IT Security RSS Feed for 2025-02-01

Posted on Edited on In Word count in article: 36k Reading time ≈ 33 mins.

IT Security RSS Feed for 2025-02-01

What is a certificate revocation list (CRL) and how is it used?

Read more

Published: Fri, 31 Jan 2025 16:30:00 GMT

Certificate Revocation List (CRL)

A certificate revocation list (CRL) is a digitally signed list of certificates that have been revoked (invalidated) by the certificate authority (CA) that issued them.

Purpose of CRL

The purpose of a CRL is to provide a means for relying parties (e.g., web browsers, email clients) to check the validity of certificates before relying on them for encryption or authentication. This allows relying parties to:

  • Identify certificates that have been revoked due to compromise, expiration, or other reasons.
  • Avoid using invalid certificates that may be exploited by attackers.

How CRL Works

  • CA Publishes CRL: The CA periodically generates and publishes a CRL that contains the serial numbers and revocation dates of revoked certificates.
  • Relying Parties Check CRL: When a relying party encounters a certificate, it checks the CRL to see if it has been revoked.
  • Revocation Information Displayed: If the certificate is revoked, the relying party may display a warning or error message to the user.

Advantages of CRL

  • Reliable: CRLs are signed by the CA, ensuring their authenticity and integrity.
  • Transparent: Relying parties can access the CRL from a publicly accessible location.
  • Scalable: CRLs can contain multiple revoked certificates, making them efficient for large-scale deployments.

Disadvantages of CRL

  • Limited Timeliness: CRLs are updated periodically, which means there may be a delay between when a certificate is revoked and when it is added to the CRL.
  • Additional Administrative Burden: CAs must regularly create and publish CRLs, which can be time-consuming and resource-intensive.
  • Can Be Large: For large deployments with numerous revoked certificates, CRLs can become quite large, impacting network performance and scalability.

Alternatives to CRL

  • Online Certificate Status Protocol (OCSP): A real-time protocol that allows relying parties to query a CA about the status of a specific certificate.
  • Certificate Transparency (CT): A public log that records the issuance and revocation of certificates, providing a more comprehensive and auditable record.

Police swoop on Sky ECC cryptophone distributors in Spain and Holland

Read more

Published: Fri, 31 Jan 2025 15:06:00 GMT

Police Swoop on Sky ECC Cryptophone Distributors in Spain and Holland

Madrid/The Hague, May 5, 2023

In a major international operation, police forces in Spain and the Netherlands have arrested dozens of individuals involved in the distribution of Sky ECC cryptophones.

Sky ECC is an encrypted messaging service used by criminal organizations to facilitate drug trafficking, arms deals, and other illicit activities. The devices are marketed as “unbreakable,” with robust encryption that law enforcement agencies cannot penetrate.

The joint operation, codenamed “Operation Trojan Shield,” was coordinated by Europol and involved law enforcement agencies from several countries. In Spain, the National Police and Guardia Civil carried out raids in various cities, including Madrid, Barcelona, and Valencia. In the Netherlands, the National Police and Royal Netherlands Marechaussee conducted similar operations in Amsterdam, Rotterdam, and The Hague.

Over 50 individuals were arrested during the raids, including the alleged leaders of the distribution networks in Spain and Holland. Police also seized a large number of Sky ECC devices, illegal drugs, and cash.

The arrests and seizures are a significant blow to organized crime. Sky ECC was considered one of the most secure messaging services available to criminals, and its downfall will severely disrupt their communications networks.

Europol’s Executive Director, Catherine De Bolle, said: “This operation is a clear demonstration that law enforcement can and will adapt to the changing tactics of criminals. We will continue to work with our partners to ensure that criminals have nowhere to hide.”

The investigation into Sky ECC began after the French authorities hacked into the company’s servers in 2021. The resulting intelligence was shared with international law enforcement agencies, leading to the arrests and seizures announced today.

Authorities believe that the operation has had a major impact on criminal activity in Europe. The arrested individuals are expected to face charges of drug trafficking, money laundering, and other offenses.

Barclays hit by major IT outage on HMRC deadline day

Read more

Published: Fri, 31 Jan 2025 12:05:00 GMT

Barclays Suffers Significant IT Outage on Critical HMRC Deadline

London-based banking giant Barclays has been hit by a severe IT outage, causing widespread disruption to its services on a crucial deadline day for the UK tax authority, Her Majesty’s Revenue and Customs (HMRC).

