Category Archives: Data and computer security

Government websites hit by cryptocurrency mining malware

Thousands of sites, including NHS services and the ICO, hijacked by rogue code

Thousands of websites, including those belonging to NHS services, the Student Loans Company and several English councils, have been infected by malware that forces visitors’ computers to mine cryptocurrency while using the site.

Late on Sunday, the website of the UK’s data protection watchdog, the Information Commissioner’s Office, was taken down to deal with the issue after it was reportedly infected by the malware.

Continue reading…
Source: gadt

EU data protection law may end up protecting scammers, experts warn

WHOIS, one of oldest tools on internet for verifying real identities, at risk of being killed due to tough new GDPR regulations

Sweeping new European data protection regulations may have the accidental effect of protecting scammers and spammers by killing the WHOIS system used to link misdeeds online to real identities offline, security experts have warned.

The General Data Protection Regulation (GDPR), which comes into effect in May, contains a raft of measures intended to strengthen data protection for Europeans.But some of the new rights and responsibilities will conflict with decades-old technologies that have provided much-needed transparency on the internet, says Raj Samani, the chief scientist at cybersecurity firm McAfee.

Continue reading…
Source: gadt

Every NHS trust tested for cybersecurity has failed, officials admit

Assessments after WannaCry attack reveal vulnerabilities across whole of health system

Every NHS trust assessed for cyber security vulnerabilities has failed to meet the standard required, civil servants have said for the first time.

In a parliamentary hearing on the WannaCry attack which disrupted parts of the NHS last year, Department of Health (DoH) officials said all 200 trusts had failed, despite increases in security provision.

Continue reading…
Source: gadt

What can I do to protect my PC from the Meltdown and Spectre flaws?

John has an old Sony Vaio PC that seems unlikely to receive a firmware update. Should he replace it?

My Microsoft Surface Book is protected against the Meltdown and Spectre security flaws, but my Sony Vaio Pro remains vulnerable to Spectre. Both laptops run Windows 10 and have been updated via Windows Update. The Surface Book’s BIOS has also been updated by Microsoft, but there is no BIOS update for the Vaio – and, I suspect, for millions of other machines.

What is the risk of continuing to run the Vaio with this known critical vulnerability? Is there another way to mitigate it? Or, in the end, do thousands of people have to dump otherwise good machines and buy new ones? John Piatt

It’s too soon to say. Bear in mind that, so far, there are no known exploits for these vulnerabilities, so the current level of risk is low. Companies will try to defend against threats as and when they appear. In the short term, we’ll just have to see how well that goes.

Continue reading…
Source: gadt

Cybercrime: £130bn stolen from consumers in 2017, report says

Of the 978m global victims of cybercrime last year, 17m were Britons targeted by phishing, ransomware, online fraud and hacking

Hackers stole a total of £130bn from consumers in 2017, including £4.6bn from British internet users, according to a new report from cybersecurity firm Norton.

More than 17 million Brits were hit by cybercrime in the past year, meaning the nation, which accounts for less than 1% of the global population, makes up almost 2% of the 978 million global victims of cybercrime and almost 4% of the global losses.

Continue reading…
Source: gadt

Bitcoin’s fluctuations are too much for even ransomware cybercriminals

Malware developers have had to demand ransoms in local currencies as they attempt to not price their targets out

Bitcoin’s price swings are so huge that even ransomware developers are dialling back their reliance on the currency, according to researchers at cybersecurity firm Proofpoint.

Over the last quarter of 2017, researchers saw a fall of 73% in payment demands denominated in bitcoin. When demanding money to unlock a victim’s data, cybercriminals are now more likely to simply ask for a figure in US dollars, or a local currency, than specify a sum of bitcoin.

Continue reading…
Source: gad2

Meltdown: Epic Games blames bug fix for online game slowdown

Increased processor use occurred when company installed patches to fix flaws, leaving players of online battle game Fortnite unable to login

The first real-world effects of processor vulnerabilities Meltdown and Spectre are beginning to show, due to fixes for the two megabugs which have the side-effect of slowing down cloud services worldwide.

Online video game Fortnite is one of the worst hit, with the game’s creators attributing login issues and service instability to a 30 percentage point spike in processor use that occurred when the company installed the patches.

Continue reading…
Source: gad2

Intel facing class-action lawsuits over Meltdown and Spectre bugs

Plaintiffs claim compensation for security flaws and alleged slowdown that fixing computers will cause, while corporations count cost of corrections

Intel has been hit with at least three class-action lawsuits over the major processor vulnerabilities revealed this week.

The flaws, called Meltdown and Spectre, exist within virtually all modern processors and could allow hackers to steal sensitive data although no data breaches have been reported yet. While Spectre affects processors made by a variety of firms, Meltdown appears to primarily affect Intel processors made since 1995.

Continue reading…
Source: gad