News
IT governance
-
October 03, 2023
03
Oct'23
Top science journal faced secret attacks from Covid conspiracy theory group
A conspiratorial group of extreme Brexit lobbyists mounted an extraordinary campaign against one of the world’s most prestigious science journals – part of a series of joint investigations between Byline Times and Computer Weekly
-
September 29, 2023
29
Sep'23
First subpostmaster Horizon conviction overturned in Scotland
Scotland has seen its first Post Office Horizon conviction overturned, taking the UK total to 92
-
September 29, 2023
29
Sep'23
Government ‘breached privacy’ of Horizon victims with compensation offer, says lawyer
The government breached the privacy of victims of the Post Office Horizon scandal through making a compensation offer public
-
September 29, 2023
29
Sep'23
Scottish watchdog urges wider biometric oversight
Scotland’s biometrics watchdog urges Scottish Parliament to extend oversight of biometric information to include the entire criminal justice system, not just police
-
September 28, 2023
28
Sep'23
US lawmakers write to AI firms about ‘gruelling’ work conditions
Lawmakers have written to nine tech companies – including Amazon, Google and Microsoft – about the working conditions of those they employ to train and maintain their artificial intelligence systems, giving them until 11 October 2023 to respond
-
September 28, 2023
28
Sep'23
Businesses disconnected from realities of API security
Business leaders feel confident they’ve got a handle on API security, but at the same time, incidents are through the roof, according to a report
-
September 28, 2023
28
Sep'23
Security and risk management spending to grow 14% next year
Growth in public cloud services will stand out over the next 12 months, as Gartner projects an overall 14% increase in cyber spending in 2024
-
September 28, 2023
28
Sep'23
Yahoo picks Intigriti to run crowdsourced bug bounty programme
Digital media brand Yahoo is setting up a crowdsourced bug bounty programme with ethical hacking specialist Intigriti, and is reaching out to the Capture the Flag community to participate
-
September 27, 2023
27
Sep'23
City of Las Vegas masters cyber incident response with Darktrace
The high-rolling city of Las Vegas experiences unique cyber security challenges rarely seen elsewhere. CIO Mike Sherwood reveals how he turned to Darktrace to help address incidents quicker and with confidence
-
September 26, 2023
26
Sep'23
UK government quietly disbands data ethics advisory board
The government has disbanded its Centre for Data Ethics and Innovation’s advisory board in favour of pulling the relevant artificial intelligence (AI) and data knowledge from a pool of external experts
-
September 26, 2023
26
Sep'23
Cover-ups still the norm in the wake of a cyber incident
Almost half of organisations that have experienced a cyber incident did not report it to the appropriate authorities, according to a report
-
September 26, 2023
26
Sep'23
Crest and IASME to deliver upcoming NCSC Cyber Exercise programme
Crest and IASME have been tasked with assuring that security services providers signing up to a soon-to-launch NCSC Cyber Incident Exercising scheme are up to the job
-
September 25, 2023
25
Sep'23
Apple fixes three vulnerabilities found by spyware researchers
Apple has patched three more vulnerabilities uncovered by spyware and surveillance researchers at The Citizen Lab
-
September 22, 2023
22
Sep'23
CMA unblocks Microsoft/Activision deal without cloud gaming
Microsoft’s Activision buy looks set to get the thumbs-up after a deal that stops the two companies from distributing cloud gaming to UK consumers
-
September 22, 2023
22
Sep'23
UK-US data bridge to open to traffic on 12 October
Government forges ahead with the implementation of the UK-US data bridge, which will come into effect for real just under three weeks from now
-
September 22, 2023
22
Sep'23
Cyber experts set out plan to secure future US elections
A group of experts are setting out to enhance election cyber security in the United States, and restore public faith in a process tainted by interference and misinformation in the past
-
September 22, 2023
22
Sep'23
Lords begin inquiry into large language models
Lords will examine the risks and opportunities of large language models and look at how government can effectively manage them in the coming years
-
September 21, 2023
21
Sep'23