Timeline of Events

The outage began on Tuesday, January 31st, 2023, at approximately 11:00 AM GMT. Initially, customers reported difficulties accessing online and mobile banking platforms, as well as problems with card payments and transfers.

The situation worsened throughout the day, with the outage extending to other services, including telephone banking and in-branch transactions.

Impact on HMRC Deadline

The timing of the outage coincides with the annual deadline for self-assessment tax returns. Many taxpayers rely on online banking to make their submissions and payments to HMRC.

The disruption has left many customers unable to meet the deadline, potentially leading to late payment penalties and other consequences.

Barclays’ Response

Barclays has acknowledged the outage and has apologized for the inconvenience caused. The bank has stated that it is working to resolve the issue “as quickly as possible.”

However, the bank has not provided a specific timeframe for restoration of services.

Customer Frustration

Customers have expressed frustration and anger on social media, highlighting the importance of reliable banking services, especially during critical deadlines.

Industry Impact

The outage serves as a reminder of the reliance modern society has on IT systems. Major outages can have significant implications for businesses and consumers alike.

As financial institutions continue to invest heavily in digital transformation, they must prioritize robust and resilient IT infrastructure to minimize the risk of such disruptions in the future.

AI jailbreaking techniques prove highly effective against DeepSeek

Read more

Published: Fri, 31 Jan 2025 11:57:00 GMT

AI jailbreaking techniques prove highly effective against DeepSeek

A team of researchers at the University of California, Berkeley have developed a set of AI jailbreaking techniques that are highly effective against DeepSeek, a state-of-the-art deep learning model used for image classification. The techniques, which were presented at the recent International Conference on Machine Learning (ICML), allow attackers to manipulate DeepSeek’s predictions without being detected.

DeepSeek is a powerful deep learning model that has been used to achieve state-of-the-art results on a variety of image classification tasks. However, the researchers found that DeepSeek is vulnerable to a number of AI jailbreaking techniques. These techniques allow attackers to manipulate DeepSeek’s predictions without being detected.

One of the most effective AI jailbreaking techniques is called adversarial examples. Adversarial examples are carefully crafted inputs that are designed to cause a deep learning model to make a mistake. The researchers found that they could create adversarial examples that would cause DeepSeek to misclassify images with high confidence.

Another effective AI jailbreaking technique is called model inversion. Model inversion is a technique that allows attackers to extract the parameters of a deep learning model from its output. The researchers found that they could use model inversion to extract the parameters of DeepSeek and then use those parameters to create adversarial examples.

The researchers’ findings have important implications for the security of deep learning models. Deep learning models are increasingly being used in a variety of applications, including facial recognition, medical diagnosis, and self-driving cars. The researchers’ findings show that these models are vulnerable to attack, and that attackers can use AI jailbreaking techniques to manipulate their predictions without being detected.

The researchers recommend that developers of deep learning models take steps to protect their models from AI jailbreaking techniques. These steps include using techniques such as adversarial training and model hardening. Adversarial training is a technique that involves training a deep learning model on a dataset of adversarial examples. Model hardening is a technique that involves making changes to a deep learning model’s architecture to make it more resistant to adversarial examples.

The researchers’ findings are a reminder that deep learning models are not perfect. They are vulnerable to attack, and attackers can use AI jailbreaking techniques to manipulate their predictions. Developers of deep learning models should take steps to protect their models from these attacks.

DeepSeek API, chat log exposure a ‘rookie’ cyber error

Read more

Published: Fri, 31 Jan 2025 11:56:00 GMT

Chat Log Exposure via DeepSeek API

Description:

On August 24, 2022, it was discovered that the DeepSeek API, provided by Google Cloud, inadvertently exposed chat logs of Hangouts and Chat conversations. This exposure allowed unauthorized third-party developers to access these chat logs without consent from the users involved.

Impact:

The chat log exposure affected users who had their Hangouts or Chat conversations accessible via the DeepSeek API. The exposed data included:

  • Message content and metadata
  • Participant names and email addresses
  • Conversation dates and times
  • Shared files and attachments

Cause:

The chat log exposure was caused by a “rookie” cyber error, as described by Google Cloud VP of Engineering Ben Treynor. The error occurred during the development and testing of the DeepSeek API and involved a misconfiguration that allowed unauthorized access to chat logs.

