Search Results for “Guardian”


March 30, 2020
Stephanie Kirchgaessner / The Guardian

Stephanie Kirchgaessner / The Guardian  
Saudi Arabia Tracks Citizens as They Travel Around the U.S. Using Weaknesses in SS7 Messaging System, Whistleblower

Saudi Arabia appears to be exploiting weaknesses in the global mobile telecoms network to track its citizens as they travel around the US, according to a whistleblower who is seeking to reveal vulnerabilities in the global messaging system known as SS7. According to data show to the Guardian based on millions of alleged secret tracking requests, the Saudi kingdom is engaged in a systematic spying campaign, with millions of secret tracking requests of messages traveling over the SS7 system and emanating from Saudi Arabia over four months beginning in November 2019. The requests sought to establish the US location of Saudi–registered phones and appeared to originate from Saudi’s three biggest mobile phone companies.

June 4, 2020
Dan Sabbagh / The Guardian

Dan Sabbagh / The Guardian  
GCHQ Chief Says That UK Intel Agencies Are Urgently Working to Prevent Hackers From Stealing Coronavirus Secrets From Britain’s Leading Research Institutions

Jeremy Fleming, the head of the UK’s top spy agency GCHQ, said that Britain’s intelligence agencies are working urgently to prevent hackers from hostile states, including China, trying to steal the secrets of a potential coronavirus vaccine from the UK’s leading research institutions. He said the hackers are looking for pretty basic vulnerabilities such as situations with insufficient backup.

May 19, 2020
Jasper Jolly / The Guardian

Jasper Jolly / The Guardian  
EasyJet Says Personal Data on Nine Million Customers Were Accessed in ‘Highly Sophisticated’ Cyberattack, Over Two Thousand Customers’ Credit Card Details Stolen

European budget airlines EasyJet has revealed that the personal information of 9 million customers was accessed in a “highly sophisticated” cyberattack on the airline. The company said that email addresses and travel details were accessed, and it would contact the customers affected. Of the 9 million people affected, 2,208 had credit card details stolen, but no passport details were uncovered. Those customers whose credit card details were taken have been contacted, while everyone else affected will be contacted by 26 May. EasyJet offered no details of the hack but said it had “closed off this unauthorized access” and reported the incident to the National Cyber Security Centre and the Information Commissioner’s Office (ICO), the data regulator.

Related: BBC News, TechCrunch, Associated Press Technology, Financial Times Technology, Bloomberg, CNBC Technology, Information Age, Evening Standard, Graham Cluley, Channel News Asia, France 24, IT Pro, PerthNow, Thomas Brewster – Forbes, RT News, MediaNama: Digital Media in India, POLITICO EU, Computer Business Review, The Sun, BetaNews, Voice of America, The State of Security, The Loadstar, RTE, Sky News, Independent

Tweets:@lukOlejnik @dcuthbert @joetidy @racheltobac @zsk @jc_stubbs

BBC News : EasyJet admits nine million customers hacked
TechCrunch: Europe to Facebook: Pay taxes and respect our values — or we’ll regulate
Associated Press Technology: EasyJet reveals ‘sophisticated’ hack of customer details
Financial Times Technology: EasyJet says hackers accessed travel details of 9m customers
Bloomberg: EasyJet Says Hackers Accessed Data of 9 Million Customers
CNBC Technology: EasyJet hack leaves 9 million customers’ details exposed
Information Age: EasyJet data breached, over 9 million customers affected
Evening Standard: Millions of easyJet customers at risk after hackers access personal details
Graham Cluley: EasyJet hack impacts nine million passengers
Channel News Asia: EasyJet hit by cyber attack, hackers access 9 million customers’ details
France 24: Hackers access details of millions of easyJet passengers in cyber attack
IT Pro: Easyjet hack exposes details of nine million customers | IT PRO
PerthNow: Cyber attackers target easyJet
Thomas Brewster – Forbes: EasyJet Hacked: 9 Million Customers And 2,000 Credit Cards Hit
RT News: Hackers steal personal data of 9 million EasyJet costumers in ‘highly sophisticated’ cyber attack
MediaNama: Digital Media in India: Hackers accessed details of 9 million EasyJet customers, credit card details of 2K+ people
POLITICO EU: Easyjet cyberattack hits 9 million customers
Computer Business Review: EasyJet Hacked: 9 Million Customers Affected
The Sun: EasyJet hit by cyber attack with 9million customers details stolen
BetaNews: easyJet hit by ‘highly sophisticated’ cyberattack: 9 million customers’ details exposed
Voice of America: EasyJet Hit by Cyber Attack, Hackers Access 9 mln Customers’ Details 
The State of Security: Around 9 Million easyJet Customers’ Details Stolen in Hacking Incident
The Loadstar: SN: EasyJet: Nine million customers’ details ‘accessed’ by hackers
RTE: EasyJet hit by ‘highly sophisticated’ cyber attack
Sky News: EasyJet: Nine million customers’ details ‘accessed’ by hackers
Independent: EasyJet hacked: 9M customers’ details stolen

