News
IT risk management
-
August 10, 2023
10
Aug'23
PSNI investigating second breach after laptop stolen
Just hours after accidentally disclosing the personal details of 10,000 personnel, the Police Service of Northern Ireland has notified a second data breach after a police issue laptop and documents were stolen from a parked car
-
August 09, 2023
09
Aug'23
Microsoft addresses Office vulnerability attacked by Russian spooks in latest update
Microsoft has issued fixes for over 70 vulnerabilities in its August Patch Tuesday drop, including remedies for CVE-2023-36884, which was disclosed without a fix in July and has been the subject of Kremlin-backed cyber attacks
-
August 08, 2023
08
Aug'23
MPs warn about growing prevalence of tech-enabled domestic abuse
The UK government must take action to prevent perpetrators from being able to use connected or smart technologies to conduct their domestic abuse, a select committee has warned
-
August 08, 2023
08
Aug'23
Workplace monitoring needs worker consent, says select committee
Employers looking to monitor their employees through connected devices should only to so with the consent of those affected due to negative impacts such surveillance can have on work intensification and mental health
-
August 08, 2023
08
Aug'23
Many UK organisations considering ChatGPT bans on employee devices
More than 60% of organisations in the UK have either banned, or are considering banning, the use of generative AI tools on employee- or business-owned devices
-
August 07, 2023
07
Aug'23
Rise in fraudsters spoofing the websites of leading UK banks
Despite safeguards to protect customers from scams, UK retail banks are still seeing high volumes of fake phishing websites exploiting their brands, and the problem seems to be increasing in scope and scale
-
August 04, 2023
04
Aug'23
Log4Shell, ProxyShell still among most widely exploited flaws
Statistics released by the collective Five Eyes cyber agencies reveals insight into the most exploited vulnerabilities of 2022, and unsurprisingly there are some old ‘friends’ on the list
-
August 04, 2023
04
Aug'23
Biden’s SBOM mandate a ‘shot heard around the world’, report says
Two years and three months after Joe Biden mandated new standards in supply chain security, over 40% of UK respondents to a survey say they have implemented new SBOM policies in direct response
-
August 03, 2023
03
Aug'23
Scottish NHS trust ducks fine after staff shared patient data via WhatsApp
NHS Lanarkshire has been issued a formal reprimand by the ICO after staff members used WhatsApp to share patients’ personal data with one another
-
August 03, 2023
03
Aug'23
Microsoft attacked over ‘grossly irresponsible’ security practice
The CEO of Tenable has launched a scathing attack on Microsoft, asserting that the organisation is deliberately keeping its Azure cloud customers in the dark about dangerous vulnerabilities and accusing it of a culture of ‘toxic obfuscation’
-
July 27, 2023
27
Jul'23
Cyber criminals pivot away from ransomware encryption
Cyber breaches that saw data theft and extortion without an encryption or ransomware component account for more and more incidents, in a possible indication that ransomware gangs are changing up their business models
-
July 27, 2023
27
Jul'23
Ant Group teams with NTU to advance privacy-preserving technologies
The Chinese fintech giant is partnering with Singapore’s Nanyang Technological University on a cryptographic protocol that ensures the privacy of transacting parties
-
July 25, 2023
25
Jul'23
Tetra radio users’ comms may have been exposed for years
A number of flaws in the encryption algorithms used in the secure Tetra radio communications standard have potentially left users exposed to snooping
-
July 24, 2023
24
Jul'23
Citrix NetScaler users told to patch new zero-day urgently
A vulnerability disclosed and patched last week by Citrix appears to be being exploited by China-backed threat actors as a zero-day, prompting warnings from government cyber bodies
-
July 24, 2023
24
Jul'23
Tribunal investigates complaint that journalists’ phones were unlawfully monitored
The Investigatory Powers Tribunal has agreed to investigate complaints by Northern Ireland investigative journalists Trevor Birney and Barry McCaffrey that they were unlawfully placed under surveillance
-
July 24, 2023
24
Jul'23
Security AI and automation may reduce cost of data breaches
Organisations that go all in on security AI and automation tend to incur lower financial costs when they experience a data breach incident, according to an IBM report
-
July 24, 2023
24
Jul'23
