News
IT governance
-
December 16, 2022
16
Dec'22
Shiseido data breach victims plan legal action over fake companies
Employees and former employees of cosmetics firm Shiseido whose data was stolen in a recent breach are planning group legal action after their information was used to establish fraudulent companies in their names
-
December 16, 2022
16
Dec'22
UK unis implement new IP traffic policies to combat ransomware
Jisc will introduce new measures to protect UK universities and research institutions from ransomware attacks that exploit the Remote Desktop Protocol remote-access feature
-
December 15, 2022
15
Dec'22
Digital Ethics Summit: Who benefits from new technology?
Experts at the 2022 Digital Ethics Summit say expedited development cycles and obviously over-hyped PR material, in tandem with the public’s near-total exclusion from conversations around technology, is creating distrust towards the tech sector
-
December 14, 2022
14
Dec'22
Criminal Cases Review Commission calls on more convicted subpostmasters to come forward
The Criminal Cases Review Commission wants more former subpostmasters to come forward if they think they were prosecuted by the Post Office based on data from the error-prone Horizon computer system
-
December 14, 2022
14
Dec'22
Private health provider data could be shared with NHS England
Plans are advancing to create a single source of healthcare data in England combining both private providers and the NHS to avoid a repeat of the Ian Paterson scandal
-
December 14, 2022
14
Dec'22
NHS gets new guidance on public benefits of data sharing
NHS national data guardian Nicola Byrne has published new guidance on how health and social care bodies should approach the task of evaluating public benefit when using data for purposes beyond individual care
-
December 14, 2022
14
Dec'22
Ethical hackers flex their muscles in 2022
Ethical hackers working through HackerOne programmes found 21% more vulnerabilities in 2022 than in 2021
-
December 14, 2022
14
Dec'22
Microsoft fixes two zero-days in final Patch Tuesday of 2022
December’s Patch Tuesday is typically a light month for Microsoft, and this year proved no exception, but there are still several critical issues worth addressing, and two zero-days for defenders to pore over
-
December 14, 2022
14
Dec'22
New cyber approaches ease Registers of Scotland’s AWS migration
As the holder of the oldest national public land register in the world, Registers of Scotland has a storied history dating back centuries. Find out how Palo Alto Networks is keeping its processes and data secure as it goes all-in on Amazon Web ...
-
December 13, 2022
13
Dec'22
EU issues draft data adequacy decision in favour of US
The European Commission has concluded that the United States does ensure an adequate level of protection for personal data transferred from the European Union and will now launch the process towards the adoption of an adequacy decision
-
December 13, 2022
13
Dec'22
More Uber data exposed in possible supply chain attack
A second incident affecting ride-sharing app Uber appears to have originated through a third party in a supply chain attack
-
December 12, 2022
12
Dec'22
Cloud-based fingerprint system for UK police nears completion
Police Digital Service announces that a new cloud-based fingerprint system developed under its Transforming Forensics programme is nearly complete, but data protection concerns around the use of US-based cloud providers remain
-
December 09, 2022
09
Dec'22
Iranian APT seen exploiting GitHub repository as C2 mechanism
A subgroup of the Iran-linked Cobalt Mirage APT group has been caught taking advantage of the GitHub open source project as a means to operate its latest custom malware
-
December 09, 2022
09
Dec'22
Online Safety Bill returns to Parliament
MPs and online safety experts have expressed concern about encryption-breaking measures contained in the Online Safety Bill as it returns to Parliament for the first time since its passage was paused in July
-
December 08, 2022
08
Dec'22
Consumers to get new protections against dodgy apps
Government’s new code of practice will impose new privacy and security measures on app store operators and developers
-
December 08, 2022
08
Dec'22
Apple to tap third party for physical security keys
Apple is launching a number of new security protections, including the addition of third-party-provided hardware security keys
-
December 07, 2022
07
Dec'22
Clinicians who raised patient safety risks claim Berkshire NHS trust deleted email evidence
A tribunal hearing considering claims that an NHS trust destroyed email evidence and had put the safety of geriatric patients at risk, was cut short after clinicians faced “life-changing” costs
-
December 07, 2022
07
Dec'22
Rackspace email outage confirmed as ransomware attack
An ongoing outage affecting Rackspace email customers is the result of a ransomware attack
-
December 07, 2022
07
Dec'22
Google, MS, Oracle vulnerabilities make November ’22 a big month for patching
Vulnerabilities affecting the likes of Google, Microsoft and Oracle proved particularly troublesome in November
-
December 07, 2022
07
Dec'22
Post Office scandal – “cock-up or cook-up”?
