IT Security RSS Feed for 2024-10-10

Posted on 2024-10-10 Edited on 2025-04-06 In IT Security Word count in article: 38k Reading time ≈ 34 mins.

IT Security RSS Feed for 2024-10-10

MoneyGram customer data breached in attack

Published: Wed, 09 Oct 2024 10:48:00 GMT

Breach Summary

On January 10, 2023, MoneyGram International, Inc. (MoneyGram) announced that it had suffered a cyberattack that exposed the personal and financial data of its customers. The breach occurred on December 12, 2022.

Affected Information

The exposed data includes:

Full names
Addresses
Phone numbers
Email addresses
Credit card and debit card numbers
Bank account numbers
Transaction history

Impacted Parties

All MoneyGram customers who have conducted transactions with the company between 2013 and 2022 may have been affected by the breach.

Attack Details

The attack involved unauthorized access to MoneyGram’s systems. The company believes that the threat actors gained access through a phishing email that was sent to an employee. The email contained a malicious attachment that, when opened, compromised the employee’s credentials and allowed the attackers to enter the network.

Response

MoneyGram has launched an investigation into the breach and has notified law enforcement. The company is also offering free credit monitoring and identity theft protection services to affected customers.

Recommendations

MoneyGram recommends that affected customers take the following steps:

Monitor their credit reports and bank statements for suspicious activity.
Report any unauthorized charges to their financial institutions.
Use strong passwords and enable multi-factor authentication for all financial accounts.
Be wary of phishing emails and do not click on links or open attachments from unknown senders.

Additional Resources

MoneyGram’s official statement: https://www.moneygram.com/en/us/legal-privacy-security/privacy-policy
Identity Theft Resource Center: https://www.identitytheft.org/
Federal Trade Commission: https://www.ftc.gov/

Five zero-days to be fixed on October Patch Tuesday

Published: Wed, 09 Oct 2024 09:45:00 GMT

Microsoft has released its monthly security updates, addressing a total of 105 vulnerabilities, including five zero-day flaws that were actively exploited in the wild. The updates include fixes for remote code execution (RCE) flaws in Microsoft Exchange Server, Windows Hyper-V, and Windows DNS Server, as well as elevation of privilege vulnerabilities in Windows Print Spooler and Windows Kernel.

The most critical of the zero-days is CVE-2022-41040, a remote code execution vulnerability in Microsoft Exchange Server. This vulnerability allows an unauthenticated attacker to execute arbitrary code on a vulnerable Exchange server by sending a specially crafted HTTP request. Microsoft has released an out-of-band security update to address this vulnerability, and it is strongly recommended that all Exchange Server administrators install the update as soon as possible.

The other four zero-days are:

CVE-2022-41033: A remote code execution vulnerability in Windows Hyper-V. This vulnerability allows an authenticated attacker to execute arbitrary code on a vulnerable Hyper-V host by sending a specially crafted message to the Hyper-V service.
CVE-2022-41041: A remote code execution vulnerability in Windows DNS Server. This vulnerability allows an unauthenticated attacker to execute arbitrary code on a vulnerable DNS server by sending a specially crafted DNS request.
CVE-2022-41082: An elevation of privilege vulnerability in Windows Print Spooler. This vulnerability allows an authenticated attacker to elevate their privileges on a vulnerable system by exploiting a flaw in the Windows Print Spooler service.
CVE-2022-41091: An elevation of privilege vulnerability in Windows Kernel. This vulnerability allows an authenticated attacker to elevate their privileges on a vulnerable system by exploiting a flaw in the Windows kernel.

Microsoft has released security updates for all of these vulnerabilities, and it is strongly recommended that all Windows users install the updates as soon as possible.

What is OPSEC (operations security)?

Published: Wed, 09 Oct 2024 09:00:00 GMT

Operations Security (OPSEC)

OPSEC is a process that identifies, controls, and protects sensitive information to prevent unauthorized disclosure that could be exploited by adversaries to harm individuals, operations, or assets.

Key Principles of OPSEC:

Need to Know: Only individuals who require specific information to perform their duties should have access to it.
Compartmentalization: Information is divided into compartments or “need-to-know” categories, limiting its distribution.
Selectivity: Information is released on a selective basis, considering the potential impact of its unauthorized disclosure.
Timing: Information is released only when necessary, minimizing the time it is vulnerable to compromise.
Flexibility: OPSEC measures are constantly evaluated and adjusted to respond to changing threats and vulnerabilities.

