News

Endpoint security

• July 30, 2021 30 Jul'21

  Hospitality firms must accelerate digital transformation to secure long-term recovery

  Key retail sector must respond quickly to new post-pandemic digital-first demands and consumer behaviours to regain competitive edge, says study

• July 27, 2021 27 Jul'21

  US lawmakers call for probe into ‘arrogant’ spyware firm

  US members of Congress have called for an investigation into NSO Group, the spyware supplier at the centre of a massive surveillance scandal

• July 27, 2021 27 Jul'21

  How IBM is solving the data privacy problem

  IBM’s fully homomorphic encryption technology lets enterprises apply analytics and machine learning to encrypted data without compromising data privacy

• July 21, 2021 21 Jul'21

  France’s Macron among alleged Pegasus targets

  Data relating to devices used by French president Emmanuel Macron and the head of the World Health Organization, among others, has been uncovered in a dataset linked to government use of spyware

• July 16, 2021 16 Jul'21

  Legacy SonicWall kit exploited in ransom campaign

  Users of older versions of SonicWall Secure Mobile Access 100 and Secure Remote Access products are at risk from a new ransomware campaign

• July 14, 2021 14 Jul'21

  Multiple Microsoft bugs being actively exploited

  Microsoft’s July Patch Tuesday update fixes 117 vulnerabilities, 13 rated as critical and four already being actively exploited

• July 13, 2021 13 Jul'21

  Dutch prosecutor ordered to give evidence on EncroChat hack

  Netherlands court rules that a public prosecutor should give evidence about the role of the Dutch in the EncroChat cryptophone hack which has led to arrests of organised gangs worldwide

• July 12, 2021 12 Jul'21

  NSW department of education hit by cyber attack

  Australia’s New South Wales department of education takes some systems offline as a precautionary measure in response to a cyber attack last Thursday

• July 11, 2021 11 Jul'21

  Ransomware and botnets among top cyber threats in Singapore

  The city-state saw more ransomware threats and command-and-control servers hosted out of its highly connected network infrastructure last year, as threat actors capitalised on the pandemic

• July 08, 2021 08 Jul'21

  PrintNightmare haunts Microsoft as patch may miss mark

  Microsoft dropped an out-of-band patch to fix PrintNightmare, but there are concerns it may not be totally effective. This does not mean it shouldn’t be applied

• July 02, 2021 02 Jul'21

  Should I be worried about PrintNightmare?

  The accidental publication of proof of concept code for a Windows vulnerability, and the reclassification of said bug from low to critical severity, has the cyber community concerned. Is it right to be?

• July 02, 2021 02 Jul'21

  Cyber attackers up the ante on embattled IT teams

  Opportunistic threat actors are pouncing on embattled IT teams that are under pressure to expand remote work arrangements

• July 01, 2021 01 Jul'21

  NCSC joins US authorities to expose Russian brute force campaign

  A joint attribution by the British and American authorities accuses Russia’s GRU intelligence services of conducting a campaign of brute force attacks on enterprise and cloud environments

• July 01, 2021 01 Jul'21

  Cyber espionage campaign targeted central Asian states

  The Afghan, Kyrgyz and Uzbek governments are all thought to have been targeted by the same APT

• July 01, 2021 01 Jul'21

  Nominations open for 2021 Security Serious Unsung Heroes Awards

  Nominations are now open for this year’s edition of the Unsung Heroes Awards for cyber professionals and educators

• June 30, 2021 30 Jun'21

  Half of mobile phones sold in the UK at risk of security issues

  Lengthy mobile phone contracts leave buyers at risk of their devices losing support for security updates

• June 29, 2021 29 Jun'21

  New Nobelium attacks a reminder to attend to cyber basics

  A new campaign from the same threat group that broke into SolarWinds serves as a reminder that cyber crime gangs will try to exploit any avenue they can, even if technically unsophisticated

• June 29, 2021 29 Jun'21

  Video game industry under relentless cyber attacks

  Web application attacks against the global video game industry grew by 340% in 2020 as more people turn to gaming during pandemic lockdowns

• June 28, 2021 28 Jun'21

  Lazada rolls out public bug bounty programme

  Regional e-commerce giant Lazada is looking to uncover more vulnerabilities that could compromise data security in a public bug bounty programme that offers up to $10,000 per bounty

