News

Cloud security

• January 05, 2023 05 Jan'23

  Cyber gang abused free trials to exploit public cloud CPU resources

  A South Africa-based cyber crime gang exploited free trials and introductory offers to run cryptominers via public cloud services, then did a runner without paying

• December 27, 2022 27 Dec'22

  Top 10 ASEAN IT stories of 2022

  Despite the challenges over the past year, ASEAN businesses have taken things in stride as they press on with digital transformation, whether it is empowering citizen developers or building cloud-native applications

• December 22, 2022 22 Dec'22

  Mitiga researchers disclose AWS Elastic IP hijacking vulnerability

  Cloud incident response supplier Mitiga has said a new AWS feature has led to a vulnerability that could allow hackers to access and steal Elastic IP addresses and gain control over AWS accounts

• December 22, 2022 22 Dec'22

  Top 10 cyber security stories of 2022

  The war in Ukraine loomed large over the cyber security news agenda, but 2022 also saw growing awareness of open source security, discussion around cyber insurance, and more besides

• December 14, 2022 14 Dec'22

  New cyber approaches ease Registers of Scotland’s AWS migration

  As the holder of the oldest national public land register in the world, Registers of Scotland has a storied history dating back centuries. Find out how Palo Alto Networks is keeping its processes and data secure as it goes all-in on Amazon Web ...

• December 13, 2022 13 Dec'22

  Finnish government launches information security voucher scheme

  Finland’s government is offering businesses financial support to help them improve their cyber security

• December 12, 2022 12 Dec'22

  Cloud-based fingerprint system for UK police nears completion

  Police Digital Service announces that a new cloud-based fingerprint system developed under its Transforming Forensics programme is nearly complete, but data protection concerns around the use of US-based cloud providers remain

• December 11, 2022 11 Dec'22

  How Zscaler is cracking APAC’s cloud security market

  Zscaler’s head in Asia-Pacific and Japan talks up the company’s growth momentum in the region and what it is doing to address areas where it can do better

• December 08, 2022 08 Dec'22

  Apple to tap third party for physical security keys

  Apple is launching a number of new security protections, including the addition of third-party-provided hardware security keys

• December 08, 2022 08 Dec'22

  Australia to develop new cyber security strategy

  New strategy to be developed by top cyber security experts aims to turn Australia into a global cyber leader, among other goals

• November 30, 2022 30 Nov'22

  Microsoft 365 banned in German schools over privacy concerns

  German schools cannot legally use Microsoft Office 365 over lack of clarity about how data is collected, shared and used, as well as the potential for unlawful transfer of European citizens’ personal data to the US

• November 30, 2022 30 Nov'22

  NIS regulations to be extended to cover MSPs

  The UK government is moving ahead with plans to update the Network and Information Systems regulations to bring outsourcers and MSPs into scope

• November 28, 2022 28 Nov'22

  Panzura partners with AWS on ransomware counter-measures

  Panzura might have slipped beneath the waves, but it’s come back reinvigorated, and now boasts integration with AWS with ransomware protection and Outposts hardware

• November 27, 2022 27 Nov'22

  Plexal inducts six into cyber leadership scheme

  Tech innovation hub Plexal is expanding its Cyber Runway programme with a new Ignite strand dedicated to supporting high-potential security leaders

• November 24, 2022 24 Nov'22

  Not-for-profit aims to encourage 1,300 girls into cyber careers

  CyNam, a not-for-profit cyber security initiative, is collaborating with industry, education providers and government to encourage young women into cyber

• November 16, 2022 16 Nov'22

  Global network fragmentation a source of increasing risk

  Risk consultancy’s report says the weaponisation of cyber space and geopolitical clashes herald a breakdown of global networks into distinct regional or national architectures

• November 14, 2022 14 Nov'22

  How Google and Mandiant are forging synergies in cyber security

  Google’s AI smarts and Mandiant’s intelligence on new and emerging threats could lay the foundation of proactive security

