News

IT risk management

• July 24, 2024 24 Jul'24

  CrowdStrike blames outage on content configuration update

  CrowdStrike publishes the preliminary findings of what will be a lengthy investigation into the root causes of the failed 19 July update that caused Windows computers to crash all over the world

• July 24, 2024 24 Jul'24

  Mimecast to buy insider threat specialist Code42

  Mimecast is to buy fellow human-centred risk experts Code42 for an undisclosed sum to take advantage of its insider threat and data loss protection specialisms

• July 23, 2024 23 Jul'24

  Innovations to power secure-by-design development

  Secure Code Warrior unveils technology designed to help CISOs and AppSec teams ensure their projects remain safe and free of coding errors and vulnerabilities – a big issue following the CrowdStrike incident

• July 22, 2024 22 Jul'24

  NCSC: Beware of criminal CrowdStrike opportunists

  Financially motivated cyber criminals are already conducting opportunistic attacks on organisations that leverage the CrowdStrike incident, and more targeted attacks are sure to follow

• July 22, 2024 22 Jul'24

  CrowdStrike chaos shows risks of concentrated ‘big IT’

  The concentration of so much mission-critical technology in the hands of a few large suppliers makes incidents like the Microsoft-CrowdStrike outage all the more dangerous

• July 21, 2024 21 Jul'24

  CrowdStrike update snafu affected 8.5 million Windows devices

  About 8.5 million devices globally were hit by the botched CrowdStrike update, with a significant number now back online and operational

• July 19, 2024 19 Jul'24

  Global Microsoft outage hits NHS GP IT system

  The Emis Web IT system used by more than half of GP practices in the UK is down, following the worldwide Microsoft outage

• July 18, 2024 18 Jul'24

  Lawyers and journalists seeking ‘payback’ over police phone surveillance, claims former detective

  Former Durham detective will be required to give evidence to a tribunal investigating allegations that police unlawfully monitored journalists’ phones

• July 17, 2024 17 Jul'24

  UK Cyber Bill teases mandatory ransomware reporting

  In the Cyber Security and Resilience Bill introduced in the King's Speech, the UK's new government pledges to give regulators more teeth to ensure compliance with security best practice and to mandate incident reporting

• July 17, 2024 17 Jul'24

  How iProov is fending off deepfake fraud

  Facial biometrics and controlled illumination can detect liveness, verify identities and help prevent deepfake attacks

• July 16, 2024 16 Jul'24

  Strategic Defence Review must emphasise cyber security, says industry

  Cyber security leaders say the new government's Strategic Defence Review needs to put digital security front and centre

• July 15, 2024 15 Jul'24

  How Snowflake is tackling AI challenges

  Snowflake’s regional leader Sanjay Deshmukh outlines how the company is helping customers to tackle the security, skills and cost challenges of AI implementations

• July 11, 2024 11 Jul'24

  Dutch research firm TNO pictures the SOC of the future

  In only a few years, security operations centres will have a different design and layout, and far fewer will remain

• July 11, 2024 11 Jul'24

  Inside Israel’s cyber security operations

  An emergency phone line allows cyber security analysts at the Israel Computer Emergency Response Team to map threats against national infrastructure

• July 10, 2024 10 Jul'24

  The security interview: Managing the ‘no’ mindset

  Matt Riley, data protection and information security officer at Sharp Europe, discusses balancing cyber risks with business leaders’ goals

• July 09, 2024 09 Jul'24

  Hyper-V zero-day stands out on a busy Patch Tuesday

  Microsoft has fixed almost 140 vulnerabilities in its latest monthly update, with a Hyper-V zero-day singled out for urgent attention

• July 09, 2024 09 Jul'24

  Chinese spies target vulnerable home office kit to run cyber attacks

  China’s APT40 is ramping up targeting of victims using vulnerable small and home office networking kit as command and control infrastructure, according to an international alert

