Category: data breach

A significant breach has come to light, as cyber threat actors managed to infiltrate a trove of valuable electoral commission data spanning an impressive eight-year period from 2014 to 2022. The disclosure of this breach has recently been made by the UK Electoral Commission, following its provision of breach details to the Information Commission Office (ICO) just last week.

Curiously, although the breach itself was identified in the early months of the preceding year, the governmental entity responsible opted to unveil the specifics only now, nearly a year later.

Adding further intrigue to the situation, an anonymous source has contributed to the crisis by asserting that the breach was actually detected as far back as 2017. However, those responsible for maintaining the electoral database chose to remain tight-lipped about the incident for reasons that are best known to them. This reticence might potentially be attributed to the political turmoil prevailing within the country at that particular time.

The information laid bare by this attack encompasses a comprehensive array of data, including the names of voters, their email addresses, contact particulars, residential addresses, the date they attained voting eligibility, and even the associated profile images.

The electoral watchdog emphatically maintains that the breach did not wield any influence over the outcomes of recent elections, as the hackers abstained from altering any components of the registration database.

In essence, this signifies that the legitimacy of the election of Rishi Sunak as the newly elected Prime Minister of the UK, as well as the preceding candidacies of Lizz Truss and Boris Johnson, remains intact.

Worth noting is the backdrop of discussions surrounding the manipulation of electoral databases, a topic that gained prominence following the conclusion of the 2016 US presidential elections. In that instance, Ms. Clinton, the then-presidential candidate, had levied accusations against Donald Trump, suggesting that his victory was achieved through interference by a foreign nation. Despite subsequent explanations presented by former President Barack Obama, the subject gradually lost its fervor over time.

The post Cyber Attack on UK Electoral Database leaks 8 yrs voters information appeared first on Cybersecurity Insiders.

Rolls-Royce, the renowned British manufacturing giant, has fallen victim to a sophisticated cyber attack resulting in potential data theft related to its Small Modular Reactor (SMR) technology—an essential device used to generate power for diverse applications and users.

The company, known for crafting super-luxury vehicles and aircraft engines, has maintained silence regarding the incident. However, a spokesperson who is highly active on a social media platform issued a statement attributing the attack to a threat group called “Network-Worker Alliance.”

In the aftermath of the cyber attack, Rolls-Royce’s official website has been inaccessible for the past three days, displaying the Error 525 code as of July 30, 2023. Security analysts are perplexed by the situation, as the company’s servers were seemingly protected by Cloudflare online security tools, making it highly improbable for hackers to infiltrate the system.

The nature of the attack suggests that the perpetrators were well-prepared or may have received insider support to breach the company’s highly secure network. The Rolls-Royce SMR project holds significant prestige for the British government, as it enhances the nation’s nuclear power capabilities. Consequently, the implications of this incident may be more profound than initially perceived.

Since 2018, the London-based aerospace business has been actively involved in the development of nuclear power plants, focusing on innovating small modular reactors. The company’s global presence has attracted widespread attention, especially from Asian countries like India, who have shown keen interest in signing a pact with Rolls-Royce to harness the innovative technology and bolster their nuclear power capabilities.

Note 1: Error 525 occurs when an SSL handshake fails to establish an authentication to gain a secure connect or else is intercepted by a 3rd party leading to an error.

Note 2- Data breach details are yet to be confirmed by the company.

The post Rolls Royce targeted in a sophisticated Cyber Attack with potential Data Breach appeared first on Cybersecurity Insiders.

New rules requiring publicly-listed firms to disclose serious cybersecurity incidents within four days have been adopted by the US Securities and Exchange Commission (SEC). The tough new rules, although undoubtedly well-intentioned, are likely to leave some firms angry that they being "micromanaged" and - it is argued - could even assist attackers. Read more in my article on the Tripwire State of Security blog.
Dr 90210 finds himself in a sticky situation after his patients' plastic surgery photos AND more end up in the hands of hackers, emails to the US military end up in the wrong hands, and script kiddies salivate at the thought of Business Email Compromise powered by generative AI. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by T-Minus Space Daily’s Maria Varmazis.