News

IT governance

September 28, 2021 28 Sep'21
How one red team exercise averted a new SolarWinds-style attack

Palo Alto Networks shares details of how its red teamers found and sealed a customer vulnerability that could have led to another SolarWinds-style supply chain attack
September 24, 2021 24 Sep'21
London publishes guidelines for ethical use of smart city tech

Latest draft of the ‘Emerging Technology Charter for London’ encourages local authorities, public services and technology companies to improve how they implement technology in the capital
September 23, 2021 23 Sep'21
Fresh alert over Conti ransomware surge

Conti ransomware crew appears increasingly active, prompting fresh warnings from the US authorities
September 23, 2021 23 Sep'21
MoD in second leak of Afghan citizens’ data

A second breach of data relating to Afghan citizens at risk of Taliban reprisals has been reported by the Ministry of Defence

September 23, 2021 23 Sep'21
Threat actors target VMware vCenter Server users

Users of VMware vCenter Server are advised to patch a series of vulnerabilities post haste
September 22, 2021 22 Sep'21
AI cannot be regulated by technical measures alone

The regulation of artificial intelligence must address the power of tech companies, as technical measures alone will not be enough to prevent the harms caused by AI-driven technologies, says report
September 21, 2021 21 Sep'21
US sanctions Suex crypto exchange over ransomware links

US Treasury cracks down on cryptocurrency exchange that supposedly facilitated proceeds from multiple ransomware gangs
September 21, 2021 21 Sep'21
Spanish police bust Mafia-linked phishing gang

A joint operation between European authorities has dismantled a cyber criminal gang with links to the Italian Mafia
September 21, 2021 21 Sep'21
BlackMatter gang ramps up attacks on multiple victims

A wave of new BlackMatter ransomware attacks is hitting organisations around the world, even as the US authorities mull new sanctions on ransom payment infrastructure
September 20, 2021 20 Sep'21
NGO Fair Trials calls on EU to ban predictive policing systems

The use of artificial intelligence to predict criminal behaviour should be banned because of its discriminatory outcomes and high risk of further entrenching existing inequalities, claims Fair Trials

September 16, 2021 16 Sep'21
Travel-themed phishing lures spiked this summer

As people begin to take holidays again after more than a year of restrictions and lockdowns, opportunist cyber criminals have taken note, according to new data from Palo Alto’s Unit 42
September 15, 2021 15 Sep'21
UN human rights chief calls for moratorium on AI technologies

High commissioner’s call for a moratorium on the use of AI systems that pose a serious risk to human rights is accompanied by a UN report on the negative human rights impacts associated with the technology
September 15, 2021 15 Sep'21
Microsoft patches 66 vulnerabilities in September update

Another lighter-than-usual Patch Tuesday update includes important fixes for recently disclosed vulnerabilities, including a dangerous zero-day, and an update in the PrintNightmare saga
September 14, 2021 14 Sep'21
Mass health tracker data breach has UK impact

The leak of a database of 61 million users of health-tracking devices includes records on individuals located in the UK
September 14, 2021 14 Sep'21
Cost of ransomware attack in financial sector exceeds $2m

Mid-sized financial services organisations worldwide spend an average of over $2m recovering from ransomware attacks
September 14, 2021 14 Sep'21
Apple patches ForcedEntry vulnerability used by spyware firm NSO

Apple patches ForcedEntry vulnerability that was used to target political activists with spyware
September 13, 2021 13 Sep'21
Smishing attacks up sevenfold in six months

Scam text messages are reaching pandemic proportions, thanks in part to the pandemic
September 13, 2021 13 Sep'21
Olympus likely victim of BlackMatter ransomware

Key IT systems remain shut off at Olympus, five days after what seems to have been a BlackMatter ransomware attack
September 09, 2021 09 Sep'21
UK GDPR faces changes under planned reforms

DCMS is launching a major consultation on proposed changes to the UK’s data protection regime, under which several key elements of the GDPR are likely to change
September 08, 2021 08 Sep'21
REvil reappearance may herald new ransom campaigns

The re-emergence of the infamous REvil ransomware gang is a likely sign that more high-profile attacks will unfold over the coming weeks
September 08, 2021 08 Sep'21
Covid positive for security market, but still a source of stress

CIISec’s latest “State of the profession report” highlights both positives and challenges for cyber pros arising from the past two years
September 08, 2021 08 Sep'21
Stolen credit card data worth about £13 on dark web, PayPal worth more

The average price of a stolen credit card on a dark web marketplace comes in at around $17.40, or £12.60, according to new data – but the real money for cyber criminals is in hacked PayPal accounts
September 07, 2021 07 Sep'21
ICO in bid to end cookie pop-ups

Outgoing information commissioner Elizabeth Denham will call on her equivalents across the G7 group of countries to collaborate on an overhaul of cookie consent pop-ups
September 07, 2021 07 Sep'21
Lords committee calls for evidence on digital regulation

House of Lords Communications and Digital Committee has called for evidence to inform its inquiry into the effectiveness of digital regulation
September 03, 2021 03 Sep'21
Mandiant, Sophos detail dangerous ProxyShell attacks

Threat researchers and incident responders continue to track threat activity around the dangerous ProxyShell Microsoft Exchange vulnerabilities, including impactful ransomware hits
September 02, 2021 02 Sep'21
WhatsApp fined €225m over GDPR breaches

