Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label United Kingdom. Show all posts
United Kingdom
AI Cameras Artificial Intelligence Technology Threat Intelligence United Kingdom

New AI Speed Cameras Record Drivers on Their Phones

 

New AI cameras have been deployed in vans to record drivers using their phones while driving or driving without a seatbelt. 

During a 12-hour evaluation in March, South Gloucestershire Council discovered 150 individuals not wearing seatbelts and seven drivers preoccupied by their cell phones. 

Pamela Williams, the council's road safety education manager, stated, "We believe that using technology like this will make people seriously consider their driving behaviour." 

According to figures, 425 people sustained injuries on South Gloucestershire roads in 2023, with 69 critically injured or killed. Throughout the survey, vans were equipped with mounted artificial intelligence (AI) technology. The devices monitored passing vehicles and determined whether drivers were infringing traffic laws. 

If a likely violation was spotted, the images were submitted to at least two specially experienced highways operators for inspection. There were no fixed penalty notices issued, and photographs that were not found to be in violation were automatically deleted. The authorities stated that it was just utilising the technology for surveys, not enforcement. 

Dave Adams, a road safety officer, helped conduct the area's first survey. He went on to say: "This is a survey so we can understand driver behaviour that will actually fit in with other bits of our road safety strategy to help make our roads safer.”

Ms Williams noted that "distracted drivers" and those who do not wear seatbelts are contributing contributors to road fatalities. "Working with our partners we want to reduce such dangerous driving and reduce the risks posed to both the drivers and other people." 

Fatalities remain high 

Dr Jamie Uff, Aecom's lead research specialist in charge of the technology's deployment, stated: Despite attempts by road safety agencies to modify behaviour via education, the number of individuals killed or badly wounded as a result of these risky driving practices remains high. 

"The use of technology like this, makes detection of these behaviours straightforward and is providing valuable insight to the police and policy makers.”
Read more »
User Privacy
Bank Security Cyber Fraud Data Safety Internet Scam UK Banks United Kingdom User Privacy

UK Banks Issue a Warning Regarding an Upsurge in Internet Scams

 

Banks have issued a warning about a sharp rise in fraud in 2022, much of it coming from online sources. 77% of frauds now take place on dating apps, online markets, and social media., Barclays reported.

According to TSB, the major causes of this were an enormous rise in impersonation, investment, and purchase fraud instances. It was discovered that fraudulent listings on Facebook Marketplace had doubled, while impersonation frauds on WhatsApp had increased thrice in a year. 

Additionally, it claimed that there had been "huge fraud spikes" on Meta-owned platforms including Facebook and WhatsApp. Fraud, according to a spokesperson for Meta, is "an industry-wide issue," the BBC reported. 

"Scammers are using increasingly sophisticated methods to defraud people in a range of ways, including email, SMS, and offline," the company stated. "We don't want anyone to fall victim to these criminals, which is why our platforms have systems to block scams, financial services advertisers now have to be FCA (Financial Conduct Authority)-authorised and we run consumer awareness campaigns on how to spot fraudulent behaviour." 

"Epidemic of scams" 

Banks are dealing with an "epidemic of scams," according to Liz Ziegler, director of fraud protection for Lloyds Banking Group. 

"With more than 70% of fraud starting with contact through the main tech platforms, these companies must be held responsible for stopping scams at source and putting things right for innocent victims," she explained. 

Three million people in the UK would become victims of fraud in 2022, NatWest CEO Alison Rose previously warned a Treasury Select Committee. 

She stated, "we have seen an 87% increase in fraud," noting that NatWest believed that 60% of frauds started on social media and other internet platforms. 

Meanwhile, TSB stated 60% of purchase fraud cases of which it is aware - where a fraudster offers an item they never intend to send to the customer - occurs on Facebook Marketplace, and two-thirds of impersonation fraud cases it sees are happening on WhatsApp, The bank claims that 2,650 refunds covering these incidents were given out last year. 

According to Paul Davis, TSB's director of fraud prevention, social media companies "must urgently clean up their platforms" to safeguard users. 

Returned funds 

56% of the total money was lost to scammers in the first half of 2022, according to the most recent data from UK Finance, which represents the banking and finance industry. 

The Contingent Reimbursement Model Code, which intends to pay consumers if they fall victim to an Authorised Push Payment (APP) scam "and have acted appropriately," has been endorsed by many institutions, including NatWest, Lloyds, and Barclays. 

A consumer may be duped into sending money to a fraudulent account through an APP scam. However, TSB asserts that it reimburses victims in 97% of the fraud incidents it observes and is urging other organisations to do the same.
Read more »
Youtube
Data Breach Data Privacy Google United Kingdom User Privacy Youtube

YouTube Charged for Data Gathering on UK Minors

A million children's personal data might be collected by YouTube, as per the research. According to the claim, YouTube violates the 'age-appropriate design code' set forth by the Information Commissioner's Office (ICO).

