News

IT governance

• March 10, 2021 10 Mar'21

  Police crack world’s largest cryptophone network as criminals swap EncroChat for Sky ECC

  Belgian and Dutch police have breached the encryption of users of Sky ECC, the world’s largest cryptophone network. There are significant parallels with the international police operation against the EncroChat cryptophone network which led to ...

• March 09, 2021 09 Mar'21

  EBA restores services after Microsoft Exchange attack

  European Banking Authority was breached through vulnerabilities in Microsoft Exchange Server, but is now back online

• March 09, 2021 09 Mar'21

  Private equity house buys McAfee enterprise business

  Deal to sell off enterprise unit will see McAfee become a pure-play consumer organisation

• March 08, 2021 08 Mar'21

  US teases retaliation over state-backed cyber attacks

  Consequences for alleged perpetrators of the SolarWinds attack are expected within the next few weeks

• March 05, 2021 05 Mar'21

  Williams F1 car launch disrupted by data leak

  Williams Formula One team forced to pull augmented reality app it had planned to use to launch its 2021 car at the last minute after an apparent cyber attack

• March 05, 2021 05 Mar'21

  Mandiant: MS Exchange bugs first exploited in January

  Analysis from technical teams at FireEye’s Mandiant tracked activity exploiting newly disclosed vulnerabilities in Microsoft Exchange Server more than a month ago

• March 05, 2021 05 Mar'21

  Clarification needed on IT ‘super-deduction’ allowance

  Chancellor announces that companies investing in qualifying new plant and machinery assets will be able to claim a ‘super-deduction’ allowance

• March 05, 2021 05 Mar'21

  Innovation underpinned by trustworthy governance, says CDEI

  Public support for greater use of digital technologies such as AI depends on how much trust people have in its governance, says report

• March 04, 2021 04 Mar'21

  Okta picks up Auth0 for $6.5bn

  Multibillion-dollar acquisition a vote of confidence in future of identity and access management services

• March 04, 2021 04 Mar'21

  Microsoft Exchange CVEs more widely exploited than thought

  US CISA issues emergency guidance as impact of four newly disclosed Microsoft Exchange vulnerabilities becomes clearer

• March 04, 2021 04 Mar'21

  IR35 private sector reforms: HMRC under fire over ‘omission’ of employers’ NI from webinar guidance

  HM Revenue & Customs confirms it has corrected a calculation error in a recent educational IR35 webinar that saw it fail to factor in employers’ NI in examples of how payments should be made between end-clients, agencies and PSCs post-April 2021

• March 04, 2021 04 Mar'21

  Qualys caught up in Accellion FTA breach

  Security services supplier confirms that some of its data was stolen via vulnerabilities in Accellion’s file transfer product

• March 03, 2021 03 Mar'21

  Emergency patch addresses MS Exchange Server zero-days

  Microsoft releases an emergency patch to address multiple zero-day exploits directed at on-premise installations of Exchange Server

• March 02, 2021 02 Mar'21

  EU seeking pan-European Covid-19 passport solution

  The European Union’s proposal could see the creation of a Covid-19 vaccine passport to enable travel across the EU

• March 02, 2021 02 Mar'21

  Goldman Sachs CEO comments highlight need for home working balance

  The remote working revolution has been prominent in the banking sector and organisations have a balancing act to perform once the pandemic passes

• March 01, 2021 01 Mar'21

  Digital secretary Dowden outlines UK post-Brexit data approach

  The UK government is searching for a new information commissioner with an updated remit to use data to support growth and innovation, and plans on reaching new international data partnerships

• March 01, 2021 01 Mar'21

  Covid accelerates Bradford University remote working project

  Pandemic injected fuel into university’s existing project to introduce remote working

• February 25, 2021 25 Feb'21

  NCSC Cyber Action Plan emphasises SME security

  NCSC self-assessment tool launched to help sole traders and micro-businesses tackle their cyber security challenges

• February 25, 2021 25 Feb'21

  GCHQ sets out rules of the road for AI in cyber

  A paper produced by GCHQ shows how the intelligence agency can use artificial intelligence responsibly as a tool to protect the UK’s national security

• February 25, 2021 25 Feb'21

  Tech-enabled hybrid working enables HSBC to cut 40% of its global office space

  Bank is making huge reductions in the amount of office space it uses through a global hybrid-working policy