• June 24, 2021 24 Jun'21

  Stalkerware apps becoming normalised among young people

  Data in a new report appears to show that dangerous stalkerware apps are becoming normalised in younger age groups

• June 23, 2021 23 Jun'21

  Time to patch increases significantly during pandemic

  New data from US-based endpoint management specialist Automox reveals some of the challenges security teams face in keeping up with endpoint security

• June 22, 2021 22 Jun'21

  Innova and RISE drive node development in Sweden

  Swedish cyber security project, National Node, opens its doors to the country’s security firms

• June 21, 2021 21 Jun'21

  Parliamentary devices left in taxis, buses, trains and pubs

  Nearly 100 devices belonging to parliamentary staffers, including MPs and peers, were lost or stolen over the course of 2019 and 2020

• June 18, 2021 18 Jun'21

  Lorca Ignite programme targets breakout cyber talent

  Six of the most successful companies to have come through Lorca’s existing accelerators are being inducted into an intensive programme

• June 17, 2021 17 Jun'21

  UnitingCare Queensland restores IT systems after cyber attack

  Australian healthcare service provider has restored key corporate systems and integrations between applications following a cyber attack earlier this year

• June 10, 2021 10 Jun'21

  Australian organisations face heightened cyber attacks

  Nearly three in four Australian organisations experienced cyber attacks that largely resulted from a growing remote workforce in 2020

• June 04, 2021 04 Jun'21

  HSBC offers all businesses scam awareness app

  HSBC is sharing information on the latest scams and how to defend against them thorough its latest app, available to all businesses

• June 04, 2021 04 Jun'21

  Secrecy around EncroChat cryptophone hack breaches French constitution, court hears

  French lawyers claim that investigators are unlawfully withholding details of a cryptophone hacking operation in a case that could impact UK prosecutions

• June 03, 2021 03 Jun'21

  Norway’s auditor general lifts lid on energy industry’s cyber security risks

  Auditor General’s Office questions the security posture of Norway’s energy industry

• June 03, 2021 03 Jun'21

  FireEye sold to private equity, Mandiant regains independence

  FireEye has agreed to sell its products business and name to a private equity consortium, while Mandiant will spin out as an independent threat intel business

• May 25, 2021 25 May'21

  CyberSprinters game gives kids a head start, says NCSC

  An online game for primary schools, clubs and youth organisations will teach children aged seven to 11 the fundamentals of staying safe online

• May 25, 2021 25 May'21

  McAfee to change terms of auto-renewing consumer plans

  Consumers who found their McAfee antivirus contracts auto-renewed will be able to get out of their contracts and get their money back

• May 25, 2021 25 May'21

  Legacy vulnerabilities may be biggest enterprise cyber risk

  While high-profile cyber attacks and zero-days grab headlines, statistics gathered by network security specialists Cato suggest CISOs should be addressing legacy threats

• May 24, 2021 24 May'21

  Dutch researchers build security software to mimic human immune system

  Software could help IT systems develop immunity to some cyber attacks in a similar way to how the body fights infection

• May 24, 2021 24 May'21

  Why the security stack needs to move to the edge

  Akamai’s chief technology officer Robert Blumofe makes the case for a decentralised security model to address cyber threats that are emanating from the network edge

• May 20, 2021 20 May'21

  Malicious scans for at-risk systems start minutes after disclosure

  Statistics collated by Palo Alto Networks reveal malicious actors begin scanning the internet for systems at risk of new CVEs within minutes

• May 20, 2021 20 May'21

  HP taps micro virtual machines in endpoint security

  HP’s Wolf Security technology stack uses an endpoint security controller to run computing tasks in micro virtual machines so that any potential malware can be isolated and contained

• May 19, 2021 19 May'21

  Barclays first bank to publish online scam refund details

  All banks must be transparent about the proportion of victims of authorised push payment fraud they refund, says consumer rights organisation Which?