The UK's data protection rules pertaining to the personal information of minors must be complied with by online services in order to do so. In accordance with the Global Data Protection Regulation (GDPR) program, the UK put into effect the Data Protection Act 2018.

These details include the location from which kids view, the device they use, and their preferred types of videos, according to Duncan McCann, Head of Accountability at the 5Rights Foundation.

According to McCann, the streaming service has violated recently established child protection rules by capturing the location, viewing habits, and preferences of potentially millions of youngsters who visit the main YouTube website.

As per attorney and data protection specialist Jonathan Compton from DMH Stallard, YouTube could be hit with a hefty charge of up to £17.5 million, or 4% of its annual global revenue. Not only the YouTube website can be in violation of the ICO Children's Code. In a study published last month by Comparitech, researchers found that one in four Google Play apps did not adhere to the Age Appropriate Design Code. 

A spokesperson for YouTube said, "Over the years, we've made efforts to protect kids and families, like developing a dedicated kids app, implementing new data standards for children's content, and delivering more age-appropriate experiences."

Extra safeguards have been adopted to support children's privacy on YouTube, such as more protective default settings and a specific YouTube Supervised Experience, building on that long-standing strategy and adhering to the additional recommendations offered by the code. 




Read more »
User Privacy
Cisco Cyber Defence Data Breach ICO Identity Theft United Kingdom User Privacy

Companies are at Risk From Remote Workers Losing Thier Laptops

 

Data thieves can steal a laptop from a coffee shop table, a lost property bin, an unlocked locker, your desk at work, or even your luggage on a crowded commuter train, and it's far away when you first realize it's gone. They are difficult to identify and trace, and because most individuals carry computers, it is simple to steal without anybody knowing. Many data theft events are simply crimes of opportunity rather than deliberate attacks, and stolen laptops make an excellent target.

Organizations are penalized a total of £26 million, according to data compiled by Cisco Systems, after employees misplaced company-owned laptops and phones.

The Information Commissioner's Office has collected over 3,000 reports of missing devices with user data during the past two years. Businesses are far more prone to be penalized than companies that have been the target of ransomware hackers if employees' misplaced laptops and phones consist of consumer information.

The majority of organizations are putting in place their cyber defenses, yet many do not consider their staff to be a threat to company data. But a major aspect of cyber security preparation is searching within the organization for potential insider threats. It might be challenging to tell whether a staff member has genuinely used company systems or if they are attempting to assault the company.
  
According to data protection legislation, the loss of a device containing or having access to the personal data of customers or suppliers must be reported to the ICO. As per Lindy Cameron, the CEO of the National Cyber Security Centre, ransomware is one of the most severe cybersecurity risks in the UK.

Martin Lee, technical lead for cybersecurity at Cisco, warned that office workers who are unable to resume their usual commute may see an increase in lost or stolen devices that carry important company data. Businesses in the UK have been investing heavily to ensure that their corporate networks are impenetrable because of the increased awareness of cyber threats brought on by rising data breaches. 



Read more »
User Privacy
Antivirus Data Breach Data Privacy Laws Hackers Phishing Attacks United Kingdom User Privacy

 UK Penalizes Interserve £4.4 Million for Security Breach

The Information Commissioner's Office (ICO) fined Interserve Group £4.4 million for violating data protection laws after it failed to protect the personal data of its employees.

An unidentified group of hackers launched a phishing attack in May 2020 to gain access to the systems of the construction firm and stole personal and financial information stored by Interserve on its 113,000 present and former employees, according to the ICO. It came to the conclusion that the business failed to implement adequate security measures to avoid such an attack.

A phishing email that had not been quarantined or prevented by the Interserve system was passed in May 2020 by an employee of the company either to an employee that opened it and downloaded its contents. On the employee's workstation, the malware was consequently installed.

The ICO claims that although the company's anti-virus system isolated the malware and provided an alert, it did not fully look into the suspicious activities. If it did so, the hacker would still have been able to access the company's systems.

Following the penetration of 283 systems and 16 accounts, the hacker removed the company's antivirus program. Up to 113,000 current and former employees' personal information was encrypted and made inaccessible.

Personal information like names, addresses, and bank account numbers were among the leaked data, along with certain category information like racial origin, religion, information about any disabilities, sexual orientation, and medical records.

According to John Edwards, the UK's information commissioner, "Firms are most in danger from internal complacency rather than external hackers. You can anticipate a similar fine from my office if your company doesn't routinely check its systems for suspicious behavior and ignores alerts, or if it doesn't update software and fails to teach employees."

The ICO has the authority to fine a data controller up to £17.5 million, or 4% of their total annual global revenue, whichever is larger. This fine was imposed under the DPA2018 (GDPR) for violations of the General Data Protection Regulation.



