News
IT risk management
-
May 04, 2022
04
May'22
Intellectual property theft operation attributed to Winnti group
Winnti conducted a prolonged cyber espionage campaign that went undetected for years, allowing it to exfiltrate massive amounts of corporate data and intellectual property
-
May 03, 2022
03
May'22
Five TLS comms vulnerabilities hit Aruba, Avaya switching kit
Five new vulnerabilities in the implementation of transport layer security communications leave several popular switches vulnerable to remote code execution
-
April 28, 2022
28
Apr'22
Manufacturer sues JPMorgan after cyber criminals stole $272m
Manufacturer files lawsuit alleging that US bank failed to inform it of suspicious transaction activity
-
April 28, 2022
28
Apr'22
Russia plumbs new depths in cyber war on Ukraine
Microsoft details cyber attacks on Ukrainian civilian communications, nuclear safety authorities, and the exploitation of the destruction of Mariupol in a phishing campaign
-
April 28, 2022
28
Apr'22
CIOs have the greatest impact on business
Chief information officers see their role as core in building out the IT and security infrastructure and talent pool that their organisations require to grow post-pandemic
-
April 27, 2022
27
Apr'22
Log4Shell, ProxyLogon, ProxyShell among most exploited bugs of 2021
These 15 CVEs were the most commonly exploited last year, and if you haven’t mitigated against them, now is the time
-
April 27, 2022
27
Apr'22
Leeds Beckett’s ethical hacking platform wins Innovate UK backing
An ethical hacking and cyber education platform developed at Leeds Beckett University has received a major funding boost to help it launch commercially
-
April 27, 2022
27
Apr'22
Ransomware victims paying out when they don’t need to
Sophos’s annual State of Ransomware report shows dramatic increases in the impact of ransomware attacks, but also finds many organisations are paying ransoms when they don’t need to
-
April 26, 2022
26
Apr'22
Coralogix makes foray into cyber security with Snowbit
Observability platform supplier Coralogix has set up a cyber security venture and a global security resource centre in India to tap the growth opportunities in the subcontinent
-
April 25, 2022
25
Apr'22
Sophos soaks up SOC.OS
Sophos says acquisition of BAE spinout SOC.OS will enhance its managed threat and extended detection and response services
-
April 25, 2022
25
Apr'22
Mimecast makes deeper push into ASEAN
Mimecast opens regional office in Singapore and is looking at setting up a datacentre in Southeast Asia as it makes a deeper push into the region
-
April 22, 2022
22
Apr'22
What’s up with Conti and REvil, and should we be worrying?
New intelligence on some of the world’s most prolific ransomware gangs suggests recent disruption to their activities was like water off a duck’s back
-
April 22, 2022
22
Apr'22
UAE bolsters cyber security
The United Arab Emirates has successfully improved its security posture amid mounting cyber threats
-
April 21, 2022
21
Apr'22
Zoom adds new round of cyber security enhancements
Videoconferencing platform Zoom adds multiple third-party security certifications and service enhancements
-
April 21, 2022
21
Apr'22
Five Eyes in new Russia cyber warning
Latest cross-body alert warns of Russian threat to utilities and other core elements of national infrastructure
-
April 21, 2022
21
Apr'22
Impact of Lapsus$ attack on Okta less than feared
Okta’s investigation into Lapsus$ breach of its systems via a Sitel workstation has concluded that the impact was significantly less than the maximum potential
-
April 20, 2022
20
Apr'22
One-third of scams that hit TSB are impersonation fraud
TSB reports an increase in fraudsters impersonating trusted organisations to trick consumers into making payments to them
-
April 20, 2022
20
Apr'22
Home secretary Priti Patel to decide whether to extradite Assange
Home secretary will decide in four weeks whether to approve Julian Assange’s extradition to the US, where he faces espionage and hacking charges
-
April 20, 2022
20
Apr'22
AWS fixes vulnerabilities in Log4Shell hot patch
AWS issues fixes for a series of Log4Shell hot patches after they turned out to leave its services vulnerable to further exploitation
-
April 20, 2022
20
Apr'22
NSO Group faces court action after Pegasus spyware used against targets in UK
Three human rights activists whose phones were targeted by spyware traced to Saudi Arabia and the United Arab Emirates have begun legal action against both countries and Israel’s NSO Group Technologies
-
April 19, 2022
19
Apr'22
Hammers sign Acronis as backup and security in one
West Ham United set to replace separate backup from Veeam and a variety of security products with Acronis Cyber Protect to have backup, data protection and file share on a single platform
-
April 14, 2022
14
Apr'22
Lack of expertise hurting UK government’s cyber preparedness
UK government bodies and critical infrastructure owners cite a lack of staff resources, and internal and external expertise, as hampering factors when it comes to cyber readiness, according to a report
-
April 14, 2022
14
Apr'22
Incontroller ICS malware has ‘rare, dangerous’ capabilities, says Mandiant
Mandiant joins a growing chorus of warnings over novel nation state threats to ICS systems
-
April 13, 2022
13
Apr'22
More ANZ organisations warm to DevSecOps
About four in 10 organisations in Australia and New Zealand are undertaking the transition to development, security and operations, while a further 36% plan to do so in 2022, study finds
-
April 12, 2022
12
Apr'22
Universal IAM policy failings put cloud environments at risk
Almost all organisations lack appropriate IAM policy controls to effectively secure their data in the cloud, according to a damning study
-
April 12, 2022
12
Apr'22
AI researcher says police tech suppliers are hostile to transparency
Expert witness in Lords police tech inquiry welcomes committee’s findings but questions whether its recommendations on how to end the ‘Wild West’ of police artificial intelligence and algorithmic technologies in the UK would be implemented
-
April 08, 2022
08
Apr'22
Was Spring4Shell a lot of hot air? No, but...
