News

IT for consulting and business services

• December 07, 2022 07 Dec'22

  Google, MS, Oracle vulnerabilities make November ’22 a big month for patching

  Vulnerabilities affecting the likes of Google, Microsoft and Oracle proved particularly troublesome in November

• December 06, 2022 06 Dec'22

  Don’t become an unwitting tool in Russia’s cyber war

  Researchers have turned up evidence that enterprise networks are being co-opted by Russian threat actors to launch attacks against targets in Ukraine. How can you avoid becoming an unwitting tool in a state-backed attack?

• November 30, 2022 30 Nov'22

  Latest LockBit ransomware versions have wormable capabilities

  Sophos researchers have reverse-engineered the Lockbit 3.0 ransomware, shedding new light on its evolving capabilities and firming up links with BlackMatter

• November 25, 2022 25 Nov'22

  Data management, backup becoming the CISO's responsibility

  More and more CISOs are taking on responsibility for wider data management strategies, and this trend looks set to grow next year

• November 23, 2022 23 Nov'22

  South Korea data adequacy pact brings £15m Brexit bonus

  UK government finalises a data adequacy agreement with South Korea, saying it will unlock a post-Brexit business bonus of just under £15m

• November 22, 2022 22 Nov'22

  Ducktail spins new tales to hijack Facebook Business accounts

  The increasingly active Ducktail cyber crime operation is refining its operations, seeking new methods to compromise its victims’ Facebook Business accounts

• November 22, 2022 22 Nov'22

  C-suite mystified by cyber security jargon

  Malware, supply chain attack, zero-day, IoC, TTP and Mitre ATT&CK are just some of the everyday terms that security pros use that risk making the world of cyber incomprehensible to outsiders

• November 18, 2022 18 Nov'22

  Is Elon Musk’s Twitter safe, and should you stop using it?

  With a litany of security and compliance issues exposed and in many cases caused by Elon Musk’s takeover of social media platform Twitter, some may be asking if it’s still safe or appropriate to use

• November 17, 2022 17 Nov'22

  Brexit deregulation will make UK next Silicon Valley, vows Hunt

  Chancellor vows to revolutionise how the IT industry is regulated to spur competition, investment and innovation in a technological ‘Big Bang’

• November 17, 2022 17 Nov'22

  Another Log4Shell warning after Iranian attack on US government

  The breach of a US federal body by an Iranian threat actor exploiting the Adobe Log4j Log4Shell vulnerability has prompted a fresh flurry of patching

• November 16, 2022 16 Nov'22

  Global network fragmentation a source of increasing risk

  Risk consultancy’s report says the weaponisation of cyber space and geopolitical clashes herald a breakdown of global networks into distinct regional or national architectures

• November 11, 2022 11 Nov'22

  Volume of self-reported breaches to ICO jumps 30%

  The number of self-reported breaches to the UK’s Information Commissioner’s Office soared by nearly 30% in the 12 months to 30 June 2022

• November 09, 2022 09 Nov'22

  Microsoft serves smorgasbord of six zero-days

  November’s Patch Tuesday fixes significantly fewer vulnerabilities of late, but includes six actively-exploited zero-days, three of them of critical severity

• November 03, 2022 03 Nov'22

  Microsoft pledges $100m in new IT support for Ukraine

  Microsoft will continue to offer free-of-charge technology support to Ukraine for the foreseeable future

• November 01, 2022 01 Nov'22

  A third of UK cyber leaders want to quit, report says

  Nearly a third of UK security leaders are considering leaving their current role, and more than half are struggling to keep on top of their workload

• October 31, 2022 31 Oct'22

  Prepare today for potentially high-impact OpenSSL bug

  OpenSSL trailed a critical vulnerability patch last week, which will be only the second such flaw ever found in the open source encryption project. Unfortunately, the first was Heartbleed

• October 27, 2022 27 Oct'22

  LinkedIn adds new features to safeguard user privacy, security

  Social media platform is adding a number of features and systems designed to protect legitimate users from inauthentic profiles and activity

