News

IT governance

October 25, 2022 25 Oct'22
Digital-first businesses more willing to accept some fraud

Companies founded in the past 20 years appear more willing to accept higher levels of fraudulent activity during the customer onboarding process, according to a report
October 24, 2022 24 Oct'22
Complacency biggest cyber risk to UK plc, says ICO

Information commissioner John Edwards warns against complacency as his office issues a multimillion-pound fine to a building company that failed to prevent a ransomware attack
October 20, 2022 20 Oct'22
The Security Interviews: Why now for ZTNA 2.0?

With organisations facing escalating online threats, security teams need to improve their defences using zero-trust network access to preserve the integrity of their systems. Palo Alto Networks’ Simon Crocker shares his views on zero-trust network ...
October 20, 2022 20 Oct'22
Parliamentary committee launches inquiry into AI governance

MPs will examine the impacts of artificial intelligence throughout the UK economy and how governance of the technology can be improved ahead of the government publishing its formal regulatory proposals

October 19, 2022 19 Oct'22
Ransomware crews regrouping as LockBit rise continues

Overall ransomware activity dropped off in the third quarter of 2022, but increasing attack volumes in September may herald a difficult few months ahead
October 19, 2022 19 Oct'22
Treat cyber crime as a ‘strategic threat’, UK businesses told

The government’s new National Cyber Advisory Board aims to help elevate cyber discussion and spur action in the business community
October 18, 2022 18 Oct'22
Virtually all vulnerable open source downloads are avoidable

Some 96% of known vulnerable open source downloads could have been avoided altogether, according to a report
October 17, 2022 17 Oct'22
Biden ramps up China chip sanctions

The war of words between China and the US has ramifications across the high-tech sector. We report on the latest developments
October 14, 2022 14 Oct'22
Annual costs of Hackney ransomware attack exceed £12m

Hackney Council reveals new insight into the ongoing cost of a ransomware attack that devastated its systems two years ago
October 14, 2022 14 Oct'22
Office 365 email encryption flaw could pose risk to user privacy

A vulnerability in Microsoft Office 365 Message Encryption could leave the contents of emails dangerously exposed, but with no fix coming it’s up to users to decide how at risk they are

October 14, 2022 14 Oct'22
Advanced: Healthcare data was stolen in LockBit 3.0 attack

Advanced has revealed a total of 16 of its health and social care sector customers had their data exfiltrated in a recent ransomware attack
October 13, 2022 13 Oct'22
Perpetrators of subpostmaster suffering in Horizon scandal must face public inquiry

Victims demand that the perpetrators of the Post Office Horizon IT scandal face the public inquiry
October 12, 2022 12 Oct'22
Microsoft fixes lone zero-day on October Patch Tuesday

Microsoft patched a solitary zero-day vulnerability in its latest monthly drop, but fixes for two others disclosed in the past few weeks are nowhere to be seen
October 12, 2022 12 Oct'22
ICO selectively discloses reprimands for data protection breaches

Data protection experts question ICO’s selective approach to publishing formal reprimands for contravening the law, after FoI request reveals the Cabinet Office was among the organisations reprimanded
October 11, 2022 11 Oct'22
Contractor left Toyota source code exposed for five years

Source code related to Toyota’s T-Connect service was left exposed on GitHub for over five years by a contractor
October 10, 2022 10 Oct'22
Ukraine and EU explore deeper cyber collaboration

A Ukrainian delegation has met with officials from the EU’s ENISA cyber agency to explore deeper cooperation on cyber security issues
October 06, 2022 06 Oct'22
EU rolling out measures for online safety and AI liability

The European Council has approved the passage of the Digital Services Act to protect people’s rights online, while the European Commission has announced proposals to help those negatively affected by artificial intelligence to claim compensation
October 05, 2022 05 Oct'22
Italian Supreme Court calls for prosecutors to disclose information on Sky ECC hacking operation

Italy’s Supreme Court says Italian prosecutors and police should disclose information on how they obtained intercepted messages from the Sky ECC cryptophone network
October 04, 2022 04 Oct'22
Public sector aims to close digital skills gap with private sector

Digital leaders from the public sector have stressed the need to build up the digital skills and capabilities of civil servants to successfully deliver the government’s digital transformation ambitions, but not at the expense of supplier ecosystems
October 04, 2022 04 Oct'22
Tories to replace GDPR

IT industry reacts to the government’s plan to replace the pan-European data protection regulation
September 30, 2022 30 Sep'22
Surveillance tech firms complicit in MENA human rights abuses

Research finds companies are profiting from surveillance technologies that facilitate human rights abuses against migrants, asylum seekers and refugees in the Middle East and North Africa, with little to no oversight
September 28, 2022 28 Sep'22
Whistleblower Peter Duffy calls for oversight of NHS records to prevent evidence tampering

A whistleblower has called for greater oversight in the handling of ‘safety-critical digital information’ across the NHS, in light of a number of cases that raise questions about data governance and record-keeping within the health service
September 28, 2022 28 Sep'22
Most hackers exfiltrate data within five hours of gaining access

Insights from more than 300 sanctioned adversaries, otherwise known as ‘ethical’ hackers, reveal that around two-thirds are able to collect and exfiltrate data within just five hours of gaining access
September 26, 2022 26 Sep'22
How Russian intelligence hacked the encrypted emails of former MI6 boss Richard Dearlove