Why cyber security should be part of your ESG strategy
The impact of data breaches and cyber threats on businesses, societies and the environment makes cyber security a key consideration in an environment, social and governance strategy
-
July 21, 2023
21
Jul'23
Government boosts protection for encryption in Online Safety Bill but civil society groups concerned
House of Lords adopts amendment to require Ofcom to commission a report before requiring technology companies to scan encrypted messages, but drops proposals for judicial oversight
-
July 20, 2023
20
Jul'23
Online Safety Bill screening measures amount to ‘prior restraint’
The Open Rights Group is calling on Parliament to reform the Online Safety Bill, on the basis that its content-screening measures would amount to “prior restraint” on freedom of expression
-
July 20, 2023
20
Jul'23
How the DSMA balances security and privacy with press freedom
In a world of information sharing and 24-hour news cycles, the Defence and Security Media Advisory committee have to balance national security and data privacy with freedom of the press
-
July 19, 2023
19
Jul'23
Half of cyber pros engage in risky behaviour at work, report claims
Approximately 55% of security professionals say they have engaged in behaviours they would more usually advise against in the workplace, according to a report
-
July 19, 2023
19
Jul'23
Cyber criminal AI tool WormGPT produces ‘unsettling’ results
A newly discovered generative AI tool dubbed WormGPT is being sold to the cyber criminal underground via the dark web, and poses a significant danger, researchers warn
-
July 18, 2023
18
Jul'23
NATO membership to drive Nordic cyber security sector growth
The Nordic cyber security sector will see increasing demand as Finland and Sweden joint NATO
-
July 18, 2023
18
Jul'23
Critical Adobe ColdFusion flaws chained in ongoing cyber attacks
Two vulnerabilities in Adobe ColdFusion have been chained by threat actors to target victim systems, apparently after one of them was accidentally disclosed
-
July 17, 2023
17
Jul'23
Police Scotland use cloud for biometric data despite clear risks
Police Scotland confirms it has stored significant volumes of biometric data on a cloud-based digital evidence sharing system despite major ongoing data protection concerns, bringing into question the effectiveness of the current regulatory approach...
-
July 13, 2023
13
Jul'23
Civil society groups call on EU to put human rights at centre of AI Act
Dozens of civil society groups are calling on EU institutions to prioritise people and human rights in AI legislation as secretive negotiations begin
-
July 13, 2023
13
Jul'23
Microsoft issues new warning over Chinese cyber espionage
A newly uncovered Chinese espionage campaign exploited forged authentication tokens to access its victims’ email accounts, says Microsoft
-
July 12, 2023
12
Jul'23
Ofcom’s online safety preparedness efforts hobbled by government
Despite Ofcom’s progress so far, UK government changes to the scope and timetable of the Online Safety Bill are hobbling the ability of the regulator to successfully prepare for the new regime
-
July 12, 2023
12
Jul'23
Hackers: We won’t let artificial intelligence get the better of us
AI is changing how ethical hackers go about their work, and will continue to do so, but the community is convinced the technology will never be able to replicate the creativity of a flesh-and-blood hacker
-
July 11, 2023
11
Jul'23
EU formally grants data adequacy to US
The European Commission has formally granted the US data adequacy, allowing companies and organisations to freely transfer personal data across the Atlantic via the EU-US Data Privacy Framework. But privacy activist Max Schrems has already committed...
-
July 11, 2023
11
Jul'23
Malicious URL volumes soar as cyber criminals pull on Threads
Malicious actors have been quick to exploit the buzz around Meta’s newly launched Threads platform, with thousands of new suspicious domains registered exploiting its branding
-
July 06, 2023
06
Jul'23
VMware ramps up on sovereign cloud in APAC
VMware is working with local partners to deliver sovereign cloud services in the region, amid growing sovereignty interests among governments and the need maintain business continuity
-
July 06, 2023
06
Jul'23
Biometrics watchdog calls for public space surveillance review
The biometrics and surveillance camera commissioner is calling for a review of public space surveillance to gain a clearer picture about the proliferation of Chinese surveillance technology across the public sector, but warns against applying double...
