Displaying items by tag: cybersecurity

The National Cyber Security Centre (NCSC) has issued a warning following recent cyber attacks targeting major retailers including Marks & Spencer, Co-op, and Harrods. Criminal hackers have reportedly impersonated IT help desks to infiltrate company systems, a tactic known as social engineering. The NCSC urges organisations to review their password reset procedures and authentication processes, especially for senior staff with high-level access. Cybersecurity experts advise using multi-layered verification methods, including codewords, to prevent breaches. Although an anonymous group claiming responsibility, calling themselves DragonForce, denies links to the notorious Scattered Spider hacking collective, the methods used are strikingly similar. These hackers have previously carried out high-profile attacks, including on Las Vegas casinos. The NCSC emphasises vigilance against risky logins and unusual account activity. Law enforcement is investigating, with ongoing efforts to confirm links between recent attacks. The Co-op has admitted customer data was compromised, while M\&S’s breach is under investigation. Businesses are reminded to bolster security, as this wave of attacks highlights the evolving threat landscape in today’s digital world.

The Government’s secret demand to access Apple customers’ encrypted data has drawn sharp criticism from the US intelligence community. Tulsi Gabbard, the US director of national intelligence, revealed she was not informed about this move and is now investigating whether it violates US citizens’ privacy rights. The request would force Apple to break its encryption, something the company has refused to do. In response, Apple removed its highest-level security tool, Advanced Data Protection, from UK devices last week. This means UK customers' data remains encrypted but accessible to Apple if served with a legal warrant. The USA is now reviewing the UK’s actions, with concerns over whether it breaches agreements between the two nations on protecting citizens' private data. The Government has so far declined to comment on the matter.