News

IT governance

• September 07, 2022 07 Sep'22

  Albania cuts diplomatic ties with Iran after cyber attack

  In a global geopolitical first, the Albanian government has severed diplomatic ties with Iran and expelled its ambassador after it was targeted by an APT backed by Tehran

• September 07, 2022 07 Sep'22

  Prince’s Trust teams with threat management specialist in skills push

  Prince’s Trust hopes to address shortfall in cyber professionals and improve diversity in the industry

• September 07, 2022 07 Sep'22

  Hotel group IHG confirms cyber attack after two-day outage

  IHG, the operator of hotel chains Crowne Plaza, Holiday Inn, Intercontinental and Kimpton, says it has been targeted by an unknown threat actor

• September 06, 2022 06 Sep'22

  Campaigners call on Truss to change UK’s archaic hacking laws

  The CyberUp coalition, a campaign to reform the Computer Misuse Act, has called on Liz Truss to push ahead with needed changes to protect cyber pros from potential prosecution

• September 06, 2022 06 Sep'22

  Bus company Go-Ahead fighting off cyber attack

  Go-Ahead Group, which operates bus companies around the UK, says it is in the process of dealing with a cyber attack that may cause disruption to services

• September 05, 2022 05 Sep'22

  How Okta is regaining customer trust after a cyber attack

  In early 2022, cyber firm Okta was among several tech companies hit by the Lapsus$ gang. Vice-president of customer trust Ben King talks about how he has been working behind the scenes to rebuild confidence after the incident

• September 01, 2022 01 Sep'22

  Local authorities experience 10,000 attempted cyber attacks every day

  Local authorities across the UK face a daily deluge of cyber incidents, with phishing and DDoS attacks the most prevalent, according to an insurance broker

• September 01, 2022 01 Sep'22

  Swedish Electronics Protection Act coincides with major cyber spend

  Swedish cyber security law comes at a time of heavy government investment

• August 30, 2022 30 Aug'22

  IAM house Okta confirms 0ktapus/Scatter Swine attack

  Following last week’s disclosureby Group-IB researchers of a major phishing campaign, Okta has warned its customers to be on their guard

• August 25, 2022 25 Aug'22

  Criminal 0ktapus spoofed IAM firm in massive phishing attack

  Researchers at Group-IB have published research on a major phishing campaign that ensnared victims at the likes of Cloudflare and Twilio

• August 25, 2022 25 Aug'22

  Millions of Plex users may be at risk in password breach

  Up to half of Plex’s 30 million users may have had their personal data stolen by an unknown threat actor

• August 25, 2022 25 Aug'22

  LockBit 3.0 cements dominance of ransomware ecosystem

  Ransomware attacks were up 47% in July compared with the previous month, according to the latest threat data from NCC Group, with the LockBit family largely to blame

• August 24, 2022 24 Aug'22

  Most CISOs think they’ve been attacked by a nation state

  Most organisations have made changes to their cyber strategies and policies following Russia’s invasion, and almost two-thirds suspect they have been directly targeted or impacted by a nation-state cyber attack

• August 24, 2022 24 Aug'22

  Alleged Twitter security failings spell trouble ahead

  Twitter’s former security head, Peiter Zatko, has alleged a number of serious cyber failures at the social media platform, raising the spectre of investigations and sanctions

• August 23, 2022 23 Aug'22

  NCSC shares cyber guidance for large infrastructure builds

  Balfour Beatty and McAlpine are among the large construction firms to have input into latest NCSC guidance for ensuring the security of major infrastructure projects

• August 22, 2022 22 Aug'22

  Kaspersky threat data added to Microsoft Sentinel service

  Microsoft and Kaspersky have agreed a collaboration to integrate Kaspersky’s threat data feeds into Microsoft’s cloud-native SIEM/SOAR service

