Security News
A government crackdown on British MSPs' security practices is drawing ever closer after the Department for Digital, Culture, Media and Sport floated plans to make Cyber Assessment Framework compliance mandatory. Digital Minister Julia Lopez said in a canned statement: "We are taking the next steps in our mission to help firms strengthen their cyber security and encouraging firms across the UK to follow the advice and guidance from the National Cyber Security Centre to secure their businesses' digital footprint and protect their sensitive data."
Public reports of computer-linked crimes are soaring thanks to a huge rise in data breaches, even as prosecutions against Computer Misuse Act offenders slump. The Crime Survey for England and Wales said it recorded 1.8 million computer misuse offences in the 12 months ending June 2021, matching the number it recorded in 2017.
The U.K. Labour Party notified members that some of their information was impacted in a data breach after a ransomware attack hit a supplier managing the party's data. The data breach was announced in a data breach notification published on the party's website after informing relevant authorities about the incident.
The UK's Labour Party, the official opposition to the country's ruling Conservatives, has suffered a humiliating data breach, according to multiple reports. Information sent to The Register suggests Labour members were sent notice of the issue, which it said had hit "a third party that handles data on our behalf."
More than half of data protection fines issued by the Information Commissioner's Office over the last two years, totalling more than £5m, have not been paid. The SMS Works pointed out that fines to home improvements companies appear to be least likely to be paid, with £1.6m in fines issued to these firms resulting in just £280,000 being repaid to date.
Britain's new Information Commissioner has called for video conferencing companies to enable end-to-end encryption on their products - even as police managers and politicians condemn the technology and demand its removal. This week the ICO urged tech companies to make end-to-end encryption "Available to all users" regardless if they're "Enterprise, consumer, paid or free" in a statement jointly backed by seven countries' data protection regulators - even including China.
Internet telephone service provider Voipfone, currently battling a "Major outage" across all voice services, has admitted to being hit by an "Extortion-based DDoS attack from overseas criminals" that knocked it offline last week. It seems that the evil-doers took the weekend off and attacked Voipfone again yesterday, according to Register reader Richard.
The UK's Competition and Markets Authority has unveiled compliance principles to curb locally some of the sharper auto-renewal practices of antivirus software firms. The CMA took exception to auto-renewal contracts for antivirus software that customers in the UK signed up for and found difficult to cancel.
A new national cyber strategy will be launched by year-end, the National Cyber Security Centre's chief exec has promised - while calling out spyware vendor NSO Group as a "Red flag" for the UK infosec community. Lindy Cameron told the Chatham House international affairs think tank that NSO Group was "Something we raised a red flag about before, that the commercial market for sophisticated cyber exploitation products is an issue."
Britain's National Cyber Force will be based in Lancashire, the government has said - though despite obvious clues neither the Ministry of Defence nor BAE Systems will confirm the force's planned new location. The Ministry of Defence also refused to say, citing spurious "Operational security" grounds.