-
July 06, 2023
06
Jul'23
Meta’s Threads hits app stores, but no EU launch in sight
Meta’s Twitter competitor makes its debut and signs up millions of users in just 12 hours, but concerns over compliance with the EU’s Digital Markets Act have sunk a pan-European launch for now
-
July 05, 2023
05
Jul'23
HSBC explores quantum-safe comms to AWS edge
Banking group HSBC is looking at how to secure transactions and the benefits of quantum computing in finance
-
July 03, 2023
03
Jul'23
Over half of ANZ organisations hit by ransomware
Amid the rising ransomware threat, almost four in five organisations in ANZ expect to pay a ransom if they could recover data and business processes
-
June 30, 2023
30
Jun'23
AI can never be given control over combat decisions, Lords told
Artificial intelligence is technically incapable of distinguishing between the complex contextual factors of combat situations, and will likely never be able to, according to legal and software experts
-
June 29, 2023
29
Jun'23
‘Shadow’ AI use becoming a driver of insider cyber risk
Off-the-books use of generative AI tools will inevitably lead to a costly, high-profile data breach for someone, but a little attention paid to appropriate data management policy can help mitigate the risk
-
June 27, 2023
27
Jun'23
A tenth of kids claim they could hack you
More and more young people are at risk of being drawn into cyber criminality, and parents must shoulder some of the blame, according to a report
-
June 23, 2023
23
Jun'23
ICO under fire for taking limited action over serious data breaches
The ICO has come under fire from lawyers and data protection specialists for just issuing written warnings to two public bodies over serious data breaches that placed people’s lives at risk
-
June 23, 2023
23
Jun'23
Phishing and ransomware dominate Singapore’s cyber threat landscape
Phishing and ransomware attacks continued apace in Singapore last year amid signs of improving cyber hygiene
-
June 22, 2023
22
Jun'23
Lancaster University launches trailblazing cyber MBA
MBA programme at Lancaster University designed to deliver security leadership education to business leaders has received NCSC backing
-
June 19, 2023
19
Jun'23
Nakivo adds ransomware scanning and new restore options
Backup maker adds malware scanning with big names in security to immutable backup copy functionality. “Tape’s not dead” either, with restore from the venerable medium now possible
-
June 15, 2023
15
Jun'23
Exploitation of Barracuda ESG appliances linked to Chinese spies
Intelligence from Mandiant links exploitation of a flaw in a subset of Barracuda ESG appliances to a previously untracked China-nexus threat actor
-
June 15, 2023
15
Jun'23
NCSC warns over ‘enduring’ LockBit threat
Although its activity volumes have been lower of late, LockBit is still a highly dangerous ransomware gang and is now the subject of a new international cyber advisory
-
June 14, 2023
14
Jun'23
Cyber attacks against APAC commerce sector surpass 1.1 billion
Retailers, hotels and travel-related organisations in the region saw over a billion cyber attacks last year amid the surge in e-commerce activity and online travel bookings
-
June 08, 2023
08
Jun'23
CDEI publishes portfolio of AI assurance techniques
The UK’s Centre for Data Ethics and Innovation has published a variety of case studies to show how different assurance techniques can build and maintain trust in artificial intelligence systems
-
June 08, 2023
08
Jun'23
Vulnerability exploitation volumes up over 50% in 2022
Data from Palo Alto Networks’ Unit 42 threat intel specialists reveals insight into the scale of vulnerability exploitation in the wild
-
June 06, 2023
06
Jun'23
Google launches hacker-backed SME security training scheme
Citing research that shows almost half of SMEs are struggling to recruit cyber security specialists, Google is launching a programme designed to upskill more people to fill thousands of vacant roles
-
June 06, 2023
06
Jun'23
Cyber spotlight falls on boardroom ‘privilege’ as incidents soar
Three quarters of data breaches now involve a significant human element, and the higher up they get in an organisation, the more risks people seem to take, according to Verizon’s annual Data Breach Investigations Report