News
IT governance
-
September 19, 2023
19
Sep'23
Nominet and European counterparts link up on intelligence sharing
The new European TLD ISAC, a collaborative project between top-level domain providers across Europe, aims to enhance their collective security posture to better protect internet users
-
September 18, 2023
18
Sep'23
Unregulated DeFi services abused in latest pig butchering twist
Pig butchering scammers are taking advantage of the unregulated nature of DeFi crypto trading apps to siphon off even more money from their victims, according to the latest findings of an ongoing investigation
-
September 18, 2023
18
Sep'23
CMA focuses on data for AI foundation model
Foundational AI models require vast amounts of data. Without access to diverse datasets, the market for foundational models risks being stifled
-
September 18, 2023
18
Sep'23
Government seeks industry views on cyber threat to UK CNI
The Science, Innovation and Technology Select Committee is seeking evidence from the cyber sector as it launches an inquiry into the resilience of the UK's critical national infrastructure
-
September 15, 2023
15
Sep'23
Few organisations have a clear strategy for AI
Few organisations are confident with the main concepts involved in developing AI-enabled business models
-
September 15, 2023
15
Sep'23
Las Vegas mainstay Caesars Palace likely paid off ransomware crew
Caesars Entertainment, owner of the lavish Roman Empire-themed Caesars Palace casino in Las Vegas, has revealed it also suffered a ransomware attack, and appears to have paid off its hackers
-
September 15, 2023
15
Sep'23
Manchester police data breach a classic supply chain incident
The developing data breach at Greater Manchester Police follows a cyber attack on the systems of a key supplier of ID services to the force
-
September 14, 2023
14
Sep'23
BlackCat on the hook for cyber attack that crippled Vegas casinos
The ALPHV/BlackCat ransomware operation claimed responsibility for an attack that forced MGM Resorts to shut down systems at some of Las Vegas’ most popular gambling venues
-
September 14, 2023
14
Sep'23
Google, Microsoft and Mozilla push browser updates to foil zero-day
A zero-day in Google’s Chrome browser was first reported by surveillance researchers at The Citizen Lab and Apple, but also affects other browsers
-
September 14, 2023
14
Sep'23
As vehicle safety regulations loom, carmakers fret over cyber risks
Global, UN-backed car safety and security regulations come into force next year, and automotive bosses say they are not only unprepared, but “swamped” by a tide of compliance and security risks
-
September 13, 2023
13
Sep'23
GitHub fixes race condition that could have led to ‘repojacking’
A subtle flaw in how GitHub handled repository creation and user renaming could have had serious consequences for the open source community, but has now been fixed. Learn more about how it worked
-
September 13, 2023
13
Sep'23
BianLian ransomware gang holds Save the Children hostage
The dangerous and prolific BianLian ransomware gang claims to have stolen almost 7TB of data from NGO Save the Children, but thankfully the charity’s vital work on the ground appears to be unaffected
-
September 13, 2023
13
Sep'23
Storm-0324 gathers over Microsoft Teams
An initial access broker associated with several different ransomware operations is now conducting Microsoft Teams phishing attacks
-
September 13, 2023
13
Sep'23
NCSC and ICO sign MoU to forge deeper collaborative links
The scope of the MoU signed by the NCSC and the ICO includes collaboration on new cyber regulations and guidance, and how to support cyber attack victims appropriately and minimise regulatory penalties
-
September 13, 2023
13
Sep'23
Patch Tuesday: Microsoft fixes zero-days in Word and Streaming Service
September 2023 brings a light Patch Tuesday, with two zero-days and five critical vulnerabilities listed in the latest release
-
September 13, 2023
13
Sep'23
ExtraHop open sources 16 million rows of threat domain data
NDR specialist ExtraHop says making its entire machine learning dataset available for anybody to view will help organisations better defend against cyber attacks originating from malicious domains generated by algorithms
-
September 12, 2023
12
Sep'23
US casino giant MGM Resorts battles 36-hour outage after cyber attack
Multiple systems at US hotel and casino operator MGM went down in the wake of the incident on 10 September, crippling several of Las Vegas’ most prominent casinos