• July 08, 2024 08 Jul'24

  Synnovis attack highlights degraded, outdated state of NHS IT

  More cyber attacks against the health service are likely, and will succeed if something isn’t done to address the increasingly elderly NHS IT estate, experts are warning

• July 03, 2024 03 Jul'24

  NCA’s Operation Morpheus targets illicit Cobalt Strike use

  International law enforcement operation targets cyber criminals using the Cobalt Strike penetration testing framework for dodgy purposes

• June 28, 2024 28 Jun'24

  How FWD is driving its digital strategy

  FWD’s group chief technology and operations officer talks up how the pan-Asian insurer is driving change faster and putting technology at the heart of its services

• June 28, 2024 28 Jun'24

  How Recorded Future is operationalising threat intelligence

  Recorded Future is investing in APIs to enable automated security workflows, among other measures, to help organisations overcome the hurdles of operationalising threat intelligence

• June 26, 2024 26 Jun'24

  Israel’s cyber chief calls for international front against Iranian hackers

  Israel’s cyber chief has called for international action against Iran over state-backed hacking

• June 26, 2024 26 Jun'24

  Police Scotland did not consult ICO about high-risk cloud system

  Police Scotland chose not to formally consult with the data regulator about the risks identified with a cloud-based digital evidence sharing system, while the regulator itself did not follow up for nearly three months

• June 25, 2024 25 Jun'24

  WikiLeaks founder Julian Assange freed from prison

  A deal reached with US authorities will end the WikiLeaks founder’s years-long legal saga, setting him free if he pleads guilty to a criminal conspiracy charge

• June 24, 2024 24 Jun'24

  Sellafield pleads guilty to criminal charges over cyber security

  Nuclear Decommissioning Authority-backed organisation Sellafield Ltd pleads guilty to criminal charges brought over significant cyber security failings that could have compromised sensitive nuclear information

• June 21, 2024 21 Jun'24

  Sellafield whistleblower ordered to pay costs after email tampering claims

  A former consultant at Sellafield has been ordered to pay costs for having ‘acted unreasonably’ in claiming the nuclear facility tampered with metadata in letters used against her in court

• June 21, 2024 21 Jun'24

  Qilin ransomware gang publishes stolen NHS data online

  The ransomware gang behind a major cyber attack on NHS supplier Synnovis has published a 400GB trove of private healthcare data online

• June 21, 2024 21 Jun'24

  ICO police cloud guidance released under FOI

  Long-awaited guidance from the UK data regulator on police cloud deployments highlights some potential data transfer mechanisms it thinks can clear up ongoing legal issues, but tells forces it’s up to them to decide if the measures would work

• June 19, 2024 19 Jun'24

  Microsoft admits no guarantee of sovereignty for UK policing data

  Documents show Microsoft’s lawyers admitted to Scottish policing bodies that the company cannot guarantee sensitive law enforcement data will remain in the UK, despite long-standing public claims to the contrary

• June 07, 2024 07 Jun'24

  DDoS gang threatens to disrupt European elections

  Russian hacktivists are threatening to disrupt the European Parliament elections, while the BBC reports on new deepfake threats to the UK’s electoral process

• June 07, 2024 07 Jun'24

  Sophos uncovers Chinese state-sponsored campaign in Southeast Asia

  Sophos found three distinct clusters of activity targeted at a high-level government organisation that appeared to be tied to Chinese interests in the South China Sea

• June 05, 2024 05 Jun'24

  Qilin ransomware gang likely behind crippling NHS attack

  Security experts investigating a major cyber attack on an NHS partner that has caused frontline services across South London to grind to a halt say the Qilin ransomware gang appears to be the culprit

• June 04, 2024 04 Jun'24

  OAIC files civil penalty action against Medibank

  The OAIC alleges that Medibank failed to take reasonable steps to protect the personal information of 9.7 million Australians in the October 2022 data breach

• June 04, 2024 04 Jun'24

  Invasive tracking ‘endemic’ on sensitive support websites

  Websites set up by police, charities and universities to help people get support for sensitive issues like addiction and sexual harassment are deploying tracking technologies that harvest information without proper consent