• February 25, 2021 25 Feb'21

  MHRA and other agencies to offer new resources for scam victims

  New landing page resources will replace .uk domains suspended for criminal activity to help members of the public access appropriate guidance

• February 25, 2021 25 Feb'21

  IR35 private sector reforms: What IT contractors need to know

  Computer Weekly asks contracting experts to answer questions about PSC bans, compliant umbrella companies and challenging status determinations, with the latest IR35 reforms coming into place

• February 24, 2021 24 Feb'21

  Vaccine passports prove an ethical minefield

  Privacy campaigners warn that vaccine passports may turn out to be discriminatory and invasive, while technologists agree careful consideration must be given to their design

• February 24, 2021 24 Feb'21

  Is Clubhouse safe, and should CISOs stop its use?

  With more concerns being raised over the privacy and security of social media app Clubhouse, we consider whether security teams should consider restricting or stopping employees from using it

• February 24, 2021 24 Feb'21

  Internet companies should provide real-time data on disinformation, Lords told

  Fact-checking experts tell House of Lords inquiry that upcoming Online Safety Bill should force internet companies to provide real-time information on suspected disinformation, and warn against over-reliance on AI-powered algorithms to moderate ...

• February 24, 2021 24 Feb'21

  Businesses forced to ask IT service providers for help during pandemic

  IT service providers have been approached by long-time enterprise customers asking for price cuts due to the impact of the pandemic

• February 24, 2021 24 Feb'21

  Bombardier is latest victim of Accellion supply chain attack

  Canadian aviation company joins the growing list of Accellion breach victims

• February 24, 2021 24 Feb'21

  Warning on security risk from virtual events platforms

  Vulnerabilities found in virtual events platforms could form part of a variant supply chain attack

• February 23, 2021 23 Feb'21

  XDR makes cyber a Stroll in the park for Aston Martin F1

  Aston Martin Cognizant Formula One team will run SentinelOne’s Singularity XDR platform under the bonnet

• February 23, 2021 23 Feb'21

  AI powers reputational damage insurance policy

  Reputational damage has an immediate impact on a company’s share price, and brand loyalty built over many years can be lost in an instant

• February 23, 2021 23 Feb'21

  CyberScotland offers centralised security resource hub

  Newly launched partnership brings together security resources for individuals and organisations across Scotland

• February 22, 2021 22 Feb'21

  Microphones, smartphones, laptops among items stolen from BBC

  A total of 105 devices have been stolen from the BBC in the past two years, some of which may have been spirited away by remote workers

• February 22, 2021 22 Feb'21

  Pandemic has exposed fractures in cyber fraud strategy

  RUSI report urges a bolder and more coordinated response to cyber-enabled fraud as the pandemic lays bear the scale of the problem

• February 19, 2021 19 Feb'21

  European Commission proposes UK data adequacy agreement

  The publication of two draft data adequacy decisions brings the UK closer to a final positive decision, which will enable the continued free flow of data between the EU and the UK if green-lit by member states

• February 19, 2021 19 Feb'21

  NCSC cyber defence scheme blocked thousands of scams in 2019

  The NCSC has reported another productive year for its Active Cyber Defence programme

• February 19, 2021 19 Feb'21

  Biden will act on cyber security to fix SolarWinds mess

  US will take action to modernise its defences in the wake of the SolarWinds attack, says US government cyber lead Anne Neuberger

• February 18, 2021 18 Feb'21

  Swedish police fined for unlawful use of facial-recognition app

  Sweden’s data watchdog has found that Swedish police failed to conduct the data protection checks required by law before using controversial facial-recognition tool

• February 18, 2021 18 Feb'21

  HMRC accused of 'utter hypocrisy' over use of IT contractors enrolled in tax avoidance schemes

  Campaign group calls for HMRC to face an investigation, while accusing the department of ‘utter hypocrisy’ for using IT contractors enrolled in disguised remuneration schemes

• February 18, 2021 18 Feb'21

  2020 a record year for cyber, thanks to Covid

  The UK’s cyber industry now employs close to 50,000 people and contributes billions to the economy

• February 18, 2021 18 Feb'21

  Assessing UK law enforcement data adequacy

  Data protection experts discuss the consequences of achieving data adequacy between the UK and EU for the UK’s intelligence services and criminal justice sector