-
September 11, 2023
11
Sep'23
Professional ransomware gangs clearly a threat, but attacks can be easily stopped
NCSC and NCA report reveals insight into business models and underpinnings of ransomware gangs and their affiliates, but also urges defenders to take heart, as stopping a ransomware attack is not that hard to do
-
September 11, 2023
11
Sep'23
UK boardrooms and CISOs increasingly aligned on cyber risks
Board members and CISOs in UK organisations seem to be working together much better, but while this is an encouraging sign, there remain some areas of concern over how the two relate to each other
-
September 08, 2023
08
Sep'23
Apple patches Blastpass exploit abused by spyware makers
Apple has patched two vulnerabilities that formed an exploit chain which has been allegedly abused by spyware company NSO
-
September 08, 2023
08
Sep'23
Deputy PM urges UK plc not to lose focus on cyber
In a speech at TechUK, deputy prime minister Oliver Dowden urges the cyber security community not to lose focus, and to do more to further collaboration across sectors
-
September 07, 2023
07
Sep'23
Government AI taskforce appoints new advisory board members
An initial progress report published by the Taskforce provides detail on new appointments to its external advisory board as well as rebrand to focus on “frontier” artificial intelligence
-
September 07, 2023
07
Sep'23
Microsoft finds Storm-0558 exploited crash dump to steal signing key
Microsoft has published new information on how the Chinese state threat actor Storm-0558 was able to exploit a rare race condition following a crash dump in order to acquire a consumer signing key
-
September 06, 2023
06
Sep'23
Meet the professional BEC op that targeted Microsoft 365 users for years
The so-called W3LL cyber crime operation ran a phishing empire that has played a large role in compromising Microsoft 365 accounts for years. Its activities are now coming to light thanks to Group-IB researchers
-
September 06, 2023
06
Sep'23
Okta customers targeted in new wave of social engineering attacks
Authentication specialist Okta has warned customers to be on alert for a campaign of social engineering attacks exploiting highly privileged users
-
September 05, 2023
05
Sep'23
Executive interview: ManageEngine president Rajesh Ganesan on the ‘three Ws’ of digital change
Today's IT management model must assume that the workforce can operate from any workplace and use any workload with ease and security, as the security and service management software supplier explains
-
September 05, 2023
05
Sep'23
Researchers find flaw in Mend.io security platform
WithSecure’s research team uncovered an authentication flaw in an application security platform developed by Mend.io, which has now been fixed
-
September 05, 2023
05
Sep'23
Law firm Fieldfisher launches data breach management tool
UK and European data breach law specialist Fieldfisher has enlisted legal tech specialist Lawcadia to supply a 24-hour data breach notification assessment platform
-
September 05, 2023
05
Sep'23
Hacked Electoral Commission failed Cyber Essentials audit
The Electoral Commission failed an NCSC Cyber Essentials audit on multiple counts at about the same time as cyber criminals breached its systems in 2021, it has emerged
-
September 05, 2023
05
Sep'23
NCSC names ex-NCC man as new CTO
New NCSC CTO Ollie Whitehouse joins from NCC Group, having also worked at BlackBerry and Symantec
-
September 04, 2023
04
Sep'23
LockBit ransomware gang allegedly leaks MoD data after hit on supplier
The UK government appears to have become entangled in a LockBit ransomware attack after data was leaked from a third-party supplier online
-
September 01, 2023
01
Sep'23
Police Scotland five-year digital strategy approved
Police Scotland’s new strategy outlines how the force will approach and invest in its digital transformation over the next five years, but notes its ability to achieve its ambitions is subject to the availability of funding
-
September 01, 2023
01
Sep'23
IT experts issue new warnings over Online Safety Bill plans to weaken end-to-end encryption
BCS, The Chartered Institute for IT, argues the government is seeking a technical fix to terrorism and child abuse without understanding the risks and implications
-
August 31, 2023
31
Aug'23
Home Office and MoD seeking new facial-recognition tech
The UK’s Defence and Security Accelerator is running a ‘market exploration’ exercise on behalf of the Home Office to identify new facial-recognition capabilities for security and policing bodies in the UK