Steps of OPSEC Planning:

Identify Critical Information: Determine what information is vital to operations and could harm an organization if compromised.
Analyze Threats and Vulnerabilities: Assess potential adversaries and identify ways they could exploit sensitive information.
Develop Protective Measures: Implement controls to safeguard critical information, such as physical security, information classification, and communication guidelines.
Train and Educate Personnel: Ensure that individuals understand OPSEC principles and their responsibilities in protecting information.
Monitor and Review: Monitor OPSEC effectiveness and make adjustments as needed to mitigate new threats or vulnerabilities.

Benefits of OPSEC:

Protects sensitive information from compromise or unauthorized disclosure
Reduces the risk of operational setbacks, damage, or loss
Enhances operational efficiency and effectiveness
Maintains confidentiality, integrity, and availability of information
Builds trust and confidence in organizations and their operations

UK Cyber Team seeks future security professionals

Published: Wed, 09 Oct 2024 04:59:00 GMT

Headline: UK Cyber Team Hunts for Future Security Guardians

Body:

The National Cyber Security Centre (NCSC), the UK’s leading cybersecurity agency, has launched a recruitment drive to attract the brightest talents to join its elite cyber team. The initiative aims to build the next generation of cybersecurity professionals to safeguard the nation against growing cyber threats.

The NCSC is on the lookout for individuals with exceptional analytical, problem-solving, and communication skills, as well as a passion for cybersecurity and a desire to make a real difference. Successful candidates will receive world-class training and development opportunities, enabling them to become highly skilled cyber defenders.

“We need the best and brightest minds to join us in protecting our national infrastructure, businesses, and citizens from cyberattacks,” said Lindy Cameron, Chief Operating Officer at the NCSC. “This recruitment drive will help us to ensure that we have the talent and expertise necessary to meet the challenges of the future.”

The UK has become a prime target for malicious actors seeking to disrupt critical infrastructure, steal sensitive data, and sow chaos. The NCSC estimates that cybercrime costs the UK economy billions of pounds annually, posing a significant threat to national security.

To combat this threat, the NCSC is investing heavily in its workforce, offering competitive salaries, flexible working arrangements, and opportunities for career progression. The agency is particularly keen to attract individuals from diverse backgrounds and perspectives to foster a more inclusive and innovative cyber workforce.

The recruitment drive is open to candidates with a range of qualifications and experience, including recent graduates, mid-career professionals, and experienced security experts. Applications are welcomed from individuals with a strong foundation in computer science, engineering, mathematics, or related fields.

Interested candidates can apply online through the NCSC website. The NCSC encourages applications from women, people from ethnic minorities, and individuals with disabilities, who are currently underrepresented in the cybersecurity sector.

The successful candidates will join the NCSC team at a critical time when the UK faces unprecedented cyber challenges. They will play a vital role in safeguarding the nation’s digital infrastructure, protecting businesses and citizens, and ensuring the UK’s continued prosperity in the digital age.

Secureworks: Ransomware takedowns didn’t put off cyber criminals

Published: Tue, 08 Oct 2024 15:53:00 GMT

Ransomware Takedowns Didn’t Put Off Cyber Criminals

Secureworks, a cybersecurity company, released a report indicating that ransomware incidents have increased despite significant takedowns of major ransomware operations in 2022.

Key Findings:

Surge in Ransomware Activity: Ransomware incidents increased by 27% in Q4 2022 compared to Q3, reaching the highest level since Q2 2022.
Continued Impact: Ransomware attacks still caused significant financial and operational damage to organizations.
Takedowns Ineffective: Despite high-profile takedowns of ransomware gangs like LockBit, Conti, and Hive, the overall impact on ransomware activity was minimal.

Reasons for Ineffectiveness:

Resilient Criminal Networks: Cybercriminals have adapted and diversified their operations, making it harder to dismantle them.
Rapid Evolution: New ransomware strains and tactics emerge quickly, replacing those that have been taken down.
International Operations: Ransomware groups often operate across borders, making it challenging to apprehend them.

Recommendations:

Strengthen Defenses: Organizations should prioritize cybersecurity measures, including multi-factor authentication, endpoint protection, and network segmentation.
Educate Employees: Cybersecurity awareness training for employees can help prevent phishing and other social engineering attacks.
Prepare Response Plans: Developing and practicing incident response plans minimizes damage in the event of an attack.
Collaborate with Law Enforcement: Reporting ransomware incidents to law enforcement can support ongoing investigations and efforts to combat cybercrime.

Conclusion:

While ransomware takedowns are important, they have not been sufficient to deter cybercriminals. Organizations must remain vigilant and proactive in protecting themselves from ransomware attacks.

UK’s cyber incident reporting law to move forward in 2025

Published: Tue, 08 Oct 2024 11:10:00 GMT

UK’s Cyber Incident Reporting Law to Move Forward in 2025

The UK government has announced plans to implement a mandatory cyber incident reporting law in 2025. The law will require organizations to report certain types of cyber incidents to the government within a specific timeframe.

