News

IT governance

• August 20, 2024 20 Aug'24

  ICO launches privacy notice tool for SMEs

  ICO tool designed to make it easier for small businesses and sole traders operating online to create bespoke data privacy notices for compliance purposes

• August 20, 2024 20 Aug'24

  Phishing links becoming bigger threat than email attachments

  Phishing techniques are evolving away from malicious email attachments, according to a report

• August 19, 2024 19 Aug'24

  Popular Microsoft apps for Mac at risk of code injection attacks

  Researchers at Cisco Talos turn up evidence suggesting that Microsoft apps running on the Apple macOS operating system are not as secure as they seem

• August 16, 2024 16 Aug'24

  Thousands of NetSuite customers accidentally exposing their data

  Misconfigured permissions across live websites are leaving thousands of NetSuite users open to having their valuable customer data stolen, researchers say

• August 16, 2024 16 Aug'24

  Campaigners criticise Starmer post-riot public surveillance plans

  A UK government programme to expand police facial recognition and information sharing after racist riots is attracting criticism from campaigners for exploiting the far-right unrest to generally crack down on protest and increase surveillance

• August 14, 2024 14 Aug'24

  Automated police tech contributes to UK structural racism problem

  Civil society groups say automated policing technologies are helping to fuel the disparities that people of colour face across the criminal justice sector, as part of wider warning about the UK’s lack of progress in dealing with systemic racism

• August 14, 2024 14 Aug'24

  IR35 public sector reforms: HS2 finalises £6.2m settlement with HMRC over compliance failings

  After setting aside over £10m to cover its IR35 compliance liabilities, HS2 accounts confirm the organisation reached a final settlement with HMRC totalling £6.2m

• August 13, 2024 13 Aug'24

  NIST debuts three quantum-safe encryption algorithms

  NIST has launched the first three quantum-resistant encryption algorithms, and as the threat of quantum-enabled cyber attacks grows greater, organisations are encouraged to adopt them as soon as they can

• August 09, 2024 09 Aug'24

  The Security Interviews: Google’s take on confidential computing

  We speak to Google’s Nelly Porter about the company’s approach to keeping data as safe as possible on Google Cloud

• August 08, 2024 08 Aug'24

  Royal ransomware crew puts on a BlackSuit in rebrand

  The Royal ransomware gang is back, with a new name and refreshed capabilities, including an apparently unique ‘partial encryption’ gambit, according to CISA

• August 08, 2024 08 Aug'24

  US lawmakers seek to brand ransomware gangs as terrorists

  Proposals from legislators in Washington DC could shake up the global ransomware ecosystem and give law enforcement sweeping new powers

• August 08, 2024 08 Aug'24

  Ofcom issues online safety warning to firms in wake of UK riots

  Ofcom has issued a warning reminding social media firms of their upcoming online safety obligations, after misinformation about the Southport stabbings sparked racist riots throughout the UK

• August 07, 2024 07 Aug'24

  Microsoft and CrowdStrike hit back at Delta’s legal threats

  Microsoft and CrowdStrike have rejected claims by Delta Air Lines that it was left high and dry amid thousands of flight cancellations during July’s software outage, accusing the airline of ignoring their offers of help and running out-of-date IT ...

• August 06, 2024 06 Aug'24

  2024 seeing more CVEs than ever before, but few are weaponised

  The number of disclosed CVEs soared by 30% in the first seven-and-a-half months of the year, but a tiny fraction of these have been exploited by threat actors, a reminder of the importance of focused security strategies

• August 05, 2024 05 Aug'24

  Chinese cyber attack sparks alert over six-year-old MS vuln

  After a proof-of-concept for a six-year-old Microsoft vulnerability emerged in a Chinese APT attack chain, defenders should be on the look-out for exploitation of CVE-2018-0824

• August 05, 2024 05 Aug'24

  World’s largest companies at near-universal risk of supply chain breach

  Data from SecurityScorecard once again focuses on the interconnected nature of business supply chains and the risk posed to operational resilience by unexpected IT problems and cyber threats