The second phase of the Post Office Horizon IT scandal raised more questions over who did what, when and where, with shocking revelations at every turn
-
December 06, 2022
06
Dec'22
Legacy IT magnifies cyber risk for Defra, says NAO
Some 30% of Defra’s applications are currently unsupported, magnifying cyber risk as the government department struggles to make progress on a digital transformation programme
-
December 06, 2022
06
Dec'22
EU fails to protect human rights in surveillance tech transfers
Transfers of surveillance technology from the European Union to African governments are carried out without due regard for the human rights impacts, the European Ombudsman has found after a year-long investigation into the European Commission’s ...
-
December 06, 2022
06
Dec'22
Don’t become an unwitting tool in Russia’s cyber war
Researchers have turned up evidence that enterprise networks are being co-opted by Russian threat actors to launch attacks against targets in Ukraine. How can you avoid becoming an unwitting tool in a state-backed attack?
-
December 05, 2022
05
Dec'22
Fake investment ads persist on Meta’s social networks
Online adverts for investment scams relating to property and crypto assets are still getting past measures designed to stop them
-
December 05, 2022
05
Dec'22
DCMS to assess UK semiconductor industry
The ongoing global chip crisis, geopolitician tension with China and deal-blocking are the backdrop to this latest assessment
-
December 05, 2022
05
Dec'22
Cohesity doubles down on cyber-defence failings via backup
Datahawk service and Data Security Alliance bring clean data restores, ransomware artefact detection, data vaulting and data audit for a clearer understanding of attack impact
-
December 05, 2022
05
Dec'22
French cyber consultancy Hackuity sets up UK operation
Risk-based vulnerability management company is to establish a UK base of operations in the hope of expanding its enterprise client base
-
December 02, 2022
02
Dec'22
Post Office boosted its ‘coffers’ as Horizon system threw up unexplained shortfalls, inquiry told
The Post Office was ‘keen’ to make subpostmasters cover unexplained accounting shortfall as its business struggled, public inquiry hears
-
December 02, 2022
02
Dec'22
Twitter ‘replacement’ Hive Social shuts off service in privacy alert
Hive Social, a recently established social media network, has temporarily closed its servers to address deep structural privacy issues identified by ethical hackers
-
December 01, 2022
01
Dec'22
MI6 chief’s hacked emails attacked MI5 and betrayed British spy operations in China
Former UK spy boss Richard Dearlove leaked names of MI6 secret agent recruiters in China to back an aggressive right-wing US campaign against tech company Huawei. His emails were hacked and then leaked – probably by Russian intelligence
-
December 01, 2022
01
Dec'22
LastPass probes new cyber incident related to August attack
The August 2022 cyber attack on LastPass seems to have begat another incident, according to company CEO Karim Toubba
-
November 30, 2022
30
Nov'22
Microsoft 365 banned in German schools over privacy concerns
German schools cannot legally use Microsoft Office 365 over lack of clarity about how data is collected, shared and used, as well as the potential for unlawful transfer of European citizens’ personal data to the US
-
November 30, 2022
30
Nov'22
South Staffs Water customer data leaked after ransomware attack
Personal data of water utility’s direct debit customers exposed on the dark web following a Clop ransomware attack
-
November 30, 2022
30
Nov'22
NIS regulations to be extended to cover MSPs
The UK government is moving ahead with plans to update the Network and Information Systems regulations to bring outsourcers and MSPs into scope
-
November 30, 2022
30
Nov'22
Parity AI talks about auditing recruitment algorithms for bias
Algorithmic auditing firm Parity speaks to Computer Weekly about the process of auditing artificial intelligence for bias, following its partnership with AI-powered recruitment platform Beamery