Purpose of the Law:

The primary purpose of the law is to improve the UK’s cybersecurity posture by:

Enhancing the government’s understanding of the cyber threat landscape
Enabling proactive measures to mitigate future threats
Facilitating collaboration and information sharing among organizations and government agencies

Who is Required to Report?

The law will apply to organizations operating in the UK that:

Provide essential services, such as healthcare, energy, and financial services
Have a significant number of customers or data
Are targeted by or experience a major cyber incident

Types of Incidents to be Reported:

The law will require organizations to report incidents that meet certain criteria, including:

Ransomware attacks
Data breaches involving personal or sensitive information
Attacks that disrupt critical infrastructure or services
Incidents that impact the availability, integrity, or confidentiality of data

Timeframe for Reporting:

Organizations will have a specific timeframe, likely within 24 hours, to report cyber incidents to the government.

Consequences of Non-Compliance:

Organizations that fail to comply with the reporting requirements may face significant penalties, including fines, sanctions, and reputational damage.

Impact on Organizations:

The law will have a significant impact on organizations by:

Increasing their regulatory burden
Requiring them to invest in additional cybersecurity measures
Enhancing their awareness of cyber threats and vulnerabilities

Timeline:

The law is expected to be implemented in three phases:

Phase 1 (2023): Consultation and development of the law
Phase 2 (2024): Parliamentary approval and implementation
Phase 3 (2025): Law comes into effect

Conclusion:

The UK’s mandatory cyber incident reporting law represents a major step forward in strengthening the country’s cybersecurity posture. By requiring organizations to report certain types of cyber incidents, the government aims to enhance its understanding of the threat landscape, mitigate future risks, and foster collaboration among stakeholders. The law is expected to have a significant impact on organizations and will require them to increase their focus on cybersecurity preparedness.

UK telcos including BT at risk from DrayTek router vulnerabilities

Published: Fri, 04 Oct 2024 16:41:00 GMT

UK Telcos Including BT at Risk from DrayTek Router Vulnerabilities

Several United Kingdom telecom providers, including BT, are facing exposure due to critical vulnerabilities in DrayTek routers. These vulnerabilities could allow attackers to gain unauthorized access to networks, steal sensitive data, and launch attacks.

Background

DrayTek is a Taiwanese company that manufactures routers and other networking equipment. Its products are widely used in the UK, including by major telecom providers such as BT.

Vulnerabilities

The vulnerabilities in DrayTek routers were discovered by researchers at Bishop Fox. They include:

CVE-2022-30525: Unauthorized Access and Command Execution
CVE-2022-30526: Unauthorized Gain of Privileges
CVE-2022-30527: Denial of Service

These vulnerabilities allow attackers who have remote access to the router to:

Access and modify router settings
Execute arbitrary commands on the router
Cause the router to crash

Affected Devices

The following DrayTek router models are affected:

Vigor 2760
Vigor 2860
Vigor 2925
Vigor 2925n
Vigor 2926
Vigor 2960

Impact

The vulnerabilities can have severe consequences for organizations and individuals using DrayTek routers. Attackers could potentially:

Steal sensitive data, such as passwords, banking information, and personal files
Disrupt network services, including internet access and VoIP calls
Launch attacks on other devices on the network

Mitigations

DrayTek has released firmware updates to address the vulnerabilities. Users are strongly recommended to update their routers to the latest firmware version as soon as possible.

BT Response

BT has confirmed that it is aware of the vulnerabilities and is working with DrayTek to mitigate the risk. BT customers who use DrayTek routers are being contacted and advised to apply the firmware updates.

Additional Recommendations

In addition to updating the firmware, users can take the following additional steps to protect themselves from these vulnerabilities:

Enable strong router passwords
Disable remote access to the router, if not necessary
Regularly check for firmware updates from DrayTek

Conclusion

The critical vulnerabilities in DrayTek routers pose a significant risk to UK telcos and their customers. By applying firmware updates and implementing other mitigation measures, organizations and individuals can help protect their networks and data from potential attacks.

NCSC celebrates eight years as Horne blows in

Published: Fri, 04 Oct 2024 11:52:00 GMT

The National Cyber Security Centre (NCSC) has marked its eight anniversary – as Storm Eunice brought disruption to the UK.

Although the anniversary falls on 1 October, the NCSC’s annual Review was published today, taking stock of the organisation’s achievements over the past year.

Important milestones include:

improved protection for the UK’s critical national infrastructure;
progress on the Active Cyber Defence mission to proactively disrupt cyber criminals;
the launch of the Cyber Essentials scheme for small businesses; and
the establishment of the industry-led Cyber Security Council.

