Security News
Crew bragged they could help crooks raid victims' bank accounts Updated A trio of men have pleaded guilty to running a multifactor authentication (MFA) bypass ring in the UK, which authorities...
The UK's Information Commissioner's Office (ICO) has announced a provisional decision to impose a fine of £6.09M ($7.74 million) on Advanced Computer Software Group Ltd (Advanced) for its failure...
The UK's data protection watchdog says it plans to fine a managed software provider to the NHS £6.09 million for failings that led to a 2022 ransomware attack. Advanced pulled its systems offline on August 4, 2022, in an incident that was eventually attributed to LockBit, back in its heydey which has thankfully now ended.
The UK's National Cyber Security Centre says it's in the planning stages of bringing a new suite of services to its existing Active Cyber Defence program. Existing services under ACD 1.0 such as Logging Made Easy and Protective DNS are already run by external partners - CISA and Cloudflare respectively - but some, such as Early Warning, can only ever be run by the NCSC due to their very nature.
The UK's National Crime Agency has shut down an outfit called Russian Coms - a call-spoofing service believed to have swindled hundreds of thousands of victims. Police arrested a third man from Newham, age 28, who is accused of being an affiliate and a courier for the handsets required to use the spoofing service.
The United Kingdom's National Crime Agency (NCA) has shut down Russian Coms, a major caller ID spoofing platform used by hundreds of criminals to make over 1.8 million scam calls. [...]
The UK's Electoral Commission has received a formal slap on the wrist for a litany of security failings that led to the theft of personal data belonging to around 40 million voters. Official documents from the Information Commissioner's Office say the people responsible for the 2021 cyberattack on the Electoral Commission's Microsoft Exchange Server are unknown.
The United Kingdom's Information Commissioner's Office revealed today that the Electoral Commission was breached in August 2021 because it failed to patch its on-premise Microsoft Exchange Server against ProxyShell vulnerabilities. Tracked as CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207, these security flaws were chained to hack into the commission's Exchange Server 2016 and deploy web shells, which allowed the attackers to gain persistence after installing web shells and backdoors.
UK police have arrested a 17-year-old boy suspected of being involved in the 2023 MGM Resorts ransomware attack and a member of the Scattered Spider hacking collective. "We're proud to have assisted law enforcement in locating and arresting one of the alleged criminals responsible for the cyber attack against MGM Resorts and many others," MGM said as part of the law enforcement statement.
Cops in the UK have arrested a suspected member of the notorious Scattered Spider crime gang, which is accused of crippling MGM Resorts in Las Vegas with ransomware last summer. West Midlands police - along with officials from Britain's National Crime Agency and the FBI - cuffed the 17-year-old, of Walsall, England, on Thursday.