News
IT governance
-
September 21, 2022
21
Sep'22
NCSC publishes cyber guidance for retailers
The NCSC has published tailored advice to support online retailers, hospitality providers and utility services in protecting themselves and their customers from cyber crime
-
September 20, 2022
20
Sep'22
Thousands of customers affected in Revolut data breach
Digital challenger bank has warned its customers to be vigilant after their data was exposed in a cyber attack
-
September 20, 2022
20
Sep'22
IHG attackers phished employee to deploy destructive wiper
A couple from Vietnam who claim to be behind a destructive wiper cyber attack on hotel operator IHG told the BBC how they orchestrated their operation
-
September 20, 2022
20
Sep'22
Reports Uber and Rockstar incidents work of same attacker
Rockstar Games was hit over the weekend by an attacker who claimed to have accessed its Slack channel to steal data on an upcoming release, and may be the same person who compromised Uber
-
September 16, 2022
16
Sep'22
Six new vulnerabilities added to CISA catalogue
CISA adds six new vulnerabilities to its most-wanted list, including one that dates back to 2010
-
September 16, 2022
16
Sep'22
Uber suffers major cyber attack
Details are trickling out of an apparent ‘near total’ compromise of ride-sharing service Uber by an alleged teenage hacktivist
-
September 15, 2022
15
Sep'22
EU Cyber Resilience Act sets global standard for connected products
European Commission lays out proposed security regulations on device and software security to better protect consumers and drive global standards
-
September 15, 2022
15
Sep'22
New player pioneers ‘active cyber insurance’ for UK market
Arrival of US-based insurer Coalition in London will supposedly offer SMEs more options when it comes to cyber security insurance
-
September 15, 2022
15
Sep'22
Organisations failing to account for digital trust
The vast majority of businesses are well aware of the importance of digital trust, yet very few have a dedicated staff role responsible for it, report finds
-
September 15, 2022
15
Sep'22
US charges three Iranians over CNI cyber attacks
Three Iranian nationals have been indicted over a spate of ransomware attacks against organisations in the US, UK, Israel and Iran
-
September 14, 2022
14
Sep'22
Ex-CISA head Krebs: Disrupt ransomware support networks to win the war
Speaking at an event hosted by data protection specialist Rubrik, former CISA director Chris Krebs calls for the security community to work collectively to kick out the supports from under ransomware gangs
-
September 14, 2022
14
Sep'22
Microsoft patches 64 vulnerabilities on September Patch Tuesday
Microsoft drops fixes for five critical vulnerabilities and one zero-day in its latest monthly update
-
September 13, 2022
13
Sep'22
Cloud compromise a doddle for threat actors as victims attest
Two separate studies into the state of public cloud security reveal insight into the ease with which threat actors can compromise vast numbers of targets, and some of the challenges security teams are facing in the cloud
-
September 13, 2022
13
Sep'22
Users warned over Azure Active Directory authentication flaw
Secureworks researchers found what they say is a serious vulnerability in an Azure Active Directory authentication method, but Microsoft says it should not pose a serious risk to users
-
September 13, 2022
13
Sep'22
Multi-persona impersonation adds new dimension to phishing
Iranian APT used multiple personas on a single email thread to convince targets of the legitimacy of its phishing lures
-
September 12, 2022
12
Sep'22
Mandiant floats off into Google Cloud
As planned, the acquisition of Mandiant will see the threat intel and incident response giant become a part of Google’s Cloud business
-
September 12, 2022
12
Sep'22
CISOs should spend on critical apps, cloud, zero-trust, in 2023
Faced with a global recession next year, security buyers should try to direct investment towards technology that protects customer-facing and revenue-generating workloads, say analysts
-
September 12, 2022
12
Sep'22
Lloyd’s of London is digitally transforming through the front door
Centuries-old financial services organisation is transforming its complex IT infrastructure through digital data
-
September 08, 2022
08
Sep'22
NCSC CyberUK event heads to Belfast in 2023
National Cyber Security Centre’s annual CyberUK roadshow is crossing the Irish Sea to Belfast in April 2023
-
September 08, 2022
08
Sep'22
The changing role of CIO in Sweden
New technologies and evolving business models are changing the missions of IT leaders around the world – and in most cases, the result is slightly different from one country to another
-
September 07, 2022
07
Sep'22
Albania cuts diplomatic ties with Iran after cyber attack
In a global geopolitical first, the Albanian government has severed diplomatic ties with Iran and expelled its ambassador after it was targeted by an APT backed by Tehran
-
September 07, 2022
07
Sep'22
Prince’s Trust teams with threat management specialist in skills push
Prince’s Trust hopes to address shortfall in cyber professionals and improve diversity in the industry
-
September 07, 2022
07
Sep'22
Hotel group IHG confirms cyber attack after two-day outage
IHG, the operator of hotel chains Crowne Plaza, Holiday Inn, Intercontinental and Kimpton, says it has been targeted by an unknown threat actor
-
September 06, 2022
06
Sep'22
Campaigners call on Truss to change UK’s archaic hacking laws
The CyberUp coalition, a campaign to reform the Computer Misuse Act, has called on Liz Truss to push ahead with needed changes to protect cyber pros from potential prosecution
-
September 06, 2022
06
Sep'22
Bus company Go-Ahead fighting off cyber attack
Go-Ahead Group, which operates bus companies around the UK, says it is in the process of dealing with a cyber attack that may cause disruption to services
-
September 05, 2022
05
Sep'22
How Okta is regaining customer trust after a cyber attack
In early 2022, cyber firm Okta was among several tech companies hit by the Lapsus$ gang. Vice-president of customer trust Ben King talks about how he has been working behind the scenes to rebuild confidence after the incident