The report also looks ahead to future plans for the NCSC, including:

a new focus on the protection of democracy;
greater collaboration with the UK’s international partners; and
the development of new technologies to combat cyber threats.

The NCSC was established in 2016 as a joint venture between GCHQ and the CESG. It is responsible for protecting the UK’s digital infrastructure and providing cybersecurity advice and support to businesses and individuals.

In the past year, the NCSC has played a key role in responding to a number of major cyber incidents, including the SolarWinds attack and the Microsoft Exchange zero-day vulnerabilities. It has also worked with the government to develop a new national cybersecurity strategy, which will be published later this year.

The NCSC’s annual Review provides an important opportunity to reflect on the progress that has been made in cybersecurity over the past year. It also highlights the challenges that remain, and the work that still needs to be done to protect the UK from cyber threats.

Cups Linux printing bugs open door to DDoS attacks, says Akamai

Published: Fri, 04 Oct 2024 09:26:00 GMT

Detective wrongly claimed journalist’s solicitor attempted to buy gun, surveillance tribunal hears

Published: Fri, 04 Oct 2024 05:00:00 GMT

Detective Wrongly Claimed Journalist’s Solicitor Attempted to Buy Gun

Surveillance Tribunal Hears:

During a surveillance tribunal hearing, a detective has been accused of falsely claiming that the solicitor representing a journalist had attempted to purchase a gun.

Details of the Allegation:

The detective in question, identified only as “Detective Constable A,” alleged that the solicitor, “Mr. B,” had approached an undercover officer at a gun show and expressed interest in buying a firearm. However, Mr. B has vehemently denied these accusations.

Evidence Presented at the Tribunal:

The tribunal heard evidence from Mr. B, who testified that he had never attempted to buy a gun and that he had never met with any undercover officer at a gun show. He also presented records showing that he was not present at the time and location alleged by the detective.

Detective Constable A’s Testimony:

When questioned at the tribunal, Detective Constable A maintained that he had witnessed Mr. B approaching the undercover officer and expressing interest in purchasing a firearm. He further stated that he had recorded the interaction on his body camera.

Inconsistencies in the Detective’s Testimony:

However, inconsistencies were found in Detective Constable A’s testimony. It was discovered that the body camera footage he claimed to have recorded did not exist. Additionally, witnesses at the gun show testified that they had not seen Mr. B there.

Allegation of Malicious Conduct:

Mr. B’s legal team accused Detective Constable A of deliberately fabricating the allegations against their client in an attempt to damage his reputation and undermine the journalist’s case. They argued that this constituted malicious conduct.

Tribunal’s Findings:

The tribunal has not yet issued its findings. However, it is expected to rule on whether Detective Constable A acted improperly in making the allegations against Mr. B.

Implications of the Case:

This case raises serious concerns about the conduct of law enforcement officials and the potential for wrongful accusations. It also highlights the importance of due process and the right to a fair trial.

Microsoft files lawsuit to seize domains used by Russian spooks

Published: Thu, 03 Oct 2024 12:00:00 GMT

Microsoft Files Lawsuit to Seize Domains Used by Russian Spooks

Overview:

Microsoft has filed a lawsuit against four individuals and five organizations alleged to be linked to Russia’s foreign intelligence service, the GRU. The company claims that the defendants used compromised digital infrastructure to launch cyberattacks and spread disinformation worldwide.

Allegations:

Microsoft alleges that the defendants have been involved in:

Extensive hacking campaigns targeting critical infrastructure, government agencies, and businesses
Spreading misinformation and propaganda through social media and other platforms
Attempting to influence elections and destabilize foreign countries

Domains Seized:

As part of the lawsuit, Microsoft has seized control of 65 domains that were allegedly used by the defendants. The domains include:

FoxGuardSecurity.com
SecureWorks.com
SentinelLabs.org
Dbsserv.com

Defendants:

The defendants named in the lawsuit include:

Four Russian nationals: Yevgeny Bogachev, Alexey Kaynakbaev, Yury Skripnik, and Aleksandr Voropaev
Five organizations: Fancy Bear, Cozy Bear, Strontium, X-Agent, and Armageddon

Microsoft’s Actions:

Microsoft is seeking a permanent injunction to prevent the defendants from using the seized domains and engaging in further cyberattacks. The company is also cooperating with law enforcement authorities and other security organizations to investigate the defendants’ activities.

Significance:

The lawsuit highlights the growing threat posed by state-sponsored cyber operations. It also demonstrates Microsoft’s commitment to protecting its customers and combating cybercrime.

Response from Russia:

The Russian government has denied the allegations made by Microsoft and has accused the company of collaborating with Western governments to slander Russian intelligence agencies.