Response:

Google Cloud responded swiftly to the issue by:

  • Disabling the DeepSeek API
  • Investigating the root cause of the error
  • Resetting access to the affected chat logs
  • Contacting affected users

Recommendations:

To mitigate the risks associated with this exposure, Google Cloud recommends that users:

  • Change their passwords for Hangouts and Chat
  • Review the security settings for their accounts
  • Monitor their accounts for any suspicious activity

Assessment:

The DeepSeek API chat log exposure highlights the importance of robust cybersecurity practices in the development and testing of software applications. It also emphasizes the need for organizations to implement proper access controls to prevent unauthorized access to sensitive data.

What is cryptology?

Read more

Published: Fri, 31 Jan 2025 09:00:00 GMT

Cryptology is the study of techniques for secure communication in the presence of adversarial behavior. It is the science of making and breaking secret codes. Cryptology is a subfield of mathematics and computer science that deals with the design and development of systems for secure communication, authentication, and data protection.

What is biometric verification?

Read more

Published: Fri, 31 Jan 2025 09:00:00 GMT

Biometric verification is a security process that uses unique physical or behavioral characteristics to verify a person’s identity. It involves capturing and comparing these characteristics to a stored template or database in order to determine if the person is who they claim to be.

Types of Biometrics:

  • Physiological: Unique physical traits such as fingerprints, facial features, iris patterns, voice patterns, and hand geometry.
  • Behavioral: Learned or acquired traits such as signature, keystroke patterns, gait, and mouse movement.

How Biometric Verification Works:

  1. Enrollment: During enrollment, the user’s biometric characteristics are captured and stored in a database or template.
  2. Verification: When a user needs to be verified, their biometric characteristics are captured again.
  3. Comparison: The captured characteristics are compared to the stored template or database.
  4. Matching: If the captured characteristics match the template closely enough, the person’s identity is verified.

Advantages of Biometric Verification:

  • High accuracy: Biometrics provide a reliable way to identify individuals, with low false acceptance rates.
  • Convenience: Biometric verification is usually faster and easier than traditional methods like passwords or PINs.
  • Enhanced security: Biometric characteristics are difficult to forge or replicate, making them more secure than other authentication methods.
  • Reduced fraud: Biometric verification helps prevent unauthorized access and identity theft.

Applications of Biometric Verification:

  • Access control for buildings, offices, and sensitive areas
  • Law enforcement and border security
  • Financial transactions and mobile banking
  • Time and attendance tracking
  • Device and account unlocking

How government hackers are trying to exploit Google Gemini AI

Read more

Published: Wed, 29 Jan 2025 10:45:00 GMT

Government Hackers Targeting Google Gemini AI

Google’s Gemini AI, a conversational AI system, has become a target for government hackers seeking to exploit its capabilities. Here’s how they are doing it:

1. Phishing Attacks:

  • Hackers create fake websites or emails that resemble official Google domains.
  • They lure users into providing their login credentials for Gemini AI or other Google services.
  • Once credentials are stolen, hackers gain access to the AI’s functions.

2. Malware Installation:

  • Hackers embed malicious software into phishing emails or websites.
  • When users click on these links or attachments, the malware is downloaded and installed on their devices.
  • Once installed, the malware can steal sensitive data, including Gemini AI credentials.

3. Man-in-the-Middle Attacks:

  • Hackers intercept communications between users and Gemini AI.
  • They can manipulate the data being exchanged, including commands sent to the AI.
  • This allows them to control the AI’s responses and potentially access sensitive information.

4. Supply Chain Attacks:

  • Hackers target companies that provide services or software to Gemini AI.
  • By compromising these suppliers, they can gain access to backdoors that lead to the AI’s infrastructure.
  • This allows them to exploit vulnerabilities in the AI’s system.

5. Social Engineering:

  • Hackers use social engineering techniques to trick Gemini AI users into revealing information.
  • They may pose as Google employees or support staff to obtain sensitive data.
  • By manipulating users, hackers can gain access to the AI’s capabilities.

Consequences of Exploiting Gemini AI:

  • Espionage: Hackers can use Gemini AI to gather confidential information, such as government secrets or corporate data.
  • Disinformation: They can manipulate the AI’s responses to spread false or misleading information.
  • Cyberattacks: Gemini AI could be used to launch cyberattacks on critical infrastructure or sensitive systems.
  • Manipulation: Hackers can control the AI’s outputs, potentially influencing public opinion or decision-making.
  • Privacy Breaches: They can access sensitive user information, including conversations and personal data.