Read more »
User Privacy
Cyber Crime Flashpoint LAPSUS$ Online Gaming uber United Kingdom User Privacy

Teen Hacking Suspect Arrested by London Police for GTA 6 and Uber Breach

A 17-year-old Oxfordshire kid was detained on suspicion of hacking, according to information released by the City of London Police on Friday.

According to experts, the recent security breaches at Uber and Rockstar Games may have something to do with the arrest.

On September 18, a cyber threat actor identified as the 'teapotuberhacker' claimed to have hacked Rockstar Games, the company behind the well-known and contentious Grand Theft Auto (GTA) franchise, in a post on GTAForums.com. Teapotuberhacker claimed to have taken 90 movies of alpha material and the source code for Grand Theft Auto VI and its predecessor GTA V from Rockstar in that post, which has since been removed.

Notably, a 17-year-old Oxford boy was among the seven minors who were detained. The Oxford teenager was detained after other hackers posted his name and address online. The boy had two internet aliases: 'Breachbase' and 'White'. According to the reports, the boy had earned about $14 million via data theft. 

Further information concerning the inquiry was kept under wraps by the UK authorities. 

Seven adolescents were detained and later freed by City of London police in connection with a probe into the Lapsus$ hacking organization this spring.

Uber released more information regarding the latest security breach earlier this week. According to the firm, the threat actor responsible for the intrusion is connected to the LAPSUS$ hacker organization.

Flashpoint, a security company, presented a report of the Grand Theft Auto VI data breach this week and disclosed that the name of the hacker responsible for the two attacks had been made public on a dark web forum.

The forum administrator claimed that teapotuberhacker was the same guy who had allegedly hacked Microsoft and owned Doxbin in the debate, which was titled 'The Person Who Hacked GTA 6 and Uber is Arion,' according to the story that was published by FlashPoint.

If these claims are true, which is not entirely apparent, it will assist in explaining the most recent incident that law police conducted.
Read more »
United Kingdom
Cyber Security IT system NCSC security measures United Kingdom

In Q2 2022, NCSC Plans to Launch a New Assurance Scheme for IR and SimEx

 

In Q2 2022, the National Cyber Security Centre (NCSC) plans to implement a new assurance scheme for incident response (IR) and simulated exercises (SimEx), which might be a game-changer in the security sector. This will essentially result in the standardization of IR and SimEx across the board, as well as the expansion of commercial reach, opening up new markets for assured suppliers. Previously, the NCSC only offered the Cyber Incident Response (CIR) Service – shortly to be renamed CIR Level 1 – to UK Central Government and major corporations with complex IT systems that were regarded to have "national significance" networks. 

The new CIR service will dramatically broaden its reach to include local businesses, major businesses, and SMEs, while the new Cyber Incident Exercising Service will target large and medium organizations, as well as central and regional UK government. Because of the scope of the undertaking, the NCSC aims to hire Assured Scheme Partners to assess and onboard Assured Service Providers to police the scheme. 

The government agency is presently selecting its Assured Scheme Partners, with whom it will collaborate to develop the operating model and define how it will execute its technical standards across both services. 

SimEx can range from simple desktop exercises to full-fledged simulations, allowing corporate teams to respond to a given attack scenario. They could take the shape of a ransomware or phishing assault, DDoS simulation, or sensitive data being released on the dark web. A simulated exercise's purpose is to practise, analyze, or enhance the IR plan, so the true learning comes from how effectively the incident response process functions. 

Although it is unclear how the new Cyber Incident Exercising Service can support this wide range of activities, the NCSC has announced that it will include table-top and live-play formats. It will likely provide a sliding scale of increasingly complicated services, bringing much-needed clarity to the market. 

One of the main difficulties with SimEx today is that once the business considers testing its IR, prices may quickly escalate, so a formal framework with multiple techniques would help teams know precisely what they've signed up for and how much bang for their buck they're getting. 

Rather than the organization blindly investing in technology and presuming that its policies are being followed, these tests evaluate the effectiveness of security protocols by using attack scenarios that the organization is likely to face in the current threat landscape, informing the business of what is/isn't working and where the disparities are so that future spend can be focused.
Read more »
United Kingdom
Cyber Attacks IT system Nation-State Attacks United Kingdom

Attack on UK's Defence Academy Compelled a Rebuild of the IT System

 

According to a former senior officer, a probable nation-state attack on the UK's primary defense training facility last year compelled the academy to replace its IT infrastructure. Air Marshal Edward Stringer recently retired as the director-general of joint force development and the UK Defence Academy. 

Every year, the academy teaches roughly 30,000 UK armed forces personnel, as well as civil officials and military personnel from foreign countries. However, it was caught off guard by a cyber-attack in March of last year, which had "significant" operational ramifications, according to Stringer. 