‘Top’ ransomware gangs favour smaller businesses
Despite high-profile attacks on prominent organisations, the world’s most prolific ransomware operations tend to target smaller businesses
-
September 21, 2023
21
Sep'23
Poor digital experience a blocker for cyber resilience
Organisations that neglect the digital employee experience are not only vulnerable to employee attrition, but putting themselves at increased cyber risk, an Ivanti report finds
-
September 20, 2023
20
Sep'23
Organisations failing to proactively address insider cyber risk
Organisations are spending less than 10% of their annual security budgets on trying to solve one of the costliest problems in cyber: insider risk
-
September 20, 2023
20
Sep'23
Multi-agency pilot aims to help innovators navigate regulatory landscape
Regulators join forces in pilot scheme to help businesses deploy new technologies in a way that complies with cross-industry regulations
-
September 19, 2023
19
Sep'23
Braverman puts pressure on Meta to pause end-to-end encryption plans
The home secretary is calling on Meta to halt its plans to introduce encrypted messaging services on Facebook and Instagram until the company puts measures in place to detect abuse
-
September 19, 2023
19
Sep'23
Okta confirms link to cyber attacks on Las Vegas casinos
Okta CISO David Bradbury confirms widespread speculation about the high-profile cyber attacks on two Las Vegas casino operators, revealing that the threat actors responsible had indeed abused its services as they earlier claimed
-
September 19, 2023
19
Sep'23
38TB Microsoft data leak highlights risks of oversharing
An accidentally disclosed SAS token with excessive privileges enabled researchers to access nearly 40TB of Microsoft’s data, highlighting the risks of privilege mismanagement and oversharing
-
September 19, 2023
19
Sep'23
Nominet and European counterparts link up on intelligence sharing
The new European TLD ISAC, a collaborative project between top-level domain providers across Europe, aims to enhance their collective security posture to better protect internet users
-
September 18, 2023
18
Sep'23
Unregulated DeFi services abused in latest pig butchering twist
Pig butchering scammers are taking advantage of the unregulated nature of DeFi crypto trading apps to siphon off even more money from their victims, according to the latest findings of an ongoing investigation
-
September 18, 2023
18
Sep'23
CMA focuses on data for AI foundation model
Foundational AI models require vast amounts of data. Without access to diverse datasets, the market for foundational models risks being stifled
-
September 18, 2023
18
Sep'23
Government seeks industry views on cyber threat to UK CNI
The Science, Innovation and Technology Select Committee is seeking evidence from the cyber sector as it launches an inquiry into the resilience of the UK's critical national infrastructure
-
September 15, 2023
15
Sep'23
Few organisations have a clear strategy for AI
Few organisations are confident with the main concepts involved in developing AI-enabled business models
-
September 15, 2023
15
Sep'23
Las Vegas mainstay Caesars Palace likely paid off ransomware crew
Caesars Entertainment, owner of the lavish Roman Empire-themed Caesars Palace casino in Las Vegas, has revealed it also suffered a ransomware attack, and appears to have paid off its hackers
-
September 15, 2023
15
Sep'23
Manchester police data breach a classic supply chain incident
The developing data breach at Greater Manchester Police follows a cyber attack on the systems of a key supplier of ID services to the force
-
September 14, 2023
14
Sep'23
BlackCat on the hook for cyber attack that crippled Vegas casinos
The ALPHV/BlackCat ransomware operation claimed responsibility for an attack that forced MGM Resorts to shut down systems at some of Las Vegas’ most popular gambling venues
-
September 14, 2023
14
Sep'23
Google, Microsoft and Mozilla push browser updates to foil zero-day
A zero-day in Google’s Chrome browser was first reported by surveillance researchers at The Citizen Lab and Apple, but also affects other browsers
-
September 14, 2023
14
Sep'23
As vehicle safety regulations loom, carmakers fret over cyber risks
Global, UN-backed car safety and security regulations come into force next year, and automotive bosses say they are not only unprepared, but “swamped” by a tide of compliance and security risks
-
