Security News
Discover the new shadow IT guidance published by the U.K.'s NCSC. Use this guide to better identify and reduce the levels of shadow IT within your organization. A new publication from the U.K.'s National Cyber Security Centre provides guidance to organizations concerned with shadow IT, which most of the time results from non-malicious intent of employees.
All appointments for Swiss Schengen tourist and transit visa applicants have been cancelled across the UK. TLSContact, the Swiss government's chosen IT provider for facilitating visa applicants...
In March, the U.K. government released a white paper promoting the country as a place to "Turbocharge growth" in AI. According to the white paper, 500,000 people in the U.K. are employed in the AI industry, and AI contributed £3.7 billion to the national economy in 2022. In response, on July 18, the independent research body Ada Lovelace Institute, in a lengthy report, called for a more "Robust domestic policy" in order to regulate AI through legislation that clarifies and organizes the U.K.'s effort to promote AI as an industry.
Apple has joined the rapidly growing chorus of tech organizations calling on British lawmakers to revise the nation's Online Safety Bill - which for now is in the hands of the House of Lords - so that it safeguards strong end-to-end encryption. "It also helps everyday citizens defend themselves from surveillance, identity theft, fraud, and data breaches. The Online Safety Bill poses a serious threat to this protection, and could put UK citizens at greater risk."
A new Android malware campaign has been observed pushing the Anatsa banking trojan to target banking customers in the U.S., U.K., Germany, Austria, and Switzerland since the start of March 2023. "The actors behind Anatsa aim to steal credentials used to authorize customers in mobile banking applications and perform Device-Takeover Fraud to initiate fraudulent transactions," ThreatFabric said in an analysis published Monday.
If you say THE Twitter hack, everyone knows you mean the one that happened in July 2020, when a small group of cybercriminals ended up in control of a small number of Twitter accounts and used them to talk up a cryptocoin fraud. SIM swaps are where a criminal sweet-talks, bribes or coerces a mobile phone provider into issuing them with a "Replacment" SIM card for someone else's number, typically under the guise of wanting to buy a new phone or urgently needing to replace a lost SIM. The victim's SIM card goes dead, and the crook starts receiving their calls and text messages, notably including any two-factor authentication codes needed for secure logins or password resets.
ThreatFabric discovered a previous Anatsa campaign on Google Play in November 2021, when the trojan was installed over 300,000 times by impersonating PDF scanners, QR code scanners, Adobe Illustrator apps, and fitness tracker apps. In March 2023, after a six-month hiatus in malware distribution, the threat actors launched a new malvertizing campaign that leads prospective victims to download Anatsa dropper apps from Google Play.
British law practices of "All sizes and types" have been warned by GCHQ's cyberspy arm that their "Widespread adoption of hybrid working" combined with the large sums of money they handle is making them a target. Besides the mega cash transfers, the firms also often handle "Sensitive information," said the National Cyber Security Centre, making them "Particularly attractive targets to attackers."
Two more organizations hit in the mass exploitation of the MOVEit file-transfer tool have been named - the Minnesota Department of Education in the US, and the UK's telco regulator Ofcom - just days after security researchers discovered additional flaws in Progress Software's buggy suite. Ofcom disclosed this week it is among the businesses and public bodies that have had their internal data stolen by crooks exploiting a MOVEit flaw.
A UK agency for freelance doctors has potentially exposed personal details relating to 3,200 individuals via unsecured S3 buckets, which one expert said could be used to launch ID theft attacks or blackmail. In the process, it discovered the Lantum S3 bucket, which was accessible and indexed on some IoT search engines.