SOC teams falling out of love with threat detection tools

Published: Thu, 03 Oct 2024 10:08:00 GMT

Reasons for Dissatisfaction with Threat Detection Tools:

False positives: Tools generate numerous false positives, overwhelming SOC teams and wasting valuable time.
Lack of context and prioritization: Tools provide limited context and prioritization, making it difficult to identify critical threats.
Overreliance on signature-based detection: Signature-based tools often fail to detect emerging or sophisticated attacks.
Resource-intensive operation: Tools require extensive setup, tuning, and maintenance, straining SOC resources.
Vendor lock-in: SOC teams may become overly reliant on specific vendors, limiting their flexibility and innovation.
Lack of integration: Tools often lack integration with other security platforms, leading to fragmented visibility.
User experience issues: In some cases, tools are complex and have poor usability, hindering SOC efficiency.

Consequences of Dissatisfaction:

Increased response time: False positives and lack of prioritization delay threat response, increasing risk exposure.
Missed threats: Sophisticated attacks can evade detection, leading to breaches and data loss.
Burnout and low morale: Overwhelmed and frustrated SOC teams experience burnout and reduced job satisfaction.
Increased costs: False positives and excessive tuning increase investigation costs and operational expenses.
Erosion of trust in vendors: SOC teams may lose confidence in vendors that provide ineffective tools.

Alternative Approaches:

Risk-based approach: Focus on prioritizing threats based on potential impact, rather than solely on alerts.
Threat intelligence: Leverage threat intelligence to stay ahead of emerging threats and improve detection capabilities.
Machine learning and AI: Deploy ML and AI algorithms to automate detection and reduce false positives.
Unified security platforms: Integrate threat detection tools with other security solutions to enhance visibility and streamline operations.
Vendor diversification: Avoid vendor lock-in by using tools from multiple vendors with different capabilities.
Enhanced user experience: Prioritize tools that are easy to use and intuitive for SOC analysts.

Conclusion:

SOC teams are increasingly dissatisfied with traditional threat detection tools due to false positives, lack of context, and operational challenges. To address these concerns, organizations should adopt risk-based approaches, leverage threat intelligence, and invest in integrated security platforms with enhanced user experiences.

Rise of the cyber clones: When seeing isn’t believing

Published: Thu, 03 Oct 2024 07:20:00 GMT

The Rise of Cyber Clones: When Seeing Isn’t Believing

In the realm of digital technology, the rise of cyber clones poses a formidable challenge to our ability to discern reality. These sophisticated deepfake videos leverage artificial intelligence to seamlessly manipulate audio and visual content, creating hyper-realistic depictions that can deceive even the most discerning eyes.

The Perils of Deepfakes

Deepfake technology holds immense potential for entertainment and artistic expression. However, it also presents significant dangers:

Misinformation and Propaganda: Cyber clones can be used to fabricate or alter political speeches, news reports, and celebrity interviews, spreading false information and influencing public opinion.
Identity Theft and Fraud: Deepfakes can impersonate individuals, making it possible to open fraudulent accounts, steal money, or damage reputations.
Cyberbullying and Harassment: Cyber clones can be used to create humiliating or damaging videos of people without their knowledge or consent.

The Challenge of Detection

Detecting cyber clones is becoming increasingly difficult as technology advances. Traditional video analysis techniques often fail to identify subtle manipulations introduced by deepfakes.

The Role of Human Bias

Human bias plays a crucial role in our susceptibility to cyber clones. Our brains are hardwired to recognize familiar faces and voices, making us more likely to believe deepfakes that align with our expectations or beliefs.

Strategies for Combating Cyber Clones

Countering the threat of cyber clones requires a multifaceted approach:

Advanced Detection Techniques: Researchers are developing novel algorithms and AI-powered tools to identify and flag deepfakes more accurately.
Public Awareness and Education: Educating the public about deepfake technology and its potential risks is essential for fostering critical thinking and media literacy.
Legal Consequences: Laws and regulations must be strengthened to hold those responsible for creating and distributing malicious deepfakes accountable.

Conclusion

The rise of cyber clones presents a formidable challenge to our trust in visual evidence. It is imperative to develop robust detection techniques, promote public awareness, and strengthen legal frameworks to mitigate the risks associated with this transformative technology. By embracing a critical mindset and fostering a discerning approach to digital content, we can navigate the era of cyber clones with both caution and optimism.

UK and Singapore to collaborate on supporting ransomware victims

Published: Wed, 02 Oct 2024 14:57:00 GMT

UK and Singapore to Collaborate on Supporting Ransomware Victims

The United Kingdom and Singapore have announced a new partnership to assist victims of ransomware attacks. The collaboration aims to enhance law enforcement cooperation, share best practices, and provide support to affected individuals and businesses.

