News

IT governance

• July 07, 2022 07 Jul'22

  MI5, FBI chiefs warn of Chinese cyber espionage threat

  In a joint appearance in London, MI5 director general Ken McCallum and FBI director Chris Wray warn of the growing threat posed by the Chinese government to UK and US interests

• July 07, 2022 07 Jul'22

  UK signs ‘in principle’ data adequacy agreement with South Korea

  Bilateral adequacy agreement will allow businesses to conduct cross-border data transfers with minimal restrictions

• July 07, 2022 07 Jul'22

  Latest Marriott data breach not as serious as others

  Questions are again being raised over Marriott’s cyber security practices following yet another incident, but fortunately it seems limited in its scope, and the company is responding appropriately

• July 06, 2022 06 Jul'22

  Plexal seeks new scaleups for next phase of Cyber Runway

  Established security startups looking to grow and scale their operations are being invited to join the next phase of Plexal’s Cyber Runway programme

• July 06, 2022 06 Jul'22

  ESET: Lazarus APT hit aero, defence sector with fake job ads

  ESET researchers present new findings into a series of cyber attacks on the aerospace and defence sectors by North Korea’s Lazarus crime syndicate

• July 05, 2022 05 Jul'22

  Legacy UK customs system stops accepting registration requests

  HMRC closes new applications to legacy customs system as its shutdown nears

• July 05, 2022 05 Jul'22

  NCSC CEO: Why we should run towards crises to elevate cyber security

  National Cyber Security Centre CEO Lindy Cameron, the 2022 Computer Weekly UKtech50 Most Influential Person in UK IT, reflects on a career immersed in crisis management, and how she is using this to elevate cyber security standards across the country

• July 04, 2022 04 Jul'22

  MPs call for ban on Chinese surveillance camera technology

  Nearly 70 MPs have called on the government to ban Chinese camera technology that is widely used by UK government agencies despite links to human rights abuses in China

• July 04, 2022 04 Jul'22

  Government rejects Lords police tech inquiry recommendations

  The government has largely rejected the findings and recommendations of a House of Lords inquiry into police tech, which called for an overhaul of how police deploy artificial intelligence and algorithmic technologies

• June 30, 2022 30 Jun'22

  ICO to cut back on fines for public sector data breaches

  Information commissioner John Edwards sets out a revised approach to how the ICO handles data breaches in the public sector, saying fining victims risks punishing the public twice over

• June 29, 2022 29 Jun'22

  Urgent need for new laws to govern biometrics, legal review finds

  Independent review says new framework is needed to clear up legal and ethical concerns over the use of biometric data and technologies, which can impact privacy, freedom of expression and other human rights

• June 29, 2022 29 Jun'22

  New cyber extortion op appears to have hit AMD

  Semiconductor specialist AMD has confirmed it is investigating reports that a ‘bad actor’ has stolen hundreds of gigabytes of its data

• June 29, 2022 29 Jun'22

  Spy agencies need ‘independent authorisation’ to access telecoms data, say judges

  The High Court has ruled that UK intelligence agencies should seek independent authorisation before accessing phone and internet records during criminal investigations

• June 28, 2022 28 Jun'22

  Proposed changes to copyright law open doors for AI data mining

  Update to copyright law will mean researchers who already have access to data will not require extra permission from copyright owner to run data mining algorithms, removing barriers to artificial intelligence research and development

• June 28, 2022 28 Jun'22

  Executive interview: Chris Conradi, chief digital officer, FSN Capital

  Chris Conradi is taking his learnings at Google into the private equity industry at Norway’s FSN Capital

• June 27, 2022 27 Jun'22

  Commercial cyber products must be used responsibly, says NCSC CEO

  NCSC’s Lindy Cameron is to speak out on responsible regulation of cyber capabilities at an event in Tel Aviv, Israel