• October 25, 2022 25 Oct'22

  Apple patches new iPhone zero-day

  Apple’s latest patch fixes yet another zero-day, as security issues keep surfacing in its mobile products

• October 24, 2022 24 Oct'22

  Half of staff might quit after a cyber attack, report says

  Findings from a survey of CISOs, IT leaders and staffers reveal how experiencing a cyber incident may take a larger-than-thought toll on employee retention

• October 21, 2022 21 Oct'22

  Ukrainian and UK IT sectors to deepen collaboration, partnerships

  BCS, the Chartered Institute for IT, and the IT Ukraine Association have signed an MoU to deepen collaboration between the UK and Ukrainian IT sectors, and champion new partnerships and growth opportunities

• October 20, 2022 20 Oct'22

  Cyber professional shortfall hits 3.4 million

  Shortage of cyber security professionals continues to grow and shows no signs of abating, says report

• October 19, 2022 19 Oct'22

  Treat cyber crime as a ‘strategic threat’, UK businesses told

  The government’s new National Cyber Advisory Board aims to help elevate cyber discussion and spur action in the business community

• October 17, 2022 17 Oct'22

  IR35 reforms repeal scrapped: Government labelled ‘spineless’ over u-turn

  The contracting community has not taken kindly to the news that the government is rowing back its plans to repeal the IR35 reforms in the private and public sectors

• October 14, 2022 14 Oct'22

  Office 365 email encryption flaw could pose risk to user privacy

  A vulnerability in Microsoft Office 365 Message Encryption could leave the contents of emails dangerously exposed, but with no fix coming it’s up to users to decide how at risk they are

• October 12, 2022 12 Oct'22

  NCSC urges organisations to secure supply chains

  NCSC’s latest guidance package centres supply chain security, helping medium to large organisations assess and mitigate cyber risks from suppliers

• September 23, 2022 23 Sep'22

  Mini-Budget 2022: HMRC tells firms to update payroll software ahead of November NI tax cut

  HMRC is urging employers to ensure their payroll software systems are updated now, before the reversal of the previous government’s National Insurance tax hike kicks in

• September 21, 2022 21 Sep'22

  Contractors call for IR35 review and tax cuts in Chancellor’s mini-Budget

  The contractor community is patiently awaiting the outcome of this Friday’s mini-Budget, with hopes for some concrete details on the Prime Minister’s proposed IR35 review and news of a corporation tax cut

• September 15, 2022 15 Sep'22

  Organisations failing to account for digital trust

  The vast majority of businesses are well aware of the importance of digital trust, yet very few have a dedicated staff role responsible for it, report finds

• September 14, 2022 14 Sep'22

  Ex-CISA head Krebs: Disrupt ransomware support networks to win the war

  Speaking at an event hosted by data protection specialist Rubrik, former CISA director Chris Krebs calls for the security community to work collectively to kick out the supports from under ransomware gangs

• September 12, 2022 12 Sep'22

  Contractors lack confidence in prime minister to follow through with promised IR35 review

  Contractor poll suggests lack of faith among freelancers about new prime minister Liz Truss honouring her pledge to review the IR35 rules

• September 12, 2022 12 Sep'22

  CISOs should spend on critical apps, cloud, zero-trust, in 2023

  Faced with a global recession next year, security buyers should try to direct investment towards technology that protects customer-facing and revenue-generating workloads, say analysts

• September 05, 2022 05 Sep'22

  UK payments upgrade to add more than £3bn to GDP, but much more on offer

  UK GDP will increase when its ageing payments infrastructure is replaced with the latest technology to enable real-time payments

• August 30, 2022 30 Aug'22

  IAM house Okta confirms 0ktapus/Scatter Swine attack

  Following last week’s disclosureby Group-IB researchers of a major phishing campaign, Okta has warned its customers to be on their guard

• August 25, 2022 25 Aug'22

  Adaptive RedAlert, Monster ransomwares go cross-platform

  Kaspersky researchers have shared new intelligence on two emergent cyber criminal groups that have adapted their ransomwares to target different operating systems at the same time