IT team had to find backup ways to use regular internet, etc, to keep the courses running, which they did - but not as smoothly as before, to be fair, added Stringer.

He claimed he didn't know whether the hackers were criminals or a hostile state, but his main concern was whether the hackers sought to use the Defence Academy as a "backdoor" into much more secret portions of the MOD's IT systems. When asked if the cyberspies were effective, Air Marshal Stringer replied, "No, I was quite confident, that there hadn't been any other breaches beyond the Defence Academy." 

Despite the fact that no important information is believed to have been stolen, teaching was disrupted when courses were shifted online owing to the pandemic. “It doesn’t look like a violent attack, but there were costs. There were costs to operational output. There were opportunity costs in what our staff could have been doing when they were having to repair this damage,” Stringer said. “What could we be spending the money on that we’ve had to bring forward to rebuild the network? There are no bodies in the streets, but there’s still been some damage done.” 

The MOD's digital branch launched an inquiry into the cyber-attack, but no findings - such as who was behind it - have been made public. The incident was also reported to the National Cyber Security Centre, a part of GCHQ. 

That rebuilding looks to be ongoing, with a note on the present Defence Academy website stating: “new website coming soon … please bear with us while we continue to update our site … check back soon for updates.” 

Serco, an outsourcing contractor, is purportedly in charge of the academy's IT systems, including website maintenance. While China, Russia, and other adversaries would surely have been motivated to undertake an attack, Stringer stopped short of attributing it to state-sponsored operatives.
Read more »
United Kingdom
Cyber Attacks Cyber Security Incidents NCSC United Kingdom

Gloucestershire Council's Website is Being Disrupted due to a Cyber Attack

 

Since the incident on December 20, Gloucester City Council has been attempting to repair some of its online services. The council's online revenue and benefits areas, as well as planning and customer service, are all affected. It pleaded for patience while the services were restored and invited users to email it directly if they had any problems. In addition, the council is collaborating with the National Crime Agency (NCA) and the National Cyber Security Centre (NCSC) to resolve the problem. 

Gloucester City Council is the city authority for the city of Gloucester, which is divided into 18 wards and has 39 councilors elected to serve on the City Council. There were 22 Conservative councilors, 10 Labour councilors, and 7 Liberal Democrat councilors following the 2016 election. The current composition consists of 18 Conservatives, 9 Liberal Democrats, 8 Labour, and 1 independent. 

Residents are also unable to use interactive online application forms used to claim housing benefits, council tax support, test and track support payments, or discretionary housing payments. The problem appears to be so significant that other councils in Gloucestershire, as well as government organizations, are said to have blocked emails from the city council. According to the Local Democracy Reporting Service, the council's planning application website is also unavailable as a result of the attack. 

Those checking in are presently unable to read planning application details or submit comments via the online portal, and the council is unable to email or post plans to customers. The council claims it is doing everything possible to ensure that customers can still contact them, with the primary focus being on dealing with urgent customer matters. Meanwhile, work is being done to bring systems back online once it is deemed safe to do so. 

A spokesperson from Gloucester City Council said: “Through the course of December 20, we became aware that some of our IT systems had been affected by a cyber incident. As a result of the incident, there is currently disruption to some systems and services. We are doing all we can to make sure customers can still contact us but we do ask people to be patient."

"We have been actively working with the National Cyber Security Centre and the National Crime Agency to understand more about the nature of the attack and minimize the impact," he added. Our priority for the next several days will be to handle critical customer issues and to continue working with national agencies to bring our systems back online as fast and safely as possible, he concluded.
Read more »
United Kingdom
COVID-19 Cyber Security Cybersecurity United Kingdom

UK's Failure to Address Cybersecurity Issue Can "Wreak Havoc"

 

Britain's long-term risk planning is running short on power, meaning the nation is exposed to cyber threats from external threats, according to the latest HoL (house of lord) report. The report titled "Preparing for extreme risks: Building a resilient society," was released by the Select Committee on Risk Assessment and Risk Planning (upper chamber) with 85 expert witnesses after the interview. 

According to the HoL report, "the Committee was formed amid the global upheaval of the COVID-19 pandemic. Whilst the Committee never intended to undertake a COVID-19 inquiry, the pandemic has taught us daily lessons about the need for better resilience. The whole of society currently is engaged in a fight against the virus." The report concludes that the government is spending a lot of time responding to emergencies and crises, ignoring the type of long-term plans which would have prepared the UK for the Covid-19 pandemic. The UK's failure to handle the Covid-19 outbreak was evident and clear. 

Besides this, the research analyzing the risk assessment process discovered that the current machinery doesn't have the proper task force to determine and address future problems and threats. But, the pandemic isn't the only risk that the UK is facing. Critical space weather incidents could affect smart technology, most of the users are dependent on it. It includes internet, GPS, power supplies, and communication systems. A cybersecurity attack on UK's national infrastructure can have major repercussions. An AXA report released earlier this year said cybersecurity is the second biggest global problem, after climate change. 