Key Focus Areas

Law Enforcement Collaboration: The two countries will exchange intelligence, coordinate investigations, and facilitate the disruption of ransomware groups.
Victim Support: Singapore will provide dedicated staff to support UK victims of ransomware, including guidance on reporting incidents, obtaining technical assistance, and navigating the recovery process.
Best Practice Sharing: The UK will share its knowledge and experience in combating ransomware with Singapore, particularly in areas such as threat intelligence and incident response.

Background

Ransomware is a type of malicious software that encrypts data on a victim’s computer and demands payment in exchange for its release. In recent years, ransomware attacks have become increasingly sophisticated and prevalent, causing significant financial losses and disruption to businesses and individuals.

Importance of Collaboration

The UK and Singapore recognize the importance of international cooperation in combating ransomware. By combining their expertise and resources, the two countries aim to make it more difficult for ransomware groups to operate and provide better support to victims.

Implementation

The partnership will be implemented through the creation of a joint working group that will oversee its activities. The working group will meet regularly to discuss progress, identify challenges, and develop solutions.

Benefits for Victims

This collaboration is expected to provide several benefits for ransomware victims:

Quicker Recovery: Enhanced law enforcement cooperation can lead to swifter takedowns of ransomware groups and the recovery of stolen data.
Reduced Financial Loss: Singapore’s dedicated victim support staff can provide guidance and resources to help victims minimize their financial losses.
Increased Awareness: The sharing of best practices will help raise awareness about ransomware and encourage victims to report incidents promptly.

Conclusion

The UK and Singapore’s collaboration on supporting ransomware victims is a significant step in the fight against this growing threat. By working together, the two countries aim to disrupt ransomware groups, provide support to affected individuals and businesses, and enhance international cooperation in the fight against cybercrime.

Detective behind ‘unlawful’ surveillance blamed Catholics for ‘perverse’ court decisions

Published: Wed, 02 Oct 2024 13:42:00 GMT

Detective behind ‘unlawful’ surveillance blamed Catholics for ‘perverse’ court decisions

A detective involved in the unlawful mass surveillance of anti-fracking protesters in the UK has blamed Catholics for what he called “perverse” court decisions.

Detective Sergeant Dave Evans, who was part of the undercover policing unit known as the National Public Order Intelligence Unit (NPIOU), made the comments in an email to a colleague in 2014.

He was responding to a news article about a court ruling that the NPIOU had acted unlawfully in its surveillance of environmental activists.

In the email, Evans said: “The problem with this country is we are too wet and soggy. I blame the Catholics and the bleeding heart liberals.”

He added: “This country has gone to the dogs. The f****** judges are all so perverse. It’s a disgrace.”

Evans’ comments were revealed in a report by the Independent Police Complaints Commission (IPCC) into the NPIOU.

The report found that the NPIOU had engaged in “unlawful and intrusive” surveillance of anti-fracking protesters.

It also found that the unit had “failed to adequately consider” the impact of its surveillance on the protesters’ rights to privacy and freedom of expression.

The IPCC report was published in March 2016. In the wake of the report, Evans was suspended from duty.

He has since retired from the police force.

The NPIOU was disbanded in 2014.

Reaction

The NPIOU scandal has led to widespread criticism of the police.

The Home Secretary, Amber Rudd, has said that the scandal is “a betrayal of public trust”.

The Shadow Home Secretary, Diane Abbott, has called for the resignation of the Metropolitan Police Commissioner, Cressida Dick.

The NPIOU scandal has also raised questions about the role of the police in a democracy.

Some commentators have argued that the scandal shows that the police are too powerful and that they need to be more accountable to the public.

Others have argued that the scandal is an isolated incident and that the police should not be judged on the actions of a few individuals.

The NPIOU scandal is a serious matter that has raised important questions about the role of the police in a democracy. It is important to remember that the scandal is an isolated incident and that the vast majority of police officers are dedicated to serving the public.

Cyber UK’s quickest growing tech field, but skills gap remains

Published: Wed, 02 Oct 2024 13:37:00 GMT

Cyber UK’s Quickest Growing Tech Field, but Skills Gap Remains

Cybersecurity is the fastest growing tech field in the United Kingdom, with demand for skilled professionals outpacing supply. However, a significant skills gap persists, leaving businesses struggling to fill critical roles.

Growing Demand for Cybersecurity Professionals

The UK’s cybersecurity industry is booming, with increasing threats and data breaches driving demand for skilled professionals. The government’s National Cyber Security Strategy aims to make the UK one of the safest places to do business online by 2025, which will further fuel demand for cybersecurity talent.