Irish data protection watchdog has issued one of the largest GDPR fines to date against Facebook-owned WhatsApp
September 02, 2021 02 Sep'21
Twitter tests auto-block feature for accounts at risk of abuse

Latest Twitter feature automatically blocks abusive users, and is intended to help victims regain control of their experience on the platform
September 01, 2021 01 Sep'21
Experts warn on Office 365 phishing attacks

Newly observed campaign is particularly dangerous because it appears to neutralise one of the most widely known anti-phishing techniques
September 01, 2021 01 Sep'21
Remote workers routinely bypassed security tools during pandemic

New data from Palo Alto Networks reveals that over 25% of UK security leaders saw their employees circumventing or switching off security measures at the height of the pandemic
August 27, 2021 27 Aug'21
Are proposed data protection changes a threat to UK citizens’ privacy?

Though changes are as-yet undefined pending an upcoming consultation, concerns are already being expressed over the government’s plan to liberalise data protection laws in the service of innovation and growth
August 26, 2021 26 Aug'21
Tech giants commit to Biden's cyber security action plan

Some of the world’s most prominent tech giants have made a series of commitments to enhance the US’ national cyber security posture following a high-profile meeting with president Biden
August 26, 2021 26 Aug'21
Government unveils post-Brexit data flow proposals

The government will pursue data partnerships with countries including Australia, South Korea and the US as part of a post-Brexit data regime that may also see substantial changes to the UK’s data protection law
August 26, 2021 26 Aug'21
NZ privacy lead John Edwards named new information commissioner

DCMS has named John Edwards, currently New Zealand privacy commissioner, to succeed Elizabeth Denham as UK information commissioner
August 25, 2021 25 Aug'21
Algorithmic accountability needs meaningful public participation

Global analysis by Ada Lovelace Institute and other research groups finds algorithmic accountability mechanisms in the public sector are hindered by a lack of engagement with the public
August 25, 2021 25 Aug'21
Calling the cops for ransomware attacks doesn’t help, say cyber pros

A new study for the #Ransomaware campaign reveals some insight into why so few victims report ransomware attacks
August 25, 2021 25 Aug'21
UK loses £1.3bn to fraud and cyber crime so far this year

New figures from the National Fraud Intelligence Bureau show a threefold spike in reported financial losses to fraud and cyber crime in the first six months of 2021
August 24, 2021 24 Aug'21
13 million malware attacks on Linux seen in wild

Cryptominers, web shells and ransomware are the most common varieties of malwares targeting Linux systems, thanks to its prevalence as the backbone of most public cloud services
August 24, 2021 24 Aug'21
Half of MS Exchange servers at risk in ProxyShell debacle

Up to 50% of MS Exchange users in the UK are exposed to three vulnerabilities that are now being actively exploited
August 24, 2021 24 Aug'21
Over a million opt out of NHS data-sharing

Failure to communicate benefits of data-sharing proposals and privacy concerns are prompting large numbers of people to opt out of a proposed NHS Digital scheme
August 24, 2021 24 Aug'21
Campaign groups claim police have bypassed Parliament with plans for live facial-recognition tech

Civil society groups call for Parliament to scrutinise the use of live facial-recognition cameras
August 23, 2021 23 Aug'21
Cities worldwide band together to push for ethical AI

The chief digital and technology officers of London and Barcelona speak to Computer Weekly about their joint initiative launched with other cities to promote the ethical deployment of artificial intelligence in urban spaces
August 19, 2021 19 Aug'21
Pub apps harvesting swathes of customer data unnecessarily

Some pub and restaurant chain apps demand data such as gender and marital status, raising eyebrows among privacy campaigners
August 19, 2021 19 Aug'21
IT leaders fear ‘trickle-down’ of nation-state cyber attacks

Three-quarters of IT decision-makers are concerned that the tactics, techniques and procedures used by nation-state attackers could be used against them
August 18, 2021 18 Aug'21
UK government criticised for proposed facial-recognition guidance

Privacy campaigners say the government's updated 'surveillance camera code of practice' does not do enough to mitigate abuses of facial-recognition technology
August 17, 2021 17 Aug'21
Educational publisher Pearson fined for data breach cover-up

Securities and Exchange Commission says publisher misled its investors over the extent of a 2018 data breach
August 17, 2021 17 Aug'21
Security Think Tank: Building privacy-preserving apps and platforms

ISACA’s Gaurav Deep Singh Johar explores how to embed privacy practices into digital platform architecture
August 13, 2021 13 Aug'21
How to get API deployments right

Application programming interfaces are not the panacea for digital transformation and could even lead to escalating costs for problems that are better addressed through integration
August 12, 2021 12 Aug'21
ICO consults on new international data transfer agreement

Information Commissioner’s Office to consult on its draft international data transfer agreement and guidance, which will replace standard contractual clauses to protect personal data during overseas transfers
July 29, 2021 29 Jul'21
HMRC hits Home Office with £33.5m bill over ‘careless’ application of IR35 rules

The Home Office is the latest ministerial department to be hit with a multimillion-pound tax demand from HMRC after errors were discovered in its implementation of the IR35 rules
July 28, 2021 28 Jul'21
Almost half unaware of GP data-sharing plans

Around half of adults in England – approximately 20 million people – remain unaware of the scope of the NHS GPDPR programme, prompting calls for a public education campaign