News

IT risk management

December 14, 2022 14 Dec'22
Ethical hackers flex their muscles in 2022

Ethical hackers working through HackerOne programmes found 21% more vulnerabilities in 2022 than in 2021
December 14, 2022 14 Dec'22
Microsoft fixes two zero-days in final Patch Tuesday of 2022

December’s Patch Tuesday is typically a light month for Microsoft, and this year proved no exception, but there are still several critical issues worth addressing, and two zero-days for defenders to pore over
December 13, 2022 13 Dec'22
Crime Stoppers Tasmania debuts new reporting portal

Reporting tool will enable the public to share crime-related information with law enforcement agencies to support policing in Tasmania
December 13, 2022 13 Dec'22
EU issues draft data adequacy decision in favour of US

The European Commission has concluded that the United States does ensure an adequate level of protection for personal data transferred from the European Union and will now launch the process towards the adoption of an adequacy decision

December 13, 2022 13 Dec'22
The nature of the CISO role will be in flux in 2023

As cyber risk outpaces organisational defences, and cyber attacks and breaches cause more and more damage, the nature of the CISO role is entering a state of flux, according to a report
December 13, 2022 13 Dec'22
Finnish government launches information security voucher scheme

Finland’s government is offering businesses financial support to help them improve their cyber security
December 13, 2022 13 Dec'22
More Uber data exposed in possible supply chain attack

A second incident affecting ride-sharing app Uber appears to have originated through a third party in a supply chain attack
December 12, 2022 12 Dec'22
Top IT predictions in APAC in 2023

Robotics, cross-cloud data mobility and cyber insurance are some of the key trends that will shape Asia-Pacific’s technology landscape in 2023
December 11, 2022 11 Dec'22
How Zscaler is cracking APAC’s cloud security market

Zscaler’s head in Asia-Pacific and Japan talks up the company’s growth momentum in the region and what it is doing to address areas where it can do better
December 08, 2022 08 Dec'22
Australia to develop new cyber security strategy

New strategy to be developed by top cyber security experts aims to turn Australia into a global cyber leader, among other goals

December 07, 2022 07 Dec'22
Rackspace email outage confirmed as ransomware attack

An ongoing outage affecting Rackspace email customers is the result of a ransomware attack
December 07, 2022 07 Dec'22
Google, MS, Oracle vulnerabilities make November ’22 a big month for patching

Vulnerabilities affecting the likes of Google, Microsoft and Oracle proved particularly troublesome in November
December 06, 2022 06 Dec'22
Legacy IT magnifies cyber risk for Defra, says NAO

Some 30% of Defra’s applications are currently unsupported, magnifying cyber risk as the government department struggles to make progress on a digital transformation programme
December 06, 2022 06 Dec'22
Industrial IoT focus of next NCSC startup challenge

The NCSC for Startups programme is looking for innovative ideas to encrypt and secure the industrial internet of things
December 06, 2022 06 Dec'22
EU fails to protect human rights in surveillance tech transfers

Transfers of surveillance technology from the European Union to African governments are carried out without due regard for the human rights impacts, the European Ombudsman has found after a year-long investigation into the European Commission’s ...
December 06, 2022 06 Dec'22
Don’t become an unwitting tool in Russia’s cyber war

Researchers have turned up evidence that enterprise networks are being co-opted by Russian threat actors to launch attacks against targets in Ukraine. How can you avoid becoming an unwitting tool in a state-backed attack?
December 05, 2022 05 Dec'22
French cyber consultancy Hackuity sets up UK operation

Risk-based vulnerability management company is to establish a UK base of operations in the hope of expanding its enterprise client base
December 02, 2022 02 Dec'22
Twitter ‘replacement’ Hive Social shuts off service in privacy alert

Hive Social, a recently established social media network, has temporarily closed its servers to address deep structural privacy issues identified by ethical hackers
December 01, 2022 01 Dec'22
MI6 chief’s hacked emails attacked MI5 and betrayed British spy operations in China

Former UK spy boss Richard Dearlove leaked names of MI6 secret agent recruiters in China to back an aggressive right-wing US campaign against tech company Huawei. His emails were hacked and then leaked – probably by Russian intelligence
November 30, 2022 30 Nov'22
NIS regulations to be extended to cover MSPs

The UK government is moving ahead with plans to update the Network and Information Systems regulations to bring outsourcers and MSPs into scope
November 29, 2022 29 Nov'22
AWS doubles down on data management

Cloud giant Amazon Web Services declares a bold vision to eliminate the need to extract, transform and load data alongside other efforts to address business problems in domains like cyber security and logistics
November 29, 2022 29 Nov'22
‘Legal but harmful’ clause dropped from Online Safety Bill

Online Safety Bill’s ‘legal but harmful’ provision will be dropped by the UK government in favour of public risk assessments, tools to help users control the content they consume, and new criminal offences around self-harm
November 27, 2022 27 Nov'22
Plexal inducts six into cyber leadership scheme

Tech innovation hub Plexal is expanding its Cyber Runway programme with a new Ignite strand dedicated to supporting high-potential security leaders
November 25, 2022 25 Nov'22
Data management, backup becoming the CISO's responsibility

More and more CISOs are taking on responsibility for wider data management strategies, and this trend looks set to grow next year
November 24, 2022 24 Nov'22
Not-for-profit aims to encourage 1,300 girls into cyber careers

CyNam, a not-for-profit cyber security initiative, is collaborating with industry, education providers and government to encourage young women into cyber
November 23, 2022 23 Nov'22
South Korea data adequacy pact brings £15m Brexit bonus