• November 11, 2022 11 Nov'22

  MoD recruits Immersive Labs to bolster cyber resilience

  UK’s Ministry of Defence will run cyber drills and address its security talent gap with Immersive Labs’ CyberPro, Cyber Crisis Simulator and Application Security products

• November 04, 2022 04 Nov'22

  Microsoft: Nation-state cyber attacks became increasingly destructive in 2022

  The willingness of nation-state actors to conduct destructive cyber attacks is a source of grave concern, as Microsoft’s latest annual Digital Defence Report lays bare

• November 03, 2022 03 Nov'22

  The Security Interviews: Building trust online

  Consumer reviews website Trustpilot has built and scaled its IT security team and is now turning to agile methods and DevSecOps to further enhance its cyber capabilities

• November 02, 2022 02 Nov'22

  Dropbox code compromised in phishing attack

  Cloud storage service says malicious actors successfully accessed some of its code within GitHub, but insists customer data is secure

• November 02, 2022 02 Nov'22

  OpenSSL vulnerabilities ‘not as bad as feared’

  As previously trailed, OpenSSL patched two buffer overflow vulnerabilities, neither of them as impactful as had been feared

• October 31, 2022 31 Oct'22

  Prepare today for potentially high-impact OpenSSL bug

  OpenSSL trailed a critical vulnerability patch last week, which will be only the second such flaw ever found in the open source encryption project. Unfortunately, the first was Heartbleed

• October 21, 2022 21 Oct'22

  Microsoft slams external researchers over its own data leak

  Microsoft inadvertently leaked customer data after misconfiguring an Azure Blob, but has hit out at the organisation that discovered its error, claiming it is exaggerating the scope of the issue

• October 13, 2022 13 Oct'22

  Gartner: Remote work, zero trust, cloud still driving cyber spend

  Security leaders are eager to spend on categories including remote and hybrid cyber offerings, zero-trust network access, and cloud

• October 10, 2022 10 Oct'22

  How Cloudflare is staying ahead of the curve

  Cloudflare co-founder and CEO Matthew Prince talks up what has changed since the company’s first business plan was written in 2009 and how it keeps pace with the fast-moving network security landscape

• October 05, 2022 05 Oct'22

  Inside Dell Technologies’ zero-trust approach

  Dell Technologies’ zero-trust reference model starts with defining business controls and having a central control plane that manages all the security aspects of an organisation’s infrastructure

• September 28, 2022 28 Sep'22

  Most hackers exfiltrate data within five hours of gaining access

  Insights from more than 300 sanctioned adversaries, otherwise known as ‘ethical’ hackers, reveal that around two-thirds are able to collect and exfiltrate data within just five hours of gaining access

• September 23, 2022 23 Sep'22

  Threat actors abused lack of MFA, OAuth in spam campaign

  Microsoft threat researchers have reported on a series of cyber attacks in which enterprises with lax IAM policies had their systems hijacked to conduct spam email campaigns

• September 22, 2022 22 Sep'22

  Nordic private equity firms pursue cyber security acquisitions

  Increasing interest in the security sector from Nordic private equity firms is a reflection of growing threats and increasing enterprise security budgets

• September 14, 2022 14 Sep'22

  Microsoft patches 64 vulnerabilities on September Patch Tuesday

  Microsoft drops fixes for five critical vulnerabilities and one zero-day in its latest monthly update

• September 13, 2022 13 Sep'22

  Cloud compromise a doddle for threat actors as victims attest

  Two separate studies into the state of public cloud security reveal insight into the ease with which threat actors can compromise vast numbers of targets, and some of the challenges security teams are facing in the cloud

• September 13, 2022 13 Sep'22

  Users warned over Azure Active Directory authentication flaw

  Secureworks researchers found what they say is a serious vulnerability in an Azure Active Directory authentication method, but Microsoft says it should not pose a serious risk to users

