News

IT governance

July 27, 2022 27 Jul'22
Retail software firm PrestaShop warns users about SQL injection attacks

Open source e-commerce platform PrestaShop warns thousands of small retailers that their customers’ credit card details may be at risk of compromise
July 27, 2022 27 Jul'22
Cyber security training ‘boring’ and largely ignored

Two-thirds of employees don’t bother to pay attention to cyber security training – and the fault does not lie with them
July 26, 2022 26 Jul'22
Secret court asked to quash a decade of MI5 surveillance warrants following ‘systemic breaches’

The culture at MI5 was to ‘prioritise’ missions ‘over everything else’, including compliance with safeguards designed to protect the public, the UK’s most secret court heard yesterday
July 26, 2022 26 Jul'22
No More Ransom initiative helps 1.5 million people in six years

One and a half million people have now taken advantage of free ransomware decryption tools offered by a joint European project

July 26, 2022 26 Jul'22
Meta publishes first-ever human rights report

Meta details its approach to protecting and promoting human rights, but civil society groups say the company has failed to grapple with the human rights risks associated with its own business model
July 26, 2022 26 Jul'22
Ducktail infostealer targets Facebook Business users

Newly uncovered Ducktail operation targets individuals with access to Facebook Business service and tries to steal their accounts
July 25, 2022 25 Jul'22
Home Office ‘unlawfully’ approved MI5 bulk surveillance warrants

MI5 provided ‘false information’ to the Home Office to secure bulk surveillance warrants, the Investigatory Powers Tribunal heard
July 25, 2022 25 Jul'22
NCSC seeks community input for Cyber Advisor service

The NCSC is proposing to establish a new Cyber Advisor service to train up experts in security guidance, and is inviting interested parties to come forward
July 25, 2022 25 Jul'22
The Security Interviews: Why you need to protect abandoned digital assets

The war in Ukraine and subsequent boycott of Russia resulted in a swathe of digital infrastructure being abandoned, becoming a potential vulnerability for many organisations, says Cyberpion’s Ran Nahmias
July 22, 2022 22 Jul'22
LinkedIn most impersonated brand in phishing attacks

Social network LinkedIn, along with Microsoft and DHL, are just some of the brands that are most frequently imitated by cyber criminals conducting phishing attacks

July 22, 2022 22 Jul'22
Forrester: European cloud adoption accelerates

The rise in public cloud usage across the UK and EU will speed up new cloud-specific regulations
July 21, 2022 21 Jul'22
Buy ‘plug-n-play’ malware for the price of a pint of beer

Three-quarters of malwares and almost 90% of exploits retail on the dark web for about £8.40 or less, according to a report
July 21, 2022 21 Jul'22
Russia-linked APTs targeted fleeing Ukrainian civilians

Mandiant and the US authorities have shared details of a phishing campaign that spoofed humanitarian information on evacuation procedures to target Ukrainians fleeing Russian bombardment
July 21, 2022 21 Jul'22
UK government introduces data reforms legislation to Parliament

Proposed changes to UK’s data protection regime include new grounds for data processing, significant powers for the secretary of state to direct the regime’s application, and fewer restrictions on law enforcement’s use of data
July 20, 2022 20 Jul'22
Transatlantic PET contest open for entries

A joint UK-US innovation prize challenge for developers of privacy-enhancing technologies has opened for entries
July 20, 2022 20 Jul'22
Cato aims to bust cyber myths as it extends network protections

Cato Networks is beefing up its platform’s security features with ransomware and data loss protections, and the firm’s security strategy lead Etay Maor is using the occasion – and his unique access to billions of data points from the firm’s network ...
July 20, 2022 20 Jul'22
Barnet Council to bring work outsourced to Capita back in-house by 2026

London borough is bringing swathes of outsourced services back in-house next year, with more to follow by 2026
July 20, 2022 20 Jul'22
Russia’s Cozy Bear abusing Dropbox, Google Drive to target victims

Russian APT known as Cozy Bear has become adept at quickly incorporating popular cloud storage services into its attack chain to avoid detection
July 19, 2022 19 Jul'22
Pro-business AI framework spans sector-specific regulations

But should organisations deploying artificial intelligence comply with EU or UK proposals?
July 18, 2022 18 Jul'22
US cyber agency CISA to open London office

The US Cybersecurity and Infrastructure Security Agency has chosen London to host its first office outside America
July 15, 2022 15 Jul'22
NHS trust ‘deliberately’ deleted up to 90,000 emails before tribunal hearing

A high-profile case brought by NHS whistleblower Chris Day raises questions about the adequacy of information governance practices in NHS hospital trusts
July 15, 2022 15 Jul'22
Drivers’ union calls for immediate dismissal of Uber executive

Uber’s continued employment of an executive directly involved in efforts to resist regulatory oversight puts the ride-hailing firm in breach of its 2018 licence conditions, says drivers’ union
July 15, 2022 15 Jul'22
Log4Shell on its way to becoming ‘endemic’

US government report concludes that, like Covid, Log4Shell will be with us for a long time to come
July 14, 2022 14 Jul'22
How hostile government APTs target journalists for cyber intrusions

Proofpoint shares data on multiple campaigns of cyber intrusions against journalists originating from threat actors aligned to the governments of China, Iran, North Korea and Turkey
July 14, 2022 14 Jul'22
ICO wants to ‘empower people through information’

Information Commissioner’s Office sets out commitment to safeguard the information rights of the most vulnerable people in UK society
July 13, 2022 13 Jul'22
Slippery phish wriggles around MFA protections, says Microsoft

