News

IT risk management

• May 26, 2021 26 May'21

  More data stolen in January 2021 than in all of 2017, says report

  The volume of data being stolen through breaches is growing steadily and shows no sign of slowing, according to a report from Imperva

• May 25, 2021 25 May'21

  CyberSprinters game gives kids a head start, says NCSC

  An online game for primary schools, clubs and youth organisations will teach children aged seven to 11 the fundamentals of staying safe online

• May 25, 2021 25 May'21

  Threat of group GDPR legal action haunts CISOs

  The vast majority of security leaders questioned for a new report say they are concerned about the possibility of group legal settlements against them following a serious data breach

• May 25, 2021 25 May'21

  Industry reflects on three years of GDPR

  Looking back on 12 tumultuous months, we assess how GDPR has weathered the effects of the Covid-19 pandemic and Brexit, and consider what the coming year may hold for data protection

• May 25, 2021 25 May'21

  Legacy vulnerabilities may be biggest enterprise cyber risk

  While high-profile cyber attacks and zero-days grab headlines, statistics gathered by network security specialists Cato suggest CISOs should be addressing legacy threats

• May 24, 2021 24 May'21

  Dutch researchers build security software to mimic human immune system

  Software could help IT systems develop immunity to some cyber attacks in a similar way to how the body fights infection

• May 24, 2021 24 May'21

  Why the security stack needs to move to the edge

  Akamai’s chief technology officer Robert Blumofe makes the case for a decentralised security model to address cyber threats that are emanating from the network edge

• May 20, 2021 20 May'21

  Pandemic tech use heightens consumer privacy fears

  Report on consumer attitudes to privacy finds evidence of a “heightened sense of fear” as digital footprints expand inexorably

• May 20, 2021 20 May'21

  Malicious scans for at-risk systems start minutes after disclosure

  Statistics collated by Palo Alto Networks reveal malicious actors begin scanning the internet for systems at risk of new CVEs within minutes

• May 19, 2021 19 May'21

  Barclays first bank to publish online scam refund details

  All banks must be transparent about the proportion of victims of authorised push payment fraud they refund, says consumer rights organisation Which?

• May 19, 2021 19 May'21

  Flexxon bakes AI into SSDs to fight unknown threats

  Singapore-based Flexxon has developed a solid-state drive that uses artificial intelligence to fend off malware and other unknown threats

• May 18, 2021 18 May'21

  Microsoft EU Data Boundary dubbed ‘smoke and mirrors’

  Data protection experts claim Microsoft’s decision to create an EU Data Boundary is a tacit admission that it routinely transfers and processes the personal data of European citizens outside the bloc

• May 18, 2021 18 May'21

  Irish High Court dismisses legal bid by Facebook over EU-US data transfers

  Latest twist in long-running legal battle sees Facebook lose legal bid to prevent the Irish Data Protection Commissioner suspending its transfer of data about European citizens to the US

• May 18, 2021 18 May'21

  Australian budget lends support to digital economy

  Australia’s A$1.2bn Digital Economy Strategy ticks most of the right boxes, but some industry experts say areas such as broadband infrastructure and artificial intelligence are still underfunded

• May 17, 2021 17 May'21

  Government seeks input on supply chain security

  Amid concerns that too few companies are addressing vulnerabilities in their supply chain, DCMS is opening a consultation on new measures to enhance security

• May 14, 2021 14 May'21

  Dutch police used deep learning model to predict threats to life

  Dutch police developed a deep learning model in their EncroChat investigation to predict which messages contain serious threats to life

• May 13, 2021 13 May'21

  Publishing exploit code does more harm than good, says report

  Disclosing exploit code before patches are available gives malicious actors a ‘massive’ head-start, says Kenna Security

• May 13, 2021 13 May'21

  Biden beefs up public-private security cooperation

  Joe Biden has signed a new Executive Order to harden US cyber security and government networks, with an emphasis on information sharing

• May 13, 2021 13 May'21

  CISOs weathered the pandemic well, but at personal cost

  Over 80% of CISOs think their existing security capabilities stayed strong during the worst of the Covid-19 pandemic, but now face stress and burnout on an unheard-of scale

• May 13, 2021 13 May'21

  Verizon DBIR underscores year of unprecedented cyber challenge

  Verizon 2021 Data Breach Investigations Report draws predictable conclusions as the impact of the Covid-19 pandemic continues to be felt

• May 12, 2021 12 May'21

  Inside DarkSide: Researchers share intel on break-out cyber gang

  Security researchers swap information on the newly famous DarkSide ransomware gang, the group that doesn’t appear to understand what ‘being a criminal’ actually means

• May 12, 2021 12 May'21

  CyberUK 2021: NCSC encourages startups to invest in cyber

  National Cyber Security Centre is launching bespoke cyber security guidance aimed at the UK’s valuable startup community

• May 12, 2021 12 May'21

  UK to fund national cyber teams in Global South

  Government will commit millions of pounds to supporting vulnerable countries in establishing cyber capacity

• May 12, 2021 12 May'21

  Microsoft fixes four critical bugs on lighter Patch Tuesday

  Four critical RCE vulnerabilities put users of various Microsoft products at risk, and should be patched right away

• May 12, 2021 12 May'21

  The Security Interviews: Why helpful bots could hurt vaccine roll-outs

  Earlier this year, spikes in traffic to websites containing information about Covid-19 vaccines were attributed by Imperva to automated bots scraping data. Why is that a problem?

