Aside from Brexit, Cyber Threats and Cyber Attack accusations against Russia are very much on the centre stage of UK government’s international political agenda at the moment. The government publically accused Russia’s military ‘GRU’ intelligence service of being behind four high-profile cyber-attacks, and named 12 cyber groups it said were associated with the GRU. Foreign Secretary Jeremy Hunt said, “the GRU had waged a campaign of indiscriminate and reckless cyber strikes that served no legitimate national security interest“.
UK Police firmly believe the two men who carried out the Salisbury poisoning in March 2018 worked for the GRU.
- The systems database of the Montreal-based World Anti-Doping Agency (Wada), using phishing to gain passwords. Athletes’ data was later published
- The Democratic National Committee in 2016, when emails and chats were obtained and subsequently published online. The US authorities have already linked this to Russia.
- Ukraine’s Kyiv metro and Odessa airport, Russia’s central bank, and two privately-owned Russian media outlets – Fontanka.ru and news agency Interfax – in October 2017. They used ransomware to encrypt the contents of a computer and demand payment
- An unnamed small UK-based TV station between July and August 2015, when multiple email accounts were accessed and content stolen
Notable Significant ICO Security Related Fines
Morrisons has lost a challenge to a High Court ruling which made it liable for a data breach, after an employee, since jailed for 8 years, stole and posted thousands of its employees’ details online in 2014. Morrisons said it would now appeal to the Supreme Court., if that appeal fails, those affected will be able to claim compensation for “upset and distress”.
NCSC is seeking feedback on the latest drafts ‘knowledge areas’ on CyBOK, a Cyber Security body of knowledge which it is supporting along with academics and the general security industry.
Google are finally pulling the plug on Google+, after user personal data was left exposed. Google and the other three major web browser providers in the world said, in what seems like coordinated announcements, businesses must accept TLS Version 1.0 and 1.1 will no longer support after Q1 2018.
*** This is a Security Bloggers Network syndicated blog from IT Security Expert Blog authored by Dave Whitelegg. Read the original post at: http://feedproxy.google.com/~r/securityexpert/~3/aXTme25sCT4/cyber-security-roundup-for-october-2018.html