• August 01, 2024 01 Aug'24

  CrowdStrike shareholders sue, alleging false security claims

  A US pension fund is lining up a lawsuit against CrowdStrike, claiming the cyber company lied about the integrity of its systems, leading to failings that caused a worldwide IT outage

• August 01, 2024 01 Aug'24

  Banks, telcos call for more data sharing to fight fraud

  A Which?-led coalition of banks and telecoms operators is calling on the UK's new government to take the lead on enabling data sharing to help fight digital fraud

• July 31, 2024 31 Jul'24

  Campaigners call for evidence to reform UK cyber laws

  The CyberUp Campaign for reform of the 1990 Computer Misuse Act launches an industry survey inviting cyber experts to share their views on how the outdated law hinders legitimate work

• July 31, 2024 31 Jul'24

  Mayor launches London Privacy Register for smart city information

  To increase transparency around and trust in London’s smart city technology deployments, the London Privacy Register aims to provide the public with more information about the systems they encounter in their day-to-day lives

• July 31, 2024 31 Jul'24

  Breach costs soar as record ransomware payment made

  IBM publishes data on the spiralling costs of cyber attacks and data breaches, while researchers identify what appears to be the largest ransomware payment ever made

• July 30, 2024 30 Jul'24

  UK competition watchdog scrutinises Alphabet and Anthropic tie-up

  The Competition and Markets Authority is looking at whether Alphabet’s $2bn investment in AI startup Anthropic is anti-competitive

• July 30, 2024 30 Jul'24

  Government commits at least £540m to financial redress for wrongfully convicted Post Office staff

  Hundreds of eligible former subpostmasters and branch staff are yet to come forward to have convictions overturned, but government hopes new scheme will encourage them to do so

• July 29, 2024 29 Jul'24

  CrowdStrike says most Falcon sensors now up and running

  The vast majority of CrowdStrike Falcon sensors affected by a coding error have now been recovered, with a final resolution expected this week

• July 29, 2024 29 Jul'24

  WTO digital trade agreement aims to modernise global commerce

  A digital trade deal negotiated over five years at the World Trade Organization has been signed by 91 countries, laying the groundwork for a new global digital trade regime

• July 26, 2024 26 Jul'24

  Ban predictive policing and facial recognition, says civil society

  A coalition of civil society groups is calling for an outright ban on predictive policing and biometric surveillance in the UK

• July 26, 2024 26 Jul'24

  Vince Cable says the Post Office ‘lied’ to the government over Horizon issues

  In the latest Post Office scandal public inquiry hearings, Vince Cable and Greg Clark reflected on their time as the minister heading the department responsible for the Post Office

• July 25, 2024 25 Jul'24

  North Korean cyber APT targeting nuclear secrets

  Mandiant has upgraded the North Korean threat actor known as Andariel to APT status and warned of coordinated efforts to steal western military IP, including nuclear secrets

• July 25, 2024 25 Jul'24

  Why is CrowdStrike allowed to run in the Windows kernel?

  Microsoft has pointed the finger at EU regulators, blaming them for a ruling that means it needs to offer third parties access to the core Windows OS

• July 25, 2024 25 Jul'24

  Fortune 500 stands to lose $5bn plus from CrowdStrike incident

  The largest global organisations hit by the CrowdStrike-Microsoft incident on 19 July will likely be out of pocket to the tune of billions of dollars

• July 24, 2024 24 Jul'24

  CrowdStrike blames outage on content configuration update

  CrowdStrike publishes the preliminary findings of what will be a lengthy investigation into the root causes of the failed 19 July update that caused Windows computers to crash all over the world

• July 24, 2024 24 Jul'24

  Mimecast to buy insider threat specialist Code42

  Mimecast is to buy fellow human-centred risk experts Code42 for an undisclosed sum to take advantage of its insider threat and data loss protection specialisms

• July 24, 2024 24 Jul'24

  ICO reprimands Essex school for illegal facial recognition use

  The Information Commissioner’s Office has reprimanded Chelmer Valley High School in Chelmsford for introducing facial recognition and failing to conduct a legally required data protection impact assessment and obtain the explicit consent of students

