Network security

NHS contractor fined after ransomware attack

The tech firm Advanced, which provides services to the NHS, has been fined over £3 million by the UK data watchdog following a major ransomware attack in 2022.

The breach disrupted NHS systems and exposed personal data from tens of thousands across the country.

Originally facing a £6 million penalty, Advanced saw the fine halved after settling with the Information Commissioner’s Office.

Regulators said the firm failed to implement multi-factor authentication, allowing hackers to access systems using stolen login details.

The LockBit attack caused widespread outages, including access to UK patient data. While Advanced acknowledged the resolution, it declined to offer further comment or name a spokesperson when contacted.

For more information on these topics, visit diplomacy.edu.

OnlyFans faces penalty in UK for age check inaccuracy

OnlyFans’ parent company, Fenix, has been fined £1.05 million by UK regulator Ofcom for providing inaccurate information about how it verifies users’ ages. The platform, known for hosting adult content, had claimed its age-checking technology flagged anyone under 23 for additional ID checks.

However, it was later revealed the system was set to flag those under 20, prompting Ofcom to take enforcement action. Ofcom said Fenix failed in its legal obligation to provide accurate details, undermining the regulator’s ability to assess platform safety.

While Fenix accepted the penalty — leading to a 30% reduction in the fine — Ofcom stressed the importance of holding platforms to high standards, especially when protecting minors online. The investigation began in 2022 under UK regulations that predate the Online Safety Act, which is due to take full effect this year.

Why does it matter?

The act will require stronger age verification measures from platforms like OnlyFans, with a July 2025 deadline for full compliance. OnlyFans responded by affirming its commitment to transparency and welcomed the resolution of the case. While best known for adult subscriptions, the platform hosts mainstream content and launched a non-pornographic streaming service in 2023.

For more information on these topics, visit diplomacy.edu.

Messaging app Signal sees rising popularity in US and Europe

Signal’s president, Meredith Whittaker, defended the app’s security after top US officials mistakenly included a journalist in an encrypted chat about military action in Yemen.

While not addressing the incident directly, Whittaker reiterated Signal’s status as the ‘gold standard in private communications’ and highlighted its open-source, nonprofit model. The app is widely used for its strong encryption, which protects both message content and metadata, unlike some competitors.

Signal has gained popularity in the United States and Europe as a more private alternative to WhatsApp. Data from Sensor Tower shows a 16% rise in US downloads in early 2025 compared to the previous quarter and a 25% increase year-on-year.

Whittaker previously criticised WhatsApp for collecting metadata, which she argued could reveal communication patterns. WhatsApp defended its practices, stating that metadata helps prevent spam and abuse while insisting it does not track personal messages for advertising.

The security lapse involving US officials has renewed debate over encrypted messaging platforms and their vulnerabilities. Signal’s strict privacy measures contrast with WhatsApp’s approach, which retains some metadata for security purposes.

As more users prioritise privacy, Signal continues to grow, with advocates praising its encryption technology and lack of corporate data collection.

For more information on these topics, visit diplomacy.edu.

Trump dismisses Signal leak, supports Waltz

US President Donald Trump on Tuesday downplayed the incident in which sensitive military plans for a strike against Yemen’s Houthis were mistakenly shared in a group chat that included a journalist. Trump referred to it as ‘the only glitch in two months’ and insisted that it was ‘not a serious’ issue.

The development, which surprised him when first questioned by reporters, has sparked criticism from Democratic lawmakers accusing the administration of mishandling sensitive information.

The lapse occurred when US National Security Adviser Mike Waltz unintentionally included Jeffrey Goldberg, editor-in-chief of The Atlantic, in a group chat with 18 high-ranking officials discussing military strike plans.

Waltz admitted to the mistake and accepted full responsibility, stating that an aide had mistakenly added Goldberg’s contact to the conversation.

The incident, which took place over the Signal app, has raised concerns due to the app’s public availability and its use for discussing such sensitive matters.

While Trump continued to express support for Waltz, Democratic critics, including former Secretary of State Hillary Clinton, have voiced strong disapproval.

Clinton, commenting on the breach, highlighted the irony of the situation, given Trump’s previous criticisms of Hillary Clinton’s use of a private email server for sensitive material.

For more information on these topics, visit diplomacy.edu.

Mobile coverage from space may soon be reality

Satellite-based mobile coverage could arrive in the UK by the end of 2025, with Ofcom launching a consultation on licensing direct-to-smartphone services.

The move would allow users to stay connected in areas without mast coverage using an ordinary mobile phone.

The proposal favours mobile networks teaming up with satellite operators to share frequencies in unserved regions, offering limited services like text messaging at first, with voice and data to follow.

Ofcom plans strict interference controls, and Vodafone is among those preparing to roll out such technology.

If approved, the service would be available across the UK mainland and surrounding seas, but not yet in places like the Channel Islands.

The public has until May to respond, as Ofcom seeks to modernise mobile access and help close the digital divide.

For more information on these topics, visit diplomacy.edu.

US report highlights China’s growing military capabilities

A US intelligence report has identified China as the top military and cyber threat, warning of Beijing’s growing capabilities in AI, cyber warfare, and conventional weaponry.

