News

IT risk management

• September 11, 2023 11 Sep'23

  Polish election questioned after Pegasus spyware used to smear opposition, investigation finds

  Senate committee alerts prosecutors over potential crimes by public officials involved in purchasing Pegasus spyware used to monitor and smear political opponents

• September 11, 2023 11 Sep'23

  Salesforce and Zoom embrace ethical hackers. You should, too

  Software companies Salesforce and Zoom discuss their successful bug bounty programmes, what they learned at a recent in-person hackathon in which they participated, and why others shouldn’t be scared of hackers

• September 08, 2023 08 Sep'23

  Deputy PM urges UK plc not to lose focus on cyber

  In a speech at TechUK, deputy prime minister Oliver Dowden urges the cyber security community not to lose focus, and to do more to further collaboration across sectors

• September 07, 2023 07 Sep'23

  UK minister fails to reassure tech companies over encryption risk

  Technology companies say reassurances by government ministers that they have no intention of weakening end-to-end encrypted communication services do not go far enough

• September 07, 2023 07 Sep'23

  Honeywell goes quantum to protect utilities from future threats

  Honeywell and quantum computing specialist Quantinuum will integrate quantum-hardened encryption keys into future smart meters

• September 05, 2023 05 Sep'23

  Researchers find flaw in Mend.io security platform

  WithSecure’s research team uncovered an authentication flaw in an application security platform developed by Mend.io, which has now been fixed

• September 05, 2023 05 Sep'23

  Law firm Fieldfisher launches data breach management tool

  UK and European data breach law specialist Fieldfisher has enlisted legal tech specialist Lawcadia to supply a 24-hour data breach notification assessment platform

• September 05, 2023 05 Sep'23

  NCSC names ex-NCC man as new CTO

  New NCSC CTO Ollie Whitehouse joins from NCC Group, having also worked at BlackBerry and Symantec

• September 05, 2023 05 Sep'23

  Plymouth Uni spearheads research into wind farm cyber resilience

  Project hosted at the University of Plymouth in Devon aims to develop cyber security measures to protect the UK’s increasingly important offshore wind farm assets

• September 04, 2023 04 Sep'23

  How startup Once.net and Cloudflare secured the 2023 Eurovision vote

  When the Eurovision Song Contest introduced paid-for public voting from outside Europe in 2023, it faced new cyber challenges. Learn how Dutch startup Once.net and Cloudflare teamed up to secure and support the big night

• September 01, 2023 01 Sep'23

  Police Scotland five-year digital strategy approved

  Police Scotland’s new strategy outlines how the force will approach and invest in its digital transformation over the next five years, but notes its ability to achieve its ambitions is subject to the availability of funding

• August 31, 2023 31 Aug'23

  Ducktail social media marketing malware rears its head again

  Use of the Ducktail infostealer, which first popped up in 2022 targeting Meta Business accounts, seems to be increasing

• August 31, 2023 31 Aug'23

  Home Office and MoD seeking new facial-recognition tech

  The UK’s Defence and Security Accelerator is running a ‘market exploration’ exercise on behalf of the Home Office to identify new facial-recognition capabilities for security and policing bodies in the UK

• August 30, 2023 30 Aug'23

  NCSC warns over possible AI prompt injection attacks

  The UK’s NCSC says it sees alarming potential for so-called prompt injection attacks driven by the large language models that power AI chatbots

• August 29, 2023 29 Aug'23

  Top-performing CISOs reserve time for professional development

  Survey of chief information security officers conducted by Gartner sheds light on habits shared by the top-performing members of the profession

• August 23, 2023 23 Aug'23

  Cyber attacks in 2023 develop quicker as average dwell times plummet

  The median attacker dwell time shrunk from 10 to eight days in the first seven months of 2023, and in the case of ransomware attacks it is down to just five days

• August 22, 2023 22 Aug'23

  Singapore to bolster OT security capabilities

  Cyber Security Agency of Singapore teams up with Dragos and the US Cybersecurity and Infrastructure Security Agency to bolster the country’s OT security capabilities