It was listed as the number one business risk in the coming decade by North American and UK survey respondents to WEF (World Economic Forum) report released in 2020. "We consider that generalized resilience is the right response to the threat of increasingly unpredictable risk. The Government’s risk management system should change from attempting to forecast and mitigate discrete risks, towards a more holistic system of preparedness. Reframing risk management through the lens of resilience would produce a risk management system that ties all sectors of society together," reports HoL.
Read more »
Visa
Apple Digital Wallet transactions. iPhone Mobile Security United Kingdom Visa

Security Issues in Visa and Apple Payment Could Result in Fraudulent Contactless Payments

 

Researchers warn that an attacker who steals a locked iPhone can use a saved Visa card to conduct contactless payments worth thousands of dollars without having to unlock the phone. According to an academic team from the Universities of Birmingham and Surrey, backed by the UK's National Cyber Security Centre (NCSC), the problem is caused by unpatched vulnerabilities in both the Apple Pay and Visa systems. Visa, on the other hand, claims that Apple Pay transactions are safe and that any real-world assaults would be impossible to execute. 

Any iPhone with a Visa card set up in "Express Transit" mode can make fraudulent tap-and-go payments at card readers, according to the team. Commuters all around the world, including those on the New York City subway, the Chicago El, and the London Underground, may tap their phones on a reader to pay their fares without having to unlock their devices. 

The problem, which exclusively affects Apple Pay and Visa, is created, according to the researchers, by the usage of a unique code, dubbed "magic bytes," that is broadcast by transit gates and turnstiles to open Apple Pay. They were able to undertake a relay attack using ordinary radio equipment, deceiving an iPhone into thinking it was talking to a transit gate, according to the team. 

 “An attacker only needs a stolen, powered-on iPhone,” according to a writeup published this week. “The transactions could also be relayed from an iPhone inside someone’s bag, without their knowledge. The attacker needs no assistance from the merchant.” 

The researchers demonstrated a £1,000 payment being delivered from a locked iPhone to a normal, non-transit Europay, Mastercard, and Visa (EMV) credit-card reader in a proof-of-concept video. Visa said in a statement that Visa cards linked to Apple Pay Express Transit are safe to use and that cardholders should continue to do so. Contactless fraud methods have been investigated in the lab for over a decade and have proven to be impracticable to implement on a large scale in the real world. They also said that it takes all security concerns seriously and is always working to improve payment security across the ecosystem. 

“Logically, it’s an interesting advancement of tapping a contactless card machine against someone’s wallet/purse in their back pocket on the subway/metro,” Ken Munro, a researcher with Pen Test Partners, said. “However, I’m more concerned about the threat of fraud with a stolen phone. In the past, the PIN would have prevented fraud from a stolen phone. Now, there’s a valid attack method that makes theft of a phone with Express Transit enabled really quite valuable.”
Read more »
User Security
Data Breach Ministry of Defense Sensitive data Leaked United Kingdom User Privacy User Security

A Second Data Breach at the Ministry of Defence has been Discovered

 

The email addresses of dozens more Afghans who may be eligible for relocation in the United Kingdom have been exposed in a second data leak by the British Ministry of Defence (MoD), putting their safety in jeopardy. According to the BBC, the newest mishap had MoD staff accidentally copying 55 people into an email, making their personal information exposed to all recipients. 

According to the BBC, the recipients, at least one of whom is a member of the Afghan national army, were told that relocation officials in the UK had been unable to contact them and that they needed to update their information. 

The MoD's Afghan Relocations and Assistance Policy (ARAP) team, according to a spokesperson, was "aware" of the error, which occurred earlier this month. “Steps have now been taken to ensure this does not happen in the future. We apologize to those affected and extra support is being offered to them,” the spokesperson said. “This week, the defence secretary instigated an investigation into data handling within that team.”

Officials from the Ministry of Defence have contacted those affected and offered advice on how to minimize the potential hazards. 

It comes just a day after the defence secretary issued an apology for a second breach affecting the email addresses of dozens of Afghan interpreters working for British forces. Defence Secretary Ben Wallace said in the House of Commons on Tuesday that thousands of members of the armed services and veterans had been let down by "an unacceptable level of service."

Ben informed lawmakers on Tuesday that mechanisms for "data handling and communication processing" had already been modified. According to BBC, who cited defence officials, Wallace was unaware of the second MoD breach when he made those remarks. 

