Security News
Jen Easterly, the director of the US Cybersecurity and Infrastructure Security Agency, has warned the UK government that they could be the victim of a 9/11-style cyber-attack unless they face up to the "Magnitude of the threat" posed by ransomware. In agreement with this, Steve Barclay, the UK government Minister responsible for cybersecurity, claims that "The greatest cyber threat to the UK - one now deemed severe enough to pose a national security threat - is from ransomware attacks."
Windows PowerShell is enormously useful, extremely prevalent, and often targeted by crooks because it offers an express route into the heart of Windows servers and networks. Instead, the agencies recommend securing PowerShell prudently.
The UK government has published its plans for reforming local data protection law which includes removing the requirement for consent for all website cookies - akin to the situation in much of the US. Also notable is the removal of the requirement for a Data Protection Impact Assessment, as well as a new political direction over the Information Commissioner's Office. UK rules on website and app cookie consent are set to change if these proposals move forward.
More than two years after England launched a COVID data store, keeping details of National Health Service patients, the country's National Data Guardian remains unsatisfied with who is accessing the data. The COVID-19 data store was launched in March 2020, and would pull together medical and operational data about the spread of the virus across the country.
The NCSC in the UK reports having served 33 million alerts to organizations signed up for its "Early Warning" service. The government agency has dealt with a record number of online scams in 2021, removing more than 2.7 million from the internet.
The United Kingdom's National Cyber Security Centre has announced a new email security check service to help organizations identify vulnerabilities that could allow attackers to spoof emails or lead to email privacy breaches. The government agency, which leads the UK's cyber security mission, says the Email Security Check tool requires no sign-ups or personal details.
The UK government added 63 Russian entities to its sanction list on Wednesday. Among them are Baikal Electronics and MCST, the two most important chip makers in Russia.
For about half a year, work email accounts belonging to over 100 employees of the National Health System in the U.K. were used in several phishing campaigns, some aiming to steal Microsoft logins. Attackers started using legitimate NHS email accounts in October last year after hijacking them and continued to use them in phishing activity through at least April 2022.
Over 42 million people in the UK had financial data compromised. According to a release from international law firm RPC, the financial information belonging to approximately 42.2 million people in the U.K. was surrendered due to a growing number of ransomware attacks.
The Canadian research outfit also said it had identified at least 65 individuals linked with Catalan civil society groups in Spain who were targeted by, or infected with, surveillance software. On Monday, Citizen Lab, a part of at the University of Toronto's Munk School, said it had found likely NSO Group Pegasus spyware infections on devices associated with UK Prime Minister Boris Johnson's office, 10 Downing Street, and on devices linked to the FCO, now called the FCDO, or the Foreign Commonwealth and Development office.