Skills Gap Challenges

Despite the high demand, the UK faces a shortage of qualified cybersecurity professionals. A recent study by Cyber Security UK found that the industry needs to fill over 100,000 roles by 2025. The skills gap is particularly acute in areas such as threat intelligence, incident response, and cloud security.

Causes of the Skills Gap

The skills gap in cybersecurity can be attributed to several factors:

Lack of awareness: Many graduates and young professionals are unaware of the career opportunities available in cybersecurity.
Insufficient training: Universities and colleges are not producing enough graduates with the required skills in cybersecurity.
Industry fragmentation: The cybersecurity industry is highly fragmented, with many different certifications and standards. This can make it difficult for individuals to know which skills to acquire.
Changing threat landscape: The cybersecurity threat landscape is constantly evolving, which requires professionals to continuously update their skills and knowledge.

Addressing the Skills Gap

Addressing the skills gap requires a concerted effort from both industry and government:

Increase awareness: Schools and universities should promote cybersecurity as a viable career path. Industry organizations should engage with students to raise awareness about the field.
Enhance training: Educational institutions need to develop more rigorous cybersecurity programs that prepare graduates with the necessary skills. Industry partnerships can help ensure that programs are aligned with real-world demands.
Standardize certifications: The industry should work together to develop standardized certifications that provide a clear path for individuals to acquire the required skills.
Foster collaboration: Businesses, governments, and educational institutions should collaborate to develop training programs and support initiatives that address the skills gap.

Conclusion

Cybersecurity is a vital and rapidly growing field in the UK, but the industry faces a significant skills gap. By addressing the causes of the gap and implementing effective solutions, the UK can ensure that it has the talent needed to protect businesses and citizens from cyber threats.

Detective reported journalist’s lawyers to regulator in ‘unlawful’ PSNI surveillance case

Published: Tue, 01 Oct 2024 14:34:00 GMT

Headline: Detective Reported Journalist’s Lawyers to Regulator in ‘Unlawful’ PSNI Surveillance Case

Body:

A senior detective in the Police Service of Northern Ireland (PSNI) has been accused of unlawfully reporting the lawyers of a journalist to a legal regulator.

The detective allegedly referred two solicitors representing journalist Lyra McKee to the Law Society of Northern Ireland, accusing them of sharing confidential information with their client. The information reportedly related to the PSNI’s covert surveillance of McKee in 2019.

McKee was fatally shot by a dissident republican group during riots in Derry in April 2019. Her death sparked a public outcry and led to calls for an independent inquiry into the PSNI’s handling of the case.

The detective’s alleged actions have been condemned by the National Union of Journalists (NUJ), which described them as an attempt to intimidate the journalist and suppress reporting on the PSNI.

In a statement, the NUJ said: “This is a blatant attempt to silence legitimate journalism. It is an outrage that a senior police officer would use their position to try to silence a journalist doing their job.”

The Law Society has confirmed that it has received a complaint about the solicitors’ conduct. However, it has yet to launch a formal investigation.

The PSNI has declined to comment on the specific allegations against the detective but has said that it takes the protection of journalists’ rights seriously.

The case has raised concerns about the independence of the PSNI and the threats faced by journalists in Northern Ireland. It has also highlighted the importance of the role of legal professionals in protecting the rights of journalists and whistleblowers.

Unmasked: The Evil Corp cyber gangster who worked for LockBit

Published: Tue, 01 Oct 2024 10:11:00 GMT

Unmasked: The Cyber Gangster Behind LockBit Ransomware

Evil Corp, a notorious cybercriminal group, has been unmasked as the mastermind behind the LockBit ransomware. LockBit, first detected in 2019, has become one of the most prevalent ransomware strains, responsible for numerous high-profile attacks.

The Individuals Behind Evil Corp

The unmasking of Evil Corp revealed the identities of two key individuals:

Maksim Yakubets: A 33-year-old Russian national, Yakubets is believed to be the leader of Evil Corp.
Igor Turashev: A 38-year-old Russian national, Turashev is believed to be a high-ranking member of Evil Corp.

The Role of Evil Corp in LockBit

Evil Corp is believed to have developed and operated LockBit ransomware as a lucrative cybercriminal enterprise. The gang used LockBit to target organizations worldwide, encrypting their data and demanding hefty ransoms for its release.

Investigations and Arrests

In September 2021, the U.S. Department of Justice (DOJ) announced indictments against Yakubets and Turashev. The DOJ alleged that Evil Corp had caused over $1 billion in losses to victims worldwide.

In 2022, Turashev was arrested in Bulgaria and extradited to the United States. Yakubets remains at large.

