News
Data breach incident management and recovery
-
December 13, 2019
13
Dec'19
Alarm bells ring, the IoT is listening
With Christmas bearing down on us, a series of vulnerability disclosures has drawn attention to the parlous state of IoT security, and serves as a timely warning to people planning to buy smart devices as gifts
-
December 10, 2019
10
Dec'19
Rapid evolution of quantum computing a concern for CISOs
With the race to achieve so-called quantum supremacy hotting up, security pros are concerned that it will outpace the development of appropriate safeguards, according to a report
-
December 09, 2019
09
Dec'19
Public sector still losing user devices in high numbers
The Ministry of Justice has lost 354 smartphones, PCs, laptops and tablets in the past 12 months, according to a Freedom of Information request, and other government departments are in the same boat
-
December 06, 2019
06
Dec'19
How commodities firm ED&F Man solved its threat detection challenges
After a minor server breach, leading commodities trader turned to Vectra’s Cognito service to expose hidden threats, spot privilege misuse, and conduct conclusive investigations
-
December 06, 2019
06
Dec'19
Cyber security takes its place alongside UK’s armed services
Head of armed services says cyber security will take its place alongside the army, navy and air force as a key pillar of the UK’s defence strategy
-
December 06, 2019
06
Dec'19
Great Cannon DDoS operation fires on Hong Kong protesters
AT&T’s security unit has evidence that China is pressing its Great Cannon DDoS tool into service once again, specifically to target pro-democracy protests in Hong Kong
-
December 05, 2019
05
Dec'19
Two Russians indicted over Dridex and Zeus malware
The US Department of Justice has indicted two Russian citizens over their alleged role in the distribution of the virulent Bugat, or Dridex, and Zeus banking trojans
-
December 04, 2019
04
Dec'19
Black Hat Europe: Red teams and blue teams must evolve in the 2020s
The red team versus blue team dichotomy is somewhat arbitrary and risks pigeonholing skilled security professionals into certain roles, says Facebook’s Amanda Rousseau
-
November 29, 2019
29
Nov'19
TfL locks down Oyster accounts to ward off credential stuffing
Mandatory password reset for all travellers who use Oyster and contactless payment systems follows minor breach incident earlier in 2019
-
November 29, 2019
29
Nov'19
Hack Friday: This Christmas, fight back against cyber criminals
It’s nearly Christmas, and cyber attacks and fraud attempts in the retail sector are ramping up. Is it time to panic? And is there anything we can do beyond hammering home the message around basic cyber security hygiene?
-
November 28, 2019
28
Nov'19
The Security Interviews: Do cyber weapons need a Geneva Convention?
On a cold afternoon in Finland, F-Secure’s Mikko Hypponen discusses cyber weapons and nation state threats, and explains why arms limitations treaties might one day expand to include malware and other threats
-
November 27, 2019
27
Nov'19
Security skills gap will take a decade to fill
The British education systems cannot move fast enough to address the security skills crisis, and in the absence of government action increased reliance on automation may be the least worst solution
-
November 26, 2019
26
Nov'19
Enterprises muddled over cloud security responsibilities
A McAfee study suggests that 2020 will be a big year for cloud adoption, but confusion still persists over who is responsible for securing it
-
November 25, 2019
25
Nov'19
AI may open dangerous new frontiers in geopolitics
Truly artificial intelligence has the potential to provoke an international geopolitical crisis, warns F-Secure’s Mikko Hypponen
-
November 25, 2019
25
Nov'19
Conservatives propose national cyber crime force
Manifesto also says Tories would “empower the police to safely use new technologies like biometrics and artificial intelligence, along with the use of DNA, within a strict legal framework”
-
November 22, 2019
22
Nov'19
Mystery surrounds leak of four billion user records
Threat researchers uncover four billion user records on a wide-open Elasticsearch server but who left them there is a mystery
-
November 21, 2019
21
Nov'19
British Airways cancels flights due to technical issue
British Airways customers are suffering delays and cancellations as a result as a technical issue
-
November 20, 2019
20
Nov'19
Mimecast blocked 99 billion suspicious emails in third quarter
Latest threat intelligence report reveals the scale of the threat posed by malicious emails, with the transport, legal and financial sectors hit hardest
-
November 20, 2019
20
Nov'19
Massive increase in fraud attacks on TSB customers during IT meltdown
There was a massive spike in attempts by fraudsters to steal from TSB customers when the bank’s IT systems failed in 2018
-
November 19, 2019
19
Nov'19
Public sector risks downplayed by senior IT leaders
Sophos reveals a significant cyber security perception gap between senior IT and security leaders in the public sector and their front-line teams
-
November 19, 2019
19
Nov'19
Macy’s Magecart breach presages Christmas fraud spike
US retailer Macy’s admits some customer data was accessed by unknown actors during a week-long Magecart attack
-
November 19, 2019
19
Nov'19
Managed services fuelling APAC security market
Spending on managed security services will account for almost half of Asia-Pacific’s cyber security market by 2023, as global and local providers shore up their offerings in the region
-
November 15, 2019
15
Nov'19
Notorious hackers claim responsibility for Labour DDoS
Hackers claiming to represent Lizard Squad say they were behind a distributed denial of service attack on the UK’s Labour Party
-
November 14, 2019
14
Nov'19
Cyber criminals tool up for Christmas fraud season
Organised criminals are trying to cash in on the festive retail boom with both brand new and tried-and-tested techniques
-
November 13, 2019
13
Nov'19
