News
Privacy and data protection
-
September 25, 2023
25
Sep'23
Apple fixes three vulnerabilities found by spyware researchers
Apple has patched three more vulnerabilities uncovered by spyware and surveillance researchers at The Citizen Lab
-
September 22, 2023
22
Sep'23
UK-US data bridge to open to traffic on 12 October
Government forges ahead with the implementation of the UK-US data bridge, which will come into effect for real just under three weeks from now
-
September 22, 2023
22
Sep'23
Cyber experts set out plan to secure future US elections
A group of experts are setting out to enhance election cyber security in the United States, and restore public faith in a process tainted by interference and misinformation in the past
-
September 21, 2023
21
Sep'23
‘Top’ ransomware gangs favour smaller businesses
Despite high-profile attacks on prominent organisations, the world’s most prolific ransomware operations tend to target smaller businesses
-
September 21, 2023
21
Sep'23
Poor digital experience a blocker for cyber resilience
Organisations that neglect the digital employee experience are not only vulnerable to employee attrition, but putting themselves at increased cyber risk, an Ivanti report finds
-
September 20, 2023
20
Sep'23
Parliament passes sweeping Online Safety Bill but tech companies still concerned over encryption
Ofcom will consult on standards to enforce new powers, but tech companies remain concerned about the impact of the bill’s ‘spy clause’, which could require them to scan encrypted messages
-
September 20, 2023
20
Sep'23
Organisations failing to proactively address insider cyber risk
Organisations are spending less than 10% of their annual security budgets on trying to solve one of the costliest problems in cyber: insider risk
-
September 20, 2023
20
Sep'23
Multi-agency pilot aims to help innovators navigate regulatory landscape
Regulators join forces in pilot scheme to help businesses deploy new technologies in a way that complies with cross-industry regulations
-
September 19, 2023
19
Sep'23
Braverman puts pressure on Meta to pause end-to-end encryption plans
The home secretary is calling on Meta to halt its plans to introduce encrypted messaging services on Facebook and Instagram until the company puts measures in place to detect abuse
-
September 19, 2023
19
Sep'23
New revelations from the Snowden archive surface
A decade after Snowden exposed NSA’s mass surveillance in cooperation with the British GCHQ, only about 1% of the documents have been published – but three major facts can finally be revealed thanks to a doctoral thesis in applied cryptography by ...
-
September 19, 2023
19
Sep'23
Okta confirms link to cyber attacks on Las Vegas casinos
Okta CISO David Bradbury confirms widespread speculation about the high-profile cyber attacks on two Las Vegas casino operators, revealing that the threat actors responsible had indeed abused its services as they earlier claimed
-
September 18, 2023
18
Sep'23
Unregulated DeFi services abused in latest pig butchering twist
Pig butchering scammers are taking advantage of the unregulated nature of DeFi crypto trading apps to siphon off even more money from their victims, according to the latest findings of an ongoing investigation
-
September 18, 2023
18
Sep'23
Government seeks industry views on cyber threat to UK CNI
The Science, Innovation and Technology Select Committee is seeking evidence from the cyber sector as it launches an inquiry into the resilience of the UK's critical national infrastructure
-
September 15, 2023
15
Sep'23
TikTok fined €345m under GDPR for failing to protect children’s privacy
Data protection regulators warn social media companies to take all necessary measures to protect children’s privacy
-
September 15, 2023
15
Sep'23
Las Vegas mainstay Caesars Palace likely paid off ransomware crew
Caesars Entertainment, owner of the lavish Roman Empire-themed Caesars Palace casino in Las Vegas, has revealed it also suffered a ransomware attack, and appears to have paid off its hackers
-
September 15, 2023
15
Sep'23
Manchester police data breach a classic supply chain incident
The developing data breach at Greater Manchester Police follows a cyber attack on the systems of a key supplier of ID services to the force
-
September 14, 2023
14
Sep'23
