Security News

UK lawmakers propose law banning retail bots after PS5 fiasco
2020-12-22 18:55

A group of lawmakers in the United Kingdom are looking to take on powerful bot organizations openly scalping gaming consoles by proposing potential legislation that would both ban the resale of goods acquired using bots and ban the resale of tech products above the manufacturers' price. The United States has tried its hand at rules against bots with the FTC's 2016 "Better Online Ticket Sales Act," which was designed to regulate secondary market ticket sales as a response to bots being used to drive up ticket prices.

UK firm NOW: Pensions tells some customers a 'service partner' leaked their data all over 'public software forum'
2020-12-22 13:33

Workplace pension provider NOW: Pensions has emailed a number of UK customers to warn about a data leakage caused by contractor error. NOW: Pensions did not disclose how many records were exposed, nor how many third parties copied the leaked data.

UK firm NOW: Pensions tells some customers a 'service partner' leaked their data all over 'public software forum'
2020-12-22 13:33

Workplace pension provider NOW: Pensions has emailed a number of UK customers to warn about a data leakage caused by contractor error. NOW: Pensions did not disclose how many records were exposed, nor how many third parties copied the leaked data.

Unsecured Azure blob exposed 500,000+ highly confidential docs from UK firm's CRM customers
2020-12-18 15:32

A business app developer's unsecured Microsoft Azure blob left more than half a million confidential and sensitive documents belonging to its customers freely exposed to the public internet, The Register can reveal. The blob also included FedEx shipment security documentation, internal complaints from foodstuffs firm Huel, an investment management firm, and countless others - and in at least one example seen by The Register a passport scan.

UK Energy Startup 'People's Energy' Discloses Data Breach
2020-12-18 14:42

UK energy supplier People's Energy this week started informing customers of a data breach that affected some of their personal information. In a data breach notification published on its website, the energy supplier reveals that, on December 16, it was the victim of a cyberattack in which an unauthorized party accessed one of the systems used to store member data.

Whistleblowers have come to us alleging spy agency wrongdoing, says UK auditor IPCO
2020-12-17 12:35

Police forces were found by IPCO to be treating applications to use spying powers as a tickbox exercise, perhaps unsurprisingly given that these are self-authorisations rubberstamped by police managers themselves. "To provide oversight that satisfies this judgment, IPCO reviewed the use of bulk data at GCHQ and has now incorporated the sharing of bulk data with foreign partners into its regular oversight and inspection arrangements," said IPCO in a statement.

UK Home Office chucks US firm Leidos £30m for help snooping on comms data
2020-12-17 09:30

The UK's Home Office has handed a £30m contract to engineering and IT outfit Leidos to help government agencies access and analyse communications data for combatting terrorism and organised crime. The Home Office's National Communications Data Service launched the Agile Data Retention and Disclosure Services last year with a prior information notice to the market.

UK proposes new powers for comms regulator to legally unleash avenging hordes on security-breached telcos
2020-12-16 12:32

Britain's Telecommunications Security Bill will allow anyone to sue their telco if they suffer "Loss or damage" as a result of a system breach - but only if they get Ofcom's permission. Buried in the details away from the China-bashing stuff is a potentially heavy stick to be wielded by telco regulator Ofcom, pitting baying crowds against telecoms operators.

Massive Subway UK phishing attack is pushing TrickBot malware
2020-12-11 08:41

A massive phishing campaign pretending to be a Subway order confirmation is underway distributing the notorious TrickBot malware. TrickBot is a trojan malware infection commonly distributed through phishing campaigns or installed by other malware.

UK union pens letter to data watchdog on icky workplace monitoring systems like Microsoft's Productivity Score
2020-12-10 13:30

UK trade union Prospect has chimed in with the chorus of disapproval at technologies such as Microsoft's Productivity Score being used on the nation's workers. The letter [PDF], sent to data watchdog the Information Commissioner's Office, makes clear the disquiet felt at the potential level of employee monitoring afforded even while acknowledging the rapid back-pedalling undertaken by Redmond amid the furore.