Security News

The Ministry of Defence has ordered its contractors not to answer certain questions on the UK's once-in-a-decade census - despite threats of £1,000 fines being handed to people who don't complete the national survey. The Ministry of Defence has taken a curious line against the census, urging defence personnel and contractors to give incomplete answers to four questions - and to ignore one altogether.

A Conservative peer has joined calls to reform the Computer Misuse Act days after the government declared that infosec and "Cyber power" are the key to British foreign and industrial policy for the 2020s. Lord Holmes of Richmond told The Register he wants to support British infosec companies, which he said were "Held back for want of a few strokes of the legislative pen" in reforming the CMA. "Over the next few weeks, I intend to be having conversations and meetings, both with colleagues, and indeed, with Home Office ministers to really understand what the level ground that we're all standing on is, where their issues are, and how we can work together to move this forward," said the House of Lords backbencher.

In terms of "Things that will flow from this" the Integrated Review mentioned only the National Cyber Security Centre and the nascent National Cyber Force, both already in existence. Under the heading "Responsible, democratic cyber power" the government promised to "Use cyber capabilities to influence events in the real world," including more use of "Offensive cyber" - and, eye-catchingly for the UK infosec sector, UK.gov plans to build "An advantage in critical cyber technologies."

An alert issued on Tuesday by the FBI warns about an increase in PYSA ransomware attacks on education institutions in the United States and the United Kingdom. According to the FBI, PYSA attacks have been launched by "Unidentified cyber actors" against higher education, K-12 schools and seminaries in a dozen U.S. states, as well as the U.K. The threat actors behind PYSA attacks are known to encrypt data on compromised systems, but they also steal information from victims and threaten to leak it in an effort to increase their chances of getting paid.

A former asylum seeker with a postgraduate degree in cybersecurity who alleged his bosses were spying on him for MI5 has lost his attempt to claim he was racially discriminated against. The anonymous man, who worked for an unnamed company that set up a UK cyber range in mid-2019, told the Employment Tribunal that he had quit after being subjected to racial harassment at work - but judges overruled all of his legal claims.

SoftServe has become an official Google Cloud reseller in the delivery and management of Google Cloud solutions. With this designation, SoftServe can support end-to-end delivery and management of Google Cloud solutions, from application development to cost control, in guiding its UK&I clients through the complex landscape of public cloud resource management.

The UK's National Cyber Security Centre has reminded Brits to patch their Microsoft Exchange Server deployments against Hafnium attacks, 10 days after the US and wider infosec industry shouted the house down saying the same thing. The agency told press on Friday afternoon that it had proactively helped UK organisations fix around 2,100 affected mailservers following last week's out-of-band patches to resolve four zero-day vulnerabilities in Exchange Server.

A new UK law will explicitly authorise the "Voluntary" slurping of data from mobile phones of crime suspects and witnesses. The Police, Crime, Sentencing and Courts Bill, which was introduced to Parliament this week, contains clauses that will allow police and others to extract data from mobile phones if the user "Voluntarily" hands the device over.

The UK's National Cyber Security Centre is now helping IoT gadget firm FootfallCam Ltd secure product lines following the recent digital burglary of its nursery webcam operation. Company director Melissa Kao confirmed to The Register that the NCSC, a sibling of UK spy agency GCHQ, was helping the company shore up security after its NurseryCam product was hacked last week.

The European Commission lifted the threat of crucial data flows between Europe and Britain being blocked in a move that would have crippled business activity as it said Friday that privacy safeguards in the UK met European standards. In a key post-Brexit decision, the EU executive said that British authorities had sufficient measures in place to protect European users' personal data, freeing up data transfers for businesses as well as for police.