• August 25, 2022 25 Aug'22

  Security pros fret about stress and promotion over cyber attacks

  CIISec’s annual report on the state of the security profession reveals some home truths for security leaders

• August 25, 2022 25 Aug'22

  LockBit 3.0 cements dominance of ransomware ecosystem

  Ransomware attacks were up 47% in July compared with the previous month, according to the latest threat data from NCC Group, with the LockBit family largely to blame

• August 24, 2022 24 Aug'22

  Most CISOs think they’ve been attacked by a nation state

  Most organisations have made changes to their cyber strategies and policies following Russia’s invasion, and almost two-thirds suspect they have been directly targeted or impacted by a nation-state cyber attack

• August 22, 2022 22 Aug'22

  Kaspersky threat data added to Microsoft Sentinel service

  Microsoft and Kaspersky have agreed a collaboration to integrate Kaspersky’s threat data feeds into Microsoft’s cloud-native SIEM/SOAR service

• August 22, 2022 22 Aug'22

  Lloyd’s to end insurance coverage for state cyber attacks

  Lloyd’s of London has instructed its members to exclude nation state cyber attacks from insurance policies beginning in 2023, saying they pose unacceptable levels of risk

• August 19, 2022 19 Aug'22

  Cozy Bear targets MS 365 environments with new tactics

  Cozy Bear, or APT29, is trying out new tricks as it seeks access to its targets’ Microsoft 365 environments

• August 18, 2022 18 Aug'22

  Growing MFA use spurs ‘pass-the-cookie’ attacks

  The exploitation of stolen session cookies by cyber criminals is once again back on the agenda, thanks to the growing popularity of multifactor authentication tools

• August 18, 2022 18 Aug'22

  It takes a breach to force boards to take notice of cyber, says UK government

  Too often, it takes a major incident for business leadership to pay attention to cyber issues, according to a government-commissioned study of victims

• August 16, 2022 16 Aug'22

  Why organisations need to harmonise their CIO and CISO roles

  Unless properly managed, conflicting responsibilities between the chief information officer and the chief information security officer can cause project delays and budget overruns, says Netskope’s Mike Anderson

• August 10, 2022 10 Aug'22

  Microsoft fixes two-year-old MSDT vulnerability in August update

  August’s Patch Tuesday drop fixes more than 120 CVEs, including another MSDT RCE zero-day that is being actively exploited.

• August 10, 2022 10 Aug'22

  ‘Coopetition’ a growing trend among ransomware gangs

  Sophos shares data from its new X-Ops unit at Black Hat in Las Vegas, revealing a growing number of ransomware victims being attacked by multiple gangs at the same time

• August 09, 2022 09 Aug'22

  HS2 sets aside £9.5m to cover cost of IR35 non-compliance

  HS2 has become the latest public sector entity to have fallen foul of the IR35 rules, with its accounts confirming that it is anticipating a tax bill of £9.5m for failing to assess the status of contractors provided to it by a third party

• August 04, 2022 04 Aug'22

  Spyware activity particularly impactful in July

  After a quiet June, vulnerability exploitation ramped up in July, with intrusions linked to spyware seeing unusually high volumes of activity, according to a report

• July 28, 2022 28 Jul'22

  Cyber criminals pivot away from macros as Microsoft changes bite

  As Microsoft resumes blocking macros by default in its Office application suite, reversing a temporary reversal, analysis from Proofpoint suggests the action has had a remarkable effect

• July 28, 2022 28 Jul'22

  Teams in Grenoble work on 6G breakthrough technology

  Even as 5G networks are being rolled out, new requirements are driving scientists, and engineers in Europe are back to the lab to start developing 6G

• July 27, 2022 27 Jul'22

  Consumers left out of pocket as security costs soar

  As the average cost of a security incident reaches an all-time high of nearly $4.5m, an IBM Security study reveals how these costs are being passed on to ordinary people