• June 27, 2022 27 Jun'22

  Brexit a net negative for UK cyber, say CISOs

  Six years on from the UK’s Brexit vote, the majority of security professionals say leaving the EU has raised concerns over their ability to keep their organisations safe

• June 23, 2022 23 Jun'22

  SolarWinds unveils new development model to avoid a repeat of Sunburst

  SolarWinds has unveiled a new, secure-by-design software development model to protect itself from a repeat of the infamous 2020 cyber attack on its systems, and serve as a blueprint for the industry

• June 22, 2022 22 Jun'22

  Uber drivers strike over pay issues and algorithmic transparency

  Unionised Uber drivers take industrial action against the company over its failure to pay workers in line with a Supreme Court decision and inflation, as well as the lack of transparency around how it uses their data

• June 22, 2022 22 Jun'22

  Yodel delivery service disrupted by cyber incident

  Delivery company Yodel confirmed it had experienced a cyber incident, which researchers believe could be a ransomware attack, and is working to get systems fully running again

• June 21, 2022 21 Jun'22

  Government won’t regulate on professional cyber standards

  The government has elected not to proceed with regulatory intervention to embed standards and pathways across the cyber profession

• June 21, 2022 21 Jun'22

  Post Office IT investigator to be released from confidentiality obligations for inquiry

  Forensic accounting firm that ‘knows where the bodies are buried’ will be released from confidentiality obligations by the Post Office to give evidence to public inquiry

• June 21, 2022 21 Jun'22

  CNI leaders’ attitude to ransomware lackadaisical at best

  A survey of security decision-makers in sectors regarded as critical national infrastructure reveals a disappointing attitude to ransomware threats

• June 20, 2022 20 Jun'22

  Lords move to protect cyber researchers from prosecution

  A cross-party group in the House of Lords has proposed an amendment to the Product Security and Telecommunications Infrastructure Bill that would address concerns about security researchers or ethical hackers being prosecuted in the course of their ...

• June 20, 2022 20 Jun'22

  Complex Russian cyber threat requires we go back to basics

  The situation in Russia is anything but simple, but it is the fundamentals of cyber security hygiene that pose the best defence against the country’s digital threat, as Mandiant’s Jamie Collier explains

• June 17, 2022 17 Jun'22

  Government responds to Data Reform Bill consultation

  Westminster claims its new data laws will boost British benefits, protect consumers, and seize the ‘benefits’ of Brexit

• June 17, 2022 17 Jun'22

  MoD sets out strategy to develop military AI with private sector

  The UK Ministry of Defence has outlined its intention to work closely with the private sector to develop and deploy a range of artificial intelligence-powered technologies, committing to ‘lawful and ethical AI use’

• June 15, 2022 15 Jun'22

  Patch Tuesday dogged by concerns over Microsoft vulnerability response

  The last Patch Tuesday in its current form is overshadowed by persistent concerns about how Microsoft deals with vulnerability disclosure

• June 14, 2022 14 Jun'22

  CIO interview: Morten Holm Christiansen, Haldor Topsoe

  There’s no point digitising if there is no benefit to the customer, says the Danish chemicals giant’s head of IT

• June 14, 2022 14 Jun'22

  MS Azure Synapse vulnerability fixed after six-month slog

  Microsoft patched a critical Azure Synapse vulnerability twice, but each time the researcher who discovered it was able to bypass it with ease, leading to a lengthy saga

• June 13, 2022 13 Jun'22

  New warning over tech suppliers in thrall to hostile governments

  Ukraine war could lead to shakeup of dual-use tech exports, says former UK intelligence officer

• June 13, 2022 13 Jun'22

  Health data strategy to exorcise ghosts of GPDPR

  Government publishes a revised data in health strategy, with an emphasis firmly on preserving the integrity and privacy of patients’ confidential information

• June 10, 2022 10 Jun'22

  ICO fails to disclose majority of reprimands issued under GDPR

  London law firm Mishcon de Reya forces disclosure of reprimands issued to organisations by the Information Commissioner’s Office for contraventions of UK data protection law