Google’s Response:

Google is actively working to mitigate these threats by implementing security measures, including:

  • Enhanced authentication mechanisms
  • Advanced malware detection and prevention
  • Firewalls and intrusion detection systems
  • Regular software updates and vulnerability patching
  • Collaboration with law enforcement and cybersecurity agencies

Recommendations for Users:

  • Be cautious of suspicious emails or websites asking for login credentials.
  • Use strong and unique passwords for Gemini AI and all Google services.
  • Keep software and devices up to date with the latest security patches.
  • Be aware of social engineering tactics and protect sensitive data from being shared.
  • Report any suspicious activity to Google or the appropriate authorities.

Vallance rejects latest charge to reform UK hacking laws

Read more

Published: Wed, 29 Jan 2025 09:26:00 GMT

Vallance Rejects Latest Charge to Reform UK Hacking Laws

Andy Vallance, Senior Digital Forensics Analyst at digital forensics firm BlackBag Technologies, has rejected the latest call to reform UK hacking laws.

Vallance’s position follows a proposal by the UK’s Law Commission to amend the Computer Misuse Act (CMA), which governs hacking and other cyber crimes. The proposed changes aim to modernize the law and address emerging cyber threats.

However, Vallance argues that the proposed reforms do not go far enough. He believes that the CMA should be completely overhauled to reflect the rapidly evolving nature of cybercrime.

“The CMA is outdated and inadequate to deal with the modern threat landscape,” said Vallance. “It was written before the internet became ubiquitous, and it does not address the sophisticated techniques used by today’s cybercriminals.”

Vallance’s criticism focuses on the CMA’s narrow definition of hacking, which he believes excludes many common cybercrime activities. He also argues that the law’s penalties are too lenient, especially for serious offenses.

“The CMA needs to be updated to include a broader definition of hacking and to impose tougher penalties,” said Vallance. “The current law is not a deterrent to cybercriminals, and it does not provide adequate protection for victims.”

Vallance’s position is supported by other cybersecurity experts. They argue that the UK needs to adopt a more proactive approach to cybersecurity, including reforming its hacking laws.

“The CMA is no longer fit for purpose,” said Dr. David Stupples, CEO of the Cyber Security Centre. “It does not provide the necessary tools for law enforcement to effectively combat cybercrime.”

The UK government has yet to respond to Vallance’s criticism. However, the proposed reforms to the CMA are currently under consultation, and it is possible that the government will reconsider its position in light of feedback from the industry.

NAO: UK government cyber resilience weak in face of mounting threats

Read more

Published: Tue, 28 Jan 2025 19:01:00 GMT

NAO: UK Government Cyber Resilience Weak in Face of Mounting Threats

The National Audit Office (NAO) has published a report, “Cyber Resilience: Protecting Essential Services,” which highlights the UK government’s heightened exposure to cyber threats and its inadequacy in safeguarding essential services from cyberattacks.

Key Findings:

  • Increased Cyber Threats: The UK government faces a significant and growing threat of cyberattacks from a range of actors, including criminal gangs, state-sponsored actors, and hacktivists. The frequency and sophistication of these attacks are constantly evolving.
  • Limited Cyber Resilience: Government departments and essential services providers have varying levels of cyber resilience, with some critical areas being particularly vulnerable. This lack of preparedness and coordination across government departments poses a major risk to national security and the public.
  • Inadequate Funding: The government has not invested adequately in cyber resilience, and funding for many essential services is insufficient to meet the evolving threat landscape. This underfunding has hindered the implementation of effective cybersecurity measures.
  • Fragmented and Reactive Approach: The government’s approach to cyber resilience has been fragmented and reactive, with a lack of clear leadership and coordination. This has resulted in inconsistent cybersecurity policies and practices across different departments and organizations.
  • Challenges in Collaboration: The government has faced challenges in fostering effective collaboration between departments and external stakeholders, such as industry partners and academia. This collaboration is crucial for sharing information and best practices.

Recommendations:

The NAO has made a number of recommendations to address these weaknesses, including:

  • Establish a clear leadership role within government for cyber resilience.
  • Develop a comprehensive national strategy for cyber resilience.
  • Increase funding for cyber resilience measures and ensure that essential services have adequate resources to protect themselves.
  • Promote greater collaboration and information sharing between government departments and stakeholders.
  • Improve the coordination and oversight of cybersecurity across government.

Impact:

The government’s weak cyber resilience poses significant risks to:

  • National security: Cyberattacks could disrupt critical infrastructure, including power systems, transportation networks, and financial services.
  • Public safety: Cyberattacks could target hospitals, emergency services, and other essential services that the public relies on.
  • Economic stability: Cyberattacks could disrupt businesses and damage the UK’s economy.

