Security News
An important middleman in the UK's electrical power grid has suffered a cyber attack, though the lights are still on across good old Blighty. Elexon, which reconciles electricity supply to the National Grid and issues bills for undersupply or oversupply, was struck by what appears to be a partially contained ransomware attack, judging by its effects on the company's operations.
Elexon, a company involved in the management of the electricity market in the United Kingdom, has been hit by a cyberattack that impacted its internal IT systems. Elexon manages the Balancing and Settlement Code on behalf of the electricity sector in the UK. The BSC defines the rules and governance for the balancing mechanism and imbalance settlement processes of electricity in Britain.
Hosted by the University of Edinburgh and packing 118,080 processing cores running on a Cray XC30, the ARCHER supercomputer is the primary academic research supercomputer in the UK. The ARCHER Service was started in November 2013. On May 11, 2020, the team behind ARCHER disabled access to the service due to a "Security exploitation" on its login nodes.
- the world's largest nonprofit association of certified cybersecurity professionals - announced that the Certified Information Systems Security Professional certification has been found comparable to Level 7 of the Regulated Qualifications Framework in the UK, denoting that the certification is comparable to Masters degree standard. The benchmarking of the CISSP was conducted by UK NARIC, the UK's designated national agency responsible for providing information and expert guidance on academic, vocational and professional qualifications from across the world.
The startling prediction came from Tobias Ellwood MP, chairman of the Defence Committee, as he presided over a hearing on 5G security and Huawei's involvement. "To put it in cruder terms, Russia is going to become more subservient to China." He added: "If Russia understands the weaknesses, the vulnerabilities or the back doors that China provides, it can be Russia continuing to do those cyber attacks at the behest of China."
Several weeks ago, Google, which was seeing around 18 million pandemic-themed malware or phishing messages per day, revealed that nation-backed hackers were targeting healthcare organizations and those engaged in the fight against the coronavirus pandemic. Today, the US Department of Homeland Security Cybersecurity and Infrastructure Security Agency and the United Kingdom's National Cyber Security Centre warned that APT groups are "Actively targeting organizations involved in both national and international COVID-19 responses."
Foreign state hackers are trying to brute-force their way into pharmaceutical and medical research agencies hunting for a COVID-19 vaccine, British and American infosec agencies are warning. The National Cyber Security Centre and America's Cybersecurity and Infrastructure Security Agency cautioned of a "Password spraying" campaign targeting healthcare and medical research organisations.
The operating system does allow software, such as the NHS tracing app, to run in a special mode so that it can announce itself to nearby iPhones and iPads via Bluetooth, and listen out for copies of itself on other devices, even when in the background. It is literally impossible to broadcast the UUID needed for the app to work without the screen on and the app in the foreground.
Gould also told Parliament's Human Rights Committee that data harvested from Britons through NHSX's COVID-19 contact tracing app would be "Pseudonymised" - and appeared to leave the door open for that data to be sold on for "Research". Key to those is a big green button that the user presses to send 28 days' worth of contact data to the NHS. Written by tech arm NHSX, Britain's contact-tracing app breaks with international convention by opting for a centralised model of data collection: all the contact-tracing data is kept under one roof in one central government database.
A group of nearly 175 UK academics has criticised the NHS's planned COVID-19 contact-tracing app for a design choice they say could endanger users by creating a centralised store of sensitive health and travel data about them. The app will emit an electronic ID from your phone and receive the IDs of other phones with the app installed.