News

IT risk management

• August 16, 2022 16 Aug'22

  Why organisations need to harmonise their CIO and CISO roles

  Unless properly managed, conflicting responsibilities between the chief information officer and the chief information security officer can cause project delays and budget overruns, says Netskope’s Mike Anderson

• August 15, 2022 15 Aug'22

  Lawyers and journalists sue CIA and Mike Pompeo over Assange surveillance claims

  CIA and its former director sued over allegations that they authorised unlawful spying on US citizens when they visited WikiLeaks founder Julian Assange at the Ecuadorian Embassy in London

• August 12, 2022 12 Aug'22

  How critical infrastructure operators can secure OT data

  Cohesity’s CISO discusses the challenges of securing data in operational technology systems and what can be done to mitigate security threats

• August 10, 2022 10 Aug'22

  ‘Coopetition’ a growing trend among ransomware gangs

  Sophos shares data from its new X-Ops unit at Black Hat in Las Vegas, revealing a growing number of ransomware victims being attacked by multiple gangs at the same time

• August 09, 2022 09 Aug'22

  Cyber insurance getting harder to obtain

  Organisations looking to shore up their security postures face more and more barriers to obtaining cyber insurance

• August 08, 2022 08 Aug'22

  NHS recovering key services after attack on supplier

  Incident at software provider Advanced took out multiple NHS services before the weekend, including the 111 advice service

• August 05, 2022 05 Aug'22

  Reliance on PSN may have exacerbated cyber attack impact

  As it seeks a new supplier to reinvigorate the migration away from the Public Services Network, the Cabinet Office says relying on the legacy network may be putting public sector bodies at heightened risk in cyber attacks

• August 04, 2022 04 Aug'22

  UK has biggest card fraud problem in Europe

  Social Market Foundation calls on the UK to get a grip on its huge problem with bank card fraud in Europe

• August 04, 2022 04 Aug'22

  SBRC to administer NCSC training across Scotland

  The Scottish Business Resilience Centre has been awarded a £500,000 contract to extend cyber resilience training across more than 250 at-risk organisations

• August 03, 2022 03 Aug'22

  New EU due diligence law needs amending to stop tech sector abuse

  European corporate due diligence directive seeking to transform how companies approach their human rights and environmental risk is welcome, but without further changes, it will fail to effectively curb tech firms’ harmful practices, claims ...

• August 03, 2022 03 Aug'22

  DrayTek patches SOHO router bug that left thousands exposed

  Network hardware supplier has fixed an unauthenticated RCE vulnerability in multiple routers in its Vigor line, after being alerted by Trellix researchers

• July 28, 2022 28 Jul'22

  H0lyGh0st ransomware gang faces challenges, but still a threat

  Digital Shadows reports on the recently identified H0lyGh0st ransomware outfit, a new threat actor operating out of North Korea that faces some clear challenges, but is nevertheless still a live threat

• July 28, 2022 28 Jul'22

  NCSC startups scheme turns focus to operational technology, SME security

  NCSC for Startups initiative turns its focus to supporting innovation around securing operational technology and addressing the challenges facing small businesses

• July 28, 2022 28 Jul'22

  Cyber criminals pivot away from macros as Microsoft changes bite

  As Microsoft resumes blocking macros by default in its Office application suite, reversing a temporary reversal, analysis from Proofpoint suggests the action has had a remarkable effect

• July 27, 2022 27 Jul'22

  Consumers left out of pocket as security costs soar

  As the average cost of a security incident reaches an all-time high of nearly $4.5m, an IBM Security study reveals how these costs are being passed on to ordinary people

• July 27, 2022 27 Jul'22

  Cyber security training ‘boring’ and largely ignored

  Two-thirds of employees don’t bother to pay attention to cyber security training – and the fault does not lie with them

• July 26, 2022 26 Jul'22

  Secret court asked to quash a decade of MI5 surveillance warrants following ‘systemic breaches’