• May 19, 2021 19 May'21

  Flexxon bakes AI into SSDs to fight unknown threats

  Singapore-based Flexxon has developed a solid-state drive that uses artificial intelligence to fend off malware and other unknown threats

• May 18, 2021 18 May'21

  Cisco acquires Kenna Security amid security expansion

  Cisco announces a new acquisition alongside service enhancements around XDR and SASE in support of its security customers

• May 17, 2021 17 May'21

  Government seeks input on supply chain security

  Amid concerns that too few companies are addressing vulnerabilities in their supply chain, DCMS is opening a consultation on new measures to enhance security

• May 14, 2021 14 May'21

  Okta and Auth0 to expand APAC coverage

  Okta’s acquisition of rival Auth0 will enable both companies to expand their footprint in the Asia-Pacific region as demand for identity management services soars amid the pandemic

• May 13, 2021 13 May'21

  Refuge launches tech safety site for domestic abuse victims

  Created with the help of survivors, Refuge’s resource site offers guidance on protecting yourself from tech-enabled domestic abuse

• May 12, 2021 12 May'21

  Microsoft fixes four critical bugs on lighter Patch Tuesday

  Four critical RCE vulnerabilities put users of various Microsoft products at risk, and should be patched right away

• May 11, 2021 11 May'21

  Collaboration key to success of UK’s Cyber Security Council

  The founders of the UK’s Cyber Security Council have been setting out their plans to professionalise the cyber sector at the NCSC’s CyberUK 2021 event

• May 07, 2021 07 May'21

  NCSC publishes smart city security guidelines

  Guidance for local authorities, IT and cyber professionals aims to ensure the security of connected, smart city projects

• May 07, 2021 07 May'21

  Ransomware, supply chain attacks show no sign of abating

  Security experts at Black Hat Asia 2021 discuss the state of ransomware and supply chain attacks, two of the most common attack vectors that offer high returns for threat actors

• May 06, 2021 06 May'21

  Google to introduce mandatory MFA for users

  In future, holders of Google accounts will have no option but to use multifactor authentication if they want to use the firm’s services

• May 06, 2021 06 May'21

  HSBC blocks £249m in UK fraud with voice biometrics

  HSBC voice recognition technology has reduced telephone banking fraud as demand for the channel increases

• May 05, 2021 05 May'21

  Sophos: How timely intervention stopped a ProxyLogon attack

  A recent incident at an undisclosed customer sheds new light on how malicious actors exploit unpatched Microsoft Exchange servers

• May 03, 2021 03 May'21

  New standard to simplify IoT device onboarding

  Fido Alliance’s device onboarding protocol will automate the process of connecting internet-of-things devices to device management platforms while improving security

• April 28, 2021 28 Apr'21

  Recruiters can’t afford to hold out for cyber ‘unicorns’

  The perfect security candidate is hard to find, so hiring policy needs to be more pragmatic

• April 27, 2021 27 Apr'21

  Apple OS updates patch multiple security holes

  The much-heralded release of the privacy-centric iOS 14.5 also brings patches for multiple CVEs, and users of Apple smartphones, tablets and notebooks are best advised to update as soon as possible

• April 27, 2021 27 Apr'21

  North London school wins NCSC girls’ cyber challenge

  Highgate School in North London is the winner of this year’s CyberFirst Girls security competition

• April 27, 2021 27 Apr'21

  The Security Interviews: Making sense of outbound email security

  Screening inbound emails is an accepted part of an organisation’s security posture, but the topic of securing outbound traffic is less often discussed. Zivver’s Rick Goud is on a mission to change this

• April 27, 2021 27 Apr'21

  UnitingCare Queensland hit by cyber attack

  Healthcare service provider UnitingCare Queensland was reportedly hit by a ransomware attack that crippled several IT systems

• April 26, 2021 26 Apr'21

  How Toffs is seizing Asia’s CDN market

  Toffs Technologies is eyeing second- and third-tier cities in Asia as it bolsters its infrastructure and experiments with the use of home networks as content delivery networks

• April 22, 2021 22 Apr'21

  ToxicEye malware exploits Telegram messaging service

  The Telegram instant messaging service is being used by malicious actors to manage a remote access trojan called ToxicEye

• April 21, 2021 21 Apr'21

  NCSC offers teachers free cyber security training

  The NCSC’s latest security training offer builds on a package of measures designed to protect schools from cyber attack

• April 20, 2021 20 Apr'21

  Health app myGP adds Covid-19 vaccine passport function

  The new feature is described as the UK’s first NHS-assured Covid-19 certification feature

• April 20, 2021 20 Apr'21

  UK’s proposed IoT cyber security law gathers momentum

  New statistics appear to vindicate UK government proposals to force suppliers to be upfront about IoT security