• February 17, 2021 17 Feb'21

  North Korean Lazarus Group hackers indicted in US

  Charges filed relate to Lazarus Group’s long-running cyber crime spree, including financial theft and extortion, WannaCry malware and the cyber attack on Sony Pictures

• February 17, 2021 17 Feb'21

  Egregor ransomware arrests confirmed

  Authorities confirm that they have arrested an undisclosed number of cyber criminals associated with the Egregor ransomware

• February 17, 2021 17 Feb'21

  Emotional intelligence, empathy increasingly valued in CISOs

  The pandemic has highlighted the value of soft skills, rather than technical ones, in security

• February 17, 2021 17 Feb'21

  Law firm and cyber criminals clash over source of stolen data

  Cyber attack victim Jones Day says its data was stolen in a supply chain attack, but the gang holding it to ransom disagrees

• February 16, 2021 16 Feb'21

  North Korea accused of Pfizer Covid vaccine cyber attack

  South Korean intelligence pins a recent attack on Pfizer, targeting information on coronavirus vaccines, on its neighbour

• February 16, 2021 16 Feb'21

  RDP, SSH exposures off the charts thanks to remote working

  The Covid-19 pandemic has had an impact on the prevalence of certain vulnerabilities in the wild, according to a report

• February 16, 2021 16 Feb'21

  Egregor ransomware associates arrested amid disruption

  Undisclosed number of arrests made in Ukraine after investigators tracked bitcoin ransom payments

• February 15, 2021 15 Feb'21

  Post Office to offer digital ID services to customers

  Post Office partnership with Yoti is intended to expand customer choice as to how people prove their identity when accessing services

• February 12, 2021 12 Feb'21

  UK border surveillance regime highly privatised, says Privacy International

  Research from Privacy International raises concerns about the deep involvement of technology companies in the development and deployment of various technologies throughout the UK’s border regime, along with the lack of scrutiny they receive

• February 11, 2021 11 Feb'21

  Hacked Finnish therapy business collapses

  Vastaamo, the Finnish psychotherapy centre whose patients were blackmailed by a cyber criminal gang, has filed for bankruptcy

• February 11, 2021 11 Feb'21

  Low-complexity CVEs a growing concern

  Analysis of thousands of CVEs logged with NIST in 2020 reveals some unwelcome developments

• February 10, 2021 10 Feb'21

  HelloKitty almost certainly behind CD Projekt ransomware attack

  Theories that the cyber attack on a high-profile gaming studio was orchestrated by players who are disappointed in a videogame are likely wide of the mark, according to analysis

• February 10, 2021 10 Feb'21

  Windows 10, Server 2019 users must patch serious zero-day

  Another dangerous zero-day exploit is among 56 vulnerabilities patched by Microsoft in February’s Patch Tuesday update

• February 10, 2021 10 Feb'21

  Sim-swapping crooks targeted celebrities, influencers

  Eight arrests have been made in England and Scotland in connection with a series of Sim-swapping attacks targeting high-profile victims

• February 10, 2021 10 Feb'21

  Tech sector calls for renewed cooperation in global digital tax talks

  Industry groups want renewed multilateral negotiations between countries about taxation of the digital economy in the wake of Joe Biden’s election as US president

• February 09, 2021 09 Feb'21

  Oracle claims major win in Australian public sector

  Australian Data Centres will deploy Oracle’s Dedicated Region [email protected] to host cloud services for the federal government

• February 09, 2021 09 Feb'21

  Data breaches are a ticking timebomb for consumers

  Damage from data breaches goes far beyond the impact to the target organisation – an obvious fact that is too often overlooked, says F-Secure

• February 09, 2021 09 Feb'21

  Cyberpunk 2077 developer refuses to pay up after ransomware attack

  Polish video game developer CD Projekt has released details of a ransomware attack on its systems

• February 09, 2021 09 Feb'21

  ‘Batman Begins’ cyber attack is a warning to CNI providers

  A thwarted cyber attack in a Florida town that could have resulted in the poisoning of the water supply is a timely reminder of the vulnerability of critical services

• February 09, 2021 09 Feb'21

  NHS reports fewer phishing emails in 2020

  The NHSmail email service saw a steady decline in suspected phishing emails during the course of 2020

• February 08, 2021 08 Feb'21

  UK Cyber Security Council to take charge of skills strategy

  New government-backed body will be set up to boost careers opportunities and professional standards in the cyber security sector

