Security News

Issuing the org's annual report today, NCSC chief exec Lindy Cameron, who formally replaced founding chief Ciaran Martin in the summer, said: "This review outlines the breadth of remarkable work delivered by the NCSC in the past year, largely against a backdrop of the shared global crisis of coronavirus." "We've added a significant amount of support to healthcare," added NCSC ops director Paul Chichester, referring to a number of incidents, some higher profile than others, during the year.

"> LTD. Its name didn't contain the square brackets, meaning anyone reading company names off the Companies House API would potentially run a script from the web address above. Although whoever registered the company seems to have had non-hostile intentions - xss.

A campaign to sue Facebook over lax privacy policies that allowed Cambridge Analytica to slurp almost a million people's personal data from the social networking website hopes to become a representative action in the High Court, its instigators said today. The campaign said in a statement: "In 2013 and 2014, thousands of people participated in the thisisyourdigitallife app on Facebook. Facebook allowed this app to harvest the data of the app users' friends without their friends' permission or knowledge, including Alvin Carpio, the representative claimant. By taking data without consent, it is alleged that Facebook failed to meet their legal obligations under the Data Protection Act 1998.".

A former BAE Systems software engineer who allegedly leaked top-secret details about a frontline missile system also ignored orders from police to hand over passwords to his electronic devices, a court has heard. Simon Finch, of Swansea, is said by prosecutors to have emailed details of the unidentified missile system to nine separate addresses.

Experian has been rapped over the knuckles by the UK's Information Commissioner's Office after it discovered the credit reference agency was trading "Millions" of people's data for marketing purposes. Instead of issuing a monetary fine the data regulator wrapped up a two-year probe yesterday by merely insisting Experian tweaks its online privacy policies and informs consumers it acquired data about them.

The infrastructure reviews - published by Jisc today - took place between 2016 and 2020 and covered 118 institutions, including 59 Further Education colleges. The research went on to note that most colleges found managing the upgrade cycle of both end user kit and infrastructure "Very difficult".

The United Kingdom on Monday exposed and condemned cyberattacks that the Russian military intelligence service GRU allegedly launched against organizations involved in the 2020 Olympic and Paralympic Games that were set to take place in Tokyo this summer, but were postponed due to the COVID-19 pandemic. On Monday, the United States announced charges against six officers of the GRU, which is also said to have orchestrated the cyberattacks on the PyeongChang Winter Olympics with the Olympic Destroyer malware.

As if things were not going badly enough for the UK's COVID-19 test-and-trace service, it now seems police will be able to access some test data, prompting fears the disclosure could deter people who should have tests from coming forward. As revealed in the Health Service Journal [paywall], the Department for Health and Social Care and the National Police Chiefs' Council have agreed that officers can access test results to determine whether or not a "Specific individual" has been told to self-isolate.

The UK's data privacy watchdog on Friday slashed a fine imposed on British Airways over a cyber attack after taking into account coronavirus fallout on the embattled airline's finances. The UK Information Commissioner's Office said BA would be fined a "Record" £20 million, considerably less that the proposed amount totalling £183 million.

NCSC, the cybersecurity arm of the UK's GCHQ intelligence service, urges organizations to make sure that all Microsoft SharePoint products in their environments are patched against CVE-2020-16952 to block takeover attempts. The server-side include vulnerability was reported by information security specialist Steven Seeley of Qihoo 360 Vulcan Team who found that it affects Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Foundation 2013 Service Pack 1, and Microsoft SharePoint Server 2019.