• August 22, 2022 22 Aug'22

  Lloyd’s to end insurance coverage for state cyber attacks

  Lloyd’s of London has instructed its members to exclude nation state cyber attacks from insurance policies beginning in 2023, saying they pose unacceptable levels of risk

• August 19, 2022 19 Aug'22

  Google employees demand end to collection of abortion data

  In the wake of the US Supreme Court rolling back abortion rights, Google employees are calling on the company to stop collecting abortion-related data, so that it can never be shared with police

• August 19, 2022 19 Aug'22

  Cozy Bear targets MS 365 environments with new tactics

  Cozy Bear, or APT29, is trying out new tricks as it seeks access to its targets’ Microsoft 365 environments

• August 18, 2022 18 Aug'22

  LexisNexis sued by immigration advocates over data practices

  Four immigration advocacy groups launch lawsuit in Illinois alleging data broker’s collection, aggregation and sale of people’s personal data, including non-public information, to corporations and government bodies

• August 18, 2022 18 Aug'22

  It takes a breach to force boards to take notice of cyber, says UK government

  Too often, it takes a major incident for business leadership to pay attention to cyber issues, according to a government-commissioned study of victims

• August 16, 2022 16 Aug'22

  South Staffs Water is victim of botched Clop attack

  South Staffordshire Water moves to reassure customers that their supplies remain safe after its attackers screw up their initial assault

• August 16, 2022 16 Aug'22

  Why organisations need to harmonise their CIO and CISO roles

  Unless properly managed, conflicting responsibilities between the chief information officer and the chief information security officer can cause project delays and budget overruns, says Netskope’s Mike Anderson

• August 15, 2022 15 Aug'22

  Lawyers and journalists sue CIA and Mike Pompeo over Assange surveillance claims

  CIA and its former director sued over allegations that they authorised unlawful spying on US citizens when they visited WikiLeaks founder Julian Assange at the Ecuadorian Embassy in London

• August 15, 2022 15 Aug'22

  How clean data helps Southern Water identify vulnerable customers

  Escalating prices means households around the country are having to tighten spending, with many struggling to pay their bills. Water4All, a consortium led by Southern Water, is using data to identify low-income and vulnerable households so they can ...

• August 15, 2022 15 Aug'22

  Report reveals consensus around Computer Misuse Act reform

  A study produced by the CyberUp campaign reveals broad alignment among security professionals on questions around the Computer Misuse Act, which it hopes will give confidence to policymakers as they explore its reform

• August 12, 2022 12 Aug'22

  Online Safety Bill ‘not fit for purpose’, say tech experts

  IT specialists lack confidence that legislation compelling tech firms to tackle online harms will work as intended, with only a small minority believing ‘harmful but legal’ content can be effectively and proportionately policed by internet platforms

• August 11, 2022 11 Aug'22

  NHS may take a month to recover from supply chain attack

  Ransomware attack victim Advanced warns its NHS customers they could be waiting until early September to fully recover their operations

• August 10, 2022 10 Aug'22

  Microsoft fixes two-year-old MSDT vulnerability in August update

  August’s Patch Tuesday drop fixes more than 120 CVEs, including another MSDT RCE zero-day that is being actively exploited.

• August 10, 2022 10 Aug'22

  ‘Coopetition’ a growing trend among ransomware gangs

  Sophos shares data from its new X-Ops unit at Black Hat in Las Vegas, revealing a growing number of ransomware victims being attacked by multiple gangs at the same time

• August 10, 2022 10 Aug'22

  UK to surveil convicted migrants with facial recognition

  A Home Office scheme to biometrically scan the faces of convicted migrants who have already carried out punishments has come under fire from privacy and human rights groups for being discriminatory

• August 09, 2022 09 Aug'22

  Cyber insurance getting harder to obtain

  Organisations looking to shore up their security postures face more and more barriers to obtaining cyber insurance

• August 08, 2022 08 Aug'22

  NHS recovering key services after attack on supplier

  Incident at software provider Advanced took out multiple NHS services before the weekend, including the 111 advice service