• February 08, 2021 08 Feb'21

  Interview: Robert Opp, chief digital officer, United Nations Development Programme

  Chief digital officer of the United Nations Development Programme talks about the relationship between digital technologies and sustainability, and how it can be used for a more environmentally-friendly and inclusive future

• February 08, 2021 08 Feb'21

  Too few UK organisations offering cyber training for remote work

  Nearly a year into the pandemic, a study reveals a concerning tendency for organisations not to bother offering security training for remote workers

• February 08, 2021 08 Feb'21

  Data of thousands of Dutch citizens leaked from government Covid-19 systems

  Weak access controls and outdated systems blamed for leaking of the personal details of thousands of Dutch citizens tested for Covid-19

• February 08, 2021 08 Feb'21

  Sweden to establish national cyber security centre

  Sweden becomes latest Nordic state to establish a national cyber security centre as the threat landscape grows

• February 05, 2021 05 Feb'21

  Security firm Stormshield loses source code in cyber attack

  Source code from two products developed by French cyber security firm was compromised in a December 2020 incident

• February 04, 2021 04 Feb'21

  Woodland Trust hit by cyber attack in December

  Conservation charity is investigating what it describes as a ‘sophisticated’ cyber attack but has waited nearly two months to inform its members

• February 04, 2021 04 Feb'21

  Fraud and cyber crime still vastly under-reported

  The scale of digitally enabled crime in the UK is dramatically under-reported, new statistics indicate

• February 03, 2021 03 Feb'21

  Crypto malware targets Kubernetes clusters, say researchers

  Newly identified Hildegaard malware targets Kubernetes clusters and seems to herald a new campaign from the TeamTNT gang

• February 03, 2021 03 Feb'21

  Foxtons rejects claims of slow reaction to data leak

  Investigators have unearthed 16,000 data records that seem to have been stolen in an attack on property firm Foxtons last year, but the organisation says it acted by the book in dealing with the incident

• February 03, 2021 03 Feb'21

  ‘Classic’ Cerber ransomware targets health sector in high volumes

  Cerber ransomware-as-a-service seems to have re-emerged as one of the most critical cyber threats facing healthcare organisations, reports VMware Carbon Black

• February 03, 2021 03 Feb'21

  SolarWinds patches two critical CVEs in Orion platform

  New vulnerabilities disclosed as SolarWinds reels from December 2020 Solorigate/Sunburst attack – but do not appear to have been exploited yet

• February 01, 2021 01 Feb'21

  Serco confirms Babuk ransomware attack

  Outsourcing firm was hit by the ransomware last week but insists most of its operations are running as normal

• February 01, 2021 01 Feb'21

  UKRI suspends services after ransomware attack

  UK Research and Innovation was hit by an undisclosed strain of ransomware at the end of January

• February 01, 2021 01 Feb'21

  CISOs invisible to their organisations, says BT report

  Ignorance of cyber issues is leading to misplaced confidence in security in many organisations, as CISOs struggle to make themselves seen and heard

• February 01, 2021 01 Feb'21

  IR35 private sector reforms: Zurich Insurance under fire over contractor blanket ban

  Zurich Insurance is the latest high-profile financial services company to declare contractors can only continue to engage with it via umbrella setups from April 2021, ahead of the IR35 rules coming into force

• February 01, 2021 01 Feb'21

  SBRC picks Check Point to support cyber helpline

  The Scottish Business Resilience Centre has enlisted Check Point as the first security supplier to join its incident response partnership programme

• January 29, 2021 29 Jan'21

  Hunting and anti-hunting groups locked in tit-for-tat row over data gathering

  The leaking of internal documents has prompted a row between pro- and anti-hunting groups about the legality of the other’s data collection practices

• January 29, 2021 29 Jan'21

  Biometrics ethics group addresses public-private use of facial recognition

  Home Office’s Biometrics and Forensics Ethics Group releases briefing note on the use of live facial recognition in public–private collaborations following a year-long investigation

• January 29, 2021 29 Jan'21

  Revealed: Brits who fuelled ‘vicious’ conspiracy theory by Trump supporters

  Trump supporters have apologised and paid millions in damages to the family of murdered Democratic Party staffer Seth Rich for promoting false allegations that Rich – not Russian agents – stole emails from the Democratic National Committee

