Security News

The UK Information Commissioner's Office on Monday issued a reprimand and called for a review of how and whether messaging services should be used for government business practices, after finding widespread and potentially dangerous use of private email, WhatsApp and other messaging tools by officials at the Department of Health and Social Care. The actions ordered by ICO came after a year-long investigation as to whether the DHSC was compliant with the UK General Data Protection Regulations, the UK Data Protection Act 2018 and the Freedom of Information Act 2000 during the COVID-19 pandemic.

The UK's response to China's well-publicized efforts to use technology standards to shape the world in its image has been "Incoherent and muted" according to report by the House of Commons Foreign Affairs Committee. Published last week, the report, titled "Encoding values: Putting tech at the heart of UK foreign policy", follows up on previous policy work that recommended the UK ensure that its foreign policy recognize the value and importance of shaping technology industries and standards.

British Army's Twitter and YouTube accounts were hacked and altered to promote online crypto scams sometime yesterday. Notably, the army's verified Twitter account began displaying fake NFTs and bogus crypto giveaway schemes.

Jen Easterly, the director of the US Cybersecurity and Infrastructure Security Agency, has warned the UK government that they could be the victim of a 9/11-style cyber-attack unless they face up to the "Magnitude of the threat" posed by ransomware. In agreement with this, Steve Barclay, the UK government Minister responsible for cybersecurity, claims that "The greatest cyber threat to the UK - one now deemed severe enough to pose a national security threat - is from ransomware attacks."

Windows PowerShell is enormously useful, extremely prevalent, and often targeted by crooks because it offers an express route into the heart of Windows servers and networks. Instead, the agencies recommend securing PowerShell prudently.

The UK government has published its plans for reforming local data protection law which includes removing the requirement for consent for all website cookies - akin to the situation in much of the US. Also notable is the removal of the requirement for a Data Protection Impact Assessment, as well as a new political direction over the Information Commissioner's Office. UK rules on website and app cookie consent are set to change if these proposals move forward.

More than two years after England launched a COVID data store, keeping details of National Health Service patients, the country's National Data Guardian remains unsatisfied with who is accessing the data. The COVID-19 data store was launched in March 2020, and would pull together medical and operational data about the spread of the virus across the country.

The NCSC in the UK reports having served 33 million alerts to organizations signed up for its "Early Warning" service. The government agency has dealt with a record number of online scams in 2021, removing more than 2.7 million from the internet.

The United Kingdom's National Cyber Security Centre has announced a new email security check service to help organizations identify vulnerabilities that could allow attackers to spoof emails or lead to email privacy breaches. The government agency, which leads the UK's cyber security mission, says the Email Security Check tool requires no sign-ups or personal details.

The UK government added 63 Russian entities to its sanction list on Wednesday. Among them are Baikal Electronics and MCST, the two most important chip makers in Russia.