Data on over 3,000 Airbus suppliers leaked after breach
An emergent threat actor has leaked details of multiple sensitive Airbus suppliers after claiming to have accessed the firm’s systems having hacked customer Turkish Airlines
-
September 14, 2023
14
Sep'23
BlackCat on the hook for cyber attack that crippled Vegas casinos
The ALPHV/BlackCat ransomware operation claimed responsibility for an attack that forced MGM Resorts to shut down systems at some of Las Vegas’ most popular gambling venues
-
September 14, 2023
14
Sep'23
Google, Microsoft and Mozilla push browser updates to foil zero-day
A zero-day in Google’s Chrome browser was first reported by surveillance researchers at The Citizen Lab and Apple, but also affects other browsers
-
September 14, 2023
14
Sep'23
As vehicle safety regulations loom, carmakers fret over cyber risks
Global, UN-backed car safety and security regulations come into force next year, and automotive bosses say they are not only unprepared, but “swamped” by a tide of compliance and security risks
-
September 13, 2023
13
Sep'23
GCHQ breached privacy rights of IT professional and security researcher, human rights court rules
The European Court of Human Rights in Strasbourg finds UK intelligence services breached the privacy rights of two overseas nationals – an IT professional and a security researcher
-
September 13, 2023
13
Sep'23
GitHub fixes race condition that could have led to ‘repojacking’
A subtle flaw in how GitHub handled repository creation and user renaming could have had serious consequences for the open source community, but has now been fixed. Learn more about how it worked
-
September 13, 2023
13
Sep'23
BianLian ransomware gang holds Save the Children hostage
The dangerous and prolific BianLian ransomware gang claims to have stolen almost 7TB of data from NGO Save the Children, but thankfully the charity’s vital work on the ground appears to be unaffected
-
September 12, 2023
12
Sep'23
US casino giant MGM Resorts battles 36-hour outage after cyber attack
Multiple systems at US hotel and casino operator MGM went down in the wake of the incident on 10 September, crippling several of Las Vegas’ most prominent casinos
-
September 11, 2023
11
Sep'23
Polish election questioned after Pegasus spyware used to smear opposition, investigation finds
Senate committee alerts prosecutors over potential crimes by public officials involved in purchasing Pegasus spyware used to monitor and smear political opponents
-
September 11, 2023
11
Sep'23
How Culture Amp is tapping generative AI
Australia’s Culture Amp is building a generative AI capability that summarises employee survey responses, automating a process that typically takes HR admins up to hundreds of hours to complete
-
September 08, 2023
08
Sep'23
Apple patches Blastpass exploit abused by spyware makers
Apple has patched two vulnerabilities that formed an exploit chain which has been allegedly abused by spyware company NSO
-
September 08, 2023
08
Sep'23
Deputy PM urges UK plc not to lose focus on cyber
In a speech at TechUK, deputy prime minister Oliver Dowden urges the cyber security community not to lose focus, and to do more to further collaboration across sectors
-
September 08, 2023
08
Sep'23
North Koreans using new zero-day to target security researchers
A threat actor linked to the North Korean government is continuing a long-running campaign targeting legitimate security researchers, using an as-yet undisclosed zero-day vulnerability to gain access to their victims
-
September 07, 2023
07
Sep'23
UK minister fails to reassure tech companies over encryption risk
Technology companies say reassurances by government ministers that they have no intention of weakening end-to-end encrypted communication services do not go far enough
-
September 07, 2023
07
Sep'23
Honeywell goes quantum to protect utilities from future threats
Honeywell and quantum computing specialist Quantinuum will integrate quantum-hardened encryption keys into future smart meters
-
September 07, 2023
07
Sep'23
UK and US slap fresh sanctions on Conti ransomware crew
London and Washington DC have imposed sanctions on 11 more members of the cyber criminal gang behind the Conti ransomware attacks
-
September 06, 2023
06
Sep'23
Meet the professional BEC op that targeted Microsoft 365 users for years