• January 29, 2021 29 Jan'21

  Manufacturing particularly at risk of Solorigate-linked breaches

  Every fifth victim of the SolarWinds Solorigate/Sunburst attack was a manufacturing organisation, say researchers

• January 27, 2021 27 Jan'21

  Pandemic response has improved privacy posture, says Cisco

  Data privacy seems to be ‘coming of age’ to some extent and organisational responses to Covid-19 may be partly responsible, according to a report

• January 27, 2021 27 Jan'21

  Mimecast breach was work of SolarWinds attackers

  Mimecast’s investigation into a January 2021 breach of its systems turns up evidence that the culprit was the same group that targeted SolarWinds in December

• January 27, 2021 27 Jan'21

  Emotet botnet goes offline as cops seize servers

  The Emotet botnet has been disrupted and knocked offline after a major international effort by law enforcement

• January 27, 2021 27 Jan'21

  Grindr complaint results in €9.6m GDPR fine

  Norway’s data protection authority plans to apply a fine totalling 10% of LGBTQ+ dating app Grindr’s revenues over its data sharing practices

• January 27, 2021 27 Jan'21

  Emergency Apple updates patch exploited zero-days

  Three vulnerabilities could give attackers full control of their target Apple devices, and must be patched immediately

• January 26, 2021 26 Jan'21

  Conservatives broke data law to racially profile millions

  The Conservative Party acted illegally in collecting data that inferred voters’ ethnicity and religious background, a Select Committee has heard

• January 26, 2021 26 Jan'21

  North Korean state attacks legitimate security researchers

  Threat researchers specialising in vulnerability research and development appear to be being targeted by a North Korean state-backed group

• January 26, 2021 26 Jan'21

  ICO extends commissioner Denham’s term of office

  Extension of Elizabeth Denham’s tenure as information commissioner will give the government more time to appoint her successor

• January 26, 2021 26 Jan'21

  Cyber fraud a national security issue, says Rusi report

  A report from the Rusi think tank calls for fresh approaches to how we think about fighting fraud

• January 22, 2021 22 Jan'21

  ICO resumes adtech investigation

  The UK Information Commissioner’s Office was criticised for ending its investigation into alleged malpractice in advertising technology, but has now resumed its probe

• January 22, 2021 22 Jan'21

  Sepa data leaks as agency resists ransom demands

  The Scottish Environment Protection Agency is resisting extortion demands from a ransomware gang, but has suffered a data leak in retaliation

• January 22, 2021 22 Jan'21

  Google threatens to cut off Australia

  Google’s threat to end its Australian Search operation comes in the face of new legislation that would force it to pay media publishers for news content

• January 21, 2021 21 Jan'21

  Hackney Council tenders for cyber security upgrade

  Suppliers are being invited to tender for enhanced cyber security capabilities at ransomware victim Hackney Council

• January 21, 2021 21 Jan'21

  Immigration exemption in data protection law faces further legal challenge

  Human rights groups set to take legal challenge against immigration exemption to Court of Appeal on the basis that everyone, regardless of their nationality or residence, should have their fundamental rights and freedoms protected as stated in the ...

• January 21, 2021 21 Jan'21

  Two-thirds of CISOs say they’ll be cyber attack victims this year

  Security professionals are ever alert to the threats they face, but some still seem to think it is unlikely they will be attacked

• January 21, 2021 21 Jan'21

  Interview: Tony Porter, chief privacy officer, Corsight AI

  Tony Porter speaks to Computer Weekly about the changes in facial-recognition during his time as surveillance camera commissioner, the ethics of using the technology, and his new role as chief privacy officer at Corsight AI

• January 21, 2021 21 Jan'21

  Incompetent cyber criminals leak data in opsec failure

  Even cyber criminals need to pay attention to their information security posture, as this cautionary tale uncovered by Check Point reveals

• January 20, 2021 20 Jan'21

  Should I be worried about MFA-bypassing pass-the-cookie attacks?

  Malicious actors bypassed multi-factor authentication using so-called pass-the-cookie attacks, but how worrying is this and what is the risk to organisations?

• January 20, 2021 20 Jan'21

  Malwarebytes also hit by SolarWinds attackers

  The nation state group that attacked SolarWinds in December got inside Malwarebytes by exploiting privileged access to its Microsoft Office 365 tenant, the firm reveals