News

IT governance

• April 28, 2021 28 Apr'21

  Covid-19 security challenges leave bank customers at risk

  Challenges arising from the pandemic have left gaping holes in banking security, putting consumers at risk of fraud

• April 28, 2021 28 Apr'21

  Office 365 compromise likely led to Merseyrail ransomware attack

  Compromise of Merseyrail employee data seems to have begun after a key email account was hacked

• April 28, 2021 28 Apr'21

  NHS App to serve as vaccine passport for foreign holidays

  Existing NHS App will have vaccine passport functionality added to it, transport secretary confirms

• April 28, 2021 28 Apr'21

  Government extends Gov.uk Verify for a further two years

  The government’s Gov.uk Verify identity platform will continue to run until April 2023 while a new identity service is developed

• April 27, 2021 27 Apr'21

  UK supermarkets to trial age estimation tech for alcohol purchases

  Biometric age estimation technology developed by Yoti to be tested in UK supermarkets for alcohol purchases as part of government-led digital identities initiative

• April 27, 2021 27 Apr'21

  Total cost of ransomware attack heading towards $2m

  Sophos’ latest study finds that ransomware attacks are proving increasingly disruptive to their victims’ finances

• April 27, 2021 27 Apr'21

  Leaky Azure storage account puts software developer IP at risk

  Source code for multiple products was left exposed in an unsecured Microsoft Azure cloud storage account, say researchers, but attributing responsibility for the error has proved difficult

• April 27, 2021 27 Apr'21

  Apple OS updates patch multiple security holes

  The much-heralded release of the privacy-centric iOS 14.5 also brings patches for multiple CVEs, and users of Apple smartphones, tablets and notebooks are best advised to update as soon as possible

• April 27, 2021 27 Apr'21

  The Security Interviews: Making sense of outbound email security

  Screening inbound emails is an accepted part of an organisation’s security posture, but the topic of securing outbound traffic is less often discussed. Zivver’s Rick Goud is on a mission to change this

• April 22, 2021 22 Apr'21

  GCHQ: Cyber investment a guarantor of UK’s global status

  GCHQ director Jeremy Fleming sets out a vision for the UK’s cyber security future

• April 22, 2021 22 Apr'21

  Researchers shed more light on APT29 activity during SolarWinds attack

  RiskIQ’s Atlas threat intel team uncovers new patterns and threat infrastructure used in the SolarWind’s attacks

• April 22, 2021 22 Apr'21

  ToxicEye malware exploits Telegram messaging service

  The Telegram instant messaging service is being used by malicious actors to manage a remote access trojan called ToxicEye

• April 21, 2021 21 Apr'21

  NCSC offers teachers free cyber security training

  The NCSC’s latest security training offer builds on a package of measures designed to protect schools from cyber attack

• April 21, 2021 21 Apr'21

  EU lays out plans to regulate AI development

  Proposal aims to encourage the development of ethical artificial intelligence systems that do not infringe the human rights of EU citizens

• April 21, 2021 21 Apr'21

  SonicWall Email Security zero-days need urgent patch

  Users of SonicWall Email Security are advised to patch immediately, but the supplier is being criticised for the pace of its response

• April 20, 2021 20 Apr'21

  Health app myGP adds Covid-19 vaccine passport function

  The new feature is described as the UK’s first NHS-assured Covid-19 certification feature

• April 20, 2021 20 Apr'21

  Chinese APT exploits critical CVE in Pulse Secure VPN

  A newly disclosed vulnerability in Pulse Secure’s VPN is being exploited by a Chinese advanced persistent threat group – assume compromise and mitigate today

• April 20, 2021 20 Apr'21

  Codecov supply chain attack has echoes of SolarWinds

  Supply chain attack on code auditing service may have compromised the likes of HPE and IBM

• April 19, 2021 19 Apr'21

  Digital secretary steps in on Nvidia/Arm deal

  The first stage of a formal investigation by the CMA is now underway, to look at whether the sale of Arm to Nvidia will damage the chip industry

• April 19, 2021 19 Apr'21

  YouGov incentivises sharing of personally identifiable information

  YouGov Safe is a new service to help organisations target consumers more precisely, where people can select how much personal data they wish to share

• April 15, 2021 15 Apr'21

  Uber ordered to reinstate six drivers fired by automated process

  A default judgment handed down by Dutch court has ordered Uber to reinstate six drivers with compensation following unevidenced accusations of fraud and automated firing via algorithm

• April 15, 2021 15 Apr'21

  Biden sanctions Russia over SolarWinds cyber attacks

  US president imposes new sanctions on Russia following malicious cyber attacks against the US and allies

• April 15, 2021 15 Apr'21

  University of Hertfordshire is latest academic cyber attack victim

  Multiple systems are offline at the University of Hertfordshire following a cyber attack

• April 15, 2021 15 Apr'21

  Ireland’s DPC launches probe into Facebook leak

  The Irish Data Protection Commission has launched an ‘own volition’ inquiry into the leak of data from 500 million Facebook profiles

• April 14, 2021 14 Apr'21

  FBI accesses ProxyLogon target servers to disrupt cyber criminals

  US Justice Department reveals successful court-authorised effort to clamp down on ProxyLogon exploitation