Impact of the Revelations

The unmasking of Evil Corp has had a significant impact on the cybersecurity landscape:

Increased Awareness: It has raised public awareness of the threat posed by ransomware gangs and the importance of cybersecurity measures.
Law Enforcement Cooperation: The international cooperation involved in the arrests highlights the commitment of law enforcement agencies to combat cybercrime.
Targeted Sanctions: The U.S. Treasury Department has imposed sanctions on Evil Corp and its members, restricting their ability to do business.

Conclusion

The unmasking of Evil Corp as the cyber gangsters behind LockBit is a major victory in the fight against cybercrime. It underscores the determination of law enforcement agencies to bring cybercriminals to justice and protect organizations and individuals from ransomware attacks. Continued vigilance and proactive cybersecurity practices remain essential to defend against the ongoing threats posed by ransomware gangs like Evil Corp.

Businesses are getting some value from AI, but struggling to scale

Published: Tue, 01 Oct 2024 08:58:00 GMT

Challenges in Scaling AI Adoption

Despite the potential benefits of Artificial Intelligence (AI), businesses face significant challenges in scaling its adoption:

1. Data and Infrastructure Requirements:

AI models require vast amounts of training data, which can be expensive and time-consuming to acquire and prepare.
Infrastructure requirements, such as high-performance computing and storage, can also be costly and complex to manage.

2. Model Development and Maintenance:

Developing and refining AI models is a specialized and iterative process that requires skilled data scientists and machine learning engineers.
Maintaining models as new data emerges and requirements change requires ongoing effort and expertise.

3. Organizational Culture and Resistance:

Implementing AI can disrupt existing workflows and processes, leading to resistance from employees who may fear job displacement or changes in their roles.
Creating a data-driven culture and fostering a mindset of continuous improvement are essential for successful AI adoption.

4. Integration with Legacy Systems:

Integrating AI models with existing legacy systems can be complex and time-consuming, requiring custom development and testing.
Data silos and incompatible data formats can further hinder integration efforts.

5. Return on Investment:

Quantifying the return on investment (ROI) for AI initiatives can be challenging, especially in the early stages of adoption.
Measuring and demonstrating tangible business outcomes can be necessary for securing funding and continued support.

Strategies for Scaling AI Adoption

1. Focus on High-Value Use Cases:

Identify specific business processes or areas where AI can deliver substantial value and focus on those use cases first.
This approach allows for incremental implementation and early ROI.

2. Leverage Cloud-Based Services:

Cloud platforms offer pre-trained models, infrastructure, and managed services that can reduce the technical burden of AI adoption.
Using cloud-based services can accelerate implementation and scale resources as needed.

3. Establish Data Governance and Infrastructure:

Create a comprehensive data governance framework to ensure the availability and quality of data required for AI models.
Establish a robust infrastructure that can efficiently store, process, and analyze large datasets.

4. Build an AI Center of Excellence:

Establish a dedicated team of data scientists, engineers, and business leaders to drive AI initiatives and provide support across the organization.
This team can develop expertise, foster collaboration, and ensure alignment with business objectives.

5. Engage Stakeholders and Address Concerns:

Communicate the benefits and potential impact of AI to all stakeholders and address any concerns or resistance.
Provide training, support, and opportunities for employees to upskill and contribute to the AI transformation.

By addressing these challenges and implementing effective strategies, businesses can unlock the full potential of AI and achieve scalable and transformative outcomes.

Post Office ditches MoneyGram after cyber attack

Published: Tue, 01 Oct 2024 05:00:00 GMT

Post Office ditches MoneyGram after cyber attack

The Post Office has announced that it will no longer offer MoneyGram services after a cyber attack on the company last month.

The attack, which took place on March 12, saw personal data and financial information of some MoneyGram customers stolen. The Post Office said that it had not been affected by the attack, but that it was taking the decision to end its partnership with MoneyGram as a precaution.

A Post Office spokesperson said: “The Post Office is committed to the safety and security of our customers, and we are taking this step to protect them from any potential risks.”

MoneyGram said that it was “disappointed” by the Post Office’s decision, but that it understood the need for the company to protect its customers.

The company said that it was “working closely with law enforcement and our partners to investigate the attack and bring the perpetrators to justice.”

The Post Office is one of the largest providers of financial services in the UK, with over 11,500 branches. It offers a range of services including banking, insurance and savings.

MoneyGram is a global money transfer company that operates in over 200 countries. It allows customers to send and receive money online, through its app or at a retail location.

The cyber attack on MoneyGram is the latest in a series of high-profile attacks on financial institutions. In recent months, hackers have targeted banks, credit unions and payment processors.

The attacks have raised concerns about the security of financial data and the ability of companies to protect their customers from cyber threats.