News

IT governance

December 06, 2022 06 Dec'22
Legacy IT magnifies cyber risk for Defra, says NAO

Some 30% of Defra’s applications are currently unsupported, magnifying cyber risk as the government department struggles to make progress on a digital transformation programme
December 06, 2022 06 Dec'22
EU fails to protect human rights in surveillance tech transfers

Transfers of surveillance technology from the European Union to African governments are carried out without due regard for the human rights impacts, the European Ombudsman has found after a year-long investigation into the European Commission’s ...
December 06, 2022 06 Dec'22
Don’t become an unwitting tool in Russia’s cyber war

Researchers have turned up evidence that enterprise networks are being co-opted by Russian threat actors to launch attacks against targets in Ukraine. How can you avoid becoming an unwitting tool in a state-backed attack?
December 05, 2022 05 Dec'22
Fake investment ads persist on Meta’s social networks

Online adverts for investment scams relating to property and crypto assets are still getting past measures designed to stop them

December 05, 2022 05 Dec'22
DCMS to assess UK semiconductor industry

The ongoing global chip crisis, geopolitician tension with China and deal-blocking are the backdrop to this latest assessment
December 05, 2022 05 Dec'22
Cohesity doubles down on cyber-defence failings via backup

Datahawk service and Data Security Alliance bring clean data restores, ransomware artefact detection, data vaulting and data audit for a clearer understanding of attack impact
December 05, 2022 05 Dec'22
French cyber consultancy Hackuity sets up UK operation

Risk-based vulnerability management company is to establish a UK base of operations in the hope of expanding its enterprise client base
December 02, 2022 02 Dec'22
Post Office boosted its ‘coffers’ as Horizon system threw up unexplained shortfalls, inquiry told

The Post Office was ‘keen’ to make subpostmasters cover unexplained accounting shortfall as its business struggled, public inquiry hears
December 02, 2022 02 Dec'22
Twitter ‘replacement’ Hive Social shuts off service in privacy alert

Hive Social, a recently established social media network, has temporarily closed its servers to address deep structural privacy issues identified by ethical hackers
December 01, 2022 01 Dec'22
MI6 chief’s hacked emails attacked MI5 and betrayed British spy operations in China

Former UK spy boss Richard Dearlove leaked names of MI6 secret agent recruiters in China to back an aggressive right-wing US campaign against tech company Huawei. His emails were hacked and then leaked – probably by Russian intelligence

December 01, 2022 01 Dec'22
LastPass probes new cyber incident related to August attack

The August 2022 cyber attack on LastPass seems to have begat another incident, according to company CEO Karim Toubba
November 30, 2022 30 Nov'22
Microsoft 365 banned in German schools over privacy concerns

German schools cannot legally use Microsoft Office 365 over lack of clarity about how data is collected, shared and used, as well as the potential for unlawful transfer of European citizens’ personal data to the US
November 30, 2022 30 Nov'22
South Staffs Water customer data leaked after ransomware attack

Personal data of water utility’s direct debit customers exposed on the dark web following a Clop ransomware attack
November 30, 2022 30 Nov'22
NIS regulations to be extended to cover MSPs

The UK government is moving ahead with plans to update the Network and Information Systems regulations to bring outsourcers and MSPs into scope
November 30, 2022 30 Nov'22
Parity AI talks about auditing recruitment algorithms for bias

Algorithmic auditing firm Parity speaks to Computer Weekly about the process of auditing artificial intelligence for bias, following its partnership with AI-powered recruitment platform Beamery
November 29, 2022 29 Nov'22
‘Legal but harmful’ clause dropped from Online Safety Bill

Online Safety Bill’s ‘legal but harmful’ provision will be dropped by the UK government in favour of public risk assessments, tools to help users control the content they consume, and new criminal offences around self-harm
November 25, 2022 25 Nov'22
Data management, backup becoming the CISO's responsibility

