Security News

The UK National Savings and Investment bank is being bombarded with complaints over failing online security and authentication features which customers say have locked them out of their accounts. The Register has contacted NS&I to offer it the opportunity to respond.

The survey is based on interviews conducted over the phone and online between September 27, 2022, and January 18, 2023, of 2,263 U.K. businesses, 1,174 U.K. registered charities and 554 education institutions. How are businesses identifying cybersecurity risks?

Websites and mobile apps of Lloyds Bank, Halifax, TSB Bank, and Bank of Scotland are experiencing web and mobile app outages leaving customers unable to access their account balances and information. BleepingComputer has been able to confirm that the four major UK banks are currently experiencing disruptions related to their online banking and mobile banking systems since the early morning hours of Friday, April 28th. Websites of banks including Lloyds, Halifax, TSB, and Bank of Scotland admit that some customers are having issues when accessing Internet and Mobile banking services.

As currently drafted, the Bill could break end-to-end encryption,opening the door to routine, general and indiscriminate surveillance of personal messages of friends, family members, employees, executives, journalists, human rights activists and even politicians themselves, which would fundamentally undermine everyone's ability to communicate securely. The Bill provides no explicit protection for encryption, and if implemented as written, could empower OFCOM to try to force the proactive scanning of private messages on end-to-end encrypted communication services - nullifying the purpose of end-to-end encryption as a result and compromising the privacy of all users.

The United Kingdom's NCSC is warning of a heightened risk from attacks by state-aligned Russian hacktivists, urging all organizations in the country to apply recommended security measures. "Over the past 18 months, a new class of Russian cyber adversary has emerged," reads the NCSC's alert.

The US, UK, and Cisco are warning of Russian state-sponsored APT28 hackers deploying a custom malware named 'Jaguar Tooth' on Cisco IOS routers, allowing unauthenticated access to the device. A joint report released today by the UK National Cyber Security Centre, US Cybersecurity and Infrastructure Security Agency, the NSA, and the FBI details how the APT28 hackers have been exploiting an old SNMP flaw on Cisco IOS routers to deploy a custom malware named 'Jaguar Tooth.

The UK and US governments have sounded the alarm on Russian intelligence targeting unpatched Cisco routers to deploy malware and carry out surveillance. In a joint advisory issued Tuesday, the UK National Cyber Security Centre, the NSA, America's Cybersecurity and Infrastructure Security Agency and the FBI provided details about how Russia's APT28 - aka FancyBear and Stronium - exploited an old vulnerability in unpatched Cisco routers in 2021 to collect network information belonging to European and US government organizations, and about 250 Ukrainian victims.

There cannot be a "British internet," or a version of end-to-end encryption that is specific to the UK. The UK Government must urgently rethink the Bill, revising it to encourage companies to offer more privacy and security to its residents, not less. "There is grave concern that the Online Safety Bill's requirements around identifying illegal content could break the principle of end-to-end encryption with the promise of a magical backdoor. Once a backdoor has been compromised, data and content protected by the encryption becomes accessible. This is exactly what many bad actors would welcome."

Belgian HR and payroll giant SD Worx has suffered a cyberattack causing them to shut down all IT systems for its UK and Ireland services. SD Worx is a European HR and payroll management company based out of Belgium that services 5.2 million employees for over 82,000 companies, according to its website.

The UK's Criminal Records Office has finally confirmed, after weeks of delaying issuing a statement, that online portal issues experienced since January 17 resulted from what it described as a "Cyber security incident." ACRO is the country's national law enforcement organization responsible for managing criminal record information, providing criminal records on request, and sharing those records with foreign nations.