Security News

UK government has published the contracts it holds with private tech firms and the NHS for the creation of a COVID-19 data store, just days after campaigners fired legal shots over a lack of transparency. Campaign groups Foxglove and openDemocracy, which brought the action, said that the documents show the tech firms were set to build data models for commercial purposes from NHS training data before being challenged.

Open Rights Group has instructed lawyers to lodge a complaint with the UK's data watchdog over the rollout of the Test and Trace system because it says the system breaches the General Data Protection Regulation. The complaint to the ICO relates to the failure by the NHS and Public Health England, which runs the Test and Trace programme, to conduct a Data Protection Impact Assessment, which is required under the GDPR before processing of data in high-risk situations.

The intent of the MoU is to make it easier and more affordable for UK public sector agencies to leverage the full range of Google Cloud's services to increase innovation and deliver digital transformation. CCS, the UK Cabinet Office executive agency and trading fund, engaged Google Cloud in 2019 to discuss requirements for cloud services under the One Government Cloud Strategy, a joint initiative between Cabinet Office, CCS and Government Digital Service.

A Brit public sector-owned office supplies company shrugged off a ransomware demand for 102 Bitcoins after a staffer opened a phishing email. A local blogger, publishing the Vox Medway site, claimed the attack froze all CSG services at 01:30 UK time on 2 April.

The cybercriminals behind the recent attack on Elexon, which manages the electricity market in the United Kingdom, have started leaking data allegedly stolen from the company. Elexon revealed in mid-May that its IT systems were targeted in a cyberattack, but it did not provide any additional details.

The REvil/Sodinokibi ransomware gang has just published what it claimed were files stolen from UK power grid middleman Elexon. The stolen data was published on REvil's Tor webpage as a cache of 1,280 files, which we understand include documents that appeared to be passports of Elexon staff members and an apparent business insurance application form.

British companies have been offered access to a £400k pot of cash to design a UK-specific "Kitemark" assurance scheme for Internet of Things products. The government grant scheme is intended to complement previous announcements, making it a legal requirement that IoT devices ship with unique, non-default passwords and for vendors to "Explicitly state" for how long security updates will be published.

The ad campaign follows a similar initiative launched in late 2017 that academics say measurably dampened demand for such services by explaining that their use to harm others is illegal and can land potential customers in jail. "The fact is, those standing in front of a classroom teaching children have less information about cybercrime than those they're trying to teach," Cox said, noting that the campaign is designed to support so-called "Knock-and-talk" visits, where investigators visit the homes of young people who've downloaded malware or purchased DDoS-for-hire services to warn them away from such activity.

Britain will reduce Chinese tech giant Huawei's controversial involvement in its 5G network in the wake of the coronavirus outbreak, the Daily Telegraph reported Saturday. Prime Minister Boris Johnson gave the green light to Huawei's participation in January, despite widespread domestic opposition and pressure from the United States.

Campaign groups have written to the UK Prime Minister warning GCHQ and its digital arm, the National Cyber Security Centre, will have the capacity to re-identify the phones of people who have installed the nation's coronavirus contact-tracing app. "The centralised recording of data could facilitate mission creep; there is no guarantee that the Government will not add additional tracking features or later use the data for purposes other than COVID-19 tracking. Of particular concern is the fact that the National Cyber Security Centre and GCHQ will have the capacity toidentify the phones of people who have installed the app. Based on the UK Government's track record on surveillance, we consider these risks to be real," the letter said.