  The culture at MI5 was to ‘prioritise’ missions ‘over everything else’, including compliance with safeguards designed to protect the public, the UK’s most secret court heard yesterday

• July 26, 2022 26 Jul'22

  No More Ransom initiative helps 1.5 million people in six years

  One and a half million people have now taken advantage of free ransomware decryption tools offered by a joint European project

• July 26, 2022 26 Jul'22

  Visibility and proactive stance needed to secure OT systems

  Critical infrastructure operators need to have more visibility into their IT and operational technology environment, and take a more active stance to fend off sophisticated adversaries, expert says

• July 26, 2022 26 Jul'22

  Ducktail infostealer targets Facebook Business users

  Newly uncovered Ducktail operation targets individuals with access to Facebook Business service and tries to steal their accounts

• July 25, 2022 25 Jul'22

  Home Office ‘unlawfully’ approved MI5 bulk surveillance warrants

  MI5 provided ‘false information’ to the Home Office to secure bulk surveillance warrants, the Investigatory Powers Tribunal heard

• July 25, 2022 25 Jul'22

  NCSC seeks community input for Cyber Advisor service

  The NCSC is proposing to establish a new Cyber Advisor service to train up experts in security guidance, and is inviting interested parties to come forward

• July 25, 2022 25 Jul'22

  The Security Interviews: Why you need to protect abandoned digital assets

  The war in Ukraine and subsequent boycott of Russia resulted in a swathe of digital infrastructure being abandoned, becoming a potential vulnerability for many organisations, says Cyberpion’s Ran Nahmias

• July 25, 2022 25 Jul'22

  TMT firms among top targets for cyber attacks in Singapore

  Organisations in the technology, media and telecoms sector were among the most lucrative targets for malicious actors as their services penetrate almost every aspect of society

• July 21, 2022 21 Jul'22

  GCHQ experts back scanning of encrypted phone messages to fight child abuse

  Ian Levy, technical director of the NCSC, and Crispin Robinson, technical director of GCHQ, back client-side scanning software on mobile phones to detect child abuse

• July 21, 2022 21 Jul'22

  Buy ‘plug-n-play’ malware for the price of a pint of beer

  Three-quarters of malwares and almost 90% of exploits retail on the dark web for about £8.40 or less, according to a report

• July 20, 2022 20 Jul'22

  (ISC)² expands entry-level cyber programme after UK success

  Flush with success from a UK certification programme, reaching 100k in the UK, (ISC)² now wants to provide free security certification to a million people worldwide

• July 20, 2022 20 Jul'22

  Cato aims to bust cyber myths as it extends network protections

  Cato Networks is beefing up its platform’s security features with ransomware and data loss protections, and the firm’s security strategy lead Etay Maor is using the occasion – and his unique access to billions of data points from the firm’s network ...

• July 15, 2022 15 Jul'22

  NHS trust ‘deliberately’ deleted up to 90,000 emails before tribunal hearing

  A high-profile case brought by NHS whistleblower Chris Day raises questions about the adequacy of information governance practices in NHS hospital trusts

• July 15, 2022 15 Jul'22

  Log4Shell on its way to becoming ‘endemic’

  US government report concludes that, like Covid, Log4Shell will be with us for a long time to come

• July 14, 2022 14 Jul'22

  Videogame maker Bandai Namco confirms cyber attack

  Bandai Namco, developer of videogames including Pac-Man, Tekken and Dark Souls, has broken days of silence to confirm it has been hit by a cyber attack

• July 14, 2022 14 Jul'22

  How hostile government APTs target journalists for cyber intrusions

  Proofpoint shares data on multiple campaigns of cyber intrusions against journalists originating from threat actors aligned to the governments of China, Iran, North Korea and Turkey

• July 13, 2022 13 Jul'22

  July Patch Tuesday brings more than 80 fixes, one zero-day

  While some admins can put their feet up and let Windows Autopatch do the hard work of updating their Microsoft estates, for the rest of us, the Patch Tuesday bandwagon keeps on keeping on

