Security News

The UK National Cyber Security Centre issued an alert yesterday, prompting all organizations to patch the critical CVE-2020-15505 remote code execution vulnerability in MobileIron mobile device management systems. NCSC is warning that they are aware of hacking groups actively using the MobileIron CVE-2020-1550 vulnerability to compromise the networks in the healthcare, local government, logistics, and legal sectors.

Telecom companies in Britain face hefty fines if they don't comply with strict new security rules under a new law proposed in Parliament on Tuesday that is aimed at blocking high-risk equipment suppliers like China's Huawei. The Telecommunications Bill tightens security requirements for new high speed 5G wireless and fiber optic networks, with the threat of fines of up to either 10% of sales or 100,000 pounds a day for companies that don't follow the rules.

Google faces fresh regulatory scrutiny in Britain over plans to revamp its ad data system, after an industry lobbying group complained to the competition watchdog that the changes would cement the U.S. tech giant's online dominance. The new technology would remove so-called third party cookies that allow users to be tracked across the internet by storing information on their devices, replaced by tools owned by Google.

Google's Privacy Sandbox took another knock today as Marketers for an Open Web wrote to the UK's Competition and Markets Authority requesting a block on the technology's launch. Google is walking a tightrope with its Privacy Sandbox project.

The United Kingdom has announced £16.5 billion of new defence spending, some of which has gone towards a newly revealed National Cyber Force and some earmarked to create a Space Command and agency dedicated to AI. Prime Minister Boris Johnson's statement to the house about the new spending revealed that the nation has already created the Cyber Force. Intelligence agency GCHQ has provided a little detail on the National Cyber Force's operations, saying it will provide unified operational command for personnel from the Ministry of Defence, GCHQ, the Secret Intelligence Service, and the Defence Science and Technology Laboratory.

A majority of British infosec professionals worry about accidentally breaking the UK's antiquated Computer Misuse Act, according to an industry campaign group that hopes to reform the law. The Cyberup campaign, which includes NCC Group, Orpheus Cyber, Context Information Security, Nettitude, F Secure and others, first wrote to UK Prime Minister Boris Johnson in July 2019 urging him to update the regulations.

The majority of UK businesses using Oracle E-Business Suite are running on old versions of the business critical ERP system, according to a Claremont study. With Oracle cutting off premier support to EBS 12.1 in December 2021, this leaves these businesses facing potential legislative and security issues if they fail to upgrade prior to the deadline.

British eavesdropping agency GCHQ is actively hacking Russian attempts to undermine coronavirus vaccine efforts, according to The Times. Some weeks ago a Russian misinformation campaign was brought to light, again by The Times, aiming to sow distrust of the safety and efficacy of a COVID-19 vaccine being developed by drug company AstraZeneca and Oxford University in the UK. The campaign reportedly claimed that because AZD1222 uses a replication-deficient chimpanzee viral vector, it could "Turn people into monkeys".

The smishing campaign is concerning as it employs multiple HMRC phishing domains and tactics, with new domains added every day as older ones get flagged by spam filters. Not only do the phishing pages mimic HMRC's web interface meticulously, but they also have entire online banking workflows built into them, depending on who your banking provider is.

Scofflaws have failed to pay nearly £2m in fines handed out by the UK Information Commissioner's Office over the past 18 months, according to new research. "The ICO continues to struggle to effectively collect the fines that they issue," sighed The SMS Works co-founder and director Henry Cazalet in a blog post about the regulator's woes.