Former Conservative defence minister Johnny Mercer, who fought in Afghanistan, expressed concern that similar situations could occur again. He said: “I’ve been concerned from the start as to how these individuals have been treated – the whole thing was such a rush to the door when Kabul fell that these mistakes were inevitable. I personally think we’ve taken out people we really shouldn’t have, and failed to bring out the majority of those we should – I think we are only beginning to learn the scale of what has gone on here.”
Read more »
United Kingdom
Cyber Attacks ESET Hackers Ransomware United Kingdom

The Salvation Army in the UK was Infected with Ransomware

 

The Register has uncovered that criminals infected the Salvation Army in the United Kingdom with ransomware and stole the organization's data. A spokeswoman for the Salvation Army confirmed that the evangelical Christian church and charity had been hacked and that it had notified UK regulators. 

She said, “We are investigating an IT incident affecting a number of our corporate IT systems. We have informed the Charity Commission and the Information Commissioner’s Office, are also in dialogue with our key partners and staff, and are working to notify any other relevant third parties. We can also confirm that our services for the vulnerable people who depend on us are not impacted and continue as normal.” 

There is currently no other information concerning the event, such as the identity of the attackers or the material that was accessed. Furthermore, no data has been found on any known ransomware gang websites. Salvation Army workers and volunteers, on the other hand, have been instructed to keep a tight eye on their accounts for any unusual banking activity or suspicious contact. 

Jake Moore, a cybersecurity specialist with Slovakian antivirus firm ESET, told The Register: “It is vital that those who could be at risk are equipped with the knowledge of how to mitigate further attacks. The first few days and weeks after a breach are the most important, as criminals will be quick to take advantage of the situation and strike while they still can.”

 “Those who may believe they have had their details taken must contact their banks to add extra fraud protection and to be on guard for extra attempts such as unsolicited calls or emails phishing for extra information,” added ESET’s Moore. 

Other information security industry sources speculated that the attacks were carried either by the Conti or Pysa ransomware gangs. Conti was the ransomware strain used by the WizardSpider gang in the Irish Health Service attack, which came dangerously close to paralyzing Irish hospitals as employees were forced to revert to pre-computer era paper-based systems. Pysa, meanwhile, has been detected targeting schools and other “soft underbelly” targets, like the Hackney Council breach late last year. 

The current ransomware attack has shown that no organization is immune to ransomware and that it must be prepared to confront attacks at any time. Keith Glancey, systems engineering manager at Infoblox, commented: “This latest attack on the UK arm of the Salvation Army shows that ransomware is growing in sophistication and that actors are getting bolder. No organization is off-limits, even those in the charity sector.”
Read more »
United Kingdom
Bitcoin Crypto Currency Technology United Kingdom

Cryptocurrency Addiction: Here's All You Need to Know!

 

Cryptocurrency addiction is defined as compulsive cryptocurrency trading and related behaviors that have negative implications in a person's life. Cryptocurrency addiction is a behavioral addiction that disrupts or destroys personal, familial, and leisure endeavors, similar to gambling addiction. 

Many of us enjoy the occasional wager or lottery flutter – but it only becomes a problem for roughly 9 people out of 1000. However, 70 persons out of 1000 engage in dangerous behavior that could become an issue in the future. 

Cryptocurrency traders, according to experts, exhibit the same behavioral addictions as problem gamblers. Although no data exist for the number of people addicted to cryptocurrency trading, Tony Marini, the lead counselor at Castle Craig Hospital in Peebles, said they are seeing an increasing number of people in Scotland. 

"This is the crack cocaine of gambling because it is so fast," he said. "It's 24/7. It's on your phone, your laptop, it's in your bedroom." In the last few years, the clinic has treated over 100 people with cryptocurrency addictions. People come to his door because of his constant availability and severe volatility, told Mr. Marini. 

"There are so many people out there that are trading cryptocurrency that is making money," he said. "And they're telling everyone that they're making money. We are not hearing from the people that are losing money."

Jake was a cryptocurrency trader who lost millions of pounds. He does not want his true identity revealed since he is still receiving treatment at one of the UK's few hospitals dedicated to patients who are addicted to betting on the value of the virtual currency. Jake originally purchased Bitcoin, the most widely used cryptocurrency, in 2015, but it wasn't until a major win a few years later that his trading became out of control.

"I can pinpoint the exact moment it became a problem," he said. "I had been eroding the sum I put aside, but I entered a trade, and I was willing to risk that last amount I had. I ended up making back pretty much everything I lost in a single trade. The feeling was one of absolute euphoria."

The market isn't the only thing that may go wrong. The technology that powers cryptocurrency is notoriously difficult, and if you're not vigilant, you could end yourself investing in a hoax.
Read more »
United Kingdom
Business Customer Data Cyber Attacks United Kingdom

Furniture Village Hit by a Week-Long Cyber Attack

 

Customers have been left 'with nothing to sit on' and unable to pay while waiting for sofas, beds, and tables as a result of a week-long cyber-attack on Furniture Village. The Slough-based store revealed yesterday that it had been the 'subject of a cybersecurity attack,' but that 'to the best of its knowledge,' no customer data had been disclosed. 