• April 14, 2021 14 Apr'21

  EU set to tilt AI balance in favour of citizen rights

  New draft EU regulations aim to protect people from biased decision-making

• April 14, 2021 14 Apr'21

  NSA unearths more MS Exchange vulnerabilities

  Microsoft patches more critical vulnerabilities in Exchange Server a month after the ProxyLogon incident, after being warned by the US National Security Agency

• April 13, 2021 13 Apr'21

  MP told to ditch official email over hacking fears

  MP Tom Tugendhat claims the intelligence services advised him to switch to the Gmail service due to concerns his parliamentary email could be hacked

• April 13, 2021 13 Apr'21

  Millions of devices at risk from NAME:WRECK DNS bugs

  Newly disclosed set of nine DNS vulnerabilities puts over 100 million consumer, enterprise and industrial IoT devices at risk

• April 09, 2021 09 Apr'21

  Cring ransomware hits ICS through two-year-old bug

  A long-disclosed vulnerability in Fortinet’s Fortigate VPN servers is being exploited to distribute Cring ransomware

• April 08, 2021 08 Apr'21

  Nation-state cyber attacks double in three years

  Cyber attacks backed by nation states are becoming more frequent and varied, moving the world closer to a point of ‘advanced cyber-conflict’, according to a University of Surrey research project

• April 07, 2021 07 Apr'21

  Facebook ducks calls to apologise over huge data leak

  Facebook gives its side of the story as data on millions of its users leaks, but is yet to apologise for security lapses that put half a billion people at risk of compromise

• April 07, 2021 07 Apr'21

  Digital Markets Unit starts work on codes of conduct for tech giants

  Digital markets regulator officially launched to ensure tech giants such as Facebook and Google cannot exploit their market dominance to crowd out competition and stifle innovation online

• April 06, 2021 06 Apr'21

  Facebook data leak could be outside scope of GDPR

  Regulators may be unable to do much about leaked data on 533 million Facebook users, as it seems to have been stolen before GDPR came into force

• March 31, 2021 31 Mar'21

  NHS is apparently closing security skills gap

  By the end of 2020, there were more than twice as many in-house security professionals at NHS trusts as there were two years before

• March 31, 2021 31 Mar'21

  Cyber Security Council to champion UK security pros

  A new cyber security professional body has launched with the aim of developing and promoting UK cyber security excellence globally and growing the skills base

• March 30, 2021 30 Mar'21

  Ransomware attack on London schools highlights warnings

  Ransomware attack on Harris Federation comes just days after a fresh NCSC alert for the education sector

• March 30, 2021 30 Mar'21

  The Security Interviews: How to secure an F1 team in a pandemic

  A multi-year digital transformation programme paid off for F1 team Williams Racing when the 2020 season was abruptly postponed thanks to Covid-19. Learn how the team’s CIO has been supporting remote working and protecting data

• March 29, 2021 29 Mar'21

  Backup survey: UK councils’ downtimes five times longer than average

  Backup product supplier Veeam’s freedom of information request finds councils’ average downtime is seven hours and that backup and disaster recovery testing is not done frequently

• March 26, 2021 26 Mar'21

  Retailer FatFace pays $2m ransom to Conti cyber criminals

  Retailer FatFace paid out a $2m ransom to restore its data following a January 2021 cyber attack by the Conti ransomware syndicate

• March 26, 2021 26 Mar'21

  Remote working burn-out a factor in security risk

  After a year of working from the kitchen table, stress and burn-out are increasing, giving rise to more security risks – and Millennials seem to be particularly affected

• March 25, 2021 25 Mar'21

  Cyber security complacency puts UK at risk, says NCSC head

  National Cyber Security Centre CEO Lindy Cameron, in her maiden speech in the role, warns of challenges ahead for the UK and sets out the future agenda for cyber

• March 24, 2021 24 Mar'21

  Oil giant Shell hit through Accellion FTA breach

  Energy firm discloses cyber attack through Accellion File Transfer Appliance

• March 24, 2021 24 Mar'21

  Apparent drop in cyber incidents highlights underlying problems

  UK organisations report fewer cyber security incidents, but the headline data masks more serious issues, according to a report

• March 24, 2021 24 Mar'21

  Cyber criminals forging Covid-19 vaccine certificates

  Vaccine passports and certificates are gaining mainstream traction, which means cyber criminals are also on the bandwagon

• March 23, 2021 23 Mar'21

  NCSC beefs up support for education sector after spate of attacks

  Refreshed guidance from the NCSC recommends a defence-in-depth strategy as schools and universities face a renewed wave of cyber attacks

• March 22, 2021 22 Mar'21

  $50m ransomware demand on Acer is highest ever

  Record-breaking double-extortion cyber attack saw REvil gang exfiltrate financial data from Taiwan-based PC manufacturer

• March 22, 2021 22 Mar'21

  Unionised drivers call on Microsoft to suspend Uber’s Face API licences

  Unionised private hire drivers in the UK are calling for Microsoft to suspend Uber’s licences to use its Face API technology after claims the ride-hailing firm’s ID-checking system has led to drivers losing their jobs and having licences revoked

• March 22, 2021 22 Mar'21

  CIO interview: Juliette Atkinson, IT director, Bradford University

  Bradford University’s IT director took a different route than most to get into IT leadership

• March 18, 2021 18 Mar'21

  Vaccine passports cannot put basic rights at risk, warns BCS

  BCS warns of challenges to come as the government presses on with its plans for Covid-19 vaccine passports