Hack by Russian-linked ColdRiver group exposed former MI6 chief Richard Dearlove’s contacts and email communications with government, military, intelligence and political officials
September 23, 2022 23 Sep'22
Threat actors abused lack of MFA, OAuth in spam campaign

Microsoft threat researchers have reported on a series of cyber attacks in which enterprises with lax IAM policies had their systems hijacked to conduct spam email campaigns
September 22, 2022 22 Sep'22
Ofcom turns its attention to the hyperscalers

The regulator sees its role expanding into emerging areas of communications technologies and public cloud services
September 22, 2022 22 Sep'22
Privacy Pledge signatories dream of alternative internet

A group of privacy-focused organisations have come together to establish a set of principles for taking the internet back from big tech and surveillance capitalism
September 21, 2022 21 Sep'22
NCSC publishes cyber guidance for retailers

The NCSC has published tailored advice to support online retailers, hospitality providers and utility services in protecting themselves and their customers from cyber crime
September 20, 2022 20 Sep'22
Thousands of customers affected in Revolut data breach

Digital challenger bank has warned its customers to be vigilant after their data was exposed in a cyber attack
September 20, 2022 20 Sep'22
IHG attackers phished employee to deploy destructive wiper

A couple from Vietnam who claim to be behind a destructive wiper cyber attack on hotel operator IHG told the BBC how they orchestrated their operation
September 20, 2022 20 Sep'22
Reports Uber and Rockstar incidents work of same attacker

Rockstar Games was hit over the weekend by an attacker who claimed to have accessed its Slack channel to steal data on an upcoming release, and may be the same person who compromised Uber
September 16, 2022 16 Sep'22
Six new vulnerabilities added to CISA catalogue

CISA adds six new vulnerabilities to its most-wanted list, including one that dates back to 2010
September 16, 2022 16 Sep'22
Uber suffers major cyber attack

Details are trickling out of an apparent ‘near total’ compromise of ride-sharing service Uber by an alleged teenage hacktivist
September 15, 2022 15 Sep'22
EU Cyber Resilience Act sets global standard for connected products

European Commission lays out proposed security regulations on device and software security to better protect consumers and drive global standards
September 15, 2022 15 Sep'22
New player pioneers ‘active cyber insurance’ for UK market

Arrival of US-based insurer Coalition in London will supposedly offer SMEs more options when it comes to cyber security insurance
September 15, 2022 15 Sep'22
Organisations failing to account for digital trust

The vast majority of businesses are well aware of the importance of digital trust, yet very few have a dedicated staff role responsible for it, report finds
September 15, 2022 15 Sep'22
US charges three Iranians over CNI cyber attacks

Three Iranian nationals have been indicted over a spate of ransomware attacks against organisations in the US, UK, Israel and Iran
September 14, 2022 14 Sep'22
Ex-CISA head Krebs: Disrupt ransomware support networks to win the war

Speaking at an event hosted by data protection specialist Rubrik, former CISA director Chris Krebs calls for the security community to work collectively to kick out the supports from under ransomware gangs
September 14, 2022 14 Sep'22
Microsoft patches 64 vulnerabilities on September Patch Tuesday

Microsoft drops fixes for five critical vulnerabilities and one zero-day in its latest monthly update
September 13, 2022 13 Sep'22
Cloud compromise a doddle for threat actors as victims attest

Two separate studies into the state of public cloud security reveal insight into the ease with which threat actors can compromise vast numbers of targets, and some of the challenges security teams are facing in the cloud
September 13, 2022 13 Sep'22
Users warned over Azure Active Directory authentication flaw

Secureworks researchers found what they say is a serious vulnerability in an Azure Active Directory authentication method, but Microsoft says it should not pose a serious risk to users
September 13, 2022 13 Sep'22
Multi-persona impersonation adds new dimension to phishing

Iranian APT used multiple personas on a single email thread to convince targets of the legitimacy of its phishing lures
September 12, 2022 12 Sep'22
Mandiant floats off into Google Cloud

As planned, the acquisition of Mandiant will see the threat intel and incident response giant become a part of Google’s Cloud business
September 12, 2022 12 Sep'22
CISOs should spend on critical apps, cloud, zero-trust, in 2023

Faced with a global recession next year, security buyers should try to direct investment towards technology that protects customer-facing and revenue-generating workloads, say analysts
September 12, 2022 12 Sep'22
Lloyd’s of London is digitally transforming through the front door

Centuries-old financial services organisation is transforming its complex IT infrastructure through digital data
September 08, 2022 08 Sep'22
NCSC CyberUK event heads to Belfast in 2023

National Cyber Security Centre’s annual CyberUK roadshow is crossing the Irish Sea to Belfast in April 2023
September 08, 2022 08 Sep'22
The changing role of CIO in Sweden

New technologies and evolving business models are changing the missions of IT leaders around the world – and in most cases, the result is slightly different from one country to another
September 07, 2022 07 Sep'22
Albania cuts diplomatic ties with Iran after cyber attack

In a global geopolitical first, the Albanian government has severed diplomatic ties with Iran and expelled its ambassador after it was targeted by an APT backed by Tehran
September 07, 2022 07 Sep'22
Prince’s Trust teams with threat management specialist in skills push

Prince’s Trust hopes to address shortfall in cyber professionals and improve diversity in the industry
September 07, 2022 07 Sep'22
Hotel group IHG confirms cyber attack after two-day outage

IHG, the operator of hotel chains Crowne Plaza, Holiday Inn, Intercontinental and Kimpton, says it has been targeted by an unknown threat actor