Internal systems are momentarily down, according to the company's website, although orders are still being taken online and in stores. The problem was discovered six days ago, on May 29, when Furniture Village said that its systems were experiencing technical difficulties and that its phone lines had been disconnected. 

Customers have been complaining on social media for over a week about not being able to get refunds or contact customer service, as well as delays or cancellations in delivery. The company confessed in a tweet that deliveries are taking longer than normal since its 'warehouses are currently operating manually.' 

In a statement released yesterday, Furniture Village said: "Frustratingly, our company was recently the target of a cybersecurity attack, however, by immediately implementing security protocols, including shutting down the affected systems, we were able to restrict the scope of the attack. Thankfully, to the best of our knowledge, no personal data has been lost or compromised." 

"We're working around the clock to restore all system-related functions of the business as soon as it’s safe to do so. The business remains healthy, and our teams are focused on supporting our customers, resorting to manual processes where necessary," the company added. 

The precise nature of the attack is unknown at this time, however, some industry experts suspect the retailer was the victim of a ransomware campaign. No formal confirmation has been given as to whether or not law enforcement agencies have been alerted. 

The National Crime Agency of the United Kingdom released its 2021 National Strategic Assessment last week, claiming that criminals are using technological advancements to fuel "serious and organised crime." Ransomware assaults have "grown in frequency and impact," according to the report.

"It is estimated 50 percent of all ransomware attacks included a threat to publish stolen data and over the last year there were £3bn of estimated fraud losses for UK individuals and businesses, but an accurate figure is constrained by significant under-reporting," it said.
Read more »
User Data
Cyber Security cybercriminals Personal Data United Kingdom User Data

Hackers Send Fake Census Form Alerts to UK Respondents

 


The United Kingdom, like every other country, runs a census every ten years. The census asks residents a number of questions regarding the address of individuals, their age, name, nationality, employment, health, education, and language. (The census here is mandatory and participants are obliged to provide answers)
 
The census happens in the year that ends with number-1, except Scotland, the census is postponed until 2022 due to the Covid-19 pandemic. Due to the Covid-19 pandemic, most of the respondents are filling their services online, they are getting a unique 16 digit access code from the government to each resident via snail-mail. The participant can go to the official government census website, enter the 16 digit login code, saving him the arduous work of filling the form by hand, and snail-mail it back. If the participant fails to fill the census form before 21-03-2021, the government will send a chain of warning notifications with a unique 16 digit code, requesting the participant to fill the form and also fining €1000 if he fails to do so.
 
Naked Security reports, "the criminals did make some grammatical mistakes in their forms that a native speaker of English might notice, and these would be another giveaway, along with the fake domain name, but the crooks have cloned the UK Office for National Statistics “look and feel” very believably."
 
Stay alert of forged forms-
 
If the participant hasn't filled the form yet but may soon do it, he/she should stay wary of fake "census reminders" that are sent by the hackers. And if you've already filled your form, be on alert if you think there have to be some modifications in the details. The hackers are trying to take advantage of the online census by luring the participants into phishing attacks and stealing their data.
 
The fake form may ask for your postcode instead of your 16 digits unique code (the hackers could've also sent a fake 16 digit code but they chose not to), after that, the hackers will ask you similar questions that you may answer while filling out the original forms. However, in the fake form case, you end up exposing your personal details to the hackers, instead of sending your details to Office for National Statistics.

 
How to stay safe?

 
1. Check the Domain name before filling the form on the official website.
 
2. Don't open links that you may receive via SMS or e-mail.
 
3. Stay alert of the text messages that you may receive, please go through the message before filling the form.
 
Read more »
United Kingdom
Cyber Attacks Russia United Kingdom

Great Britain named Russia as the main threat in cyberspace

 Lindy Cameron, executive director of Britain's National Cyber Security Center (NCSC), said on Friday that the Russian Federation poses the greatest threat to Britain in cyberspace.

According to her, as in any other area related to security, in cyberspace, Russia poses the most acute and urgent threat to the United Kingdom.

"We need to look carefully at China's ambitions for technological development. China will change the world we live in in a much more fundamental way than Russia," said Cameron.

Against the backdrop of the current world situation, she urged against complacency, complaining that cybersecurity is still not getting the attention it deserves. She also cited incidents involving cyberattacks against IT company SolarWinds and Microsoft Exchange service.

E Hacking News reminds that the NCSC is in charge of the Government Communications Center, the British intelligence agency responsible for conducting electronic reconnaissance and ensuring the protection of government and military information. The NCSC, in turn, works with the public and commercial sectors to respond to cyberattacks and to protect private and public information networks.

