Security News

Those known risks are twofold: Huawei's coding practices are pisspoor, as Britain's Huawei Cyber Security Evaluation Centre found last year; and there is the ever-present fear that Huawei, or people within Huawei, could be forced to abuse their product knowledge to serve the Chinese regime, perhaps through espionage conducted on UK comms networks or helping with denial-of-service attacks. Although the US have been claiming for years that Huawei poses a threat to communication security, given the well-documented activities of American spy agencies over the last couple of decades this seems like a hollow concern.

British and American officials are meeting as U.K. Prime Minister Boris Johnson's government prepares to decide on whether there's a future for Chinese equipment maker Huawei in the country's next-generation telecom networks, his spokesman said Monday. "We have strict controls for how Huawei equipment is currently deployed in the U.K. The government is undertaking a comprehensive review to ensure the security and resilience of 5G and fiber in the U.K.".

The UK Information Commissioner's Office has kicked £280m in data breach fines against British Airways and US hotel chain Marriott into the long grass. As spotted by City law firm Mishcon de Reya, the ICO has extended the time before it will fine the two companies what it claimed would be a total of £282m, split between BA's £183m and Marriott's £99m. In a statement the UK's data protection regulator said: "Under Schedule 16 of the Data Protection Act 2018, BA and the ICO have agreed to an extension of the regulatory process until 31 March 2020. As the regulatory process is ongoing we will not be commenting any further at this time."

A man accused of hacking UK National Lottery accounts via credential stuffing attacks has been sentenced to nine months in prison, the UK's National Crime Agency reported on Friday. According to the NCA, Batson used a tool called Sentry MBA to launch credential stuffing attacks on accounts belonging to National Lottery customers.

The UK Data Protection Regulator has issued a monetary penalty of £500,000 against Dixon Carphone for what it describes as "Multiple, systemic and serious inadequacies" in the firm's security posture. This allowed Dixons to argue that the PAN was not personal data, and that this aspect of the breach was consequently not subject to the personal data focus of the data protection laws.

British regulators have fined Dixons Carphone, a large electronics and phone retailer, &pound500,000 for a breach that exposed millions of payment card details and personal data due to point-of-sale malware. In January 2018, the ICO fined it &pound400,000 for a 2015 breach of its Carphone Warehouse subsidiary after an attacker exploited an outdated WordPress installation.

BitDam, provider of cybersecurity solutions that protect enterprise communications from advanced threats hidden in files and links, announced that its BitDam Advanced Threat Protection solution is now installed at LSH Auto UK Ltd, part of the world's largest Mercedes-Benz Dealer Group, in an effort to cost-effectively enhance the company's email security posture. PCM advised LSH to look at BitDam to help it to neutralize corporate risk as well as provide protection for customers who may be compromised as a result of phishing attacks.

Foreign currency mega-exchange Travelex said on Thursday it was forced offline by a "Software virus" infection, bring down a number of currency-exchange websites with it. The outage at Travelex has had a knock-in effect in that it knackered currency-swap services for a number of UK banks and organizations relying on the exchange.

As NCSC Head Ciaran Martin Steps Down, Other Countries are Emulating ModelWanted: A new chief executive to assume command of Britain's growing National Cyber Security Center, part of GCHQ. As...

Half a million docs, including patient names and medical records left at back of premises A pharmacy that left around half a million documents, including customers' personal information and...