More and more CISOs are taking on responsibility for wider data management strategies, and this trend looks set to grow next year
November 23, 2022 23 Nov'22
UK police arrest 120 in largest-ever cyber fraud crackdown

The administrator and more than 100 users of the iSpoof.cc cyber fraud website have been arrested in a major counter-fraud operation led by the Metropolitan Police
November 23, 2022 23 Nov'22
AI accountability held back by ‘audit-washing’ practices

Algorithmic auditing will be useless in holding artificial intelligence accountable until there are common standards, approaches and goals that scrutinise systems at each stage of development and deployment, says think-tank
November 23, 2022 23 Nov'22
South Korea data adequacy pact brings £15m Brexit bonus

UK government finalises a data adequacy agreement with South Korea, saying it will unlock a post-Brexit business bonus of just under £15m
November 23, 2022 23 Nov'22
Red team tool developer slams ‘irresponsible’ disclosure

UK security firm MDSec defends its Nighthawk command and control penetration testing framework after suggestions were made that it could be appropriated by threat actors
November 22, 2022 22 Nov'22
Ducktail spins new tales to hijack Facebook Business accounts

The increasingly active Ducktail cyber crime operation is refining its operations, seeking new methods to compromise its victims’ Facebook Business accounts
November 22, 2022 22 Nov'22
Killnet DDoS hacktivists target Royal Family and others

Russia-aligned hacktivists targeted multiple UK websites, including those of the Royal Family, in a new campaign of DDoS attacks
November 21, 2022 21 Nov'22
Bug Bounty Calculator helps organisations fine-tune their payouts

Newly launched comparison tool will supposedly help operators of vulnerability disclosure or bug bounty programmes to ensure their payments match market rates and expectations, and attract the right sort of attention
November 21, 2022 21 Nov'22
NHS federated data platform must avoid repeating Care.data mistakes, says national data guardian

UK’s national data guardian agrees with the ambitions of the platform, but warns that the programme must avoid ‘common pitfalls around trust and transparency’
November 21, 2022 21 Nov'22
AI adopted without due consideration for workers, MPs told

MPs have been warned that the rapid roll-out of artificial intelligence in workplaces has changed UK enterprises’ management practices so much that current employment law is no longer fit for purpose
November 21, 2022 21 Nov'22
NHS trust that deleted up to 90,000 emails cleared of deliberately concealing evidence

A tribunal found in a high-profile case brought by whistleblower Chris Day that an NHS trust had not deliberately concealed evidence when a director deleted up to 90,000 emails before he was due to testify
November 18, 2022 18 Nov'22
Is Elon Musk’s Twitter safe, and should you stop using it?

With a litany of security and compliance issues exposed and in many cases caused by Elon Musk’s takeover of social media platform Twitter, some may be asking if it’s still safe or appropriate to use
November 18, 2022 18 Nov'22
New gold standard to protect good faith hackers

HackerOne’s new Gold Standard Safe Harbour statement will supposedly act as a guarantee for good faith hacking
November 18, 2022 18 Nov'22
Post Office scandal inquiry’s expert IT witness ‘troubled’ by his findings

Controversial Post Office Horizon system lacked the integrity required to trust accounting data and contained ‘joke’ coding akin to an ‘overly engineered mousetrap’, inquiry told
November 18, 2022 18 Nov'22
CyberPeace Institute helps NGOs improve their security resilience

Adrien Ogée of the CyberPeace Institute talks about his work supporting NGOs and humanitarian organisations, and how the security community at large can help protect the world’s most vulnerable people
November 17, 2022 17 Nov'22
Brexit deregulation will make UK next Silicon Valley, vows Hunt

Chancellor vows to revolutionise how the IT industry is regulated to spur competition, investment and innovation in a technological ‘Big Bang’
November 17, 2022 17 Nov'22
Another Log4Shell warning after Iranian attack on US government

The breach of a US federal body by an Iranian threat actor exploiting the Adobe Log4j Log4Shell vulnerability has prompted a fresh flurry of patching
November 17, 2022 17 Nov'22
NHS Digital confirms final settlement of £3.95m with HMRC following conclusion of IR35 investigation