• August 22, 2023 22 Aug'23

  Clop’s MOVEit attacks drive ransomware volumes to record high

  Such has been the scope of Clop’s activity since May that ransomware attack volumes have more than doubled year on year, according to the latest data

• August 17, 2023 17 Aug'23

  Researchers demo fake airplane mode exploit that tricks iPhone users

  Exploit chain that tricks a victim into believing their iOS device is offline in airplane mode when it is not could open the door to grave privacy concerns

• August 16, 2023 16 Aug'23

  CyberArk eyes growth beyond PAM

  CyberArk is seeing exponential growth in the broader identity security market as the company expands its capabilities beyond privileged access management

• August 16, 2023 16 Aug'23

  ITAM influence on cyber risk becoming a factor in credit ratings

  Credit agency S&P Global Ratings warns that organisations that pay inadequate attention to IT asset management as a factor in their cyber risk management processes may find their creditworthiness takes a dive

• August 14, 2023 14 Aug'23

  US Cyber Board to probe cloud security after latest Exchange hack

  CSRB review of cloud security comes in the wake of a major Chinese cyber attack on US government bodies orchestrated through Microsoft’s cloud services

• August 12, 2023 12 Aug'23

  Datacentre management vulnerabilities leave public clouds at risk

  At the annual DEF CON hacking convention, researchers from Trellix have disclosed multiple vulnerabilities in key datacentre products underpinning the world’s public cloud infrastructure

• August 10, 2023 10 Aug'23

  Google speeds up security update frequency for Chrome

  Changes to Google’s security update policy are supposed to help close the gap in which cyber criminals can exploit n-day vulnerabilities

• August 10, 2023 10 Aug'23

  PSNI investigating second breach after laptop stolen

  Just hours after accidentally disclosing the personal details of 10,000 personnel, the Police Service of Northern Ireland has notified a second data breach after a police issue laptop and documents were stolen from a parked car

• August 09, 2023 09 Aug'23

  Microsoft addresses Office vulnerability attacked by Russian spooks in latest update

  Microsoft has issued fixes for over 70 vulnerabilities in its August Patch Tuesday drop, including remedies for CVE-2023-36884, which was disclosed without a fix in July and has been the subject of Kremlin-backed cyber attacks

• August 08, 2023 08 Aug'23

  MPs warn about growing prevalence of tech-enabled domestic abuse

  The UK government must take action to prevent perpetrators from being able to use connected or smart technologies to conduct their domestic abuse, a select committee has warned

• August 08, 2023 08 Aug'23

  Workplace monitoring needs worker consent, says select committee

  Employers looking to monitor their employees through connected devices should only to so with the consent of those affected due to negative impacts such surveillance can have on work intensification and mental health

• August 08, 2023 08 Aug'23

  Many UK organisations considering ChatGPT bans on employee devices

  More than 60% of organisations in the UK have either banned, or are considering banning, the use of generative AI tools on employee- or business-owned devices

• August 07, 2023 07 Aug'23

  Rise in fraudsters spoofing the websites of leading UK banks

  Despite safeguards to protect customers from scams, UK retail banks are still seeing high volumes of fake phishing websites exploiting their brands, and the problem seems to be increasing in scope and scale

• August 04, 2023 04 Aug'23

  Log4Shell, ProxyShell still among most widely exploited flaws

  Statistics released by the collective Five Eyes cyber agencies reveals insight into the most exploited vulnerabilities of 2022, and unsurprisingly there are some old ‘friends’ on the list

• August 04, 2023 04 Aug'23

  Biden’s SBOM mandate a ‘shot heard around the world’, report says

  Two years and three months after Joe Biden mandated new standards in supply chain security, over 40% of UK respondents to a survey say they have implemented new SBOM policies in direct response

• August 03, 2023 03 Aug'23

  Scottish NHS trust ducks fine after staff shared patient data via WhatsApp

  NHS Lanarkshire has been issued a formal reprimand by the ICO after staff members used WhatsApp to share patients’ personal data with one another

