Security News

Opinion The UK Extension to the EU-US Data Privacy Framework will enter into force on October 12, allowing certifying entities to easily transfer personal data from the UK to the US. Transferring personal data across the Atlantic would otherwise be prohibited under the UK General Data Protection Regulation without transfer mechanisms. As the UK is no longer a member of the European Union, the DPF does not automatically enable the transfer of personal data from the UK to the US. Transfers of personal data from the UK will require a Data Bridge.

Onstage at TechCrunch Disrupt 2023, Meredith Whittaker, the president of the Signal Foundation, which maintains the nonprofit Signal messaging app, reaffirmed that Signal would leave the U.K. if the country's recently passed Online Safety Bill forced Signal to build "Backdoors" into its end-to-end encryption. "We would leave the U.K. or any jurisdiction if it came down to the choice between backdooring our encryption and betraying the people who count on us for privacy, or leaving," Whittaker said.

Top admin, HR managers, devs go on transatlantic deny-list The US and UK governments named and sanctioned 11 Russians said to be connected to the notorious Trickbot cybercrime crew this week.…

The USA and the United Kingdom have sanctioned eleven Russian nationals associated with the TrickBot and Conti ransomware cybercrime operations. After numerous takedown attempts by the U.S. government, the Conti ransomware gang took control of the TrickBot operation and its development, using it to enhance more advanced and stealthy malware, such as BazarBackdoor and Anchor.

Comment Sanity appears to have prevailed in the debate over the UK Online Safety bill after the government agreed to ditch proposals - at least for the time being - to legislate the scanning of encrypted messages. In response to questions regarding the technical feasibility of scanning messages and the assessments that Ofcom must make, Lord Parkinson, a Digital, Culture, Media and Sport minister, said: "If the appropriate technology does not exist that meets these requirements, then Ofcom will not be able to use Clause 122 to require its use."

The risk of running obsolete code and hardware was highlighted after attackers exfiltrated data from a UK supplier of high-security fencing for military bases. The initial entry point? A Windows 7 PC. While the supplier, Wolverhampton-based Zaun, said it believed that no classified information was downloaded, reports indicated that attackers were able to obtain data that could be used to gain access to some of the UK's most sensitive military and research sites.

The National Cyber Security Centre provides details on prompt injection and data poisoning attacks so organizations using machine-learning models can mitigate the risks. Large language models used in artificial intelligence, such as ChatGPT or Google Bard, are prone to different cybersecurity attacks, in particular prompt injection and data poisoning.

London's Metropolitan Police has said a third-party data breach exposed staff and officers' names, ranks, photos, vetting levels, and salary information. The supplier did not store police addresses, phone numbers or financial account details so it appears that data remains secure.

The Cisco Talos report exposes new malware used by the group to target Internet backbone infrastructure and healthcare organizations in the U.K. and the U.S. Two reports from cybersecurity company Cisco Talos provide intelligence about a new attack campaign from the North Korean threat actor Lazarus. The researchers observed the Lazarus group successfully compromise an internet backbone infrastructure provider in the U.K. in early 2023, deploying a new malware dubbed QuiteRAT. The initial compromise was done via exploitation of the CVE-2022-47966 vulnerability, which affects Zoho's ManageEngine ServiceDesk.

The open source project has recently announced a secure communications framework, designed for decentralized peer-to-peer use through a multi-hop mesh routing system that combines strong encryption with untraceability. This same state is, of course, the one demanding that to "Protect children," it should get access to whatever encrypted citizen communication it likes via the Online Safety Bill, which is now rumored to be going through British Parliament in October.