News

Hackers and cybercrime prevention

June 14, 2023 14 Jun'23
Ransomware-stricken Capita to run Action Fraud successor

A £50m deal to replace the Action Fraud service has been handed to PwC and Capita, which is facing investigations over its handling of customer data in a ransomware incident
June 14, 2023 14 Jun'23
No zero-days for June Patch Tuesday, but plenty to chew over

On the face of it, Microsoft’s monthly round of updates is a lighter-than-usual load for security teams, with no zero-days in evidence, but there are still plenty of issues needing attention
June 14, 2023 14 Jun'23
TSB calls on Meta to intervene and protect users from fraud losses of £250m this year

TSB is the latest bank to demand more action from social media sector in helping to reduce online fraud
June 14, 2023 14 Jun'23
Clop’s MOVEit ransom deadline expires

A seven-day deadline set by Clop for victims of its latest attack to contact it to arrange payment passes today

June 14, 2023 14 Jun'23
Cyber attacks against APAC commerce sector surpass 1.1 billion

Retailers, hotels and travel-related organisations in the region saw over a billion cyber attacks last year amid the surge in e-commerce activity and online travel bookings
June 12, 2023 12 Jun'23
Ofcom data stolen in MOVEit cyber attack

Communications regulator Ofcom says data on employees and regulated communications companies was stolen by the Clop gang
June 12, 2023 12 Jun'23
Progress Software releases patch for second MOVEit Transfer vulnerability

Progress Software releases a patch for a second MOVEit Transfer issue, which was uncovered by third-party security specialist Huntress Security during post-incident code scanning
June 09, 2023 09 Jun'23
Extreme Networks emerges as victim of Clop MOVEit attack

Network equipment and services supplier Extreme Networks has revealed its instance of Progress Software’s MOVEit tool was compromised in the ongoing Clop cyber attack
June 09, 2023 09 Jun'23
University of Manchester hit by cyber attack

The University of Manchester has been hit by a cyber attack of an undisclosed nature
June 08, 2023 08 Jun'23
Bishop Fox’s Vinnie Liu talks offensive security skills

There is growing demand for offensive security testing, but it needs a multi-layered skillset that can be hard to quantify. Bishop Fox’s CEO and co-founder explains why and some potential mitigation strategies

June 07, 2023 07 Jun'23
Clop cyber gang claims MOVEit attack and starts harassing victims

The Clop cyber extortion and ransomware operation is demanding organisations pay a ransom to avoid data stolen via an exploited vulnerability in a file transfer product being leaked
June 07, 2023 07 Jun'23
Payments regulator makes APP fraud reimbursement mandatory

UK payments regulator confirms changes to rules around repaying customers who lose money to authorised push payment fraudsters
June 06, 2023 06 Jun'23
Victims of MOVEit SQL injection zero-day mount up

The BBC, Boots, and British Airways are among the victims of cyber incidents arising from a recently disclosed vulnerability in the MOVEit file transfer, exploitation of which is spreading fast
June 06, 2023 06 Jun'23
Cyber spotlight falls on boardroom ‘privilege’ as incidents soar

Three quarters of data breaches now involve a significant human element, and the higher up they get in an organisation, the more risks people seem to take, according to Verizon’s annual Data Breach Investigations Report
June 05, 2023 05 Jun'23
Bank of International Settlement sets up channel secure from quantum breach

The Bank of International Settlement has worked with two of Europe's central banks to explore preventing the security risks posed by quantum computers
June 01, 2023 01 Jun'23
HSBC explores quantum computing for finance sector

UK banking giant works with quantum computing specialist to explore the technology’s potential in the finance sector
May 31, 2023 31 May'23
Lloyds Bank calls on tech companies to control social media ‘wild west’

Lloyds Banking Group is calling on tech giants to step forward in the fight against online fraud, which emanates in the social media ‘wild west’
May 30, 2023 30 May'23
Downstream breaches of Capita customers spreading

As many as 90 organisations that used Capita services have now reported data breaches arising from various security incidents at the outsourcer
May 26, 2023 26 May'23
Bumbling IT security analyst convicted of blackmail offences

A Hertfordshire man has been convicted of blackmail and other offences after piggybacking on an in-progress ransomware attack to try to defraud his employer, but failing to cover his tracks in any meaningful way
May 25, 2023 25 May'23
Cabinet Office publishes response to data sharing for digital ID consultation

The majority of respondents to government’s consultation on data sharing for digital identity are critical to the plans and concerned about data privacy, but Whitehall’s response says many of the responses ‘were driven by anti-digital commentaries’
May 25, 2023 25 May'23
Alert over Chinese cyber campaign targeting critical networks

A Chinese threat actor known as Volt Typhoon has been observed infiltrating CNI networks in a cyber espionage campaign, according to intelligence
May 24, 2023 24 May'23
Almost all ransomware attacks target backups, says Veeam

Some 93% of ransomware attacks go for backups and most succeed, with 60% of those attacked paying the ransom, according to a Veeam survey
May 24, 2023 24 May'23
Two-thirds of all 2022 breaches resulted from spear phishing

Research by Barracuda Networks has found that, despite the low volume of spear-phishing attempts, the attacks are highly successful and have major consequences
May 23, 2023 23 May'23
Cohesity Turing aims AI tools at backup and ransomware

Backup supplier continues to enrich its ecosystem with more artificial intelligence for backup and ransomware, with chat-like reporting functions and new security partners in its alliance
May 17, 2023 17 May'23
Pentera ups ante in penetration testing