The so-called W3LL cyber crime operation ran a phishing empire that has played a large role in compromising Microsoft 365 accounts for years. Its activities are now coming to light thanks to Group-IB researchers
-
September 05, 2023
05
Sep'23
Researchers find flaw in Mend.io security platform
WithSecure’s research team uncovered an authentication flaw in an application security platform developed by Mend.io, which has now been fixed
-
September 05, 2023
05
Sep'23
Law firm Fieldfisher launches data breach management tool
UK and European data breach law specialist Fieldfisher has enlisted legal tech specialist Lawcadia to supply a 24-hour data breach notification assessment platform
-
September 05, 2023
05
Sep'23
NCSC names ex-NCC man as new CTO
New NCSC CTO Ollie Whitehouse joins from NCC Group, having also worked at BlackBerry and Symantec
-
September 05, 2023
05
Sep'23
Plymouth Uni spearheads research into wind farm cyber resilience
Project hosted at the University of Plymouth in Devon aims to develop cyber security measures to protect the UK’s increasingly important offshore wind farm assets
-
September 04, 2023
04
Sep'23
LockBit ransomware gang allegedly leaks MoD data after hit on supplier
The UK government appears to have become entangled in a LockBit ransomware attack after data was leaked from a third-party supplier online
-
September 01, 2023
01
Sep'23
Police Scotland five-year digital strategy approved
Police Scotland’s new strategy outlines how the force will approach and invest in its digital transformation over the next five years, but notes its ability to achieve its ambitions is subject to the availability of funding
-
September 01, 2023
01
Sep'23
IT experts issue new warnings over Online Safety Bill plans to weaken end-to-end encryption
BCS, The Chartered Institute for IT, argues the government is seeking a technical fix to terrorism and child abuse without understanding the risks and implications
-
August 31, 2023
31
Aug'23
Sandworm attacks Ukraine with Infamous Chisel malware
The UK and its allies have attributed a novel malware campaign against Ukrainian state targets to the Russian intelligence-backed Sandworm APT
-
August 31, 2023
31
Aug'23
Ducktail social media marketing malware rears its head again
Use of the Ducktail infostealer, which first popped up in 2022 targeting Meta Business accounts, seems to be increasing
-
August 31, 2023
31
Aug'23
Home Office and MoD seeking new facial-recognition tech
The UK’s Defence and Security Accelerator is running a ‘market exploration’ exercise on behalf of the Home Office to identify new facial-recognition capabilities for security and policing bodies in the UK
-
August 30, 2023
30
Aug'23
Cyber world hails downfall of Qakbot trojan
A multinational law enforcement hacking operation disrupted the botnet infrastructure used to distribute the Qakbot trojan at the weekend, in a major setback for the cyber criminal underworld
-
August 30, 2023
30
Aug'23
NCSC warns over possible AI prompt injection attacks
The UK’s NCSC says it sees alarming potential for so-called prompt injection attacks driven by the large language models that power AI chatbots
-
August 24, 2023
24
Aug'23
Google bets on AI-backed cyber controls for Workspace users
Zero-trust and digital sovereignty controls are the focus of a series of enhancements being made for Google Workspace users
-
August 23, 2023
23
Aug'23
St Helens Council in Merseyside hit by ransomware attack
St Helens Borough Council is investigating a suspected ransomware incident targeting its systems, and is advising residents to be on the alert for follow-on phishing attacks
-
August 22, 2023
22
Aug'23
Singapore to bolster OT security capabilities
Cyber Security Agency of Singapore teams up with Dragos and the US Cybersecurity and Infrastructure Security Agency to bolster the country’s OT security capabilities
-
August 17, 2023
17
Aug'23
Researchers demo fake airplane mode exploit that tricks iPhone users
Exploit chain that tricks a victim into believing their iOS device is offline in airplane mode when it is not could open the door to grave privacy concerns
-
August 16, 2023
16
Aug'23
CyberArk eyes growth beyond PAM
CyberArk is seeing exponential growth in the broader identity security market as the company expands its capabilities beyond privileged access management