-
September 01, 2022
01
Sep'22
Local authorities experience 10,000 attempted cyber attacks every day
Local authorities across the UK face a daily deluge of cyber incidents, with phishing and DDoS attacks the most prevalent, according to an insurance broker
-
September 01, 2022
01
Sep'22
Swedish Electronics Protection Act coincides with major cyber spend
Swedish cyber security law comes at a time of heavy government investment
-
August 30, 2022
30
Aug'22
IAM house Okta confirms 0ktapus/Scatter Swine attack
Following last week’s disclosureby Group-IB researchers of a major phishing campaign, Okta has warned its customers to be on their guard
-
August 25, 2022
25
Aug'22
Criminal 0ktapus spoofed IAM firm in massive phishing attack
Researchers at Group-IB have published research on a major phishing campaign that ensnared victims at the likes of Cloudflare and Twilio
-
August 25, 2022
25
Aug'22
Millions of Plex users may be at risk in password breach
Up to half of Plex’s 30 million users may have had their personal data stolen by an unknown threat actor
-
August 25, 2022
25
Aug'22
LockBit 3.0 cements dominance of ransomware ecosystem
Ransomware attacks were up 47% in July compared with the previous month, according to the latest threat data from NCC Group, with the LockBit family largely to blame
-
August 24, 2022
24
Aug'22
Most CISOs think they’ve been attacked by a nation state
Most organisations have made changes to their cyber strategies and policies following Russia’s invasion, and almost two-thirds suspect they have been directly targeted or impacted by a nation-state cyber attack
-
August 24, 2022
24
Aug'22
Alleged Twitter security failings spell trouble ahead
Twitter’s former security head, Peiter Zatko, has alleged a number of serious cyber failures at the social media platform, raising the spectre of investigations and sanctions
-
August 23, 2022
23
Aug'22
NCSC shares cyber guidance for large infrastructure builds
Balfour Beatty and McAlpine are among the large construction firms to have input into latest NCSC guidance for ensuring the security of major infrastructure projects
-
August 22, 2022
22
Aug'22
Kaspersky threat data added to Microsoft Sentinel service
Microsoft and Kaspersky have agreed a collaboration to integrate Kaspersky’s threat data feeds into Microsoft’s cloud-native SIEM/SOAR service
-
August 22, 2022
22
Aug'22
Lloyd’s to end insurance coverage for state cyber attacks
Lloyd’s of London has instructed its members to exclude nation state cyber attacks from insurance policies beginning in 2023, saying they pose unacceptable levels of risk
-
August 19, 2022
19
Aug'22
Google employees demand end to collection of abortion data
In the wake of the US Supreme Court rolling back abortion rights, Google employees are calling on the company to stop collecting abortion-related data, so that it can never be shared with police
-
August 19, 2022
19
Aug'22
Cozy Bear targets MS 365 environments with new tactics
Cozy Bear, or APT29, is trying out new tricks as it seeks access to its targets’ Microsoft 365 environments
-
August 18, 2022
18
Aug'22
LexisNexis sued by immigration advocates over data practices
Four immigration advocacy groups launch lawsuit in Illinois alleging data broker’s collection, aggregation and sale of people’s personal data, including non-public information, to corporations and government bodies
-
August 18, 2022
18
Aug'22
It takes a breach to force boards to take notice of cyber, says UK government
Too often, it takes a major incident for business leadership to pay attention to cyber issues, according to a government-commissioned study of victims
-
August 16, 2022
16
Aug'22
South Staffs Water is victim of botched Clop attack
South Staffordshire Water moves to reassure customers that their supplies remain safe after its attackers screw up their initial assault
-
August 16, 2022
16
Aug'22
Why organisations need to harmonise their CIO and CISO roles
Unless properly managed, conflicting responsibilities between the chief information officer and the chief information security officer can cause project delays and budget overruns, says Netskope’s Mike Anderson
-
August 15, 2022
15
Aug'22
Lawyers and journalists sue CIA and Mike Pompeo over Assange surveillance claims
CIA and its former director sued over allegations that they authorised unlawful spying on US citizens when they visited WikiLeaks founder Julian Assange at the Ecuadorian Embassy in London
-
August 15, 2022
15
Aug'22
How clean data helps Southern Water identify vulnerable customers
Escalating prices means households around the country are having to tighten spending, with many struggling to pay their bills. Water4All, a consortium led by Southern Water, is using data to identify low-income and vulnerable households so they can ...
-
August 15, 2022
15
Aug'22
Report reveals consensus around Computer Misuse Act reform
A study produced by the CyberUp campaign reveals broad alignment among security professionals on questions around the Computer Misuse Act, which it hopes will give confidence to policymakers as they explore its reform
-
August 12, 2022
12
Aug'22
Online Safety Bill ‘not fit for purpose’, say tech experts
IT specialists lack confidence that legislation compelling tech firms to tackle online harms will work as intended, with only a small minority believing ‘harmful but legal’ content can be effectively and proportionately policed by internet platforms
-
August 11, 2022
11
Aug'22
NHS may take a month to recover from supply chain attack
Ransomware attack victim Advanced warns its NHS customers they could be waiting until early September to fully recover their operations
-
August 10, 2022
10
Aug'22
Microsoft fixes two-year-old MSDT vulnerability in August update
August’s Patch Tuesday drop fixes more than 120 CVEs, including another MSDT RCE zero-day that is being actively exploited.
-
August 10, 2022
10
Aug'22
‘Coopetition’ a growing trend among ransomware gangs
Sophos shares data from its new X-Ops unit at Black Hat in Las Vegas, revealing a growing number of ransomware victims being attacked by multiple gangs at the same time