@lukOlejnik: Hacked EasyJet. Stolen data of 9M customers, for >2000 of them this includes credit card numbers. Users to be contacted gradually. Certainly not a good time to be an airline :)
@dcuthbert: My personal details are 99% included in this. So, let's play a game shall we? #easyjet
@joetidy: EasyJet’s stock exchange notice about the cyber attack here. Looks like they’ve taken all the correct steps (notifying ICO/ NCSC) etc but if the hack happened in Jan - why are we only learning of it now? http://otp.investis.com/clients/uk/easyjet1/rns/regulatory-story.aspx?cid=2&newsid=1391756
@racheltobac: Prepare to receive phishing emails, texts or calls pretexting as your bank looking to investigate fraud on your account, airlines attempting to cancel, rebook, or alert you to changes on your account, and much more. Contact back using 2nd form of comms ImpRobot face
@zsk: And now my inbox overfloweth with "comments" from PR people's cybersecurity clients, all of whom are scrambling trying to connect the EasyJet data breach with the Covid19 pandemic.
@jc_stubbs: Scoop >> The cyberattack disclosed by #easyJet earlier today is thought to be the work of a suspected Chinese hacking group that has targeted multiple airlines in recent months, two sources tell @Reuters


April 1, 2020
PA Media / The Guardian

PA Media / The Guardian  
UK Supreme Court Rules That Morrison’s Not Liable for Employee’s Grudge-Motivated Hack of Company’s Payroll Data

In a unanimous 5-0 decision, the UK’s Supreme Court has ruled that supermarket company Morrisons should not be held liable for the criminal act of an employee with a grudge who leaked the payroll data of about 100,000 members of staff. Morrisons had appealed previous court decisions which gave the go-ahead for compensation claims by thousands of employees whose personal details were posted on the internet. The highest UK court ruled that Morrisons was not “vicariously liable” for the actions of Andrew Skelton, who disclosed staff information online and also sent it to newspapers. Skelton had leaked the data because of a “grudge” after he was given a verbal warning following disciplinary proceedings, an action that the court said was not closely connected to his work for Morrisons.

Related: Data Protection Report, DataBreaches.net, ComputerWeekly: IT security, Daily Mail, The Register – Security, Verdict, ITV

Tweets:@gcluley


April 10, 2020
Stephanie Kirchgaessner / The Guardian

Stephanie Kirchgaessner / The Guardian  
Justice Department Accuses China Telecom of Lying About Its Cybersecurity Practices, Says the Company Is a National Security Risk, Asks FCC to Block Its Licenses

In the Trump Administration’s latest bid to push China out of U.S. telecom infrastructure, the Justice Department has recommended to the Federal Communications Commission that it block China Telecom from operating in the U.S. by revoking its licenses and warned that the China-backed company was creating “substantial and unacceptable” national security and law enforcement risks for the U.S. The Justice Department said its recommendations were based on new information about China’s alleged role in “malicious cyber activity” targeting the U.S., and fears that China Telecom was vulnerable to exploitation, influence, and control by the Chinese government. The principal law enforcement agency also said that China Telecom had made inaccurate statements to the U.S. regarding its cybersecurity practices and the “nature” of its U.S. operations, which the department said was giving Chinese state actors opportunities to engage in malicious cyber-activity enabling economic espionage and the “misrouting” of U.S. communications. China Telecom denied the allegations claiming that it has been extremely cooperative and transparent with regulators.