The report highlights China’s ambitions to surpass the US as the leading AI power by 2030 and its steady progress towards military capabilities that could be used to capture Taiwan.

It also warns that China could target US infrastructure through cyberattacks and space-based assets.

The findings, presented to the Senate Intelligence Committee, sparked tensions between Washington and Beijing. Chinese officials rejected the report, accusing the US of using outdated Cold War thinking and hyping the ‘China threat’ to maintain military dominance.

China’s foreign ministry also criticised US support for Taiwan, urging Washington to stop backing separatist movements.

Meanwhile, Beijing dismissed accusations that it has failed to curb fentanyl shipments, a key source of US overdose deaths.

The report also notes that Russia, Iran, and North Korea are working to challenge US influence through military and cyber tactics.

While China continues to expand its global footprint, particularly in Greenland and the Arctic, the report points to internal struggles, including economic slowdowns and demographic challenges, that could weaken the Chinese government’s stability.

The intelligence report underscores ongoing concerns in Washington about Beijing’s long-term ambitions and its potential impact on global security.

For more information on these topics, visit diplomacy.edu.

How to protect your business from infostealer malware and credential theft

Cybercriminals stole billions of login credentials last year using infostealer malware, putting businesses worldwide at serious risk.

These malicious tools quietly harvest passwords and session tokens from infected devices, often within minutes.

To fight back, companies must use strong multi-factor authentication, store passwords in dedicated managers, and protect devices with advanced endpoint security.

Simple browser-stored logins are no longer safe, and attackers are getting better at bypassing weak defences.

Reducing session lifespans, using hardware-backed logins, and training staff to spot phishing threats are all key to staying secure.

By combining tech with human vigilance, organisations can stay ahead of attackers and safeguard their systems and data.

For more information on these topics, visit diplomacy.edu.

Does Section 230 of the US Communication Decency Act protect users or tech platforms?

Typically, Section 230 of the US Communication Decency Act is considered to protect tech platforms from liability for the content provided. In a recent article, the Electronic Frontier Foundation argues that Section 230 protects users to participate in digital life.

The piece argues that repealing or altering Section 230 could inadvertently strengthen the position of big tech firms by removing the financial burden of litigation that smaller companies and startups cannot bear. Without these protections, smaller services might crumble under expensive legal challenges, stifling innovation and reducing competition in the digital landscape.

Such a scenario would leave big tech with even greater market dominance, which opponents of Section 230 seem to overlook. Additionally, the article addresses the misconception that eliminating Section 230 would enhance content moderation.

It clarifies that the law enables platforms to implement and enforce their standards without fear of increased liability, encouraging responsible moderation. EFF’s article argues that by allowing users and platforms to self-regulate, Section 230 prevents the US government from overreaching into defining acceptable speech, upholding a cornerstone of democratic values.

For more information on these topics, visit diplomacy.edu.

China warns US against ‘hegemonic thinking’

China’s foreign ministry has criticised the US for viewing China through a ‘hegemonic mentality’ after Washington labelled it the top military and cyber threat.

Ministry spokesperson Guo Jiakun accused the US of pushing the ‘China threat’ narrative as a means to contain and suppress the country.

The latest exchange highlights ongoing tensions between the two global powers, particularly over security, technology, and military influence. Beijing has consistently rejected US claims regarding cyber espionage and military expansion, arguing that such accusations are politically motivated.

Relations between China and the US have remained strained, with disputes spanning trade, Taiwan, and cybersecurity.

Despite diplomatic efforts to stabilise ties, the two nations continue to challenge each other’s policies and strategic moves on the global stage.

For more information on these topics, visit diplomacy.edu.

Lawmakers demand probe into Trump team’s Signal breach

​Top officials from the Trump administration inadvertently included a journalist in an encrypted Signal chat while discussing military plans, leading to concerns over a potential security breach.

The incident has prompted Democratic lawmakers to call for a congressional investigation into the mishandling of classified information. Although US law criminalises the misuse of such data, it remains uncertain if legal provisions were violated in this case. ​

Signal is a widely trusted encrypted messaging app known for strong privacy protections. The service, instead of storing user messages on its servers, keeps data solely on users’ devices, with an option to automatically delete conversations.

Unlike other platforms, Signal does not track user data, use ads, or affiliate with marketers. Its encryption is independent of any government, and cybersecurity experts consider it highly secure. However, if a device itself is compromised, messages within the app can still be accessed by hackers. ​

The app was co-founded by Moxie Marlinspike in 2012 and later supported by WhatsApp co-founder Brian Acton, who left WhatsApp over concerns regarding data privacy.

Signal is run by the non-profit Signal Foundation and has grown in popularity, especially among privacy advocates, journalists, and government agencies.

The European Commission and the US Senate have also endorsed its use. However, experts question whether it is appropriate for discussions involving national security matters, given the risk of mobile device vulnerabilities. ​

Signal saw a significant surge in users in 2021 after WhatsApp introduced a controversial privacy policy update.

Despite its reputation for security, the recent incident with Trump administration officials highlights concerns about the suitability of even the most encrypted platforms for handling sensitive government information.

For more information on these topics, visit diplomacy.edu.

Diplo chatbot can make mistakes. Consider checking important information.