On November 2, 2023, we discovered that a virus had impacted the Facility’s computer systems. We quickly took steps to minimize its impact, took other necessary actions to protect the Facility’s systems, and have been investigating the matter. We have been working with a forensic security consultant to identify the nature and scope of the…
Category: Government Sector
MoD fined £350k over data breach that endangered lives of Afghan interpreters
Public Technology reports: The Ministry of Defence has been fined £350,000 over a data breach that divulged the identities of hundreds of Afghan nationals who worked for the UK government in Afghanistan. According to data watchdog the Information Commissioner’s Office, the incident allowed 245 recipients of an email about the evacuation of eligible people to…
Alleged Chinese cyberattacks target US power and water systems
Duncan Riley reports: U.S. government officers and cybersecurity experts are warning that the Chinese military is allegedly attempting to infiltrate critical infrastructure, including power and water utilities and transportation systems in the U.S. The Washington Post reported, referencing unnamed officials and security experts, that hackers allegedly affiliated with China’s People’s Liberation Army have burrowed into the…
The Untold Story of a Massive Hack at HHS in Covid’s Early Days
Jordan Robertson and Riley Griffin report: On March 15, 2020, just days after the US declared a national emergency because of the Covid-19 pandemic, the computer network for the US Department of Health and Human Services briefly vanished from the internet. In public remarks the following day, HHS Secretary Alex Azar attributed the 10-minute outage to a cyberattack but…
Hackers Exploited ColdFusion Vulnerability to Breach Federal Agency Servers
The Hacker News reports: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of active exploitation of a high-severity Adobe ColdFusion vulnerability by unidentified threat actors to gain initial access to government servers. “The vulnerability in ColdFusion (CVE-2023-26360) presents as an improper access control issue and exploitation of this CVE can result in arbitrary code execution,” CISA said,…
Britain dismisses report claiming Sellafield nuclear site hacking, says no malware exists on our system
FirstPost reports: Hours after The Guardian report claimed that UK’s most hazardous nuclear site Sellafield has been hacked into by cyber groups closely linked to Russia and China, Britain on Monday said that it has no records or evidence to suggest that networks were compromised. “Our monitoring systems are robust and we have a high degree of…