• September 12, 2022 12 Sep'22

  CISOs should spend on critical apps, cloud, zero-trust, in 2023

  Faced with a global recession next year, security buyers should try to direct investment towards technology that protects customer-facing and revenue-generating workloads, say analysts

• September 08, 2022 08 Sep'22

  NCSC CyberUK event heads to Belfast in 2023

  National Cyber Security Centre’s annual CyberUK roadshow is crossing the Irish Sea to Belfast in April 2023

• September 08, 2022 08 Sep'22

  Dutch cyber security organisations to join forces

  Cyber security organisations in the Netherlands are going to merge into a single central expertise centre and information hub, which all organisations in the country will soon be able to tap into

• September 07, 2022 07 Sep'22

  August ’22 a bumper month for high-impact vulnerabilities

  Bugs in products from Apple, Google, Microsoft and VMware dominated the threat landscape in August, says Recorded Future

• September 07, 2022 07 Sep'22

  Cyber threats to Europe’s grid: Utilities rethink strategy

  The separation of operational and information technology at utilities across Europe is opening doors for cyber criminals

• September 05, 2022 05 Sep'22

  How Okta is regaining customer trust after a cyber attack

  In early 2022, cyber firm Okta was among several tech companies hit by the Lapsus$ gang. Vice-president of customer trust Ben King talks about how he has been working behind the scenes to rebuild confidence after the incident

• September 02, 2022 02 Sep'22

  Dutch government finally allowed to use public cloud

  Public cloud is finally within reach for Dutch public services. Previously, the Dutch government was only allowed to use private clouds due to risks concerning privacy and security

• August 22, 2022 22 Aug'22

  Kaspersky threat data added to Microsoft Sentinel service

  Microsoft and Kaspersky have agreed a collaboration to integrate Kaspersky’s threat data feeds into Microsoft’s cloud-native SIEM/SOAR service

• August 19, 2022 19 Aug'22

  Cozy Bear targets MS 365 environments with new tactics

  Cozy Bear, or APT29, is trying out new tricks as it seeks access to its targets’ Microsoft 365 environments

• August 19, 2022 19 Aug'22

  Inside Singapore’s national digital identity journey

  Singapore’s national digital identity system has evolved from providing single sign-on to e-government services to pandemic-related and digital document capabilities in recent years

• August 18, 2022 18 Aug'22

  Growing MFA use spurs ‘pass-the-cookie’ attacks

  The exploitation of stolen session cookies by cyber criminals is once again back on the agenda, thanks to the growing popularity of multifactor authentication tools

• August 11, 2022 11 Aug'22

  NHS may take a month to recover from supply chain attack

  Ransomware attack victim Advanced warns its NHS customers they could be waiting until early September to fully recover their operations

• July 28, 2022 28 Jul'22

  NCSC startups scheme turns focus to operational technology, SME security

  NCSC for Startups initiative turns its focus to supporting innovation around securing operational technology and addressing the challenges facing small businesses

• July 27, 2022 27 Jul'22

  Retail software firm PrestaShop warns users about SQL injection attacks

  Open source e-commerce platform PrestaShop warns thousands of small retailers that their customers’ credit card details may be at risk of compromise

• July 25, 2022 25 Jul'22

  NCSC seeks community input for Cyber Advisor service

  The NCSC is proposing to establish a new Cyber Advisor service to train up experts in security guidance, and is inviting interested parties to come forward

• July 25, 2022 25 Jul'22

  Latest Atlassian Confluence vulnerability raises concerns

  CVE-2022-26138 is the second major vulnerability disclosure made for Atlassian’s Confluence collaboration platform in recent months

• July 20, 2022 20 Jul'22

  (ISC)² expands entry-level cyber programme after UK success

  Flush with success from a UK certification programme, reaching 100k in the UK, (ISC)² now wants to provide free security certification to a million people worldwide