News

IT risk management

• June 09, 2022 09 Jun'22

  SolarWinds CEO offers to commit staffers to government cyber agencies

  A new proposal from SolarWinds’ outspoken CEO, Sudhakar Ramakrishna, could see software companies commit key staff to work with government cyber agencies to improve cooperation and incident response

• June 08, 2022 08 Jun'22

  ProxyLogon, ProxyShell may have driven increase in dwell times

  The median network intruder dwell time was up 36% to 15 days last year, thanks to massive exploitation of the ProxyLogon and ProxyShell vulnerabilities by IABs, according to new Sophos data

• June 07, 2022 07 Jun'22

  Weak IT and SecOps collaboration in ANZ opens doors to cyber attacks

  The weak collaboration between IT and security teams in Australia and New Zealand is exposing their organisations to data loss, business disruption and other potential consequences of cyber attacks

• May 31, 2022 31 May'22

  Researchers discover zero-day Microsoft vulnerability in Office

  Malicious Word documents have been used to invoke a previously undisclosed vulnerability in Microsoft Office without user interaction through Windows utility functions

• May 26, 2022 26 May'22

  Consultation launched on datacentre, cloud security

  The government is seeking views on how to boost the security and resilience of the UK’s datacentres and online cloud platforms

• May 26, 2022 26 May'22

  Most CFOs being left out of ransomware conversations

  Barely a tenth of CFOs are actively involved in planning for cyber attacks, according to a report

• May 25, 2022 25 May'22

  Rubrik charts data security path

  Backup and recovery software provider Rubrik now sees itself as a cyber security company that helps organisations recover from ransomware and other data security threats

• May 25, 2022 25 May'22

  Building a pathway to commercial quantum computing

  The shortage of expertise in quantum technologies will drive up salaries. A new report from TechUK assesses the route to commercialisation

• May 24, 2022 24 May'22

  ICO orders facial recognition firm Clearview AI to delete all data about UK residents

  UK data watchdog fines facial recognition company Clearview AI £7.5m for multiple privacy breaches. The firm, which offers services to law enforcement, faces growing pressure from regulators and legal action around the world

• May 24, 2022 24 May'22

  Ransomware volumes grew faster than ever in 2021

  Verizon’s annual DBIR assessment of the security landscape highlights an unprecedented boom in ransomware volumes, to the surprise of nobody

• May 24, 2022 24 May'22

  Bad bots make up a quarter of APAC’s web traffic

  Bots that run automated tasks have been responsible for stealing personal information among other malicious activities in the Asia-Pacific region, study finds

• May 23, 2022 23 May'22

  How Ivanti views patch management with a security lens

  Bringing development, operations and security teams together will help organisations to improve their visibility of IT assets and vulnerabilities while keeping threat actors at bay

• May 20, 2022 20 May'22

  Applying international law to cyber will be a tall order

  Many in the security community have voiced their support for the UK government’s ambitions to work towards agreement with other countries on the application of international law to cyber space, but not without some reservations

• May 19, 2022 19 May'22

  Defensive cyber attacks may be justified, says attorney general

  Speaking ahead of a speech at the Chatham House think tank, the UK’s attorney general has suggested defensive cyber attacks against hostile countries may be legally justifiable

• May 19, 2022 19 May'22

  Red teaming will be standard in Dutch governmental organisations by 2025

  The Dutch government wants to include the testing of the digital security of systems, processes and people – also known as red teaming – in all of its governmental organisations’ test planning and budgeting by 2025 at the latest

• May 18, 2022 18 May'22

  Mastercard biometric programme will allow payment authentication by smile

  Mastercard is inviting banks and merchants to join a programme to set standards for biometric payments technology

• May 17, 2022 17 May'22

  Veeam outlines data protection vision

  Veeam is looking to achieve an “outsized market leading position” by tapping its strengths in data protection and doubling down on innovation to help enterprises secure emerging workloads

• May 17, 2022 17 May'22

  Australian CISOs least prepared for cyber attacks

  Australian CISOs are under pressure and feel the least prepared globally to deal with the consequences of a cyber attack, study finds

• May 16, 2022 16 May'22

  Keeping Singapore’s critical systems secure

  Tracy Thng offers a glimpse into her work in strengthening the cyber resilience of 11 essential service sectors in Singapore

• May 13, 2022 13 May'22

  Open source community sets out path to secure software

  A 10-point plan to improve the security and resilience of open source software was presented this week at a summit in the US

• May 12, 2022 12 May'22

  APAC career guide: Becoming a cyber security pro

  The region’s burgeoning cyber security industry has attracted more talent last year, but it takes more than just technical knowhow to succeed in the field

• May 11, 2022 11 May'22

  Nerbian RAT enjoys using Covid-19 phishing lures

  The world is slowly coming to terms with Covid-19, but fear of the coronavirus is no less useful to cyber criminals because of it, as Proofpoint researchers have discovered

• May 11, 2022 11 May'22

  CyberUK 22: Five Eyes focuses on MSP security

  The western intelligence community has set out practical steps IT service providers and their customers can take to protect themselves

• May 11, 2022 11 May'22

  Analysts confirm return of REvil ransomware gang

  Secureworks CTU analysis has found that the REvil ransomware is undergoing active development, possibly heralding a new campaign of cyber attacks

• May 11, 2022 11 May'22

  EU plans to police child abuse raise fresh fears over encryption and privacy rights

  Draft regulation unveiled today will require internet and messaging firms to use algorithms to identify grooming and child abuse or face heavy fines