Find out why Spring4Shell was apparently not as impactful a security problem as many had at first feared, and why it’s on the cyber community as a whole to do better
-
April 05, 2022
05
Apr'22
Triple-threat Borat malware no joke for victims
Unlike its namesake, the newly discovered Borat malware won’t raise a smile for IT security pros
-
April 04, 2022
04
Apr'22
How remote browser isolation can mitigate cyber threats
Remote browser isolation can help to mitigate browser-based attacks by separating a user’s browsing activity from the device
-
April 01, 2022
01
Apr'22
Four moves to ‘checkmate’ critical assets thanks to lax cloud security
Malicious actors can compromise 94% of critical assets within four steps of the initial breach point, according to a report
-
March 31, 2022
31
Mar'22
Global upheaval shows cyber security isn’t good enough, says GCHQ director
Generational global upheaval has laid bare significant gaps in national cyber strategies, GCHQ chief Jeremy Fleming has said in a speech
-
March 30, 2022
30
Mar'22
One-third of UK firms suffer a cyber attack every week
New statistics from the annual DCMS Cyber security breaches survey reveal the extent and frequency with which UK organisations are being attacked by malicious actors
-
March 30, 2022
30
Mar'22
Australia to spend A$9.9bn on intelligence and cyber capabilities
The Morrison government is investing in a landmark package of measures to shore up the intelligence and cyber security capabilities of the Australian Signals Directorate
-
March 29, 2022
29
Mar'22
NCSC: Not necessarily wise to ditch Kaspersky
UK’s National Cyber Security Centre issues refreshed guidance on organisations’ usage of technology and services of Russian origin, but stops short of advising users to expunge all Russian products from their IT estates
-
March 29, 2022
29
Mar'22
Wave of Log4j-linked attacks targeting VMware Horizon
Sophos issues a new warning to organisations that have so far failed to patch their VMware Horizon servers against Log4Shell
-
March 29, 2022
29
Mar'22
FCA reports 52% jump in security incidents
The Financial Conduct Authority received 116 cyber incident reports in 2021, a fifth of them involving ransomware
-
March 29, 2022
29
Mar'22
Singapore rolls out cyber security certification scheme
Two new cyber security marks are expected to provide an edge for Singapore businesses with good cyber security practices
-
March 28, 2022
28
Mar'22
IT professionals wary of government campaign to limit end-to-end encryption
Members of the Chartered Institute of IT, the professional body for technology professionals in the UK, warn against limiting end-to-end encryption
-
March 25, 2022
25
Mar'22
US offers concessions on surveillance and privacy as EU and US agree successor to Privacy Shield
EU and US agree data privacy framework allowing trans-Atlantic data transfers after US offers concessions on surveillance and new rights of redress for EU citizens
-
March 25, 2022
25
Mar'22
European Commission proposes new cyber security regulations
New cyber and information security regulations have been proposed by the European Commission to create a minimum set of standards in both areas
-
March 25, 2022
25
Mar'22
London police arrest seven in connection to Lapsus$
Seven people arrested by London police over cyber attacks carried out by Lapsus$ group, which is responsible for a number of recent, high profile attacks
-
March 25, 2022
25
Mar'22
How Lapsus$ exploited the failings of multifactor authentication
Attacks on Nvidia and Okta highlight weak MFA and the risk of employees being bribed or falling victim to social engineering
-
March 24, 2022
24
Mar'22
Ransomware demands and payments increase with use of leak sites
Ransomware demands and payments continue to climb as gangs increasingly turn to Dark Web leak sites to add pressure on victims
-
March 24, 2022
24
Mar'22
The Security Interviews: Red gets automated
We speak to Jack Stockdale, CTO of Darktrace, about Cambridge’s strong data analytics and artificial intelligence links and the role of AI in cyber security
-
March 24, 2022
24
Mar'22
How India organisations can mitigate cyber threats
Organisations in India will need to invest more in cloud security, gain more visibility into their systems and improve security awareness among employees to fend off cyber attacks
-
March 23, 2022
23
Mar'22
NHS urgent care provider uses ID and access management to reduce complexity for clinicians
Provider of care through NHS 111 is using a cloud-based identity and access management system to remove the need for clinicians to remember multiple passwords
-
March 22, 2022
22
Mar'22
Biden issues warning about Russian cyber attacks
President Biden has said that US companies running critical infrastructure should immediately harden their defences in anticipation of potential cyber attacks from Russia
-
March 22, 2022
22
Mar'22
Details of Conti ransomware affiliate released
Information about a new Conti affiliate has been released by eSentire and BreakPoint Lab after a joint investigation into the group’s indicators of compromise
-
March 18, 2022
18
Mar'22
Dark web littered with Ukraine crypto scammers
Cryptocurrency scammers are actively targeting people trying to donate funds to support Ukraine
-
March 18, 2022
18
Mar'22
Ukrainian cyber defences prove resilient
Thanks to a combination of prior experience and global support, Ukraine’s defences against cyber incidents are holding strong in the face of Russian attacks