surveillance Camera Code of Practice" - the only legal instrument that addresses police use of live facial recognition directly.
The UK's National Crime Agency has partially won an important legal battle in a case that challenged the warrants used to obtain messages from cyber crook hangout EncroChat. EncroChat offered an encrypted phone and mobile service for just $1,500 a month - and you thought your mobile bill was bad - which was chiefly used by criminals to organize their schemes and scams out of reach of the cops.
The UK National Savings and Investment bank is being bombarded with complaints over failing online security and authentication features which customers say have locked them out of their accounts. The Register has contacted NS&I to offer it the opportunity to respond.
The survey is based on interviews conducted over the phone and online between September 27, 2022, and January 18, 2023, of 2,263 U.K. businesses, 1,174 U.K. registered charities and 554 education institutions. How are businesses identifying cybersecurity risks?
Websites and mobile apps of Lloyds Bank, Halifax, TSB Bank, and Bank of Scotland are experiencing web and mobile app outages leaving customers unable to access their account balances and information. BleepingComputer has been able to confirm that the four major UK banks are currently experiencing disruptions related to their online banking and mobile banking systems since the early morning hours of Friday, April 28th. Websites of banks including Lloyds, Halifax, TSB, and Bank of Scotland admit that some customers are having issues when accessing Internet and Mobile banking services.
As currently drafted, the Bill could break end-to-end encryption,opening the door to routine, general and indiscriminate surveillance of personal messages of friends, family members, employees, executives, journalists, human rights activists and even politicians themselves, which would fundamentally undermine everyone's ability to communicate securely. The Bill provides no explicit protection for encryption, and if implemented as written, could empower OFCOM to try to force the proactive scanning of private messages on end-to-end encrypted communication services - nullifying the purpose of end-to-end encryption as a result and compromising the privacy of all users.