The health service’s digital arm has paid HMRC £3.95m in unpaid tax to cover the cost of its IR35 compliance errors
November 16, 2022 16 Nov'22
Global network fragmentation a source of increasing risk

Risk consultancy’s report says the weaponisation of cyber space and geopolitical clashes herald a breakdown of global networks into distinct regional or national architectures
November 15, 2022 15 Nov'22
APP fraud volumes expected to double by 2026, says report

Losses to authorised push payment fraud in the UK are expected to climb to over $1.5bn in the next four years. Meanwhile, the NAO accuses the Home Office of lagging on progress to tackle the issue
November 15, 2022 15 Nov'22
Met Police removes nearly two-thirds of people from gangs matrix

Legal action by human rights group Liberty forces Met Police to overhaul its gangs violence matrix database
November 14, 2022 14 Nov'22
Sadiq Khan launches Data for London Advisory Board

Board will look at how to join up and share data between public and private London organisations in an effort to build a stronger data economy and improve public services
November 11, 2022 11 Nov'22
Volume of self-reported breaches to ICO jumps 30%

The number of self-reported breaches to the UK’s Information Commissioner’s Office soared by nearly 30% in the 12 months to 30 June 2022
November 11, 2022 11 Nov'22
MoD recruits Immersive Labs to bolster cyber resilience

UK’s Ministry of Defence will run cyber drills and address its security talent gap with Immersive Labs’ CyberPro, Cyber Crisis Simulator and Application Security products
November 10, 2022 10 Nov'22
Scrutinising AI requires holistic, end-to-end system audits

Understanding the full impacts of artificial intelligence requires organisations to conduct end-to-end social and technical audits of their systems, but the process comes with a number of challenges
November 10, 2022 10 Nov'22
Cyber criminals have World Cup Qatar 2022 in their sights

Volumes of malicious cyber activity around the upcoming FIFA World Cup are already starting to tick upwards and are likely to continue to do so
November 09, 2022 09 Nov'22
UK’s National Cyber Advisory Board convenes for first time

Government convenes National Cyber Advisory Board to further its goals of making the UK one of the safest places to live and work online
November 09, 2022 09 Nov'22
Microsoft serves smorgasbord of six zero-days

November’s Patch Tuesday fixes significantly fewer vulnerabilities of late, but includes six actively-exploited zero-days, three of them of critical severity
November 09, 2022 09 Nov'22
Fujitsu expert witness in subpostmaster trial ‘manoeuvred’ into role, public inquiry told

A former Fujitsu technology expert who defended the Horizon system’s robustness in court was unhappy after being ‘manoeuvred’ into acting as an expert witness, public inquiry hears
November 08, 2022 08 Nov'22
Six subpostmaster convictions referred for appeal in Scotland

Six former subpostmasters in Scotland will have appeals against criminal convictions heard after being referred by Scotland’s Criminal Cases Review Commission
November 07, 2022 07 Nov'22
Public sector IT projects need ethical data practices from start

Data ethics needs to be integrated into public sector IT projects from the very start, and considered throughout every stage of the process, to be effective
November 07, 2022 07 Nov'22
Department for Education escapes £10m fine over data misuse

Department entrusted data on 28 million children to a company called Trustopia, which turned out to be anything but trustworthy, but has escaped a £10m fine under new rules
November 04, 2022 04 Nov'22
Microsoft: Nation-state cyber attacks became increasingly destructive in 2022

The willingness of nation-state actors to conduct destructive cyber attacks is a source of grave concern, as Microsoft’s latest annual Digital Defence Report lays bare
November 03, 2022 03 Nov'22
Confirmation bias led Post Office to prosecute subpostmasters without investigation, inquiry told

Former Post Office tech leader tells public inquiry that confirmation bias led to hundreds of subpostmasters being prosecuted for financial crimes without proper investigation