• June 04, 2024 04 Jun'24

  NHS services at major London hospitals disrupted by cyber attack

  A major cyber attack at NHS services provider Synnovis is disrupting frontline care at hospitals across London

• June 04, 2024 04 Jun'24

  Russia used fake AI Tom Cruise in Olympic disinformation campaign

  Microsoft threat researchers report a surge in Russian disinformation campaigns targeting the 2024 Summer Olympics, including AI-enhanced propaganda

• June 03, 2024 03 Jun'24

  97 FTSE 100 firms exposed to supply chain breaches

  Between March 2023 and March 2024, 97 out of 100 companies on the UK’s FTSE 100 list were put at risk of compromise following supply chain breaches at third-party suppliers

• June 03, 2024 03 Jun'24

  Sellafield local authority slammed over response to North Korean ransomware attack

  The local authority for Europe’s biggest nuclear site has been slammed by auditors for its response to a North Korea-linked cyber attack that temporarily crippled its operations

• June 02, 2024 02 Jun'24

  Ticketek Australia hit by data breach

  Customer names, dates of birth and email addresses of Ticketek Australia account holders reportedly impacted in latest data breach affecting event ticketing firm

• May 31, 2024 31 May'24

  Law student ‘unfairly disciplined’ after reporting data breach blunder

  A law student has accused a leading legal college of unethical behaviour and a “lack of integrity” after it brought misconduct proceedings against him when he reported a data security blunder

• May 30, 2024 30 May'24

  Europol sting operation smokes multiple botnets

  Malware droppers including Bumblebee and Smokeloader were among those targeted in one of the largest ever joint operations against cyber criminal botnets

• May 29, 2024 29 May'24

  Storebrand divests from IBM over supply of biometrics to Israel

  Norwegian asset manager Storebrand’s decision to divest from IBM comes amid growing scrutiny of the role technology companies play in Israel’s human rights abuses

• May 29, 2024 29 May'24

  Proofpoint exposes AFF scammers’ piano gambit

  Ransomware and nation state actors dominate the headlines, but fraud and scams still net career cyber criminals thousands from unsuspecting members of the public. Proofpoint reports on a campaign targeting victims of a musical inclination

• May 29, 2024 29 May'24

  Organisations value digital trust, but aren’t working at it

  Three quarters of organisations believe digital trust is relevant to their businesses, yet clear gaps in strategies still seem to persist

• May 28, 2024 28 May'24

  Executive Interview: Why Dell wants to be your one-stop AI shop

  At Dell Technologies World in Las Vegas, artificial intelligence was the talk of the town as Dell staked out an all-encompassing strategy ahead of an anticipated goldrush. Dell’s Nick Brackney explains why the tech giant believes it's onto a winner

• May 28, 2024 28 May'24

  Why reliable data is essential for trustworthy AI

  In little over two years, generative AI has changed the shape of the technology industry. Now is the time for proper due diligence

• May 24, 2024 24 May'24

  Parliamentarians warn of UK election threat from Russia, China and North Korea

  Joint parliamentary security committee chair Margaret Beckett writes to prime minister urging government to prepare for foreign states interfering with 4 July election

• May 23, 2024 23 May'24

  Munich Re sees strong growth in AI insurance

  Global reinsurance giant Munich Re expects more demand for AI insurance from organisations that are looking to manage the risks of AI as they experiment more with the technology

• May 22, 2024 22 May'24

  Rockwell urges users to disconnect ICS equipment

  ICS systems maker Rockwell Automation calls on users to take steps to secure their equipment, and reminds them there is no reason to ever have its hardware connected to the public internet, as it tracks an increase in global threat activity

• May 21, 2024 21 May'24

  The Security Interviews: What is the real cyber threat from China?

  Former NCSC boss Ciaran Martin talks about nation-state attacks, why the UK has become so exercised about cyber espionage, and how our leaders are in danger of misunderstanding their adversaries