• July 13, 2022 13 Jul'22

  ICO calls for review into government use of private email and WhatsApp messages

  Information Commissioner’s Office reprimands Department of Health and Social Care after ministers and officials conducted government business on their own email accounts and messaging apps

• July 12, 2022 12 Jul'22

  MaliBot Android malware spreading fast, says Check Point

  The MaliBot malware is becoming a persistent and widespread problem, and Android users should be on their guard, says Check Point

• July 12, 2022 12 Jul'22

  Singapore doubles down on OT security

  The Cyber Security Agency of Singapore will fund 80 scholarships to groom a talent pool of operational technology security experts, among other efforts to bolster the security of critical infrastructure in the city-state

• July 11, 2022 11 Jul'22

  Microsoft VBA macro block will return

  Microsoft provides more details about its sudden decision to rollback a landmark security policy, and reassures users it is a temporary measure

• July 11, 2022 11 Jul'22

  SMEs lagging on multifactor authentication

  Only 46% of small business owners say they have implemented multifactor authentication, and just 13% mandate its use, according to a report

• July 07, 2022 07 Jul'22

  Tech companies face pressure over end-to-end encryption in Online Safety Bill

  An amendment to the Online Safety Bill, currently going through Parliament, will put pressure on tech companies over end-to-end encrypted messaging services

• July 07, 2022 07 Jul'22

  The Security Interviews: Inside Russia’s Ukraine information operation

  Computer Weekly speaks to Craig Terron of Recorded Future about delving deep inside the Russian disinformation machine, and how the Kremlin’s strategy is set to evolve

• July 06, 2022 06 Jul'22

  Plexal seeks new scaleups for next phase of Cyber Runway

  Established security startups looking to grow and scale their operations are being invited to join the next phase of Plexal’s Cyber Runway programme

• July 05, 2022 05 Jul'22

  Prepare for long-term cyber threat from Ukraine war, says NCSC

  The NCSC has published refreshed guidance on cyber preparedness as the war on Ukraine continues, urging organisations to pay attention to the state of their security teams

• July 05, 2022 05 Jul'22

  LogRhythm bullish on growth in APAC

  LogRhythm expects its business in the region to grow by over 20% this year thanks to demand from emerging economies where cyber security investments have not kept pace with cyber threats

• July 05, 2022 05 Jul'22

  NCSC CEO: Why we should run towards crises to elevate cyber security

  National Cyber Security Centre CEO Lindy Cameron, the 2022 Computer Weekly UKtech50 Most Influential Person in UK IT, reflects on a career immersed in crisis management, and how she is using this to elevate cyber security standards across the country

• July 04, 2022 04 Jul'22

  MPs call for ban on Chinese surveillance camera technology

  Nearly 70 MPs have called on the government to ban Chinese camera technology that is widely used by UK government agencies despite links to human rights abuses in China

• July 04, 2022 04 Jul'22

  Assange appeals against Priti Patel’s extradition order

  WikiLeaks founder is expected to raise concerns over the political nature of his prosecution, the likelihood of him receiving a fair trial, and the risk of a coercive plea bargain

• June 30, 2022 30 Jun'22

  ICO to cut back on fines for public sector data breaches

  Information commissioner John Edwards sets out a revised approach to how the ICO handles data breaches in the public sector, saying fining victims risks punishing the public twice over

• June 28, 2022 28 Jun'22

  Avast uncovers ‘thieves’ kitchen’ of malware-writing teens

  Researchers stumble across online community of 11 to 18-year-olds constructing, exchanging and spreading malware

• June 27, 2022 27 Jun'22

  Brexit a net negative for UK cyber, say CISOs

  Six years on from the UK’s Brexit vote, the majority of security professionals say leaving the EU has raised concerns over their ability to keep their organisations safe

• June 24, 2022 24 Jun'22

  Black Basta ransomware crew aiming for ‘big leagues’

  Emergent Black Basta ransomware gang has hit more than 50 countries since bursting onto the scene earlier this year, says Cybereason