-
August 30, 2023
30
Aug'23
Met police data platform deployed with data protection issues
Met Police deploys integrated record management system despite data protection ‘compliance issues' that would inhibit its ability to retrieve data, meet its statutory logging requirements, and respond to subject access requests
-
August 29, 2023
29
Aug'23
Top-performing CISOs reserve time for professional development
Survey of chief information security officers conducted by Gartner sheds light on habits shared by the top-performing members of the profession
-
August 24, 2023
24
Aug'23
Bletchley Park to host UK government AI safety summit
An international collaboration event on artificial intelligence safety is being run at the site that was home to the world’s first programmable computer
-
August 23, 2023
23
Aug'23
St Helens Council in Merseyside hit by ransomware attack
St Helens Borough Council is investigating a suspected ransomware incident targeting its systems, and is advising residents to be on the alert for follow-on phishing attacks
-
August 22, 2023
22
Aug'23
Met Police data platform £64m over budget
A freedom of information request has revealed that the Met’s Connect integrated record management system is running tens of millions over budget, and has already generated more than 25,000 support requests so far
-
August 22, 2023
22
Aug'23
Clop’s MOVEit attacks drive ransomware volumes to record high
Such has been the scope of Clop’s activity since May that ransomware attack volumes have more than doubled year on year, according to the latest data
-
August 21, 2023
21
Aug'23
Cyber attack on Aussie energy services firm may hit UK CNI
Energy One, an Australia-based supplier of tech services to the energy sector, is investigating the possibility that some UK customers may have been caught up in an ongoing cyber attack on its systems
-
August 18, 2023
18
Aug'23
BSI launches sustainability-focused startup accelerator
Startups selected to participate in the BSI and Cambridge Institute of Sustainability Leadership’s joint sustainability startup accelerator are working in a diverse range of areas and using a variety of technologies to positively affect society
-
August 17, 2023
17
Aug'23
Researchers demo fake airplane mode exploit that tricks iPhone users
Exploit chain that tricks a victim into believing their iOS device is offline in airplane mode when it is not could open the door to grave privacy concerns
-
August 16, 2023
16
Aug'23
NCSC expands Cyber Incident Response service more widely
The NCSC has added a level to its CIR programme to enable more cyber attack victims to take advantage of the service, which offers access to assured incident response specialists
-
August 16, 2023
16
Aug'23
ITAM influence on cyber risk becoming a factor in credit ratings
Credit agency S&P Global Ratings warns that organisations that pay inadequate attention to IT asset management as a factor in their cyber risk management processes may find their creditworthiness takes a dive
-
August 15, 2023
15
Aug'23
Biometrics and surveillance camera commissioner resigns
Dual biometrics and surveillance camera watchdog will step down at the end of October 2023, noting that while he agreed to stay on until the Data Protection and Digital Information Bill received royal assent, continuing delays to its passage means ...
-
August 15, 2023
15
Aug'23
Norfolk and Suffolk police hit by FoI-linked data breach
Latest UK police data breach relates to crime suspects, victims and witnesses across East Anglia, and comes just days after a similar incident at the Northern Irish service
-
August 14, 2023
14
Aug'23
US Cyber Board to probe cloud security after latest Exchange hack
CSRB review of cloud security comes in the wake of a major Chinese cyber attack on US government bodies orchestrated through Microsoft’s cloud services
-
August 11, 2023
11
Aug'23
Google Help workers claim layoffs are retaliation for unionising
More than 100 Google Help workers claim that Google and Accenture’s decision to layoff two-thirds of the team was done in retaliation for their attempts to form a union, while companies claim decision was made well in advance of unionisation attempt
-
August 11, 2023
11
Aug'23
Biden administration bans investment in Chinese high tech
Executive Order prohibits investment firms from supporting Chinese firms specialising in AI, quantum and advanced semiconductors