Security News
UK retail chain The Works announced it was forced to shut down several stores due to till issues caused by a cyber-security incident involving unauthorized access to its computer systems. The Works has since switched to new third-party credit and debit card payment processors to address this last problem, which the company claims are safe.
A privacy rights org this week lost an appeal [PDF] in a case about the sharing of Bulk Personal Datasets by MI5, MI6, and GCHQ with foreign intelligence agencies. The decision means a contested part of a 2018 ruling by the IPT will stand: that safeguards and rules around data collection between 2015 to 2017 by the state agencies meant that sharing that data was legal - "Compatible with article 8 of the European Convention of Human Rights."
Two teenagers from the UK charged with helping the Lapsus$ extortion gang have been released on bail after appearing in the Highbury Corner Magistrates Court court on Friday morning. According to a statement from Detective Inspector Michael O'Sullivan of the City of London Police, a 16-year-old and a 17-year-old were charged following an international investigation into members of a hacking group.
British police have charged two teenagers as part of an international investigation into the Lapsus$ cyber extortion gang. "Both teenagers have been charged with: three counts of unauthorised access to a computer with intent to impair the reliability of data; one count of fraud by false representation and one count of unauthorised access to a computer with intent to hinder access to data. The 16-year-old has also been charged with one count of causing a computer to perform a function to secure unauthorised access to a program," he said.
The director of UK intelligence agency Government Communications Headquarters, Sir Jeremy Fleming, has warned that China is trying to introduce "Undemocratic values as the default for vast swathes of future tech and the standards that govern it." China believes Russia will support its digital markets and technology plans.
The UK's National Cyber Security Centre has advised users of Russian technology products to reassess the risks it presents. In advice that builds on 2017 guidance about technology supply chains that include links to hostile states, NCSC technical director Ian Levy stated that the agency has not found evidence "That the Russian state intends to suborn Russian commercial products and services to cause damage to UK interests."
A] large-scale social engineering and extortion campaign against multiple organizations, with some seeing evidence of destructive elements. More recent campaigns have expanded to include organizations globally spanning a variety of sectors.
In a statement given to TechCrunch, the City of London Police said the seven are between 16 and 21: "The City of London Police has been conducting an investigation with its partners into members of a hacking group," according to Detective Inspector Michael O'Sullivan. There could well be more: Another investigator told the outlet that security researchers have identified seven unique accounts associated with Lapsus$, "Indicating that there are likely others involved in the group's operations."
The UK Ministry of Defence has suspended online application and support services for the British Army's Capita-run Defence Recruitment System and confirmed to us that digital intruders compromised some data held on would-be soldiers. The extent and method of the attack remains under investigation by the MoD and Capita.
Concerns are being raised over UK government proposals to extend emergency powers introduced during the pandemic, giving it access to patient data held by general practitioners. The government has decided to put in place a plan "Omitting the expiry date contained within" emergency COVID powers and "To make a consequential amendment to the review provision", with the aim of "Establishing and operating information systems to collect and analyse data in connection with COVID-19.".