UK phone and broadband provider TalkTalk may have once again left its customers exposed to hackers. TalkTalk warned its customers that attackers could have gained access to their names, addresses, credit card and bank details, dates of birth, phone numbers, email addresses and TalkTalk account information.
"Not all of the data was encrypted," the company acknowledged, meaning there would be no trouble reading it. However, the company is not certain any data was actually accessed from the attack, TalkTalk said. TalkTalk doesn't yet know who perpetrated the hack but has received a ransom demand from a group purporting to be behind it.Read more
Cyber criminals have stolen some £20 million from UK bank accounts using Dridex malware, according to the National Crime Agency. The agency is warning Internet users to protect themselves against the malware, also known as Bugat and Cridex, and say they are chasing down the "technically skilled" thieves.
One arrest has already been made. The "particularly virulent form of malware" has been developed by criminals in Eastern Europe, the NCA says, and it harvests online banking details to steal money from individuals and businesses globally. Computers become infected when users open documents from seemingly legitimate emails.Read more
We’re now over-familiar with the concept of the reality show “journey”, where someone insists that they’ve become a better person through singing, dancing or playing the didgeridoo.
In Channel 4’s ambitious new series Hunted, the journey is rather more extreme, involving panicked scrambles over country stiles and ducking down secluded backstreets. The 14 volunteer contestants are literally on the run, pursued by a dedicated team of professional trackers and hackers burrowing deep into their private lives. The six-part series is being edited right up until transmission, but early footage looks both intriguing and chaotic.Read more
The British spying agency, found to have been conducting wholesale surveillance on UK citizens, has recommended that the public make their passwords less complex.
The agency gives a range of hints to those working in IT as well as normal consumers. Those include warning people to change their default passwords, to make sure that accounts can be locked out if they’re under attack and avoid storing passwords as plain text files that can be read by anyone. The agency also warns against the problems of password overload. That is what happens when people create too many complex and unmemorable passwords.Read more
Security researchers have discovered malicious adverts on the UK version of dating site Match.com. Malwarebytes, which found the cyber-threat, said that anyone caught by the ads could fall victim to ransomware.
Malicious ads were appearing on pages of the site via an ad network that passes content to Match.com and other places, redirecting those who click on the adverts through a series of links to a site embedded with code that checks if a visitor is running outdated versions of commonly-used software. Bugs in the versions of Flash, Java, Adobe Reader and Silverlight used in browsers were all being exploited by the malicious code.Read more
Cyber-attackers have taken down the website of the National Crime Agency in apparent revenge for arrests made last week. The NCA website was temporarily down, four days after six teenagers were released on bail on suspicion of using hacking group Lizard Squad’s cyberattack tool to target websites and services.
The six suspects are accused of usinga tool that bombards websites and services with bogus traffic to attack a national newspaper, a school, gaming companies and a number of online retailers. The NCA is the latest body to fall foul of what is called a Distributed Denial of Service attack, stopping real visitors from reaching the site.Read more
The finance chief at Fortelus Capital Management LLP got an alarming phone call just as he was getting ready to leave work on a Friday. The caller said he was from Coutts, the London-based hedge fund’s bank, and warned there may have been fraudulent activity on the account.
Fortelus Chief Financial Officer Thomas Meston was reluctant, but agreed to use the bank’s smart card security system to generate codes for the caller to cancel 15 suspicious payments. When Meston logged on to the firm’s online bank account the following Monday, he saw that $1.2 million was gone. The incident shows how even the most sophisticated online security systems can fail because of human error.Read more
The Sunday Times produced what at first sight looked like a startling news story: Russia and China had gained access to the cache of top-secret documents leaked by former NSA contractor turned whistleblower Edward Snowden.
Not only that, but as a result, Britain’s overseas intelligence agency, the Secret Intelligence Service, better known as MI6, had been forced “to pull agents out of live operations in hostile countries”. These are serious allegations and, as such, the government has an obligation to respond openly. The story is based on sources including “senior officials in Downing Street, the Home Office and the security services”.Read more
British and American intelligence agencies have spied on anti-virus companies and probed their software for weaknesses, as the snoops sought to enhance their offensive surveillance techniques.
This was predictable given previous revelations around the extensive hacking capabilities at GCHQ and the NSA, but for reasons not outlined in the leaks or by the agencies themselves, notable US and UK anti-virus providers were seemingly left untouched, despite being used across the world. Older versions of F-Secure also used the Kaspersky signature database, which contained lists of blacklisted malware.Read more
Campaigners have filed a legal claim with the Investigatory Powers Tribunal that could end bulk data interception by UK intelligence agencies. UK charity Privacy International has filed the claim, arguing that GCHQ should end the bulk collection of data, which recently became illegal in the US with the passing of last week’s Freedom Act.
The organisation claims that it has made the first UK legal challenge to bulk data collection, and notes that the equivalent NSA power has now been curtailed before the debate this side of the pond has even begun. It has criticised the fact that GCHQ is operating with “no proper legal regime in place.Read more