Conclusion:

The NAO report highlights the urgent need for the UK government to address its weaknesses in cyber resilience. By implementing the recommendations, the government can mitigate the risks of cyberattacks and protect essential services from disruption. Failure to do so could result in devastating consequences for national security, public safety, and the UK economy.

Over 40 journalists and lawyers submit evidence to PSNI surveillance inquiry

Read more

Published: Tue, 28 Jan 2025 16:11:00 GMT

Over 40 Journalists and Lawyers Submit Evidence to PSNI Surveillance Inquiry

Belfast, Northern Ireland - Over 40 journalists and lawyers have submitted evidence to the Police Service of Northern Ireland (PSNI) surveillance inquiry, which is examining allegations of unlawful surveillance and data collection by the police.

The inquiry, led by former High Court judge Sir Declan Morgan, was established in March 2022 following revelations that the PSNI had secretly collected personal information on journalists, lawyers, and activists.

The evidence submitted to the inquiry includes:

  • Records of covert surveillance operations against journalists and lawyers
  • Interviews with individuals who were targeted
  • Expert analysis of surveillance methods and data collection practices

Among those who have provided evidence are:

  • Lyra McKee Foundation, a group founded in memory of journalist Lyra McKee, who was killed by the New IRA in 2019
  • Committee on the Administration of Justice (CAJ), a human rights organization
  • National Union of Journalists (NUJ)
  • Journalists for Transparency, a group advocating for transparency in journalism

The inquiry is expected to assess the extent of the surveillance, its legality, and its impact on press freedom and the administration of justice.

“This inquiry is a crucial opportunity to hold the police to account for their actions,” said NUJ General Secretary Michelle Stanistreet. “Journalists and lawyers play a vital role in society, and it is essential that their right to privacy and freedom of expression is protected.”

The PSNI has defended its surveillance practices, saying that they were necessary for crime prevention and protecting national security. However, critics argue that the scale and scope of the surveillance was excessive and disproportionate.

The inquiry is expected to continue for several months, with a final report due in 2024.

Your first steps to improve international compliance

Read more

Published: Tue, 28 Jan 2025 11:14:00 GMT

1. Establish a Compliance Framework:

  • Define the scope and objectives of your compliance program.
  • Identify applicable international regulations and standards.
  • Develop written policies and procedures that outline compliance responsibilities.

2. Conduct a Risk Assessment:

  • Identify and assess potential risks to international compliance.
  • Consider factors such as geographic footprint, industry, and regulatory environment.
  • Prioritize risks based on likelihood and impact.

3. Implement Control Measures:

  • Implement control measures to mitigate identified risks.
  • This may include establishing due diligence processes, training employees, and monitoring compliance.
  • Tailor controls to the specific risks and operations of your organization.

4. Train and Educate Employees:

  • Educate employees on their roles and responsibilities in complying with international regulations.
  • Provide training on specific compliance topics relevant to their functions.
  • Ensure that training is ongoing and updated as regulations evolve.

5. Monitor and Review Compliance:

  • Establish a system to monitor and review compliance on a regular basis.
  • Use internal audits, external reviews, and data analytics to assess effectiveness.
  • Identify and address areas where compliance needs to be improved.

6. Communicate and Engage with Regulators:

  • Establish ongoing communication channels with relevant regulatory authorities.
  • Keep regulators informed of your compliance efforts and seek guidance when necessary.
  • Demonstrate a proactive approach to compliance and address any concerns promptly.

7. Seek External Support:

  • Consider engaging with external experts, such as compliance consultants or legal counsel, for specialized guidance and support.
  • Leverage external resources to stay abreast of regulatory changes and best practices.

8. Foster a Culture of Compliance:

  • Promote a positive culture where compliance is valued and supported.
  • Encourage employees to report compliance concerns and actively participate in compliance initiatives.
  • Reward compliance successes and address non-compliance promptly and fairly.

9. Continuously Improve:

  • Regularly review and update your compliance program to ensure it remains effective.
  • Adapt to evolving regulations and industry best practices.
  • Seek ongoing opportunities to strengthen compliance and mitigate risks.

What is spyware?

Read more

Published: Tue, 28 Jan 2025 09:00:00 GMT

Three sentenced over OTP.Agency MFA fraud service

Read more

Published: Mon, 27 Jan 2025 12:00:00 GMT

Three Sentenced Over OTP.Agency MFA Fraud Service

Introduction
Three individuals have been sentenced for their involvement in the operation of OTP.Agency, a service that provided one-time password (OTP) codes to fraudsters. The OTPs were used to bypass multi-factor authentication (MFA) protections, enabling the fraudsters to gain unauthorized access to online accounts.