The Israeli startup, which expanded to the APAC region last year, scans for vulnerabilities and emulates cyber attacks through its automated security validation platform
May 16, 2023 16 May'23
Scality pushes anti-ransomware features in Artesca object storage

Object storage specialist announces v2.0 of Artesca, with a heavy focus on functionality that can protect against ransomware such as object locking, sharding, backup to object etc
May 12, 2023 12 May'23
Let’s put an end to secrecy and cover-ups in ransomware attacks

The NCSC and the ICO are calling for organisations to bite the bullet and be more open about cyber security and ransomware incidents, and the community is firmly behind them
May 12, 2023 12 May'23
IT Priorities 2023: Budgeting for IT innovation

In spite of the economic slowdown, IT leaders are driving forward investments in IT
May 12, 2023 12 May'23
How Splunk is driving security automation

Splunk’s head of security in APAC talks up the company’s efforts to ease the workloads of security analysts amid lower adoption of security automation and analytics in the region
May 11, 2023 11 May'23
Investigatory Powers Tribunal finds NCA EncroChat hacking warrants were lawful

Investigatory Powers Tribunal refers questions over whether messages obtained from the EncroChat encrypted phone network are legally admissible back to the criminal court
May 11, 2023 11 May'23
Australia to shore up cyber and digital capabilities in Budget 2023

Australia is spending more than A$2bn to strengthen cyber resilience, improve digital government services and fuel AI adoption, among other areas, in its latest budget
May 11, 2023 11 May'23
AI outcry intensifies as EU readies regulation

Policymakers are battling to keep pace with AI developments, while experts warn of societal impact
May 10, 2023 10 May'23
Black Basta ransomware attack to cost Capita over £15m

Exceptional costs arising from the March 2023 Black Basta ransomware attack on the systems of outsourcer Capita will be somewhere between £15m and £20m, the organisation says
May 10, 2023 10 May'23
How datacentre operators can fend off cyber attacks

Applying zero-trust principles in the form of strong authentication controls and network segmentation can help datacentre operators to mitigate cyber threats
May 05, 2023 05 May'23
Capita pension clients told data may have leaked

Capita has told trustees of some of the pension funds for which it provides outsourced services that their customer data may have been stolen by the Black Basta ransomware operation
May 05, 2023 05 May'23
Santander reports increase in scams and admits fraud head was impersonated

Santander has reported an increase in impersonation scams, and admitted its own head of fraud was impersonated by a fraudster
May 04, 2023 04 May'23
Inside BlackBerry’s cyber security playbook

BlackBerry’s president of cyber security discusses the company’s cyber security strategy and what it is doing to deliver an integrated set of capabilities for enterprises
May 03, 2023 03 May'23
Cyber Action Plan for Wales launched

The devolved Welsh government has set out four priorities in an action plan designed to foster cyber resilience, talent and innovation across the country
May 03, 2023 03 May'23
TikTok fixes vulnerability that could have exposed user activity data

A potentially dangerous vulnerability in the TikTok video-sharing platform was discovered by Imperva researchers, and has now been fixed
May 03, 2023 03 May'23
Government anti-fraud strategy targets the tech behind the scams

The UK government’s anti-fraud strategy proposes to make it much harder for criminals to target their victims by cracking down on the exploitation of technology
May 02, 2023 02 May'23
Researchers see surge in scam websites linked to coronation

Scammers and fraudsters continue to take advantage of large public events, with the coronation of King Charles III no exception
April 28, 2023 28 Apr'23
Government is playing ‘psychic war’ in battle over end-to-end encryption

Peers hear that the UK government is being deliberately ambiguous about its plans to require technology companies to scan the content of encrypted messages
April 27, 2023 27 Apr'23
Tenable opens playground for generative AI cyber tools

A set of generative AI cyber tools designed to help security researchers in reverse engineering, debugging and other areas of work have been made available for the community to experiment with
April 26, 2023 26 Apr'23
Researchers deal blow to Gootloader gang that supported REvil

Thousands of compromised WordPress blogs have been spreading the Gootloader malware for years, but eSentire’s security research team are turning the tables on the gang that played a key role in REvil ransomware attacks
April 26, 2023 26 Apr'23
Ransomware gang exploiting unpatched Veeam backup products

Cyber criminals with links to multiple virulent ransomware strains are exploiting a recently disclosed vulnerability in Veeam’s Backup & Replication product, threat analysts have warned
April 26, 2023 26 Apr'23
Cyber security and analytics propel jobs boost in Scotland’s tech sector

A tech industry survey from ScotlandIS indicates the country’s tech sector is set to grow, with cyber security as the hottest domain
April 25, 2023 25 Apr'23
CISOs under-supported, under pressure, Trellix finds

The vast majority of CISOs say they are finding it difficult to get sign-off on the resources they need to do their job
April 25, 2023 25 Apr'23
Almost three-quarters of cyber attacks involve ransomware

Data from Sophos’s annual Active Adversary Report reveals that almost three-quarters of the cyber security incidents it responded to in 2022 involved ransomware
April 21, 2023 21 Apr'23
CyberUK 23: New advice on smart city security issued

The NCSC and key allies have drawn up new guidance to help communities balance the cyber security risks involved with creating smart cities
April 20, 2023 20 Apr'23
Bumblebee malware flies on the wings of Zoom and ChatGPT

Bumblebee malware, often used as a stepping stone to ransomware, is now spreading via trojanised installers for popular software applications