Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label United Kingdom. Show all posts
United Kingdom
AI Cameras Artificial Intelligence Technology Threat Intelligence United Kingdom

New AI Speed Cameras Record Drivers on Their Phones

 

New AI cameras have been deployed in vans to record drivers using their phones while driving or driving without a seatbelt. 

During a 12-hour evaluation in March, South Gloucestershire Council discovered 150 individuals not wearing seatbelts and seven drivers preoccupied by their cell phones. 

Pamela Williams, the council's road safety education manager, stated, "We believe that using technology like this will make people seriously consider their driving behaviour." 

According to figures, 425 people sustained injuries on South Gloucestershire roads in 2023, with 69 critically injured or killed. Throughout the survey, vans were equipped with mounted artificial intelligence (AI) technology. The devices monitored passing vehicles and determined whether drivers were infringing traffic laws. 

If a likely violation was spotted, the images were submitted to at least two specially experienced highways operators for inspection. There were no fixed penalty notices issued, and photographs that were not found to be in violation were automatically deleted. The authorities stated that it was just utilising the technology for surveys, not enforcement. 

Dave Adams, a road safety officer, helped conduct the area's first survey. He went on to say: "This is a survey so we can understand driver behaviour that will actually fit in with other bits of our road safety strategy to help make our roads safer.”

Ms Williams noted that "distracted drivers" and those who do not wear seatbelts are contributing contributors to road fatalities. "Working with our partners we want to reduce such dangerous driving and reduce the risks posed to both the drivers and other people." 

Fatalities remain high 

Dr Jamie Uff, Aecom's lead research specialist in charge of the technology's deployment, stated: Despite attempts by road safety agencies to modify behaviour via education, the number of individuals killed or badly wounded as a result of these risky driving practices remains high. 

"The use of technology like this, makes detection of these behaviours straightforward and is providing valuable insight to the police and policy makers.”
Read more »
User Privacy
Bank Security Cyber Fraud Data Safety Internet Scam UK Banks United Kingdom User Privacy

UK Banks Issue a Warning Regarding an Upsurge in Internet Scams

 

Banks have issued a warning about a sharp rise in fraud in 2022, much of it coming from online sources. 77% of frauds now take place on dating apps, online markets, and social media., Barclays reported.

According to TSB, the major causes of this were an enormous rise in impersonation, investment, and purchase fraud instances. It was discovered that fraudulent listings on Facebook Marketplace had doubled, while impersonation frauds on WhatsApp had increased thrice in a year. 

Additionally, it claimed that there had been "huge fraud spikes" on Meta-owned platforms including Facebook and WhatsApp. Fraud, according to a spokesperson for Meta, is "an industry-wide issue," the BBC reported. 

"Scammers are using increasingly sophisticated methods to defraud people in a range of ways, including email, SMS, and offline," the company stated. "We don't want anyone to fall victim to these criminals, which is why our platforms have systems to block scams, financial services advertisers now have to be FCA (Financial Conduct Authority)-authorised and we run consumer awareness campaigns on how to spot fraudulent behaviour." 

"Epidemic of scams" 

Banks are dealing with an "epidemic of scams," according to Liz Ziegler, director of fraud protection for Lloyds Banking Group. 

"With more than 70% of fraud starting with contact through the main tech platforms, these companies must be held responsible for stopping scams at source and putting things right for innocent victims," she explained. 

Three million people in the UK would become victims of fraud in 2022, NatWest CEO Alison Rose previously warned a Treasury Select Committee. 

She stated, "we have seen an 87% increase in fraud," noting that NatWest believed that 60% of frauds started on social media and other internet platforms. 

Meanwhile, TSB stated 60% of purchase fraud cases of which it is aware - where a fraudster offers an item they never intend to send to the customer - occurs on Facebook Marketplace, and two-thirds of impersonation fraud cases it sees are happening on WhatsApp, The bank claims that 2,650 refunds covering these incidents were given out last year. 

According to Paul Davis, TSB's director of fraud prevention, social media companies "must urgently clean up their platforms" to safeguard users. 