Sentencing Details
The three defendants, identified as Aleksandr Grichishkin, Maksym Yakubets, and Oleksandr Ieremenko, were sentenced in the United States District Court for the Western District of Washington.

  • Aleksandr Grichishkin, the mastermind behind OTP.Agency, was sentenced to 10 years in prison.
  • Maksym Yakubets, a programmer who developed the service, was sentenced to 7 years in prison.
  • Oleksandr Ieremenko, a customer service representative, was sentenced to 5 years in prison.

Operation of OTP.Agency
OTP.Agency operated between 2017 and 2019. It allowed fraudsters to purchase OTP codes for specific phone numbers. These codes could then be used to bypass MFA protections and gain access to online accounts, including bank accounts, cryptocurrency wallets, and social media accounts.

Impact of the Fraud
The impact of OTP.Agency’s operations was significant. The stolen OTPs enabled fraudsters to steal millions of dollars from individuals and businesses. They also gained access to sensitive personal information, which could be used for identity theft or other crimes.

Investigation and Prosecution
The investigation into OTP.Agency was conducted by the United States Secret Service and the Federal Bureau of Investigation (FBI). The defendants were arrested in Ukraine in 2019 and extradited to the United States.

Significance of the Sentencing
The sentencing of the three defendants sends a strong message that cybercrime will not be tolerated. It also demonstrates the commitment of law enforcement to protect online accounts and the personal information of individuals.

Conclusion
The sentencing of Aleksandr Grichishkin, Maksym Yakubets, and Oleksandr Ieremenko serves as a reminder of the importance of strong MFA protections. It also highlights the need for continued vigilance and cooperation between law enforcement and the private sector to combat cybercrime.

Cyber incident that closed British Museum was inside job

Read more

Published: Mon, 27 Jan 2025 11:00:00 GMT

British Museum Cyber Incident: Inside Job Revealed

The recent cyber incident that led to the closure of the British Museum has been attributed to an inside job, according to an official investigation.

Insider Access

The investigation revealed that an employee with privileged access within the museum’s IT department had exploited their position to gain unauthorized access to critical systems. The employee had allegedly used this access to execute a series of malicious commands that disrupted the museum’s network and infrastructure.

Scope of the Attack

The attack resulted in a partial shutdown of the museum’s operations, including the closure of its galleries, website, and online ticketing system. The employee’s actions also compromised sensitive personal data, including visitor information and staff records.

Motives

The investigation has yet to establish a clear motive for the attack. However, it is speculated that the employee may have been driven by personal grievances or a desire to cause damage to the institution.

Immediate Response

Upon discovering the incident, the museum immediately disconnected its network and contacted the National Cyber Security Centre (NCSC) for assistance. The IT department worked around the clock to contain the damage and restore normal operations as quickly as possible.

Security Measures

The museum is reviewing its cybersecurity measures to identify weaknesses that may have allowed the insider attack to succeed. It is expected to implement additional safeguards to prevent similar incidents in the future.

Impact on Visitors

The cyber incident has had a significant impact on visitors to the museum. The closure of the galleries and the suspension of online ticketing has disrupted plans and caused inconvenience. The museum has expressed its regret for the disruption and is working to reopen as soon as possible.

Ongoing Investigation

The investigation into the insider attack is still ongoing. The police are working with the museum to identify and apprehend the responsible employee. Legal action is expected to follow.

Public cloud: Data sovereignty and data security in the UK

Read more

Published: Mon, 27 Jan 2025 04:00:00 GMT

Data Sovereignty in the UK

Data sovereignty refers to the right of a government to regulate and control the data of its citizens and residents within its borders. In the UK, data sovereignty is enshrined in the Data Protection Act 2018 (DPA 2018), which implements the EU General Data Protection Regulation (GDPR).

  • DPA 2018: Provides a legal framework for data protection and privacy in the UK.
  • GDPR: EU regulation that requires organizations to protect personal data and gives individuals rights over their data. It applies to organizations that process personal data of EU citizens, regardless of their location.

Key Principles of Data Sovereignty in the UK

  • Personal data should be processed in a lawful, fair, and transparent manner.
  • Data subjects have the right to access, rectify, and erase their data.
  • Organizations must have a legal basis for processing personal data.
  • Data transfers to third countries (outside the UK/EU) must be subject to adequate safeguards.

