Security News

The UK's Competition and Markets Authority has reached agreement with antivirus vendor McAfee that means some customers whose software subscription was automatically renewed will be able to get a refund. It's quite the slap on the wrist for McAfee, whose software tends to be bundled with a large number of devices sold in the UK. Customers who signed up with the company may not have understood the ins and outs of auto-renewal, hence the CMA action.

Prosecutions under the UK's Computer Misuse Act dropped by a fifth in 2020 even as conviction rates soared to 95 per cent during the year of the pandemic, new statistics have revealed. This week's conviction statistics also showed that the most common CMA crime taken to court was the offence of "Unauthorised access to computer material", accounting for 33 of the year's total of 45 prosecutions under the Act.

API security firm 42Crunch has raised $17 million in a Series A funding round led by Energy Impact Partners and joined by Adara Ventures. In 2019, Gartner stated, "By 2022, API abuses will move from an infrequent to the most-frequent attack vector, resulting in data breaches for enterprise web applications." Its proposed solution was, "Use a Combination of API Management and Web Application Firewalls to Protect APIs, in Conjunction with Identity Infrastructure."

American Express has been fined 0.009 per cent of its annual profits by the Information Commissioner's Office after spamming people who opted out of its marketing emails with 4.1 million unwanted messages. "Between 1 June 2018 and 21 May 2019, 4,098,841 of those emails were marketing emails, designed to encourage customers to make purchases on their cards which would benefit Amex financially. It was a deliberate action for financial gain by the organisation. Amex also did not review its marketing model following customer complaints," said the ICO in a statement.

These recent advancements are enabling Sourcepoint to better serve its new and existing customers across Europe, the UK and North America. Rubash, Chief Privacy Counsel, has more than 15 years of legal and privacy experience, which will be integral to this foundationally important position at Sourcepoint.

The British government has vowed to create a legally binding cybersecurity framework for managed service providers - and if you want to tell gov. Targeted at managed service providers and firms outsourcing their digital infrastructure services alike, the review is described by the government as helping build evidence for "Additional government intervention" to force businesses into formally assessing cyber risks to their supply chains.

Today, the UK government has announced a call for advice on defending against software supply-chain attacks and ways to strengthen IT Managed Service Providers across the country. The move comes after last week when President Biden had issued an executive order to increase cybersecurity defenses across the U.S. The government's invitation to provide feedback that will be open for almost two months comes at a time of prominent cyberattacks such as, the Colonial Pipeline incident, the Codecov supply-chain attack, and ransomware attacks on mission-critical organizations [1, 2] that continue to grow.

British infosec accreditation body CREST has declared that it will not be publishing its full report into last year's exam-cheating scandal after all, triggering anger from the cybersecurity community. "The Report of the Independent Investigator contains information that was obtained in confidence and in line with both the terms of the Process and CREST's Complaints and Resolution Measures, the Report is confidential and cannot be made public," said CREST in an update published on its website late on 10 May, right before the CyberUK conference began.

In response to government plans to start collecting patient data held by GPs into a central database, NHS Digital said it would "Not approve requests for data where the purpose is for marketing... including promoting or selling products or services, market research or advertising." The Data Access Request Service, or DARS, already releases data under data-sharing agreements.

U.K. Foreign Secretary Dominic Raab on Wednesday urged global cooperation to combat cyberattacks by "Hostile state actors" and criminal gangs. Raab also pledged 22 million pounds in support to "Vulnerable" countries in Africa and the Indo-Pacific to improve their digital defense capacity.