Returned funds 

56% of the total money was lost to scammers in the first half of 2022, according to the most recent data from UK Finance, which represents the banking and finance industry. 

The Contingent Reimbursement Model Code, which intends to pay consumers if they fall victim to an Authorised Push Payment (APP) scam "and have acted appropriately," has been endorsed by many institutions, including NatWest, Lloyds, and Barclays. 

A consumer may be duped into sending money to a fraudulent account through an APP scam. However, TSB asserts that it reimburses victims in 97% of the fraud incidents it observes and is urging other organisations to do the same.
Read more »
Youtube
Data Breach Data Privacy Google United Kingdom User Privacy Youtube

YouTube Charged for Data Gathering on UK Minors

A million children's personal data might be collected by YouTube, as per the research. According to the claim, YouTube violates the 'age-appropriate design code' set forth by the Information Commissioner's Office (ICO).

The UK's data protection rules pertaining to the personal information of minors must be complied with by online services in order to do so. In accordance with the Global Data Protection Regulation (GDPR) program, the UK put into effect the Data Protection Act 2018.

These details include the location from which kids view, the device they use, and their preferred types of videos, according to Duncan McCann, Head of Accountability at the 5Rights Foundation.

According to McCann, the streaming service has violated recently established child protection rules by capturing the location, viewing habits, and preferences of potentially millions of youngsters who visit the main YouTube website.

As per attorney and data protection specialist Jonathan Compton from DMH Stallard, YouTube could be hit with a hefty charge of up to £17.5 million, or 4% of its annual global revenue. Not only the YouTube website can be in violation of the ICO Children's Code. In a study published last month by Comparitech, researchers found that one in four Google Play apps did not adhere to the Age Appropriate Design Code. 

A spokesperson for YouTube said, "Over the years, we've made efforts to protect kids and families, like developing a dedicated kids app, implementing new data standards for children's content, and delivering more age-appropriate experiences."

Extra safeguards have been adopted to support children's privacy on YouTube, such as more protective default settings and a specific YouTube Supervised Experience, building on that long-standing strategy and adhering to the additional recommendations offered by the code. 




Read more »
User Privacy
Cisco Cyber Defence Data Breach ICO Identity Theft United Kingdom User Privacy

Companies are at Risk From Remote Workers Losing Thier Laptops

 

Data thieves can steal a laptop from a coffee shop table, a lost property bin, an unlocked locker, your desk at work, or even your luggage on a crowded commuter train, and it's far away when you first realize it's gone. They are difficult to identify and trace, and because most individuals carry computers, it is simple to steal without anybody knowing. Many data theft events are simply crimes of opportunity rather than deliberate attacks, and stolen laptops make an excellent target.

Organizations are penalized a total of £26 million, according to data compiled by Cisco Systems, after employees misplaced company-owned laptops and phones.

The Information Commissioner's Office has collected over 3,000 reports of missing devices with user data during the past two years. Businesses are far more prone to be penalized than companies that have been the target of ransomware hackers if employees' misplaced laptops and phones consist of consumer information.

The majority of organizations are putting in place their cyber defenses, yet many do not consider their staff to be a threat to company data. But a major aspect of cyber security preparation is searching within the organization for potential insider threats. It might be challenging to tell whether a staff member has genuinely used company systems or if they are attempting to assault the company.
  
According to data protection legislation, the loss of a device containing or having access to the personal data of customers or suppliers must be reported to the ICO. As per Lindy Cameron, the CEO of the National Cyber Security Centre, ransomware is one of the most severe cybersecurity risks in the UK.

Martin Lee, technical lead for cybersecurity at Cisco, warned that office workers who are unable to resume their usual commute may see an increase in lost or stolen devices that carry important company data. Businesses in the UK have been investing heavily to ensure that their corporate networks are impenetrable because of the increased awareness of cyber threats brought on by rising data breaches. 