Microsoft’s threat researchers share details of a phishing campaign that hit 10,000 organisations, against which standard multifactor authentication provides little defence
July 13, 2022 13 Jul'22
ICO calls for review into government use of private email and WhatsApp messages

Information Commissioner’s Office reprimands Department of Health and Social Care after ministers and officials conducted government business on their own email accounts and messaging apps
July 12, 2022 12 Jul'22
MaliBot Android malware spreading fast, says Check Point

The MaliBot malware is becoming a persistent and widespread problem, and Android users should be on their guard, says Check Point
July 12, 2022 12 Jul'22
Microsoft Windows Autopatch now generally available

Microsoft customers with Windows Enterprise E3 and E5 licences can now take full advantage of its new automated patching service
July 11, 2022 11 Jul'22
Oracle to open first sovereign cloud regions for EU-based users in 2023

Database software giant Oracle has set out plans to provide private enterprises and public sector organisations with access to sovereign cloud regions, with the first set to open in Spain and Germany next year
July 11, 2022 11 Jul'22
Microsoft VBA macro block will return

Microsoft provides more details about its sudden decision to rollback a landmark security policy, and reassures users it is a temporary measure
July 08, 2022 08 Jul'22
Ofcom publishes Online Safety Roadmap

The roadmap sets out how the online harms regulator will approach implementing the UK’s online safety regime, and tells tech firms to start preparing for the new rules
July 08, 2022 08 Jul'22
Stop telling clients to pay ransomware gangs, solicitors told

The NCSC and the ICO are calling on solicitors to help tackle the rising number of ransomware payments being made, and to stop giving erroneous advice to victims
July 07, 2022 07 Jul'22
MI5, FBI chiefs warn of Chinese cyber espionage threat

In a joint appearance in London, MI5 director general Ken McCallum and FBI director Chris Wray warn of the growing threat posed by the Chinese government to UK and US interests
July 07, 2022 07 Jul'22
UK signs ‘in principle’ data adequacy agreement with South Korea

Bilateral adequacy agreement will allow businesses to conduct cross-border data transfers with minimal restrictions
July 07, 2022 07 Jul'22
Latest Marriott data breach not as serious as others

Questions are again being raised over Marriott’s cyber security practices following yet another incident, but fortunately it seems limited in its scope, and the company is responding appropriately
July 06, 2022 06 Jul'22
Plexal seeks new scaleups for next phase of Cyber Runway

Established security startups looking to grow and scale their operations are being invited to join the next phase of Plexal’s Cyber Runway programme
July 06, 2022 06 Jul'22
ESET: Lazarus APT hit aero, defence sector with fake job ads

ESET researchers present new findings into a series of cyber attacks on the aerospace and defence sectors by North Korea’s Lazarus crime syndicate
July 05, 2022 05 Jul'22
Legacy UK customs system stops accepting registration requests

HMRC closes new applications to legacy customs system as its shutdown nears
July 05, 2022 05 Jul'22
NCSC CEO: Why we should run towards crises to elevate cyber security

National Cyber Security Centre CEO Lindy Cameron, the 2022 Computer Weekly UKtech50 Most Influential Person in UK IT, reflects on a career immersed in crisis management, and how she is using this to elevate cyber security standards across the country
July 04, 2022 04 Jul'22
MPs call for ban on Chinese surveillance camera technology

Nearly 70 MPs have called on the government to ban Chinese camera technology that is widely used by UK government agencies despite links to human rights abuses in China
July 04, 2022 04 Jul'22
Government rejects Lords police tech inquiry recommendations

The government has largely rejected the findings and recommendations of a House of Lords inquiry into police tech, which called for an overhaul of how police deploy artificial intelligence and algorithmic technologies
June 30, 2022 30 Jun'22
ICO to cut back on fines for public sector data breaches

Information commissioner John Edwards sets out a revised approach to how the ICO handles data breaches in the public sector, saying fining victims risks punishing the public twice over
June 29, 2022 29 Jun'22
Urgent need for new laws to govern biometrics, legal review finds

Independent review says new framework is needed to clear up legal and ethical concerns over the use of biometric data and technologies, which can impact privacy, freedom of expression and other human rights
June 29, 2022 29 Jun'22
New cyber extortion op appears to have hit AMD

Semiconductor specialist AMD has confirmed it is investigating reports that a ‘bad actor’ has stolen hundreds of gigabytes of its data
June 29, 2022 29 Jun'22
Spy agencies need ‘independent authorisation’ to access telecoms data, say judges

The High Court has ruled that UK intelligence agencies should seek independent authorisation before accessing phone and internet records during criminal investigations
June 28, 2022 28 Jun'22
Proposed changes to copyright law open doors for AI data mining

Update to copyright law will mean researchers who already have access to data will not require extra permission from copyright owner to run data mining algorithms, removing barriers to artificial intelligence research and development
June 28, 2022 28 Jun'22
Executive interview: Chris Conradi, chief digital officer, FSN Capital

Chris Conradi is taking his learnings at Google into the private equity industry at Norway’s FSN Capital
June 27, 2022 27 Jun'22
Commercial cyber products must be used responsibly, says NCSC CEO

NCSC’s Lindy Cameron is to speak out on responsible regulation of cyber capabilities at an event in Tel Aviv, Israel
June 27, 2022 27 Jun'22
Brexit a net negative for UK cyber, say CISOs

Six years on from the UK’s Brexit vote, the majority of security professionals say leaving the EU has raised concerns over their ability to keep their organisations safe