UK government finalises a data adequacy agreement with South Korea, saying it will unlock a post-Brexit business bonus of just under £15m
November 23, 2022 23 Nov'22
Red team tool developer slams ‘irresponsible’ disclosure

UK security firm MDSec defends its Nighthawk command and control penetration testing framework after suggestions were made that it could be appropriated by threat actors
November 23, 2022 23 Nov'22
Dutch national cyber security strategy aims to protect digital society

Cabinet sets up national cyber security strategy to make the Netherlands digitally secure
November 22, 2022 22 Nov'22
Killnet DDoS hacktivists target Royal Family and others

Russia-aligned hacktivists targeted multiple UK websites, including those of the Royal Family, in a new campaign of DDoS attacks
November 22, 2022 22 Nov'22
C-suite mystified by cyber security jargon

Malware, supply chain attack, zero-day, IoC, TTP and Mitre ATT&CK are just some of the everyday terms that security pros use that risk making the world of cyber incomprehensible to outsiders
November 21, 2022 21 Nov'22
NHS trust that deleted up to 90,000 emails cleared of deliberately concealing evidence

A tribunal found in a high-profile case brought by whistleblower Chris Day that an NHS trust had not deliberately concealed evidence when a director deleted up to 90,000 emails before he was due to testify
November 18, 2022 18 Nov'22
Is Elon Musk’s Twitter safe, and should you stop using it?

With a litany of security and compliance issues exposed and in many cases caused by Elon Musk’s takeover of social media platform Twitter, some may be asking if it’s still safe or appropriate to use
November 18, 2022 18 Nov'22
CyberPeace Institute helps NGOs improve their security resilience

Adrien Ogée of the CyberPeace Institute talks about his work supporting NGOs and humanitarian organisations, and how the security community at large can help protect the world’s most vulnerable people
November 16, 2022 16 Nov'22
Global network fragmentation a source of increasing risk

Risk consultancy’s report says the weaponisation of cyber space and geopolitical clashes herald a breakdown of global networks into distinct regional or national architectures
November 15, 2022 15 Nov'22
APP fraud volumes expected to double by 2026, says report

Losses to authorised push payment fraud in the UK are expected to climb to over $1.5bn in the next four years. Meanwhile, the NAO accuses the Home Office of lagging on progress to tackle the issue
November 15, 2022 15 Nov'22
Inside Singapore’s public sector IT strategy

Adopting a platform approach with products that can scale across the board and building a strong engineering bench are some of the key aspects in Singapore’s public sector IT strategy
November 14, 2022 14 Nov'22
How Google and Mandiant are forging synergies in cyber security

Google’s AI smarts and Mandiant’s intelligence on new and emerging threats could lay the foundation of proactive security
November 11, 2022 11 Nov'22
MoD recruits Immersive Labs to bolster cyber resilience

UK’s Ministry of Defence will run cyber drills and address its security talent gap with Immersive Labs’ CyberPro, Cyber Crisis Simulator and Application Security products
November 10, 2022 10 Nov'22
Cyber criminals have World Cup Qatar 2022 in their sights

Volumes of malicious cyber activity around the upcoming FIFA World Cup are already starting to tick upwards and are likely to continue to do so
November 09, 2022 09 Nov'22
Optus earmarks A$140m to cover cost of data breach

Optus sets aside A$140m as an exceptional expense for a customer remediation programme following a massive data breach that affected 10 million customers
November 09, 2022 09 Nov'22
UK’s National Cyber Advisory Board convenes for first time

Government convenes National Cyber Advisory Board to further its goals of making the UK one of the safest places to live and work online
November 09, 2022 09 Nov'22
Microsoft serves smorgasbord of six zero-days

November’s Patch Tuesday fixes significantly fewer vulnerabilities of late, but includes six actively-exploited zero-days, three of them of critical severity
November 09, 2022 09 Nov'22
Why Sophos is bullish on managed security services

Sophos has grown its managed detection and response business to more than $100m over the last three years as more organisations grapple with the increasingly complex cyber security landscape
November 07, 2022 07 Nov'22
Department for Education escapes £10m fine over data misuse

Department entrusted data on 28 million children to a company called Trustopia, which turned out to be anything but trustworthy, but has escaped a £10m fine under new rules
November 04, 2022 04 Nov'22
Microsoft: Nation-state cyber attacks became increasingly destructive in 2022

The willingness of nation-state actors to conduct destructive cyber attacks is a source of grave concern, as Microsoft’s latest annual Digital Defence Report lays bare
November 03, 2022 03 Nov'22
Global coalition reaffirms commitment to fight ransomware

Representatives of 36 countries, as well as the EU, attended the second International Counter Ransomware Initiative Summit in Washington DC
November 02, 2022 02 Nov'22
OpenSSL vulnerabilities ‘not as bad as feared’

As previously trailed, OpenSSL patched two buffer overflow vulnerabilities, neither of them as impactful as had been feared
November 01, 2022 01 Nov'22
A third of UK cyber leaders want to quit, report says

Nearly a third of UK security leaders are considering leaving their current role, and more than half are struggling to keep on top of their workload
November 01, 2022 01 Nov'22
NCSC looks back on year of ‘profound change’ for cyber

The NCSC ramped up its support for UK plc in the past 12 months, but it was events beyond the UK’s borders that proved the most impactful
November 01, 2022 01 Nov'22
How Elastic is going beyond enterprise search

Elastic has been doubling down on the security and observability capabilities of its open-source platform, going beyond its roots in enterprise search