In December 2020, U.S. media reported that hackers linked to a foreign government hacked systems belonging to the U.S. Treasury Department, the Department of Homeland Security, the U.S. Commerce Department's National Telecommunications and Information Administration (NTIA), as well as networks at the Pentagon, Department of Energy and NNSA's nuclear safety agencies. A number of U.S. officials said the hacker group APT29 or Cozy Bear, allegedly linked to Russian intelligence, was likely behind the cyberattacks.

Later it became known that the cyberattack targeted SolarWinds, an IT company based in Austin, Texas. The hackers took advantage of the updates released by the company between March and June last year for its Orion software.

In March of this year, Microsoft warned that a hacker group allegedly backed by the Chinese government was exploiting security vulnerabilities in its Exchange Server messaging software, which is popular with U.S. agencies and companies.

Read more »
United Kingdom
cyber attack Eurofins Forensic United Kingdom

UK Police's Forensic firm targeted in cyber attack









An investigation has been launched after a ransomware attack targeted the UK’s largest private forensics provider, which is widely used by forces across the country. 

The firm Eurofins scientists detected a breach of its systems on June 2. After following the report, police have suspended all its work with the company. The company carries out DNA analysis, toxicology, ballistics and computer forensics work.

The National Police Chiefs’ Council, Chief Constable James Vaughan, said in a statement: “We have put our national contingency plans in place, which will see urgent submissions and priority work diverted to alternative suppliers to be dealt with as quickly as possible.’’

“It is too early to fully quantify the impact, but we are working at pace with partners to understand and mitigate the risks. We will share more information as soon as we can.”

The company has been told to return the casework that had not been started. They deal with more than 70,000 cases ever year, including murders and terrorism.  


Read more »
Wikileaks
Julian Assange London United Kingdom United States Wikileaks

WikiLeaks‘ founder Assange arrested after seven years hide out inside Ecuador embassy







British police has finally arrested the WikiLeaks founder Julian Assange from the Ecuadorian embassy in London after Ecuador government withdrew asylum citing his bad behavior. 

The arrest has closed the seven year long dramatic stint which could end up in landing in a United States prison as he is facing  a hacking conspiracy charge.

According to an indictment Assange conspired with former Army intelligence analyst Chelsea Manning to steal, and publish classified documents. 

Soon after his arrest, Assange appeared before Westminster Magistrates’ Court, where District Judge Michael Snow found  him guilty for breaching his bail conditions, flatly rejecting his assertion that he had not had a fair hearing and a reasonable excuse for not appearing.

“Mr. Assange’s behavior is that of a narcissist who cannot get beyond his own selfish interests,” Snow said. “He hasn’t come close to establishing ‘reasonable excuse.’”

While, Assange waved to the public from the gallery as he was taken to the cells. His next appearance would be on May 2 via prison video-link for his extradition case.

Whereas his attorney, Jennifer Robinson, said he will fight any extradition to the U.S.

“This sets a dangerous precedent for all journalist and media organizations in Europe and around the world,” she said. “This precedent means that any journalist can be extradited for prosecution in the United States for having published truthful information about the United States.”

Read more »
United Kingdom
Cyber bullying Cyber Crime Regulatory Board Social Media United Kingdom

UK : Social Media Executives To Be Held Accountable For Destructive Content!



Reports have it, that according to a recent proposal of the UK authorities, social media executives shall be personally blamable for the harmful content on their platforms.
The freshly published paper in which the details were mentioned is just a tactic to restrict the spread of violent and detrimental content related to suicides and cyber bullying.
Disinformation, is another theme eluded upon along with the rising need for companies to hold their ground against terroristic, child abusive, and sexually abusive content.
The regulations and guidelines in the aforementioned paper also mention the requirement for every individual regulator to impose the rules.
Its’s high time, the online companies took responsibility for what content their platforms displayed, in an attempt to reinstate trust in technology within the society.
Files hosting sites, chat forums, messaging services, search engines and social media platforms alike will come under the belt of the aforementioned measures.
If not adhered to, the policies also mention within them strong punishments for companies including substantial fines and blocking access.
This is a great action which has potential to bring change. The implementation although could not be as simple as it all sounds.
The above-mentioned set of guidelines would provide for a stable code of conduct for everyone on the social media which if complied to, will lead to safer platforms.
But, the implementation, is still in question along with other questions like, Will the regulatory approach be different for smaller companies?
Social media regulation and the improvements it requires is on everyone’s mind, of late because of the mosque shooting in New Zealand.
The shooting was live streamed on Facebook and other social media sites like Instagram, YouTube and etc. were rushed to block and delete the copies of the video which has instantly gone viral.
A legislation not very different from the one in UK that was discussed above was passed in Australia meaning to hold the executives responsible for whatever is posted on their platforms.

Read more »
Subscribe to: Posts (Atom)