• May 10, 2022 10 May'22

  CyberUK 22: NCSC refreshes cloud security guidance

  The National Cyber Security Centre is revising its cloud guidance as increasing uptake of potentially vulnerable cloud services puts more organisations at risk of compromise

• May 06, 2022 06 May'22

  IT infrastructure used to launch DDoS attack on Russian targets

  Organisations could unwittingly be participating in hostile activity against the Russian government as compromised IT infrastructure is used without their knowledge to launch denial of service attacks

• May 05, 2022 05 May'22

  Five companies join NCSC for Startups to deal with ransomware

  The NCSC has invited five startups to join the NCSC for Startups programme to develop tech that can help deal with the threat of ransomware

• May 04, 2022 04 May'22

  NHS email accounts hijacked for phishing campaign

  Microsoft credentials targeted in phishing operation using hijacked NHSMail accounts

• May 04, 2022 04 May'22

  Intellectual property theft operation attributed to Winnti group

  Winnti conducted a prolonged cyber espionage campaign that went undetected for years, allowing it to exfiltrate massive amounts of corporate data and intellectual property

• May 03, 2022 03 May'22

  Five TLS comms vulnerabilities hit Aruba, Avaya switching kit

  Five new vulnerabilities in the implementation of transport layer security communications leave several popular switches vulnerable to remote code execution

• April 28, 2022 28 Apr'22

  Manufacturer sues JPMorgan after cyber criminals stole $272m

  Manufacturer files lawsuit alleging that US bank failed to inform it of suspicious transaction activity

• April 28, 2022 28 Apr'22

  Russia plumbs new depths in cyber war on Ukraine

  Microsoft details cyber attacks on Ukrainian civilian communications, nuclear safety authorities, and the exploitation of the destruction of Mariupol in a phishing campaign

• April 28, 2022 28 Apr'22

  CIOs have the greatest impact on business

  Chief information officers see their role as core in building out the IT and security infrastructure and talent pool that their organisations require to grow post-pandemic

• April 27, 2022 27 Apr'22

  Log4Shell, ProxyLogon, ProxyShell among most exploited bugs of 2021

  These 15 CVEs were the most commonly exploited last year, and if you haven’t mitigated against them, now is the time

• April 27, 2022 27 Apr'22

  Leeds Beckett’s ethical hacking platform wins Innovate UK backing

  An ethical hacking and cyber education platform developed at Leeds Beckett University has received a major funding boost to help it launch commercially

• April 27, 2022 27 Apr'22

  Ransomware victims paying out when they don’t need to

  Sophos’s annual State of Ransomware report shows dramatic increases in the impact of ransomware attacks, but also finds many organisations are paying ransoms when they don’t need to

• April 26, 2022 26 Apr'22

  Coralogix makes foray into cyber security with Snowbit

  Observability platform supplier Coralogix has set up a cyber security venture and a global security resource centre in India to tap the growth opportunities in the subcontinent

• April 25, 2022 25 Apr'22

  Sophos soaks up SOC.OS

  Sophos says acquisition of BAE spinout SOC.OS will enhance its managed threat and extended detection and response services

• April 25, 2022 25 Apr'22

  Mimecast makes deeper push into ASEAN

  Mimecast opens regional office in Singapore and is looking at setting up a datacentre in Southeast Asia as it makes a deeper push into the region

• April 22, 2022 22 Apr'22

  What’s up with Conti and REvil, and should we be worrying?

  New intelligence on some of the world’s most prolific ransomware gangs suggests recent disruption to their activities was like water off a duck’s back

• April 22, 2022 22 Apr'22

  UAE bolsters cyber security

  The United Arab Emirates has successfully improved its security posture amid mounting cyber threats

• April 21, 2022 21 Apr'22

  Zoom adds new round of cyber security enhancements

  Videoconferencing platform Zoom adds multiple third-party security certifications and service enhancements

• April 21, 2022 21 Apr'22

  Five Eyes in new Russia cyber warning

  Latest cross-body alert warns of Russian threat to utilities and other core elements of national infrastructure

• April 21, 2022 21 Apr'22

  Impact of Lapsus$ attack on Okta less than feared

  Okta’s investigation into Lapsus$ breach of its systems via a Sitel workstation has concluded that the impact was significantly less than the maximum potential

• April 20, 2022 20 Apr'22

  One-third of scams that hit TSB are impersonation fraud

  TSB reports an increase in fraudsters impersonating trusted organisations to trick consumers into making payments to them

• April 20, 2022 20 Apr'22

  Home secretary Priti Patel to decide whether to extradite Assange

  Home secretary will decide in four weeks whether to approve Julian Assange’s extradition to the US, where he faces espionage and hacking charges

• April 20, 2022 20 Apr'22

  AWS fixes vulnerabilities in Log4Shell hot patch

  AWS issues fixes for a series of Log4Shell hot patches after they turned out to leave its services vulnerable to further exploitation

• April 20, 2022 20 Apr'22

  NSO Group faces court action after Pegasus spyware used against targets in UK

  Three human rights activists whose phones were targeted by spyware traced to Saudi Arabia and the United Arab Emirates have begun legal action against both countries and Israel’s NSO Group Technologies

• April 19, 2022 19 Apr'22

  Hammers sign Acronis as backup and security in one

  West Ham United set to replace separate backup from Veeam and a variety of security products with Acronis Cyber Protect to have backup, data protection and file share on a single platform