Business leaders fibbing to cover up lax security posture
Nominet study finds evidence that many businesses tout the robustness of their security posture as a selling point even though their security teams lack confidence in themselves
-
November 13, 2019
13
Nov'19
Attack on Labour shows need for DDoS defence but should alarm few
After being hit by two DDoS attacks in the space of 24 hours, many commentators are convinced the UK’s Labour Party is the victim of foreign interference in the General Election campaign. It probably isn’t
-
November 13, 2019
13
Nov'19
Cyber risk insurance is more than just insurance
Insurance companies such as Chubb are offering incident response services and security tools to help companies improve their cyber security posture and better cope with cyber attacks
-
November 12, 2019
12
Nov'19
Nordic SMEs lack the money needed for cyber security
Businesses and governments in Denmark and Norway are working together to address a cyber security shortfall for SMEs in each country
-
November 12, 2019
12
Nov'19
PCI DSS payment security compliance drops again
Worldwide, barely one-third of companies are maintaining full compliance with the PCI DSS security standard – and the numbers are falling
-
November 12, 2019
12
Nov'19
‘Robust’ security foils cyber attack on Labour Party
Labour claims to have been the victim of a cyber attack, but says it is confident no data leaked
-
November 08, 2019
08
Nov'19
Morrisons in new appeal over data breach fine
The Supreme Court has heard an appeal from retailer Morrisons as it attempts to overturn prior judgments holding it liable for a 2014 leak of employee data
-
November 07, 2019
07
Nov'19
Saudis recruited Twitter employees to spy on critics
Court documents reveal how the Saudi Arabian government targeted Twitter employees as part of a coordinated effort to gather information on known dissidents
-
November 06, 2019
06
Nov'19
Trend Micro insider breach exposes need for data-centric protection
Simple measures could have saved consumer security product supplier from insider breach
-
November 06, 2019
06
Nov'19
Global security workforce must more than double to meet demand
There are about 2.8 million cyber security professionals working today, and the world needs four million more
-
November 06, 2019
06
Nov'19
Professional cyber criminals command $75k per annum
An ill-advised career in cyber crime is potentially almost as well-paying as a job as a threat researcher in the industry, according to Tenable researchers
-
November 05, 2019
05
Nov'19
Ransomware authors seeking new ways to avoid being spotted
Sector analysis from Sophos has revealed some insight into how malware authors are adapting to thwart cyber security controls
-
October 31, 2019
31
Oct'19
Facebook agrees to pay £500,000 fine over Cambridge Analytica data law breaches
Social media giant also promises to change the way its platform is used to protect people’s data
-
October 29, 2019
29
Oct'19
NordVPN enlists ethical hackers, launches bug bounty programme
Breached consumer VPN supplier details steps it is taking to shore up its cyber security posture after an unknown actor gained access to one of its servers
-
October 29, 2019
29
Oct'19
Fancy Bear resumes Olympic hacks ahead of Tokyo games
Fancy Bear is back in action and once again targeting anti-doping bodies and sporting organisations, warns Microsoft
-
October 24, 2019
24
Oct'19
Know Fraud database became backlog dump
Reports to Action Fraud handled by City of London Police’s National Fraud Intelligence Bureau were quarantined as security risk, finds HM’s Inspectorate of Constabulary and Fire and Rescue Services
-
October 24, 2019
24
Oct'19
£4,000 bug bounty could have saved BA from record ICO fine
British Airways and others could have saved themselves millions of pounds’ worth of fines by having ethical hackers check their systems for simple vulnerabilities
-
October 23, 2019
23
Oct'19
Take responsibility for cyber security basics, urges NCSC CEO
At the launch of its third annual review, NCSC head Ciaran Martin appealed for individuals and businesses to address the fundamentals of cyber security hygiene to help lighten the load
-
October 22, 2019
22
Oct'19
NordVPN blames datacentre provider for server breach
VPN provider insists no user data was compromised in a March 2018 server breach, and says its datacentre provider failed to inform it of the issue
-
October 22, 2019
22
Oct'19
Malware volumes decline, but risks are higher
More insidious and targeted strains of malware are going after high-quality targets, rather than a large volume of targets
-
October 22, 2019
22
Oct'19
Attacker hit VPN firm Avast through its VPN
Avast has published details of how attackers attempted to gain access to its network over a five month period
-
October 21, 2019
21
Oct'19
Equifax lawsuit offers more evidence against passwords
Equifax’s internal security policies were a mess and directly led to one of the largest recorded data breaches in history, according to a lawsuit, demonstrating fundamental insecurities inherent in the use of passwords
-
October 21, 2019
21
Oct'19
Alleged state hackers adapting to cover their tracks, says NCSC
A group called Turla with suspected links to the Russian government stole Iranian tools and infrastructure to obscure the origins of attacks on multiple other countries, according to new evidence
-
October 21, 2019
21
Oct'19
Trend Micro buys cloud security firm to broaden offering
Acquisition of Cloud Conformity will address often overlooked cloud security fundamentals
-
October 21, 2019
21
Oct'19
Sodinokibi emerging as a diverse, multi-vector threat to businesses
McAfee shares insight into the Sodinokibi ransomware campaign gleaned from its network of honeypots
-
October 17, 2019
17
Oct'19
BEIS launches multimillion-pound security investment package
Government is making available more than £50m to support a range of new cyber security initiatives and collaborations, including the latest phase of its Digital Security by Design programme