Security News
The UK has decided to break with growing international consensus and insist its upcoming coronavirus contact-tracing app is run through centralised British servers - rather than follow the decentralized Apple-Google approach. Within the details over how it would work, the memo revealed the NHS and UK government reckon the contact-tracing protocols built by Apple and Google protect user privacy under advisement only.
In a memorandum [PDF] first spotted by The Guardian, the British government is asking that five more public authorities be added to the list of bodies that can access data scooped up under the nation's mass-surveillance laws: the Civil Nuclear Constabulary, the Environment Agency, the Insolvency Service, the UK National Authority for Counter Eavesdropping, and the Pensions Regulator. The Environment Agency investigates "Over 40,000 suspected offences each year," the memo stated.
British hardware chain Robert Dyas' website has been hit by credit-card stealing malware that siphoned off customers' payment details including the long card number, expiry date and security code. Between 7 and 30 March a card skimmer was present on Robert Dyas' payment processing page, the chain admitted in an email sent to affected customers that was seen by The Register.
Blackline Safety, a global leader of gas detection and connected safety solutions, is pleased to announce it has partnered with STANLEY Security, a division of STANLEY Black & Decker, to provide 24/7 monitoring and emergency response management to Blackline customers in the United Kingdom and Europe. "Developing connected safety solutions for companies across the globe, Blackline Safety is a leader in employee safety monitoring in itself," said Richard Solly, Director of Monitoring Security - Europe for STANLEY Security.
The UK Information Commissioner's Office has yet again postponed its £280m in fines against British Airways and Marriott Hotels for data leaks. The fines were handed to both companies following damaging and widely publicised digital break-ins affecting millions of people around the world.
UK-based financial technology company Finastra is investigating a cybersecurity incident that may involve a piece of ransomware infecting some of its systems. Finastra has not shared any details about the attack.
Cybersecurity researchers say UK-based document printing and binding company Doxzoo exposed hundreds of gigabytes of information, including documents related to the US and British military, by leaving an AWS S3 bucket unprotected. The exposed data included names, addresses, email addresses, passport scans, partial payment information, order details, copyrighted publications, teacher's guides, certifications and diplomas, medical documents, floor plans, personal photos, and documents that users likely paid for, such as university course materials and diet and exercise plans.
A UK inquiry into child sexual abuse facilitated by the internet has recommended that the government require apps to pre-screen images before publishing them, in order to tackle "An explosion" in images of child sex abuse. The imagery isn't only "Depraved"; it's also easy to get to, the inquiry said, referring to research from the National Crime Agency that found that you can find child exploitation images within three clicks when using mainstream search engines.
Hackers have slurped biz comms customers' data from a database run by one of O2's largest UK partners. In an email sent to its customers, the partner, Aerial Direct, said that an unauthorised third party had been able to access customer data on 26 February through an external backup database, which included personal information on both current and expired subscribers from the last six years.
A critical crown court IT system and thousands of laptops used by the UK's Ministry of Justice run on Microsoft's obsolete and unsupported Windows XP operating system, The Register can reveal. As recently as March 2019, the ministry was paying hundreds of thousands of pounds for a VPN to support 2,000 Windows XP laptop users - news that comes as the department admits that a critical court IT system is also running on XP boxen.