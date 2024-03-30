Windows TCO and More
-
Bitdefender ☛ Sellafield nuclear waste dump faces prosecution over cybersecurity failures
The fear is that the malware might have been planted on Sellafield's IT systems for espionage (to access sensitive information about personnel or radioactive waste movement) and for disruptive attacks.
-
The Guardian UK ☛ Sellafield nuclear waste dump to be prosecuted for alleged cybersecurity offences
The Guardian also revealed that cyber problems have been known by senior figures at the nuclear site for at least a decade, according to a report dated from 2012, which warned there were “critical security vulnerabilities” that needed to be addressed urgently.
Sellafield’s computer servers were deemed so insecure that the problem was nicknamed Voldemort after the Harry Potter villain, according to a government official familiar with the ONR investigation and IT failings at the site, because it was so sensitive and dangerous.
-
The Guardian UK ☛ [Old] Sellafield nuclear site hacked by groups linked to Russia and China
The problem of insecure servers at Sellafield was nicknamed Voldemort after the Harry Potter villain, according to a government official familiar with the ONR investigation and IT failings at the site, because it was so sensitive and dangerous. It involved highly sensitive data that could be exploited by Britain’s enemies. Sellafield’s server network was characterised by the official as “fundamentally insecure”.
The scale of the problem was only revealed when staff at an external site found that they could access Sellafield’s servers and reported it to the ONR, according to an insider at the watchdog.
-
British Library ☛ Learning Lessons from the Cyber-Attack: British Library cyber incident review [PDF]
This paper aims to provide an overview of the cyber-attack on the British Library that took place in October 2023 and examines its implications for the Library’s operations, future infrastructure, risk assessment and lessons learned. Its purpose is to ensure a common level of understanding of key factors that may help peer institutions and other organisations learn lessons from the Library’s experience.
-
Bruce Schneier ☛ Lessons from a Ransomware Attack against the British Library
You might think that libraries are kind of boring, but this self-analysis of a 2023 ransomware and extortion attack against the British Library is anything but.
-
The Record ☛ Ransomware gang leaks stolen Scottish healthcare patient data in extortion bid
The service announced earlier this month it was the target of “a focused and ongoing cyber attack,” and that while patient-facing services were functioning as normal, it warned of the risk “hackers have been able to acquire a significant quantity of data.”
A ransomware group calling itself INC Ransom claimed this week to hold terabytes of data exfiltrated from the organization, publishing some of this data samples on its extortion site as evidence.
-
Integrity/Availability/Authenticity
-
The Register UK ☛ 'Thousands' of firms vulnerable to security bug in Ray AI
Thousands of companies remain vulnerable to a remote-code-execution bug in Ray, an open-source AI framework used by Amazon, OpenAI, and others, that is being abused by miscreants in the wild to steal sensitive data and illicitly mine for cryptocurrency.
This is according to Oligo Security, which dubbed the unpatched vulnerability ShadowRay. The oversight is tracked as CVE-2023-48022, with a critical 9.8 out of 10 CVSS severity rating.
-