• June 10, 2022 10 Jun'22

  Commercialising open source

  Most software developed today takes advantage of open source, but there are still gaps in understanding what open source means in business

• June 09, 2022 09 Jun'22

  SolarWinds CEO offers to commit staffers to government cyber agencies

  A new proposal from SolarWinds’ outspoken CEO, Sudhakar Ramakrishna, could see software companies commit key staff to work with government cyber agencies to improve cooperation and incident response

• June 09, 2022 09 Jun'22

  Trade body calls for public-private sector collab on digital ID

  TechUK has published a report outlining 10 key recommendations it believes are urgently needed to enable the rapid creation of an effectively regulated digital identity marketplace

• June 08, 2022 08 Jun'22

  China using top consumer routers to hack Western comms networks

  An advisory from US cyber authorities shares details of multiple vulnerabilities exploited by Chinese state actors to hack into Western telecoms networks

• June 08, 2022 08 Jun'22

  ProxyLogon, ProxyShell may have driven increase in dwell times

  The median network intruder dwell time was up 36% to 15 days last year, thanks to massive exploitation of the ProxyLogon and ProxyShell vulnerabilities by IABs, according to new Sophos data

• June 07, 2022 07 Jun'22

  Software house Mega achieves holistic SaaS security with Synopsys

  Mega International, a supplier of IT management software, turned to Synopsys’s Coverity and Black Duck products to reassure both itself and its customers that its software-as-a-service offerings were built to the best possible security standards

• May 26, 2022 26 May'22

  Consultation launched on datacentre, cloud security

  The government is seeking views on how to boost the security and resilience of the UK’s datacentres and online cloud platforms

• May 26, 2022 26 May'22

  Two-thirds of UK organisations defrauded since start of pandemic

  Nearly two out of three UK companies say they have experienced some form of fraud or economic crime in the past two years, according to a report

• May 26, 2022 26 May'22

  Most CFOs being left out of ransomware conversations

  Barely a tenth of CFOs are actively involved in planning for cyber attacks, according to a report

• May 24, 2022 24 May'22

  ICO orders facial recognition firm Clearview AI to delete all data about UK residents

  UK data watchdog fines facial recognition company Clearview AI £7.5m for multiple privacy breaches. The firm, which offers services to law enforcement, faces growing pressure from regulators and legal action around the world

• May 24, 2022 24 May'22

  Ransomware volumes grew faster than ever in 2021

  Verizon’s annual DBIR assessment of the security landscape highlights an unprecedented boom in ransomware volumes, to the surprise of nobody

• May 23, 2022 23 May'22

  Did the Conti ransomware crew orchestrate its own demise?

  Analysts examining the shutdown of the Conti ransomware syndicate suggest the cyber crime collective orchestrated its own demise

• May 20, 2022 20 May'22

  Applying international law to cyber will be a tall order

  Many in the security community have voiced their support for the UK government’s ambitions to work towards agreement with other countries on the application of international law to cyber space, but not without some reservations

• May 20, 2022 20 May'22

  Third of organisations to outsource more IT amid talent shortage

  Cutting costs is not the main reason for outsourcing IT in the UK, according to a major study

• May 20, 2022 20 May'22

  Microsoft drops emergency patch after Patch Tuesday screw up

  Microsoft fixed a certificate mapping issue that caused server authentication failures on domain controllers for users that had installed the most recent Patch Tuesday updates

• May 19, 2022 19 May'22

  Defensive cyber attacks may be justified, says attorney general

  Speaking ahead of a speech at the Chatham House think tank, the UK’s attorney general has suggested defensive cyber attacks against hostile countries may be legally justifiable

• May 19, 2022 19 May'22

  Deliveroo accused of ‘soft union busting’ with GMB deal

  Smaller grassroots unions have criticised Deliveroo and GMB for making a “hollow” deal that will ultimately undermine workers’ self-organising efforts