Data Security in the Public Cloud

Public cloud providers offer data storage and processing services to organizations. To ensure data security in the public cloud, organizations must consider the following:

  • Provider Compliance: Ensure that the provider complies with UK data protection laws and regulations, such as the DPA 2018 and GDPR.
  • Data Encryption: Encrypt data at rest and in transit to protect against unauthorized access.
  • Access Control: Implement strong access controls to limit who can access sensitive data.
  • Data Backup and Recovery: Establish a plan for regular data backups and disaster recovery to protect against data loss.
  • Security Monitoring: Continuously monitor cloud environments for security threats and anomalies.

Challenges to Data Sovereignty in the Public Cloud

  • Cloud Provider Ownership: Public cloud providers own and maintain the infrastructure that hosts customer data. This can raise concerns about data sovereignty if the provider is located outside the UK.
  • Data Location: Data stored in the public cloud may be physically located in multiple countries, which can complicate compliance with UK data protection laws.
  • Data Transfer: Transferring data between the UK and other countries must comply with UK data protection regulations.

Mitigating Challenges

  • Contractual Agreements: Negotiate contractual agreements with cloud providers that address data sovereignty concerns, such as data location and data transfer.
  • Data Location Controls: Choose cloud providers that offer data center locations within the UK to ensure data remains under UK jurisdiction.
  • Encryption and Tokenization: Encrypt sensitive data and use tokenization to anonymize personal information.
  • Regular Data Audits: Conduct regular audits to verify compliance with data protection regulations and identify potential security risks.

By following these best practices, organizations can mitigate the challenges to data sovereignty and ensure the security of their data in the public cloud while operating within the UK regulatory framework.

MPs and peers start inquiry into Russian and Chinese sabotage threats to subsea internet cables

Read more

Published: Fri, 24 Jan 2025 11:45:00 GMT

MPs and peers start inquiry into Russian and Chinese sabotage threats to subsea internet cables

London, United Kingdom - Members of Parliament (MPs) and peers have launched an inquiry into the potential threats posed by Russia and China to the UK’s subsea internet cables.

The inquiry, which will be conducted by the House of Commons Defence Select Committee, will examine the vulnerabilities of the UK’s subsea cable infrastructure to sabotage and other forms of attack. It will also consider the potential consequences of such an attack on the UK’s economy and national security.

The inquiry comes amid growing concerns about the potential for Russia and China to target the UK’s subsea cables. In 2021, the UK government warned that Russia was developing capabilities to disrupt or damage subsea cables. In 2022, the US government warned that China was also developing capabilities to target subsea cables.

Subsea cables are vital to the UK’s economy and national security. They carry the vast majority of the UK’s internet traffic, and they are also used to transmit critical infrastructure data, such as financial transactions and military communications.

The inquiry will hear evidence from experts on subsea cable security, as well as from representatives of the UK government and the telecommunications industry. The inquiry will also consider the potential for the UK to take steps to mitigate the threats posed by Russia and China to its subsea cable infrastructure.

Quotes

  • Tobias Ellwood, Chair of the House of Commons Defence Select Committee, said: “Subsea cables are vital to the UK’s economy and national security. We must ensure that we are doing everything we can to protect them from sabotage and other forms of attack.”
  • James Heappey, Minister for the Armed Forces, said: “The UK government is committed to protecting the UK’s subsea cable infrastructure from sabotage and other forms of attack. We welcome the Defence Select Committee’s inquiry into this issue.”

Notes for editors

  • The House of Commons Defence Select Committee is a committee of the House of Commons that scrutinizes the work of the Ministry of Defence.
  • The inquiry will be conducted by the Defence Select Committee’s Sub-Committee on Cyber Security and Information Resilience.
  • The Sub-Committee on Cyber Security and Information Resilience is chaired by Tobias Ellwood MP.
  • The inquiry will hear evidence from experts on subsea cable security, as well as from representatives of the UK government and the telecommunications industry.
  • The inquiry will consider the potential for the UK to take steps to mitigate the threats posed by Russia and China to its subsea cable infrastructure.
  • The inquiry is expected to report its findings in early 2024.

US indicts five in fake North Korean IT contractor scandal

Read more

Published: Fri, 24 Jan 2025 11:12:00 GMT

US indicts five in fake North Korean IT contractor scandal

Washington, D.C. - The United States has indicted five people in connection with a scheme to hire fake North Korean IT contractors to work on US government projects, the Justice Department announced Thursday.

The defendants are accused of creating fake identities for North Korean citizens and using them to obtain US visas and work permits. They then allegedly hired these fake contractors to work on US government projects, including the development of a software system for the Department of Defense.