-
November 29, 2022
29
Nov'22
‘Legal but harmful’ clause dropped from Online Safety Bill
Online Safety Bill’s ‘legal but harmful’ provision will be dropped by the UK government in favour of public risk assessments, tools to help users control the content they consume, and new criminal offences around self-harm
-
November 25, 2022
25
Nov'22
Data management, backup becoming the CISO's responsibility
More and more CISOs are taking on responsibility for wider data management strategies, and this trend looks set to grow next year
-
November 23, 2022
23
Nov'22
UK police arrest 120 in largest-ever cyber fraud crackdown
The administrator and more than 100 users of the iSpoof.cc cyber fraud website have been arrested in a major counter-fraud operation led by the Metropolitan Police
-
November 23, 2022
23
Nov'22
AI accountability held back by ‘audit-washing’ practices
Algorithmic auditing will be useless in holding artificial intelligence accountable until there are common standards, approaches and goals that scrutinise systems at each stage of development and deployment, says think-tank
-
November 23, 2022
23
Nov'22
South Korea data adequacy pact brings £15m Brexit bonus
UK government finalises a data adequacy agreement with South Korea, saying it will unlock a post-Brexit business bonus of just under £15m
-
November 23, 2022
23
Nov'22
Red team tool developer slams ‘irresponsible’ disclosure
UK security firm MDSec defends its Nighthawk command and control penetration testing framework after suggestions were made that it could be appropriated by threat actors
-
November 22, 2022
22
Nov'22
Ducktail spins new tales to hijack Facebook Business accounts
The increasingly active Ducktail cyber crime operation is refining its operations, seeking new methods to compromise its victims’ Facebook Business accounts
-
November 22, 2022
22
Nov'22
Killnet DDoS hacktivists target Royal Family and others
Russia-aligned hacktivists targeted multiple UK websites, including those of the Royal Family, in a new campaign of DDoS attacks
-
November 21, 2022
21
Nov'22
Bug Bounty Calculator helps organisations fine-tune their payouts
Newly launched comparison tool will supposedly help operators of vulnerability disclosure or bug bounty programmes to ensure their payments match market rates and expectations, and attract the right sort of attention
-
November 21, 2022
21
Nov'22
NHS federated data platform must avoid repeating Care.data mistakes, says national data guardian
UK’s national data guardian agrees with the ambitions of the platform, but warns that the programme must avoid ‘common pitfalls around trust and transparency’
-
November 21, 2022
21
Nov'22
AI adopted without due consideration for workers, MPs told
MPs have been warned that the rapid roll-out of artificial intelligence in workplaces has changed UK enterprises’ management practices so much that current employment law is no longer fit for purpose
-
November 21, 2022
21
Nov'22
NHS trust that deleted up to 90,000 emails cleared of deliberately concealing evidence
A tribunal found in a high-profile case brought by whistleblower Chris Day that an NHS trust had not deliberately concealed evidence when a director deleted up to 90,000 emails before he was due to testify
-
November 18, 2022
18
Nov'22
Is Elon Musk’s Twitter safe, and should you stop using it?
With a litany of security and compliance issues exposed and in many cases caused by Elon Musk’s takeover of social media platform Twitter, some may be asking if it’s still safe or appropriate to use
-
November 18, 2022
18
Nov'22
New gold standard to protect good faith hackers
HackerOne’s new Gold Standard Safe Harbour statement will supposedly act as a guarantee for good faith hacking
-
November 18, 2022
18
Nov'22
Post Office scandal inquiry’s expert IT witness ‘troubled’ by his findings
Controversial Post Office Horizon system lacked the integrity required to trust accounting data and contained ‘joke’ coding akin to an ‘overly engineered mousetrap’, inquiry told