Security News

The UK National Cyber Security Centre and Microsoft warn that the Russian state-backed actor "Callisto Group" is targeting organizations worldwide with spear-phishing campaigns used to steal account credentials and data. Today, the United Kingdom officially attributed attacks to Callisto that led to the leaking of UK-US trade documents, the 2018 hack of the UK think tank Institute for Statecraft, and more recently, the hack on StateCraft's founder Christopher Donnelly.

In both cases, it was an own goal when the org handed over the data itself while responding to requests made under the Freedom of Information Act 2000. The majority of the patients whose data was made public were maternity patients of The Rosie Hospital at the Addenbrooke's Hospital site.

Australia is building a top-secret cloud to host intelligence data and share it with the US and UK, which have their own clouds built for the same purpose. The three clouds were discussed on Monday by Andrew Shearer, Australia's director-general of national intelligence, at an event hosted by the Center for Strategic & International Studies in Washington, DC. "We are working very hard on a top-secret cloud initiative," Shearer told the event, adding that it will interoperate with similar infrastructure already operated by the US and UK, and mean sensitive data can be shared "Near instantaneously."

Digital identity wallets and, our favorite, facial age estimation, where the features of a user's face are analyzed to estimate the user's age. The idea of age verification was floated years before and has returned as part of the Online Safety Bill.

The government of the United Kingdom has issued a strongly worded denial of a report that the Sellafield nuclear complex has been compromised by malware for years. The report, appearing in The Guardian, claimed that the controversial complex was hacked by "Cyber groups closely linked to Russia and China," with the infection detected in 2015 but perhaps present before that year.

The UK government plans to introduce new legislation to ban SIM farms, which it views as a widely abused means for carrying out cyber fraud. SIM farms are defined as devices that can hold four or more SIM cards while having the ability to make phone calls and send texts.

The attack started with compromising a media outlet's website to embed malicious scripts into an article, allowing for a 'watering hole' attack. State-backed North Korean hacking operations consistently rely on supply chain attacks and the exploitation of zero-day vulnerabilities as part of their cyber warfare tactics.

A cyberattack on CTS, a leading managed service provider for law firms and other organizations in the UK legal sector, is behind a major outage impacting numerous law firms and home buyers in the country since Wednesday. "We are experiencing a service outage which has impacted a portion of the services we deliver to some of our clients. The outage was caused by a cyber-incident," the UK IT services provider said in a statement published on Friday.

The UK's Information Commissioner's Office is getting tough on website design, insisting that opting out of cookies must be as simple as opting in. At question are advertising cookies, where users should be able to "Accept All" advertising cookies or reject them.

The UK division of Samsung Electronics has allegedly alerted customers of a year-long data breach - the third such incident the South Korean giant has experienced around the world in the past two years. An email to customers, shared on social media by web security consultant and Have I Been Pwned creator Troy Hunt, detailed that the breach exposing data of customers who made purchases between July 1, 2019 and June 30, 2020 was discovered on November 13.