Related: Washington Free Beacon, Channel News Asia, Bleeping ComputerZDNet Security, Financial Times, Cyberscoop, Homeland Security Today, CNBC, Reuters, Light Reading, Deutsche Welle, Justice Department


April 13, 2020
Rowena Mason / The Guardian

Rowena Mason / The Guardian   
UK Health Ministry Will Soon Launch Its Own Coronavirus Contact Tracing App as Concerns Swirl Over Privacy and Security of Such Apps

As security and privacy concerns swirl around the introduction of coronavirus contact tracing apps, the UK public will soon be able to find out if they may have been in the vicinity of people unwell with coronavirus via a new contact-tracing app. The NHS app, developed by NHSX, the health service’s digital transformation arm, would allow people to report their symptoms. Then the app would anonymously alert other app users that had been in contact with that person in recent days. About 60% of the population would have to sign up for the app for it to be effective.  Despite fears over the privacy of the app’s data, UK health minister Matt Hancock said the data will be handled according to the highest ethical and security standards, and would only be used for NHS care and research.

Related: IT World, Techradar, The Loop, eTeknix, CNBC, Cyware News, Telecomlive.com, Inverse, Android Authority, CNET, 9to5Mac, DIGITIMES: IT news from Asia, MacRumors, Android Central, TechNadu, Fortune, MacDailyNews, Schneier on Security, Computerworld Security, O’Grady’s PowerPage, MacRumors, Cult of Mac, Forbes, Politico, BBC News

Tweets:@fs0c131y @jatorre @schneierblog @EHRC

IT World : Cyber Security Today – COVID-19 hiring and sob story scams, Apple and Google partner on contact tracing, cops make arrests and more
Techradar: The UK government is working on a Covid-19 tracking app with Apple and Google
The Loop: UK nods to Apple/Google coronavirus API with contact tracing app plans
eTeknix: UK Confirms Plans For Coronavirus Tracing App
CNBC: Apps collecting data to help stop the virus spread must limit sharing of information, cybersecurity expert says
Telecomlive.com: Apple, Google join hands to help fight coronavirus
Inverse: Covid-19: how Apple and Google’s system could help end lockdowns
Android Authority: Google-Apple partnership may be tech-limited, and more tech news today
CNET: Tech isn’t solution to COVID-19, says Singapore director of contact tracing app
9to5Mac: Here’s how Apple and Google’s COVID-19 contact tracing API could be implemented to help reopen society
DIGITIMES: IT news from Asia: Apple and Google partner on coronavirus contact tracing technology
MacRumors: UK to Use Apple-Google API in NHS Contact Tracing App
Android Central : The UK’s NHS will add Apple and Google’s coronavirus tracing API to its app
iMore: The UK’s NHS will add Apple and Google’s coronavirus tracing API to its app
TechNadu: UK Will Be the First to Use the Google and Apple Coronavirus Tracing App
Fortune: The problem with Google and Apple’s plan to trace coronavirus via your phone
MacDailyNews: What’s wrong with the Apple-Google COVID-19 contact tracing scheme
Schneier on Security: Contact Tracing COVID-19 Infections via Smartphone Apps
Computerworld Security: Everything we know about the Google/Apple COVID-19 contact tracing tech
O’Grady’s PowerPage: Apple to partner with Google on Coronavirus contact tracing project
MacRumors: UK to Use Apple-Google API in NHS Contact Tracing App
Cult of Mac: UK’s National Health Service to use Apple-Google API in contact tracing app
Forbes: COVID-19: U.K. Government Unveils NHS Contact-Tracing Phone App As Next Step In Fighting Disease
Politico: The security issues with the Apple/Google virus tracking project
BBC News: Coronavirus: UK confirms plan for its own contact tracing app