• July 23, 2024 23 Jul'24

  Former minister felt she was fighting department over Post Office controversy

  Former government minister was fighting with Shareholder Executive officials as she probed for information following allegations brought to her by MPs

• July 23, 2024 23 Jul'24

  Chrome cookies reprieved amid Google Privacy Sandbox changes

  Google abruptly changes tack on third-party cookies in its Chrome web browser, cancelling plans to deprecate them in favour of an unspecified ‘new experience’ for users

• July 22, 2024 22 Jul'24

  CrowdStrike chaos shows risks of concentrated ‘big IT’

  The concentration of so much mission-critical technology in the hands of a few large suppliers makes incidents like the Microsoft-CrowdStrike outage all the more dangerous

• July 22, 2024 22 Jul'24

  Ed Davey and Jo Swinson ‘handled’ by civil servants in Post Office cover-up, says Sir Alan Bates

  Evidence in public inquiry revealed how ministers in charge of Post Office were left in the dark at a time when campaigners, MPs and journalists were looking for answers

• July 17, 2024 17 Jul'24

  UK Cyber Bill teases mandatory ransomware reporting

  In the Cyber Security and Resilience Bill introduced in the King's Speech, the UK's new government pledges to give regulators more teeth to ensure compliance with security best practice and to mandate incident reporting

• July 17, 2024 17 Jul'24

  Hackney Council reprimanded over 2020 ransomware attack

  The London Borough of Hackney has been reprimanded by the ICO over a series of failures that led to a devastating cyber attack, but at the same time, the regulator praised the local authority for its response and commitment to making improvements

• July 16, 2024 16 Jul'24

  Strategic Defence Review must emphasise cyber security, says industry

  Cyber security leaders say the new government's Strategic Defence Review needs to put digital security front and centre

• July 16, 2024 16 Jul'24

  CMA looks deeper into Microsoft’s AI hirings

  Microsoft recently hired two former co-founders of AI specialist Inflection AI, and signed a deal to host the company’s AI model on Azure

• July 15, 2024 15 Jul'24

  NHS Trusts cancelled over 6,000 appointments after Qilin cyber attack

  The two NHS Trusts most heavily impacted by the Qilin ransomware attack on pathology services provider Synnovis have cancelled over 6,000 appointments and procedures in the past five weeks

• July 15, 2024 15 Jul'24

  How Snowflake is tackling AI challenges

  Snowflake’s regional leader Sanjay Deshmukh outlines how the company is helping customers to tackle the security, skills and cost challenges of AI implementations

• July 15, 2024 15 Jul'24

  Civil servant said subpostmasters’ threat of legal action was ‘sabre-rattling’

  Post Office scandal public inquiry hears damning evidence capping off a bad week for the reputation of high-profile civil servants

• July 12, 2024 12 Jul'24

  AT&T loses ‘nearly all’ phone records in Snowflake breach

  Hackers have stolen records of virtually every call made by AT&T's customers during a six-month period in 2022, after compromising the US telco's Snowflake data environment

• July 12, 2024 12 Jul'24

  Public awareness of ID security grows, but big obstacles remain

  Consumers are improving their awareness of the issues around digital identity security, but there are still some big issues preventing many from doing better, according to an Okta report

• July 12, 2024 12 Jul'24

  IBM: Reimagine processes to unlock AI’s value

  Asia-Pacific organisations must reimagine processes for AI success, says IBM’s general manager for the region, Paul Burton

• July 11, 2024 11 Jul'24

  Dutch research firm TNO pictures the SOC of the future

  In only a few years, security operations centres will have a different design and layout, and far fewer will remain

• July 10, 2024 10 Jul'24

  The security interview: Managing the ‘no’ mindset

  Matt Riley, data protection and information security officer at Sharp Europe, discusses balancing cyber risks with business leaders’ goals

• July 09, 2024 09 Jul'24

  Hyper-V zero-day stands out on a busy Patch Tuesday

  Microsoft has fixed almost 140 vulnerabilities in its latest monthly update, with a Hyper-V zero-day singled out for urgent attention