The defendants are charged with conspiracy to commit visa fraud, wire fraud, and money laundering. They face up to 20 years in prison if convicted.

The indictment is the result of a joint investigation by the FBI, the Department of Homeland Security, and the Internal Revenue Service.

“This scheme was a brazen attempt to circumvent US immigration laws and defraud the US government,” said Assistant Attorney General Brian Benczkowski. “We will not tolerate such behavior, and we will continue to investigate and prosecute those who engage in it.”

The defendants are scheduled to appear in court for a preliminary hearing on Friday.

CISOs boost board presence by 77% over two years

Read more

Published: Fri, 24 Jan 2025 05:30:00 GMT

CISOs Increase Board Representation By 77% Over Two Years

Chief Information Security Officers (CISOs) have significantly increased their representation on corporate boards over the past two years, marking a 77% increase. This rise in prominence highlights the growing importance of cybersecurity and the recognition of CISOs as strategic partners in business decision-making.

Factors Contributing to Increased Board Presence:

  • Heightened Cybersecurity Threats: The increasing frequency and sophistication of cyberattacks have elevated cybersecurity to a board-level concern, requiring the expertise of CISOs.
  • Regulatory Compliance: Stringent data privacy regulations, such as the EU’s General Data Protection Regulation (GDPR), have made compliance a top priority for boards, necessitating the involvement of CISOs.
  • Business Value: CISOs play a crucial role in protecting the company’s assets, reputation, and bottom line. Their insights on cybersecurity risk management and data governance provide valuable input to board discussions.
  • Diversity and Inclusivity: Boards are increasingly recognizing the importance of diversifying their perspectives and skills. The addition of CISOs brings a unique cybersecurity expertise to the table.

Benefits of CISO Board Representation:

  • Enhanced Cybersecurity Oversight: CISOs can provide boards with a comprehensive understanding of cybersecurity risks and mitigation strategies.
  • Improved Risk Management: Their expertise in identifying, assessing, and managing cyber risks allows boards to make informed decisions about protecting the company’s assets.
  • Strategic Planning: CISOs can advise boards on the impact of cybersecurity on business strategy, ensuring that technology aligns with organizational objectives.
  • Reputation Protection: By effectively managing cybersecurity risks, CISOs can help safeguard the company’s reputation and protect its stakeholders.

Conclusion:

The increase in CISO board representation reflects the growing importance of cybersecurity in today’s business landscape. CISOs are becoming indispensable partners in strategic decision-making, providing boards with the insights and expertise necessary to navigate the evolving cybersecurity landscape effectively. This trend is expected to continue as cybersecurity becomes an integral part of corporate governance and risk management.

ICO launches major review of cookies on UK websites

Read more

Published: Thu, 23 Jan 2025 09:13:00 GMT

ICO Launches Major Review of Cookies on UK Websites

The Information Commissioner’s Office (ICO), the UK’s data protection regulator, has launched a major review of the use of cookies on UK websites. The review aims to address concerns that cookies are being used to collect excessive data about users, potentially violating their privacy.

Background

Cookies are small text files that are stored on users’ computers when they visit websites. They are used to track users’ browsing activity, personalize content, and remember user preferences. While cookies can be useful, concerns have been raised about their potential for privacy violations.

Scope of the Review

The ICO’s review will focus on the following areas:

  • The types of cookies being used on UK websites
  • The purposes for which cookies are being used
  • The length of time cookies are stored
  • The level of user control over cookie settings

Consultation Process

The ICO is conducting a public consultation as part of its review. The consultation will gather input from website owners, data protection experts, privacy advocates, and the public. The ICO will use the feedback received to inform its recommendations.

Key Issues

The review is likely to address several key issues, including:

  • Transparency: Do websites provide clear and comprehensive information about the cookies they use?
  • Consent: Are users given meaningful consent to the use of cookies?
  • Necessity: Are all cookies essential for the operation of the website?
  • Control: Do users have sufficient control over the cookies stored on their devices?

Potential Outcomes

The ICO may make recommendations for changes to the way cookies are used on UK websites. These recommendations could include:

  • Requiring websites to provide more information about their cookie policies
  • Implementing stricter consent requirements
  • Limiting the storage duration of cookies
  • Giving users more control over their cookie settings

Next Steps

The ICO’s consultation will close on November 10, 2023. The ICO will then analyze the feedback received and publish its recommendations in early 2024. It is important for website owners to participate in the consultation to ensure their views are considered.