@fs0c131y: 14/ The Apple / Google API has an other disadvantage. If a government want to publish a functional contact tracing app he is force to use this API. As a politician, when you spend your time talking about the digital sovereignty, about how bad are the GAFA, it's an issue.
@jatorre: I am getting scared of all these cryptographers now saving the world with contact tracing without privacy issues... This is going to delay solutions a lot by adding noise to decision makers. This blog post summarizes it great https://lightbluetouchpaper.org/2020/04/12/contact-tracing-in-the-real-world/
@schneierblog: Contact Tracing COVID-19 Infections via Smartphone Apps
@EHRC: “We support the use of technology to save lives during the pandemic. At the same time it must have the appropriate safeguards in place to protect people’s privacy and data.” We are ready to advise the NHS on its new Covid-19 contact tracing app. More: http://socsi.in/VrLA2


April 20, 2020
Mark Sweney / The Guardian

Mark Sweney / The Guardian  
Over 700 Fake Netflix and Disney+ Signup Pages Appeared in the Week Before Easter to Exploit Streaming Boom and Steal Personal Data

More than 700 fake websites mimicking Netflix and Disney+ signup pages have been created seeking to harvest personal information from consumers during the coronavirus lockdown streaming boom, according to cybersecurity firm Mimecast. The firm found around 700 suspicious scam websites impersonating, Netflix, the world’s most popular streaming service, that appeared between 6 April and Easter. Four fake Disney+ websites appeared during the same week.  The spoofed websites lure people with free subscriptions to gain data.

April 21, 2020
Alex Hern / Guardian

Alex Hern / Guardian  
UK’s NCSC Launches COVID-19 Scams and Hacks Reporting Service, Asks Public to Forward Dubious Emails

The National Cyber Security Centre (NCSC), an arm of the UK’s top intelligence agency GCHQ is asking members of the public to report suspicious emails they have received amid a wave of scams and hacking attacks that seek to exploit fear of COVID-19 to enrich cybercriminals. The NCSC is asking the public to forward any suspicious emails to report@phishing.gov.uk, and the NCSC’s automated scanning system will check for scam emails and immediately remove criminal sites. The reporting service comes after the NCSC removed more than 2,000 online scams related to coronavirus in the last month.

May 3, 2020
Paul Karp / The Guardian

Paul Karp / The Guardian  
Australian Government Website Which Invites Skilled Workers to the Country Leaked the Personal Details of 774,000 Migrants and Aspiring Migrants

Coming at a time when Australians are fearful over the privacy and security of their government’s coronavirus tracing app, a vulnerability in a website run by the Australian Home Affairs Department has revealed the personal details of 774,000 migrants and people aspiring to migrate to Australia, including partial names and the outcome of applications. The breach occurred in the department’s SkillsSelect platform, hosted by the employment department, which invites skilled workers and business people to express an interest in migrating to Australia. A flaw in the website allows anyone via two clicks to view a range of fields including the applicants’ “ADUserID,” a unique identifier composed of partial name information and numbers, along with the applicants’ birth country, age, qualifications, marital status and the outcome of the applications.

Jamie Grierson and Hannah Devlin / The Guardian

Jamie Grierson and Hannah Devlin / The Guardian  
Iran, Russia and Likely China Are Trying to Hack British Universities and Scientific Facilities to Steal COVID-19 Research, NCSC

Hostile states, including Iran and Russia, and likely China are attempting to hack British universities and scientific facilities to steal research related to COVID-19, including vaccine development, according to the UK’s National Cyber Security Centre (NCSC). Dozens of universities and institutions with biomedical capacity in the UK are working on COVID-19 research, ranging from new diagnostic and antibody tests to experimental treatment. Leading research institutions such as Oxford University are working with NCSC to ensure the COVID-19 research has the best cybersecurity protection possible.