• May 11, 2021 11 May'21

  UK Plc invited to sign up for Early Warning of cyber incidents

  The launch of the Early Warning incident notification service is among the enhancements being made by the NCSC to its service packages

• May 11, 2021 11 May'21

  NCSC cyber guidance targets cloud and home working

  The NCSC’s refreshed cyber security guidance for larger organisations places particular emphasis on cloud, home working and ransomware

• May 11, 2021 11 May'21

  Government to reform Computer Misuse Act

  Home secretary Priti Patel will explore reforming the Computer Misuse Act as calls mount for the 31-year-old law to be updated to reflect the changed online world

• May 11, 2021 11 May'21

  SolarWinds CEO calls for collective action against state attacks

  SolarWinds CEO tells NCSC’s CyberUK conference he is exploring the possibility of collaborating with other companies on collective cyber action against attacks backed by nation states

• May 11, 2021 11 May'21

  Colonial Pipeline ransomware attack has grave consequences

  The ramifications of a major ransomware attack against a US fuel pipeline operator could spread far and wide

• May 10, 2021 10 May'21

  NCSC Active Cyber Defence blocks surge of pandemic scams

  The NCSC responded to a surge in online scams last year as it moved to protect both the general public and critical national services during the pandemic

• May 07, 2021 07 May'21

  NCSC, CISA publish new information on Russia’s Cozy Bear

  New intelligence from UK and US cyber agencies suggests that APT29, or Cozy Bear, has been switching up its tactics

• May 07, 2021 07 May'21

  NCSC publishes smart city security guidelines

  Guidance for local authorities, IT and cyber professionals aims to ensure the security of connected, smart city projects

• May 07, 2021 07 May'21

  Cyber accreditation to improve legal standing of security pros

  Institute of Cyber Digital Investigations Professionals will help incident responders and cyber investigators get the professional recognition they deserve

• May 07, 2021 07 May'21

  Reddit enlists HackerOne to run public bug bounty programme

  Online community platform is opening up its HackerOne bug bounty programme to any ethical hacker who cares to have a look under the bonnet

• May 07, 2021 07 May'21

  Ransomware, supply chain attacks show no sign of abating

  Security experts at Black Hat Asia 2021 discuss the state of ransomware and supply chain attacks, two of the most common attack vectors that offer high returns for threat actors

• May 06, 2021 06 May'21

  Google to introduce mandatory MFA for users

  In future, holders of Google accounts will have no option but to use multifactor authentication if they want to use the firm’s services

• May 05, 2021 05 May'21

  Dysfunctional cyber, network teams disrupt digital transformation

  Despite shared goals, combative and dysfunctional relationships within specialist tech teams are putting digital transformation projects at risk, according to a report

• May 04, 2021 04 May'21

  Half of organisations breached via a third party in 12 months

  New report highlights the risks of outsourcing key business processes without paying due care and attention to your service provider’s security

• May 03, 2021 03 May'21

  New standard to simplify IoT device onboarding

  Fido Alliance’s device onboarding protocol will automate the process of connecting internet-of-things devices to device management platforms while improving security

• April 30, 2021 30 Apr'21

  EncroChat: Top lawyer warned CPS of risk that phone hacking warrants could be unlawful

  Lord David Anderson QC warned prosecutors that there were formidable arguments against the lawfulness of a police operation to infiltrate the encrypted phone network, EncroChat

• April 30, 2021 30 Apr'21

  End of support for Build 1909 leaves some Windows open to attack

  Biannual Windows updates free IT staff from major updates, but some people prefer older builds of Windows, which leaves a gaping security hole

• April 28, 2021 28 Apr'21

  Covid-19 security challenges leave bank customers at risk

  Challenges arising from the pandemic have left gaping holes in banking security, putting consumers at risk of fraud

• April 28, 2021 28 Apr'21

  Recruiters can’t afford to hold out for cyber ‘unicorns’

  The perfect security candidate is hard to find, so hiring policy needs to be more pragmatic

• April 28, 2021 28 Apr'21

  NHS App to serve as vaccine passport for foreign holidays

  Existing NHS App will have vaccine passport functionality added to it, transport secretary confirms

• April 27, 2021 27 Apr'21

  Total cost of ransomware attack heading towards $2m

  Sophos’ latest study finds that ransomware attacks are proving increasingly disruptive to their victims’ finances

• April 27, 2021 27 Apr'21

  Leaky Azure storage account puts software developer IP at risk

  Source code for multiple products was left exposed in an unsecured Microsoft Azure cloud storage account, say researchers, but attributing responsibility for the error has proved difficult

• April 27, 2021 27 Apr'21

  The Security Interviews: Making sense of outbound email security

  Screening inbound emails is an accepted part of an organisation’s security posture, but the topic of securing outbound traffic is less often discussed. Zivver’s Rick Goud is on a mission to change this

• April 22, 2021 22 Apr'21

  GCHQ: Cyber investment a guarantor of UK’s global status

  GCHQ director Jeremy Fleming sets out a vision for the UK’s cyber security future

• April 22, 2021 22 Apr'21

  Automation, zero-trust, API-based security priorities for EMEA CISOs

  Report by FireMon sheds light on buyer behaviour across the EMEA region