Read more »
User Privacy
Antivirus Data Breach Data Privacy Laws Hackers Phishing Attacks United Kingdom User Privacy

 UK Penalizes Interserve £4.4 Million for Security Breach

The Information Commissioner's Office (ICO) fined Interserve Group £4.4 million for violating data protection laws after it failed to protect the personal data of its employees.

An unidentified group of hackers launched a phishing attack in May 2020 to gain access to the systems of the construction firm and stole personal and financial information stored by Interserve on its 113,000 present and former employees, according to the ICO. It came to the conclusion that the business failed to implement adequate security measures to avoid such an attack.

A phishing email that had not been quarantined or prevented by the Interserve system was passed in May 2020 by an employee of the company either to an employee that opened it and downloaded its contents. On the employee's workstation, the malware was consequently installed.

The ICO claims that although the company's anti-virus system isolated the malware and provided an alert, it did not fully look into the suspicious activities. If it did so, the hacker would still have been able to access the company's systems.

Following the penetration of 283 systems and 16 accounts, the hacker removed the company's antivirus program. Up to 113,000 current and former employees' personal information was encrypted and made inaccessible.

Personal information like names, addresses, and bank account numbers were among the leaked data, along with certain category information like racial origin, religion, information about any disabilities, sexual orientation, and medical records.

According to John Edwards, the UK's information commissioner, "Firms are most in danger from internal complacency rather than external hackers. You can anticipate a similar fine from my office if your company doesn't routinely check its systems for suspicious behavior and ignores alerts, or if it doesn't update software and fails to teach employees."

The ICO has the authority to fine a data controller up to £17.5 million, or 4% of their total annual global revenue, whichever is larger. This fine was imposed under the DPA2018 (GDPR) for violations of the General Data Protection Regulation.



Read more »
User Privacy
Cyber Crime Flashpoint LAPSUS$ Online Gaming uber United Kingdom User Privacy

Teen Hacking Suspect Arrested by London Police for GTA 6 and Uber Breach

A 17-year-old Oxfordshire kid was detained on suspicion of hacking, according to information released by the City of London Police on Friday.

According to experts, the recent security breaches at Uber and Rockstar Games may have something to do with the arrest.

On September 18, a cyber threat actor identified as the 'teapotuberhacker' claimed to have hacked Rockstar Games, the company behind the well-known and contentious Grand Theft Auto (GTA) franchise, in a post on GTAForums.com. Teapotuberhacker claimed to have taken 90 movies of alpha material and the source code for Grand Theft Auto VI and its predecessor GTA V from Rockstar in that post, which has since been removed.

Notably, a 17-year-old Oxford boy was among the seven minors who were detained. The Oxford teenager was detained after other hackers posted his name and address online. The boy had two internet aliases: 'Breachbase' and 'White'. According to the reports, the boy had earned about $14 million via data theft. 

Further information concerning the inquiry was kept under wraps by the UK authorities. 

Seven adolescents were detained and later freed by City of London police in connection with a probe into the Lapsus$ hacking organization this spring.

Uber released more information regarding the latest security breach earlier this week. According to the firm, the threat actor responsible for the intrusion is connected to the LAPSUS$ hacker organization.

Flashpoint, a security company, presented a report of the Grand Theft Auto VI data breach this week and disclosed that the name of the hacker responsible for the two attacks had been made public on a dark web forum.

The forum administrator claimed that teapotuberhacker was the same guy who had allegedly hacked Microsoft and owned Doxbin in the debate, which was titled 'The Person Who Hacked GTA 6 and Uber is Arion,' according to the story that was published by FlashPoint.

If these claims are true, which is not entirely apparent, it will assist in explaining the most recent incident that law police conducted.
Read more »
United Kingdom
Cyber Security IT system NCSC security measures United Kingdom

In Q2 2022, NCSC Plans to Launch a New Assurance Scheme for IR and SimEx

 

In Q2 2022, the National Cyber Security Centre (NCSC) plans to implement a new assurance scheme for incident response (IR) and simulated exercises (SimEx), which might be a game-changer in the security sector. This will essentially result in the standardization of IR and SimEx across the board, as well as the expansion of commercial reach, opening up new markets for assured suppliers. Previously, the NCSC only offered the Cyber Incident Response (CIR) Service – shortly to be renamed CIR Level 1 – to UK Central Government and major corporations with complex IT systems that were regarded to have "national significance" networks. 

