Security News

United Kingdom's Information Commissioner's Office has warned organizations that fell victim to the SolarWinds hack that they are required to report data breaches within three days after their discovery. The UK independent authority urged organizations using compromised versions of the SolarWinds Orion IT management platform to check for evidence of attackers infiltrating their network and gaining access to personal information.

A group of lawmakers in the United Kingdom are looking to take on powerful bot organizations openly scalping gaming consoles by proposing potential legislation that would both ban the resale of goods acquired using bots and ban the resale of tech products above the manufacturers' price. The United States has tried its hand at rules against bots with the FTC's 2016 "Better Online Ticket Sales Act," which was designed to regulate secondary market ticket sales as a response to bots being used to drive up ticket prices.

Workplace pension provider NOW: Pensions has emailed a number of UK customers to warn about a data leakage caused by contractor error. NOW: Pensions did not disclose how many records were exposed, nor how many third parties copied the leaked data.

Workplace pension provider NOW: Pensions has emailed a number of UK customers to warn about a data leakage caused by contractor error. NOW: Pensions did not disclose how many records were exposed, nor how many third parties copied the leaked data.

A business app developer's unsecured Microsoft Azure blob left more than half a million confidential and sensitive documents belonging to its customers freely exposed to the public internet, The Register can reveal. The blob also included FedEx shipment security documentation, internal complaints from foodstuffs firm Huel, an investment management firm, and countless others - and in at least one example seen by The Register a passport scan.

UK energy supplier People's Energy this week started informing customers of a data breach that affected some of their personal information. In a data breach notification published on its website, the energy supplier reveals that, on December 16, it was the victim of a cyberattack in which an unauthorized party accessed one of the systems used to store member data.

Police forces were found by IPCO to be treating applications to use spying powers as a tickbox exercise, perhaps unsurprisingly given that these are self-authorisations rubberstamped by police managers themselves. "To provide oversight that satisfies this judgment, IPCO reviewed the use of bulk data at GCHQ and has now incorporated the sharing of bulk data with foreign partners into its regular oversight and inspection arrangements," said IPCO in a statement.

The UK's Home Office has handed a £30m contract to engineering and IT outfit Leidos to help government agencies access and analyse communications data for combatting terrorism and organised crime. The Home Office's National Communications Data Service launched the Agile Data Retention and Disclosure Services last year with a prior information notice to the market.

Britain's Telecommunications Security Bill will allow anyone to sue their telco if they suffer "Loss or damage" as a result of a system breach - but only if they get Ofcom's permission. Buried in the details away from the China-bashing stuff is a potentially heavy stick to be wielded by telco regulator Ofcom, pitting baying crowds against telecoms operators.

A massive phishing campaign pretending to be a Subway order confirmation is underway distributing the notorious TrickBot malware. TrickBot is a trojan malware infection commonly distributed through phishing campaigns or installed by other malware.