September 13, 2023
13
Sep'23
GitHub fixes race condition that could have led to ‘repojacking’
A subtle flaw in how GitHub handled repository creation and user renaming could have had serious consequences for the open source community, but has now been fixed. Learn more about how it worked
-
September 13, 2023
13
Sep'23
BianLian ransomware gang holds Save the Children hostage
The dangerous and prolific BianLian ransomware gang claims to have stolen almost 7TB of data from NGO Save the Children, but thankfully the charity’s vital work on the ground appears to be unaffected
-
September 13, 2023
13
Sep'23
Storm-0324 gathers over Microsoft Teams
An initial access broker associated with several different ransomware operations is now conducting Microsoft Teams phishing attacks
-
September 13, 2023
13
Sep'23
NCSC and ICO sign MoU to forge deeper collaborative links
The scope of the MoU signed by the NCSC and the ICO includes collaboration on new cyber regulations and guidance, and how to support cyber attack victims appropriately and minimise regulatory penalties
-
September 13, 2023
13
Sep'23
Patch Tuesday: Microsoft fixes zero-days in Word and Streaming Service
September 2023 brings a light Patch Tuesday, with two zero-days and five critical vulnerabilities listed in the latest release
-
September 13, 2023
13
Sep'23
ExtraHop open sources 16 million rows of threat domain data
NDR specialist ExtraHop says making its entire machine learning dataset available for anybody to view will help organisations better defend against cyber attacks originating from malicious domains generated by algorithms
-
September 12, 2023
12
Sep'23
US casino giant MGM Resorts battles 36-hour outage after cyber attack
Multiple systems at US hotel and casino operator MGM went down in the wake of the incident on 10 September, crippling several of Las Vegas’ most prominent casinos
-
September 11, 2023
11
Sep'23
Professional ransomware gangs clearly a threat, but attacks can be easily stopped
NCSC and NCA report reveals insight into business models and underpinnings of ransomware gangs and their affiliates, but also urges defenders to take heart, as stopping a ransomware attack is not that hard to do
-
September 11, 2023
11
Sep'23
UK boardrooms and CISOs increasingly aligned on cyber risks
Board members and CISOs in UK organisations seem to be working together much better, but while this is an encouraging sign, there remain some areas of concern over how the two relate to each other
-
September 08, 2023
08
Sep'23
Apple patches Blastpass exploit abused by spyware makers
Apple has patched two vulnerabilities that formed an exploit chain which has been allegedly abused by spyware company NSO
-
September 08, 2023
08
Sep'23
Deputy PM urges UK plc not to lose focus on cyber
In a speech at TechUK, deputy prime minister Oliver Dowden urges the cyber security community not to lose focus, and to do more to further collaboration across sectors
-
September 07, 2023
07
Sep'23
Government AI taskforce appoints new advisory board members
An initial progress report published by the Taskforce provides detail on new appointments to its external advisory board as well as rebrand to focus on “frontier” artificial intelligence
-
September 07, 2023
07
Sep'23
Microsoft finds Storm-0558 exploited crash dump to steal signing key
Microsoft has published new information on how the Chinese state threat actor Storm-0558 was able to exploit a rare race condition following a crash dump in order to acquire a consumer signing key
-
September 06, 2023
06
Sep'23
Meet the professional BEC op that targeted Microsoft 365 users for years
The so-called W3LL cyber crime operation ran a phishing empire that has played a large role in compromising Microsoft 365 accounts for years. Its activities are now coming to light thanks to Group-IB researchers
-
September 06, 2023
06
Sep'23
Okta customers targeted in new wave of social engineering attacks
Authentication specialist Okta has warned customers to be on alert for a campaign of social engineering attacks exploiting highly privileged users
-
September 05, 2023
05
Sep'23
Executive interview: ManageEngine president Rajesh Ganesan on the ‘three Ws’ of digital change
Today's IT management model must assume that the workforce can operate from any workplace and use any workload with ease and security, as the security and service management software supplier explains