A Bill to amend the law regarding the succession to Peerages; and for connected purposes
Link: Succession to Peerages
Source: Public Bills
Press release: Public procurers learn how to spot bid-rigging
Updated: incorrect email removed
The Competition and Markets Authority (CMA) and the Crown Commercial Service (CCS) have worked together to create the e-learning module which will help more than 4,000 central government procurers root out attempts to win contracts through anti-competitive conduct.
In 2013/14 the UK public sector spent £242 billion on procurement of goods and services. Evidence suggests that cartels – of which bid-rigging forms a part – overcharge by up to 30%, costing taxpayers millions of pounds and leading to poor service.
John Kirkpatrick, CMA Senior Director Research, Intelligence and Advocacy, said:
It is vital that taxpayers’ money is spent well on projects that are of benefit to the public, rather than costs being pushed up unfairly by bid-rigging. We hope this bid-rigging e-learning package will prove to be a very useful tool for procurers in helping them spot and prevent attempts to rig procurement processes.
The CMA has a hotline which people can call if they suspect cases of bid-rigging or other anti-competitive practices, so I urge anyone with doubts to call.
Ian Mackie, CCS Head of Commercial Learning and Development, said:
Increasing commercial capability is a priority skills area for the civil service, so we, along with our departmental colleagues, were delighted to work with CMA to support this learning module. Hosting this on the Civil Service Learning Commercial College will enhance the contract management learning already available to staff.
Bid-rigging involves competing businesses which are invited to bid in competitive tenders secretly colluding so that, contrary to appearances, they are not fully competing for the contract. Bid-rigging tends to drive up prices by removing genuine competition between bidders.
It is a serious infringement of competition law, which can lead to fines and liability to damages for the companies involved. It can also result in criminal sanctions (including possible imprisonment) for individuals.
The e-learning module can be found on the Commercial College, hosted on Civil Service Learning.
The module, which is intended to take no more than 40 minutes to complete, will help students to gain an awareness of why bid-rigging is harmful, what kinds of activities and patterns of behaviour they should watch out for, what they can do to mitigate risks and where they can go to get help if they suspect a case.
Notes for editors
- The CMA is the UK’s primary competition and consumer authority. It is an independent non-ministerial government department with responsibility for carrying out investigations into mergers, markets and the regulated industries and enforcing competition and consumer law. For more information see the CMA’s homepage on GOV.UK. For CMA updates, follow us on Twitter @CMAgovuk, Flickr and LinkedIn.
- Please contact the cartels hotline on 0800 085 1664 or 020 3738 6888 or email cartelshotline@cma.gsi.gov.uk, if you suspect instances of bid-rigging.
- To learn more, look at CMA guidance ‘Bid-rigging: advice for public sector procurers’.
- For more information on the Crown Commercial Service see its webpages.
- Enquiries should be directed Simon Belgard (simon.belgard@cma.gsi.gov.uk, 020 3738 6472).
Link: Press release: Public procurers learn how to spot bid-rigging
Source: Gov Press Releases
NHS Alert
A spokesperson for the National Cyber Security Centre said:
“We are aware of a cyber incident and we are working with NHS Digital and the National Crime Agency to investigate.”
Advice on protecting yourself from ransomware is available here.
UPDATE
A statement from the NCSC on the international cyber incident can be read here.
Link: NHS Alert
Source: NCSC Alerts
TalkTalk Alert
We are aware of reports that some customers of TalkTalk are suffering problems with their home routers. We have been in contact with the company who are working to resolve the problem. We will continue to monitor the situation and will provide an update if required.
TalkTalk are offering help and support on their website.
Link: TalkTalk Alert
Source: NCSC Alerts
‘Dirty COW’ Linux privilege escalation vulnerability being actively exploited
Executive Summary
A vulnerability has been discovered in the Linux kernel which could give untrusted users unfettered root access. This vulnerability has been present in the Linux kernel for nine years but has only just been discovered. The vulnerability allows for privilege escalation that can be exploited easily and reliably. The fact that this flaw exists in nearly every version of Linux from at least the last nine years means this vulnerability should be taken seriously and patched as…
Link: ‘Dirty COW’ Linux privilege escalation vulnerability being actively exploited
Source: NCSC Alerts
Data breach of 500m Yahoo accounts
Summary
CERT-UK is aware of reports of an attack on the technology firm Yahoo in which up to 500 million user accounts were breached.
In August 2016, a hacker known as “Peace” was reportedly attempting to sell information from 200 million Yahoo accounts breached in an attack from 2014. Initially believed to be speculation, Yahoo has now revealed that a breach did take place compromising the data of 500 million accounts. This is believed to be the biggest public breach of…
Link: Data breach of 500m Yahoo accounts
Source: NCSC Alerts
Multiple vulnerabilities in various products
Executive summary
On 15 August 2016, CERT-UK was made aware of a list of exploits posted online. These exploits are targeted at vulnerabilities in software found in Cisco switches, routers and firewall products, Fortinet’s Fortiguard, Watchguard and TopSec. Whilst Fortninet and Watchgaurd determined the vulnerabilities were patched years ago, of the two Cisco vulnerabilities, one has been confirmed as a zero-day.
Vulnerabilities – Cisco
The two vulnerabilities affecting Cisco…
Link: Multiple vulnerabilities in various products
Source: NCSC Alerts
Quadrooter vulnerability affecting Android
Executive summary
A number of vulnerabilities have been discovered in the Qualcomm chipsets used in many Android handsets from many of the leading manufacturers. Exploitation of these vulnerabilities could allow an unauthorised user to take full control of an Android device but in order to do so an authorised user would first need to install a malicious app.
Google have stated that three of the four vulnerabilities have been patched with the fourth due in September, although updates will…
Link: Quadrooter vulnerability affecting Android
Source: NCSC Alerts
HTTP/2
Executive summary
HTTP/2 is a faster and more technically advanced version of the current HTTP 1.1 and is being widely adopted following its approval in February 2015. It is already supported by major browsers – Chrome, Firefox, IE11, Edge, Safari, and Opera – and is thought to be used by about one in ten websites.
Four vulnerabilities rated as severe have been discovered in this new version, but fixes have already been made available through a coordinated approach between the…
Link: HTTP/2
Source: NCSC Alerts
Symantec Norton Anti-virus and Endpoint Protection – multiple high severity vulnerabilities
Executive summary
Multiple critical vulnerabilities have been reported in a number of different security products from Symantec, affecting both enterprise and consumer products.
These vulnerabilities include a ‘100% reliable remote exploit’ and a ‘wormable’ flaw that requires no user interaction by the victim for an attacker to exploit.
The vulnerabilities have been fixed by Symantec and performing a manual ‘LiveUpdate’ will update the software to the…
Link: Symantec Norton Anti-virus and Endpoint Protection – multiple high severity vulnerabilities
Source: NCSC Alerts