Security News

British police have charged two teenagers as part of an international investigation into the Lapsus$ cyber extortion gang. "Both teenagers have been charged with: three counts of unauthorised access to a computer with intent to impair the reliability of data; one count of fraud by false representation and one count of unauthorised access to a computer with intent to hinder access to data. The 16-year-old has also been charged with one count of causing a computer to perform a function to secure unauthorised access to a program," he said.

The director of UK intelligence agency Government Communications Headquarters, Sir Jeremy Fleming, has warned that China is trying to introduce "Undemocratic values as the default for vast swathes of future tech and the standards that govern it." China believes Russia will support its digital markets and technology plans.

The UK's National Cyber Security Centre has advised users of Russian technology products to reassess the risks it presents. In advice that builds on 2017 guidance about technology supply chains that include links to hostile states, NCSC technical director Ian Levy stated that the agency has not found evidence "That the Russian state intends to suborn Russian commercial products and services to cause damage to UK interests."

A] large-scale social engineering and extortion campaign against multiple organizations, with some seeing evidence of destructive elements. More recent campaigns have expanded to include organizations globally spanning a variety of sectors.

In a statement given to TechCrunch, the City of London Police said the seven are between 16 and 21: "The City of London Police has been conducting an investigation with its partners into members of a hacking group," according to Detective Inspector Michael O'Sullivan. There could well be more: Another investigator told the outlet that security researchers have identified seven unique accounts associated with Lapsus$, "Indicating that there are likely others involved in the group's operations."

The UK Ministry of Defence has suspended online application and support services for the British Army's Capita-run Defence Recruitment System and confirmed to us that digital intruders compromised some data held on would-be soldiers. The extent and method of the attack remains under investigation by the MoD and Capita.

Concerns are being raised over UK government proposals to extend emergency powers introduced during the pandemic, giving it access to patient data held by general practitioners. The government has decided to put in place a plan "Omitting the expiry date contained within" emergency COVID powers and "To make a consequential amendment to the review provision", with the aim of "Establishing and operating information systems to collect and analyse data in connection with COVID-19.".

The UK Competition and Markets Authority merger inquiry into NortonLifeLock's proposed $8bn acquisition of rival antivirus provider Avast has now closed, with the regulator concluding that a tie-up could indeed reduce competition in the marketplace. "Advanced discussions" concerning a merger of the two security vendors first surfaced in July 2021, when NortonLifeLock investors were told that a combination with Avast "Would bring together two companies with aligned visions, highly complementary business profiles and a joint commitment to innovation that helps protect and empower people to live their digital lives safely."

Julian Assange has all but lost his fight against extradition from Britain to America after the UK Supreme Court said his case "Did not raise an arguable point of law." Assange's fiancée Stella Moris described the Supreme Court rejection of her betrothed's legal efforts as "Corrupting," saying: "Julian was just doing his job, which was to publish the truth about wrongdoing. His loyalty is the same as that which all journalists should have: to the public. Not to the spy agencies of a foreign power."

Criminal defense law firm Tuckers Solicitors is facing a fine from the UK's data watchdog for failing to properly secure data that included information on case proceedings which was scooped up in a ransomware attack in 2020. Data held on the archive server had not been encrypted, Tuckers admitted to the ICO. This wouldn't have prevented the attack but may have mitigated the risk to data subjects.