• April 20, 2021 20 Apr'21

  Chinese APT exploits critical CVE in Pulse Secure VPN

  A newly disclosed vulnerability in Pulse Secure’s VPN is being exploited by a Chinese advanced persistent threat group – assume compromise and mitigate today

• April 20, 2021 20 Apr'21

  Singapore’s ViewQwest debuts security service

  ViewQwest’s SecureNet service uses Palo Alto Networks’ next-generation firewall with deep packet inspection capabilities to guard against cyber threats

• April 16, 2021 16 Apr'21

  Finnish government strengthens country’s IT network security

  Finland’s government has created a new national organisation to help public and private bodies improve network security

• April 15, 2021 15 Apr'21

  Microsoft is most impersonated brand in phishing attempts

  Technology companies continue to be frequently spoofed by cyber criminals in their phishing attempts

• April 14, 2021 14 Apr'21

  FBI accesses ProxyLogon target servers to disrupt cyber criminals

  US Justice Department reveals successful court-authorised effort to clamp down on ProxyLogon exploitation

• April 14, 2021 14 Apr'21

  NSA unearths more MS Exchange vulnerabilities

  Microsoft patches more critical vulnerabilities in Exchange Server a month after the ProxyLogon incident, after being warned by the US National Security Agency

• April 13, 2021 13 Apr'21

  MP told to ditch official email over hacking fears

  MP Tom Tugendhat claims the intelligence services advised him to switch to the Gmail service due to concerns his parliamentary email could be hacked

• April 13, 2021 13 Apr'21

  Millions of devices at risk from NAME:WRECK DNS bugs

  Newly disclosed set of nine DNS vulnerabilities puts over 100 million consumer, enterprise and industrial IoT devices at risk

• April 13, 2021 13 Apr'21

  EncroChat lawyers raise questions over use of PII secrecy orders on UK decryption capabilities

  Lawyers claim that public interest immunity certificates may have been used to withhold information on UK intelligence agencies’ ability to decrypt encrypted communications

• April 09, 2021 09 Apr'21

  Cring ransomware hits ICS through two-year-old bug

  A long-disclosed vulnerability in Fortinet’s Fortigate VPN servers is being exploited to distribute Cring ransomware

• March 31, 2021 31 Mar'21

  Cyber Security Council to champion UK security pros

  A new cyber security professional body has launched with the aim of developing and promoting UK cyber security excellence globally and growing the skills base

• March 30, 2021 30 Mar'21

  Ransomware attack on London schools highlights warnings

  Ransomware attack on Harris Federation comes just days after a fresh NCSC alert for the education sector

• March 30, 2021 30 Mar'21

  The Security Interviews: How to secure an F1 team in a pandemic

  A multi-year digital transformation programme paid off for F1 team Williams Racing when the 2020 season was abruptly postponed thanks to Covid-19. Learn how the team’s CIO has been supporting remote working and protecting data

• March 29, 2021 29 Mar'21

  Cyber attack takes Channel Nine off-air

  The Australian broadcaster was hit by an alleged ransomware attack that disrupted broadcasting operations in its Sydney studio

• March 26, 2021 26 Mar'21

  Leading Israeli IoT firm lands in US as worldwide malware attacks surge

  With US end-user internet of things devices expected to grow to $1.6tn by 2025 and with more than 5.4 billion IoT connected devices in North America alone, tech firms and the black hat community are weighing up the potential

• March 25, 2021 25 Mar'21

  Four in five UK businesses seek new security suppliers

  Decision-makers are ready to buy new security technology, but suppliers must pay close attention to how they present themselves

• March 25, 2021 25 Mar'21

  Facebook disrupts Chinese espionage operation

  Social media giant’s in-house security team has tracked down and disrupted a long-running Chinese campaign targeting the Uighur Muslim minority

• March 23, 2021 23 Mar'21

  NCSC beefs up support for education sector after spate of attacks

  Refreshed guidance from the NCSC recommends a defence-in-depth strategy as schools and universities face a renewed wave of cyber attacks

• March 18, 2021 18 Mar'21

  Eastern Health reports ‘cyber incident’, takes systems offline

  Australian healthcare provider Eastern Health takes IT systems offline as a precaution while it looks into a cyber incident