• August 03, 2023 03 Aug'23

  Microsoft attacked over ‘grossly irresponsible’ security practice

  The CEO of Tenable has launched a scathing attack on Microsoft, asserting that the organisation is deliberately keeping its Azure cloud customers in the dark about dangerous vulnerabilities and accusing it of a culture of ‘toxic obfuscation’

• July 27, 2023 27 Jul'23

  Cyber criminals pivot away from ransomware encryption

  Cyber breaches that saw data theft and extortion without an encryption or ransomware component account for more and more incidents, in a possible indication that ransomware gangs are changing up their business models

• July 27, 2023 27 Jul'23

  Ant Group teams with NTU to advance privacy-preserving technologies

  The Chinese fintech giant is partnering with Singapore’s Nanyang Technological University on a cryptographic protocol that ensures the privacy of transacting parties

• July 25, 2023 25 Jul'23

  Tetra radio users’ comms may have been exposed for years

  A number of flaws in the encryption algorithms used in the secure Tetra radio communications standard have potentially left users exposed to snooping

• July 24, 2023 24 Jul'23

  Citrix NetScaler users told to patch new zero-day urgently

  A vulnerability disclosed and patched last week by Citrix appears to be being exploited by China-backed threat actors as a zero-day, prompting warnings from government cyber bodies

• July 24, 2023 24 Jul'23

  Tribunal investigates complaint that journalists’ phones were unlawfully monitored

  The Investigatory Powers Tribunal has agreed to investigate complaints by Northern Ireland investigative journalists Trevor Birney and Barry McCaffrey that they were unlawfully placed under surveillance

• July 24, 2023 24 Jul'23

  Security AI and automation may reduce cost of data breaches

  Organisations that go all in on security AI and automation tend to incur lower financial costs when they experience a data breach incident, according to an IBM report

• July 24, 2023 24 Jul'23

  Why cyber security should be part of your ESG strategy

  The impact of data breaches and cyber threats on businesses, societies and the environment makes cyber security a key consideration in an environment, social and governance strategy

• July 21, 2023 21 Jul'23

  Government boosts protection for encryption in Online Safety Bill but civil society groups concerned

  House of Lords adopts amendment to require Ofcom to commission a report before requiring technology companies to scan encrypted messages, but drops proposals for judicial oversight

• July 20, 2023 20 Jul'23

  Online Safety Bill screening measures amount to ‘prior restraint’

  The Open Rights Group is calling on Parliament to reform the Online Safety Bill, on the basis that its content-screening measures would amount to “prior restraint” on freedom of expression

• July 20, 2023 20 Jul'23

  How the DSMA balances security and privacy with press freedom

  In a world of information sharing and 24-hour news cycles, the Defence and Security Media Advisory committee have to balance national security and data privacy with freedom of the press

• July 19, 2023 19 Jul'23

  Half of cyber pros engage in risky behaviour at work, report claims

  Approximately 55% of security professionals say they have engaged in behaviours they would more usually advise against in the workplace, according to a report

• July 19, 2023 19 Jul'23

  Cyber criminal AI tool WormGPT produces ‘unsettling’ results

  A newly discovered generative AI tool dubbed WormGPT is being sold to the cyber criminal underground via the dark web, and poses a significant danger, researchers warn

• July 18, 2023 18 Jul'23

  NATO membership to drive Nordic cyber security sector growth

  The Nordic cyber security sector will see increasing demand as Finland and Sweden joint NATO

• July 18, 2023 18 Jul'23

  Critical Adobe ColdFusion flaws chained in ongoing cyber attacks

  Two vulnerabilities in Adobe ColdFusion have been chained by threat actors to target victim systems, apparently after one of them was accidentally disclosed

• July 17, 2023 17 Jul'23

  Police Scotland use cloud for biometric data despite clear risks

  Police Scotland confirms it has stored significant volumes of biometric data on a cloud-based digital evidence sharing system despite major ongoing data protection concerns, bringing into question the effectiveness of the current regulatory approach...

• July 13, 2023 13 Jul'23

  Civil society groups call on EU to put human rights at centre of AI Act

  Dozens of civil society groups are calling on EU institutions to prioritise people and human rights in AI legislation as secretive negotiations begin