News

IT governance

• September 19, 2023 19 Sep'23

  Nominet and European counterparts link up on intelligence sharing

  The new European TLD ISAC, a collaborative project between top-level domain providers across Europe, aims to enhance their collective security posture to better protect internet users

• September 18, 2023 18 Sep'23

  Unregulated DeFi services abused in latest pig butchering twist

  Pig butchering scammers are taking advantage of the unregulated nature of DeFi crypto trading apps to siphon off even more money from their victims, according to the latest findings of an ongoing investigation

• September 18, 2023 18 Sep'23

  CMA focuses on data for AI foundation model

  Foundational AI models require vast amounts of data. Without access to diverse datasets, the market for foundational models risks being stifled

• September 18, 2023 18 Sep'23

  Government seeks industry views on cyber threat to UK CNI

  The Science, Innovation and Technology Select Committee is seeking evidence from the cyber sector as it launches an inquiry into the resilience of the UK's critical national infrastructure

• September 15, 2023 15 Sep'23

  Few organisations have a clear strategy for AI

  Few organisations are confident with the main concepts involved in developing AI-enabled business models

• September 15, 2023 15 Sep'23

  Las Vegas mainstay Caesars Palace likely paid off ransomware crew

  Caesars Entertainment, owner of the lavish Roman Empire-themed Caesars Palace casino in Las Vegas, has revealed it also suffered a ransomware attack, and appears to have paid off its hackers

• September 15, 2023 15 Sep'23

  Manchester police data breach a classic supply chain incident

  The developing data breach at Greater Manchester Police follows a cyber attack on the systems of a key supplier of ID services to the force

• September 14, 2023 14 Sep'23

  BlackCat on the hook for cyber attack that crippled Vegas casinos

  The ALPHV/BlackCat ransomware operation claimed responsibility for an attack that forced MGM Resorts to shut down systems at some of Las Vegas’ most popular gambling venues

• September 14, 2023 14 Sep'23

  Google, Microsoft and Mozilla push browser updates to foil zero-day

  A zero-day in Google’s Chrome browser was first reported by surveillance researchers at The Citizen Lab and Apple, but also affects other browsers

• September 14, 2023 14 Sep'23

  As vehicle safety regulations loom, carmakers fret over cyber risks

  Global, UN-backed car safety and security regulations come into force next year, and automotive bosses say they are not only unprepared, but “swamped” by a tide of compliance and security risks

• September 13, 2023 13 Sep'23

  GitHub fixes race condition that could have led to ‘repojacking’

  A subtle flaw in how GitHub handled repository creation and user renaming could have had serious consequences for the open source community, but has now been fixed. Learn more about how it worked

• September 13, 2023 13 Sep'23

  BianLian ransomware gang holds Save the Children hostage

  The dangerous and prolific BianLian ransomware gang claims to have stolen almost 7TB of data from NGO Save the Children, but thankfully the charity’s vital work on the ground appears to be unaffected

• September 13, 2023 13 Sep'23

  Storm-0324 gathers over Microsoft Teams

  An initial access broker associated with several different ransomware operations is now conducting Microsoft Teams phishing attacks

• September 13, 2023 13 Sep'23

  NCSC and ICO sign MoU to forge deeper collaborative links

  The scope of the MoU signed by the NCSC and the ICO includes collaboration on new cyber regulations and guidance, and how to support cyber attack victims appropriately and minimise regulatory penalties

• September 13, 2023 13 Sep'23

  Patch Tuesday: Microsoft fixes zero-days in Word and Streaming Service

  September 2023 brings a light Patch Tuesday, with two zero-days and five critical vulnerabilities listed in the latest release

• September 13, 2023 13 Sep'23

  ExtraHop open sources 16 million rows of threat domain data

  NDR specialist ExtraHop says making its entire machine learning dataset available for anybody to view will help organisations better defend against cyber attacks originating from malicious domains generated by algorithms

• September 12, 2023 12 Sep'23

  US casino giant MGM Resorts battles 36-hour outage after cyber attack

  Multiple systems at US hotel and casino operator MGM went down in the wake of the incident on 10 September, crippling several of Las Vegas’ most prominent casinos