The new CIR service will dramatically broaden its reach to include local businesses, major businesses, and SMEs, while the new Cyber Incident Exercising Service will target large and medium organizations, as well as central and regional UK government. Because of the scope of the undertaking, the NCSC aims to hire Assured Scheme Partners to assess and onboard Assured Service Providers to police the scheme. 

The government agency is presently selecting its Assured Scheme Partners, with whom it will collaborate to develop the operating model and define how it will execute its technical standards across both services. 

SimEx can range from simple desktop exercises to full-fledged simulations, allowing corporate teams to respond to a given attack scenario. They could take the shape of a ransomware or phishing assault, DDoS simulation, or sensitive data being released on the dark web. A simulated exercise's purpose is to practise, analyze, or enhance the IR plan, so the true learning comes from how effectively the incident response process functions. 

Although it is unclear how the new Cyber Incident Exercising Service can support this wide range of activities, the NCSC has announced that it will include table-top and live-play formats. It will likely provide a sliding scale of increasingly complicated services, bringing much-needed clarity to the market. 

One of the main difficulties with SimEx today is that once the business considers testing its IR, prices may quickly escalate, so a formal framework with multiple techniques would help teams know precisely what they've signed up for and how much bang for their buck they're getting. 

Rather than the organization blindly investing in technology and presuming that its policies are being followed, these tests evaluate the effectiveness of security protocols by using attack scenarios that the organization is likely to face in the current threat landscape, informing the business of what is/isn't working and where the disparities are so that future spend can be focused.
Read more »
United Kingdom
Cyber Attacks IT system Nation-State Attacks United Kingdom

Attack on UK's Defence Academy Compelled a Rebuild of the IT System

 

According to a former senior officer, a probable nation-state attack on the UK's primary defense training facility last year compelled the academy to replace its IT infrastructure. Air Marshal Edward Stringer recently retired as the director-general of joint force development and the UK Defence Academy. 

Every year, the academy teaches roughly 30,000 UK armed forces personnel, as well as civil officials and military personnel from foreign countries. However, it was caught off guard by a cyber-attack in March of last year, which had "significant" operational ramifications, according to Stringer. 

IT team had to find backup ways to use regular internet, etc, to keep the courses running, which they did - but not as smoothly as before, to be fair, added Stringer.

He claimed he didn't know whether the hackers were criminals or a hostile state, but his main concern was whether the hackers sought to use the Defence Academy as a "backdoor" into much more secret portions of the MOD's IT systems. When asked if the cyberspies were effective, Air Marshal Stringer replied, "No, I was quite confident, that there hadn't been any other breaches beyond the Defence Academy." 

Despite the fact that no important information is believed to have been stolen, teaching was disrupted when courses were shifted online owing to the pandemic. “It doesn’t look like a violent attack, but there were costs. There were costs to operational output. There were opportunity costs in what our staff could have been doing when they were having to repair this damage,” Stringer said. “What could we be spending the money on that we’ve had to bring forward to rebuild the network? There are no bodies in the streets, but there’s still been some damage done.” 

The MOD's digital branch launched an inquiry into the cyber-attack, but no findings - such as who was behind it - have been made public. The incident was also reported to the National Cyber Security Centre, a part of GCHQ. 

That rebuilding looks to be ongoing, with a note on the present Defence Academy website stating: “new website coming soon … please bear with us while we continue to update our site … check back soon for updates.” 

Serco, an outsourcing contractor, is purportedly in charge of the academy's IT systems, including website maintenance. While China, Russia, and other adversaries would surely have been motivated to undertake an attack, Stringer stopped short of attributing it to state-sponsored operatives.
Read more »
Subscribe to: Posts (Atom)