Security News

The farewell report written by the UK's biometrics and surveillance commissioner highlights a litany of failings in the Home Office's approach to governing the technology. "My time as the biometrics and surveillance camera commissioner has been interesting, challenging, and at times frustrating, in part because of a lack of engagement across Whitehall and often an absence of support in obtaining the resources needed to fulfill my functions: at no time have I had a full complement of staff," Sampson wrote.

The United Kingdom's National Cyber Security Centre is inviting members of the cybersecurity community to join its new Cyber League, which is a collective of industry experts that will work alongside the government agency to tackle security threats facing the U.K. Announced by the NCSC on Jan. 17, the Cyber League will support existing NCSC initiatives that bring together experts from the public and private sectors. The Cyber League will see members of the cybersecurity and threat intelligence industries join NCSC analysts in workshops and discussion groups to exchange insights on the growing threat landscape.

The agency says cybercriminals already use AI for various purposes, and the phenomenon is expected to worsen over the next two years, helping increase the volume and severity of cyberattacks. The NCSC believes that AI will enable inexperienced threat actors, hackers-for-hire, and low-skilled hacktivists to conduct more effective, tailored attacks that would otherwise require significant time, technical knowledge, and operational effort.

The Australian, US, and UK governments have announced sanctions for Aleksandr Gennadievich Ermakov, a Russian national considered responsible for the 2022 Medibank hack and a member of the REvil ransomware group. Medibank is a large health insurance provider in Australia that suffered a ransomware attack in October 2022, causing operational and business disruption.

Southern Water provides water services to 2.5 million customers and wastewater services to 4.7 million customers in the southern regions of the England. Some documents leaked online are branded with Greensands logos - the parent company of Southern Water.

The National Grid is reportedly the latest organization in the UK to begin pulling China-manufactured equipment from its network over cybersecurity fears. The contract with the UK subsidiary of China's state-owned Nari Technology, NR Electric UK, was terminated after seeking advice from the National Cyber Security Centre, according to sources who spoke to the Financial Times.

The UK National Cyber Security Centre and Microsoft warn that the Russian state-backed actor "Callisto Group" is targeting organizations worldwide with spear-phishing campaigns used to steal account credentials and data. Today, the United Kingdom officially attributed attacks to Callisto that led to the leaking of UK-US trade documents, the 2018 hack of the UK think tank Institute for Statecraft, and more recently, the hack on StateCraft's founder Christopher Donnelly.

In both cases, it was an own goal when the org handed over the data itself while responding to requests made under the Freedom of Information Act 2000. The majority of the patients whose data was made public were maternity patients of The Rosie Hospital at the Addenbrooke's Hospital site.

Australia is building a top-secret cloud to host intelligence data and share it with the US and UK, which have their own clouds built for the same purpose. The three clouds were discussed on Monday by Andrew Shearer, Australia's director-general of national intelligence, at an event hosted by the Center for Strategic & International Studies in Washington, DC. "We are working very hard on a top-secret cloud initiative," Shearer told the event, adding that it will interoperate with similar infrastructure already operated by the US and UK, and mean sensitive data can be shared "Near instantaneously."

Digital identity wallets and, our favorite, facial age estimation, where the features of a user's face are analyzed to estimate the user's age. The idea of age verification was floated years before and has returned as part of the Online Safety Bill.