• September 11, 2023 11 Sep'23

  Professional ransomware gangs clearly a threat, but attacks can be easily stopped

  NCSC and NCA report reveals insight into business models and underpinnings of ransomware gangs and their affiliates, but also urges defenders to take heart, as stopping a ransomware attack is not that hard to do

• September 11, 2023 11 Sep'23

  UK boardrooms and CISOs increasingly aligned on cyber risks

  Board members and CISOs in UK organisations seem to be working together much better, but while this is an encouraging sign, there remain some areas of concern over how the two relate to each other

• September 08, 2023 08 Sep'23

  Apple patches Blastpass exploit abused by spyware makers

  Apple has patched two vulnerabilities that formed an exploit chain which has been allegedly abused by spyware company NSO

• September 08, 2023 08 Sep'23

  Deputy PM urges UK plc not to lose focus on cyber

  In a speech at TechUK, deputy prime minister Oliver Dowden urges the cyber security community not to lose focus, and to do more to further collaboration across sectors

• September 07, 2023 07 Sep'23

  Government AI taskforce appoints new advisory board members

  An initial progress report published by the Taskforce provides detail on new appointments to its external advisory board as well as rebrand to focus on “frontier” artificial intelligence

• September 07, 2023 07 Sep'23

  Microsoft finds Storm-0558 exploited crash dump to steal signing key

  Microsoft has published new information on how the Chinese state threat actor Storm-0558 was able to exploit a rare race condition following a crash dump in order to acquire a consumer signing key

• September 06, 2023 06 Sep'23

  Meet the professional BEC op that targeted Microsoft 365 users for years

  The so-called W3LL cyber crime operation ran a phishing empire that has played a large role in compromising Microsoft 365 accounts for years. Its activities are now coming to light thanks to Group-IB researchers

• September 06, 2023 06 Sep'23

  Okta customers targeted in new wave of social engineering attacks

  Authentication specialist Okta has warned customers to be on alert for a campaign of social engineering attacks exploiting highly privileged users

• September 05, 2023 05 Sep'23

  Executive interview: ManageEngine president Rajesh Ganesan on the ‘three Ws’ of digital change

  Today's IT management model must assume that the workforce can operate from any workplace and use any workload with ease and security, as the security and service management software supplier explains

• September 05, 2023 05 Sep'23

  Researchers find flaw in Mend.io security platform

  WithSecure’s research team uncovered an authentication flaw in an application security platform developed by Mend.io, which has now been fixed

• September 05, 2023 05 Sep'23

  Law firm Fieldfisher launches data breach management tool

  UK and European data breach law specialist Fieldfisher has enlisted legal tech specialist Lawcadia to supply a 24-hour data breach notification assessment platform

• September 05, 2023 05 Sep'23

  Hacked Electoral Commission failed Cyber Essentials audit

  The Electoral Commission failed an NCSC Cyber Essentials audit on multiple counts at about the same time as cyber criminals breached its systems in 2021, it has emerged

• September 05, 2023 05 Sep'23

  NCSC names ex-NCC man as new CTO

  New NCSC CTO Ollie Whitehouse joins from NCC Group, having also worked at BlackBerry and Symantec

• September 04, 2023 04 Sep'23

  LockBit ransomware gang allegedly leaks MoD data after hit on supplier

  The UK government appears to have become entangled in a LockBit ransomware attack after data was leaked from a third-party supplier online

• September 01, 2023 01 Sep'23

  Police Scotland five-year digital strategy approved

  Police Scotland’s new strategy outlines how the force will approach and invest in its digital transformation over the next five years, but notes its ability to achieve its ambitions is subject to the availability of funding

• September 01, 2023 01 Sep'23

  IT experts issue new warnings over Online Safety Bill plans to weaken end-to-end encryption

  BCS, The Chartered Institute for IT, argues the government is seeking a technical fix to terrorism and child abuse without understanding the risks and implications