• August 05, 2022 05 Aug'22

  Reliance on PSN may have exacerbated cyber attack impact

  As it seeks a new supplier to reinvigorate the migration away from the Public Services Network, the Cabinet Office says relying on the legacy network may be putting public sector bodies at heightened risk in cyber attacks

• August 04, 2022 04 Aug'22

  SBRC to administer NCSC training across Scotland

  The Scottish Business Resilience Centre has been awarded a £500,000 contract to extend cyber resilience training across more than 250 at-risk organisations

• August 03, 2022 03 Aug'22

  New EU due diligence law needs amending to stop tech sector abuse

  European corporate due diligence directive seeking to transform how companies approach their human rights and environmental risk is welcome, but without further changes, it will fail to effectively curb tech firms’ harmful practices, claims ...

• August 02, 2022 02 Aug'22

  UK safety tech sector sees strong revenue and employment growth

  Safety tech is now one of the fastest-growing sectors in the UK tech industry, with jumps in revenue, investment and employment

• July 29, 2022 29 Jul'22

  Austrian data firm accused of selling malware, conducting cyber attacks

  Microsoft has accused DSIRF, an Austrian data services firm, of involvement in a string of cyber attacks

• July 28, 2022 28 Jul'22

  H0lyGh0st ransomware gang faces challenges, but still a threat

  Digital Shadows reports on the recently identified H0lyGh0st ransomware outfit, a new threat actor operating out of North Korea that faces some clear challenges, but is nevertheless still a live threat

• July 28, 2022 28 Jul'22

  NCSC startups scheme turns focus to operational technology, SME security

  NCSC for Startups initiative turns its focus to supporting innovation around securing operational technology and addressing the challenges facing small businesses

• July 28, 2022 28 Jul'22

  Home Office selects CGI as strategic delivery partner

  IT services supplier will act as strategic delivery partner for the Home Office’s plans to modernise and join up UK law enforcement’s digital capabilities

• July 28, 2022 28 Jul'22

  Hibs push for the backup premier league with Acronis

  Hibernian FC signs Acronis to get top division data protection and make the most of ticketing information and match footage as it tries to gain more value from the data it holds

• July 27, 2022 27 Jul'22

  Consumers left out of pocket as security costs soar

  As the average cost of a security incident reaches an all-time high of nearly $4.5m, an IBM Security study reveals how these costs are being passed on to ordinary people

• July 27, 2022 27 Jul'22

  US doubles bounty on Lazarus cyber crime group to $10m

  US State Department doubles a previously announced reward for information on North Korean cyber criminals, including the notorious Lazarus group

• July 27, 2022 27 Jul'22

  Retail software firm PrestaShop warns users about SQL injection attacks

  Open source e-commerce platform PrestaShop warns thousands of small retailers that their customers’ credit card details may be at risk of compromise

• July 27, 2022 27 Jul'22

  Cyber security training ‘boring’ and largely ignored

  Two-thirds of employees don’t bother to pay attention to cyber security training – and the fault does not lie with them

• July 26, 2022 26 Jul'22

  Secret court asked to quash a decade of MI5 surveillance warrants following ‘systemic breaches’

  The culture at MI5 was to ‘prioritise’ missions ‘over everything else’, including compliance with safeguards designed to protect the public, the UK’s most secret court heard yesterday

• July 26, 2022 26 Jul'22

  No More Ransom initiative helps 1.5 million people in six years

  One and a half million people have now taken advantage of free ransomware decryption tools offered by a joint European project

• July 26, 2022 26 Jul'22

  Meta publishes first-ever human rights report

  Meta details its approach to protecting and promoting human rights, but civil society groups say the company has failed to grapple with the human rights risks associated with its own business model

• July 26, 2022 26 Jul'22

  Ducktail infostealer targets Facebook Business users

  Newly uncovered Ducktail operation targets individuals with access to Facebook Business service and tries to steal their accounts