• March 16, 2021 16 Mar'21

  Microsoft releases one-click ProxyLogon mitigation tool

  Microsoft’s mitigation tool is designed to help customers without dedicated security or IT teams navigate fixing their vulnerable Exchange servers

• March 16, 2021 16 Mar'21

  Unusual DearCry ransomware uses ‘rare’ approach to encryption

  Hybrid approach to encryption used by DearCry bears similarities to WannaCry

• March 16, 2021 16 Mar'21

  Government calls for input into Covid-19 vaccine passports

  Evidence gathering exercise will inform the development of the UK’s proposed Covid-19 vaccine passport scheme

• March 15, 2021 15 Mar'21

  Microsoft Exchange ProxyLogon attacks spike 10 times in four days

  Exploitations of the Microsoft Exchange ProxyLogon vulnerabilities have increased tenfold in just four days

• March 14, 2021 14 Mar'21

  Arrest warrants issued for Canadians behind Sky ECC cryptophone network used by organised crime

  The US has issued arrest warrants for the CEO of Sky Global and a former distributor for racketeering, aiding and abetting the distribution of illegal drugs by supplying encrypted phones to criminals

• March 12, 2021 12 Mar'21

  NCSC issues emergency alert on Microsoft Exchange patch

  UK’s national cyber agency calls on organisations affected by the ProxyLogon vulnerabilities to patch their Microsoft Exchange Servers immediately

• March 12, 2021 12 Mar'21

  DearCry ransomware targets vulnerable Exchange servers

  As predicted, ransomware gangs have started to target vulnerable instances of Microsoft Exchange Server, making patching an even greater priority

• March 11, 2021 11 Mar'21

  Attack on surveillance cameras a warning over security, ethics

  The attack on a video surveillance startup by a hacktivist group raises questions not just over cyber security, but the use and extent of surveillance technology

• March 11, 2021 11 Mar'21

  After Emotet takedown, Trickbot roars up threat charts

  Malicious actors are turning to new tricks as Emotet fades away

• March 09, 2021 09 Mar'21

  Belgian police raid 200 premises in drug operation linked to breach of encrypted phone network

  More than 1,600 police and law enforcement officials conduct drug raids after the compromise of an encrypted mobile phone network that has parallels with EncroChat

• March 09, 2021 09 Mar'21

  Private equity house buys McAfee enterprise business

  Deal to sell off enterprise unit will see McAfee become a pure-play consumer organisation

• March 05, 2021 05 Mar'21

  Singapore Airlines the latest victim of supply chain attack

  A restricted set of data of over 580,000 frequent flyer members of Singapore Airlines was exposed in a supply chain attack against Sita’s passenger service system

• March 04, 2021 04 Mar'21

  Okta picks up Auth0 for $6.5bn

  Multibillion-dollar acquisition a vote of confidence in future of identity and access management services

• March 04, 2021 04 Mar'21

  Microsoft Exchange CVEs more widely exploited than thought

  US CISA issues emergency guidance as impact of four newly disclosed Microsoft Exchange vulnerabilities becomes clearer

• March 04, 2021 04 Mar'21

  Qualys caught up in Accellion FTA breach

  Security services supplier confirms that some of its data was stolen via vulnerabilities in Accellion’s file transfer product

• March 04, 2021 04 Mar'21

  UK contactless payment limit more than doubled

  UK increases the amount that can be spent in one go using a contactless payments card to £100

• March 03, 2021 03 Mar'21

  Emergency patch addresses MS Exchange Server zero-days

  Microsoft releases an emergency patch to address multiple zero-day exploits directed at on-premise installations of Exchange Server

• February 24, 2021 24 Feb'21

  Vaccine passports prove an ethical minefield

  Privacy campaigners warn that vaccine passports may turn out to be discriminatory and invasive, while technologists agree careful consideration must be given to their design

• February 24, 2021 24 Feb'21

  Is Clubhouse safe, and should CISOs stop its use?

  With more concerns being raised over the privacy and security of social media app Clubhouse, we consider whether security teams should consider restricting or stopping employees from using it

• February 23, 2021 23 Feb'21

  XDR makes cyber a Stroll in the park for Aston Martin F1

  Aston Martin Cognizant Formula One team will run SentinelOne’s Singularity XDR platform under the bonnet