• August 31, 2023 31 Aug'23

  Home Office and MoD seeking new facial-recognition tech

  The UK’s Defence and Security Accelerator is running a ‘market exploration’ exercise on behalf of the Home Office to identify new facial-recognition capabilities for security and policing bodies in the UK

• August 30, 2023 30 Aug'23

  Met police data platform deployed with data protection issues

  Met Police deploys integrated record management system despite data protection ‘compliance issues' that would inhibit its ability to retrieve data, meet its statutory logging requirements, and respond to subject access requests

• August 29, 2023 29 Aug'23

  Top-performing CISOs reserve time for professional development

  Survey of chief information security officers conducted by Gartner sheds light on habits shared by the top-performing members of the profession

• August 24, 2023 24 Aug'23

  Bletchley Park to host UK government AI safety summit

  An international collaboration event on artificial intelligence safety is being run at the site that was home to the world’s first programmable computer

• August 23, 2023 23 Aug'23

  St Helens Council in Merseyside hit by ransomware attack

  St Helens Borough Council is investigating a suspected ransomware incident targeting its systems, and is advising residents to be on the alert for follow-on phishing attacks

• August 22, 2023 22 Aug'23

  Met Police data platform £64m over budget

  A freedom of information request has revealed that the Met’s Connect integrated record management system is running tens of millions over budget, and has already generated more than 25,000 support requests so far

• August 22, 2023 22 Aug'23

  Clop’s MOVEit attacks drive ransomware volumes to record high

  Such has been the scope of Clop’s activity since May that ransomware attack volumes have more than doubled year on year, according to the latest data

• August 21, 2023 21 Aug'23

  Cyber attack on Aussie energy services firm may hit UK CNI

  Energy One, an Australia-based supplier of tech services to the energy sector, is investigating the possibility that some UK customers may have been caught up in an ongoing cyber attack on its systems

• August 18, 2023 18 Aug'23

  BSI launches sustainability-focused startup accelerator

  Startups selected to participate in the BSI and Cambridge Institute of Sustainability Leadership’s joint sustainability startup accelerator are working in a diverse range of areas and using a variety of technologies to positively affect society

• August 17, 2023 17 Aug'23

  Researchers demo fake airplane mode exploit that tricks iPhone users

  Exploit chain that tricks a victim into believing their iOS device is offline in airplane mode when it is not could open the door to grave privacy concerns

• August 16, 2023 16 Aug'23

  NCSC expands Cyber Incident Response service more widely

  The NCSC has added a level to its CIR programme to enable more cyber attack victims to take advantage of the service, which offers access to assured incident response specialists

• August 16, 2023 16 Aug'23

  ITAM influence on cyber risk becoming a factor in credit ratings

  Credit agency S&P Global Ratings warns that organisations that pay inadequate attention to IT asset management as a factor in their cyber risk management processes may find their creditworthiness takes a dive

• August 15, 2023 15 Aug'23

  Biometrics and surveillance camera commissioner resigns

  Dual biometrics and surveillance camera watchdog will step down at the end of October 2023, noting that while he agreed to stay on until the Data Protection and Digital Information Bill received royal assent, continuing delays to its passage means ...

• August 15, 2023 15 Aug'23

  Norfolk and Suffolk police hit by FoI-linked data breach

  Latest UK police data breach relates to crime suspects, victims and witnesses across East Anglia, and comes just days after a similar incident at the Northern Irish service

• August 14, 2023 14 Aug'23

  US Cyber Board to probe cloud security after latest Exchange hack

  CSRB review of cloud security comes in the wake of a major Chinese cyber attack on US government bodies orchestrated through Microsoft’s cloud services

• August 11, 2023 11 Aug'23

  Google Help workers claim layoffs are retaliation for unionising

  More than 100 Google Help workers claim that Google and Accenture’s decision to layoff two-thirds of the team was done in retaliation for their attempts to form a union, while companies claim decision was made well in advance of unionisation attempt

• August 11, 2023 11 Aug'23

  Biden administration bans investment in Chinese high tech

  Executive Order prohibits investment firms from supporting Chinese firms specialising in AI, quantum and advanced semiconductors