News

IT risk management

• April 14, 2022 14 Apr'22

  Lack of expertise hurting UK government’s cyber preparedness

  UK government bodies and critical infrastructure owners cite a lack of staff resources, and internal and external expertise, as hampering factors when it comes to cyber readiness, according to a report

• April 14, 2022 14 Apr'22

  Incontroller ICS malware has ‘rare, dangerous’ capabilities, says Mandiant

  Mandiant joins a growing chorus of warnings over novel nation state threats to ICS systems

• April 13, 2022 13 Apr'22

  More ANZ organisations warm to DevSecOps

  About four in 10 organisations in Australia and New Zealand are undertaking the transition to development, security and operations, while a further 36% plan to do so in 2022, study finds

• April 12, 2022 12 Apr'22

  Universal IAM policy failings put cloud environments at risk

  Almost all organisations lack appropriate IAM policy controls to effectively secure their data in the cloud, according to a damning study

• April 12, 2022 12 Apr'22

  AI researcher says police tech suppliers are hostile to transparency

  Expert witness in Lords police tech inquiry welcomes committee’s findings but questions whether its recommendations on how to end the ‘Wild West’ of police artificial intelligence and algorithmic technologies in the UK would be implemented

• April 08, 2022 08 Apr'22

  Was Spring4Shell a lot of hot air? No, but...

  Find out why Spring4Shell was apparently not as impactful a security problem as many had at first feared, and why it’s on the cyber community as a whole to do better

• April 05, 2022 05 Apr'22

  Triple-threat Borat malware no joke for victims

  Unlike its namesake, the newly discovered Borat malware won’t raise a smile for IT security pros

• April 04, 2022 04 Apr'22

  How remote browser isolation can mitigate cyber threats

  Remote browser isolation can help to mitigate browser-based attacks by separating a user’s browsing activity from the device

• April 01, 2022 01 Apr'22

  Four moves to ‘checkmate’ critical assets thanks to lax cloud security

  Malicious actors can compromise 94% of critical assets within four steps of the initial breach point, according to a report

• March 31, 2022 31 Mar'22

  Global upheaval shows cyber security isn’t good enough, says GCHQ director

  Generational global upheaval has laid bare significant gaps in national cyber strategies, GCHQ chief Jeremy Fleming has said in a speech

• March 30, 2022 30 Mar'22

  One-third of UK firms suffer a cyber attack every week

  New statistics from the annual DCMS Cyber security breaches survey reveal the extent and frequency with which UK organisations are being attacked by malicious actors

• March 30, 2022 30 Mar'22

  Australia to spend A$9.9bn on intelligence and cyber capabilities

  The Morrison government is investing in a landmark package of measures to shore up the intelligence and cyber security capabilities of the Australian Signals Directorate

• March 29, 2022 29 Mar'22

  NCSC: Not necessarily wise to ditch Kaspersky

  UK’s National Cyber Security Centre issues refreshed guidance on organisations’ usage of technology and services of Russian origin, but stops short of advising users to expunge all Russian products from their IT estates

• March 29, 2022 29 Mar'22

  Wave of Log4j-linked attacks targeting VMware Horizon

  Sophos issues a new warning to organisations that have so far failed to patch their VMware Horizon servers against Log4Shell

• March 29, 2022 29 Mar'22

  FCA reports 52% jump in security incidents

  The Financial Conduct Authority received 116 cyber incident reports in 2021, a fifth of them involving ransomware

• March 29, 2022 29 Mar'22

  Singapore rolls out cyber security certification scheme

  Two new cyber security marks are expected to provide an edge for Singapore businesses with good cyber security practices

• March 28, 2022 28 Mar'22

  IT professionals wary of government campaign to limit end-to-end encryption

  Members of the Chartered Institute of IT, the professional body for technology professionals in the UK, warn against limiting end-to-end encryption

• March 25, 2022 25 Mar'22

  US offers concessions on surveillance and privacy as EU and US agree successor to Privacy Shield

  EU and US agree data privacy framework allowing trans-Atlantic data transfers after US offers concessions on surveillance and new rights of redress for EU citizens

• March 25, 2022 25 Mar'22

  European Commission proposes new cyber security regulations

  New cyber and information security regulations have been proposed by the European Commission to create a minimum set of standards in both areas

• March 25, 2022 25 Mar'22

  London police arrest seven in connection to Lapsus$

  Seven people arrested by London police over cyber attacks carried out by Lapsus$ group, which is responsible for a number of recent, high profile attacks

• March 25, 2022 25 Mar'22

  How Lapsus$ exploited the failings of multifactor authentication

  Attacks on Nvidia and Okta highlight weak MFA and the risk of employees being bribed or falling victim to social engineering

• March 24, 2022 24 Mar'22

  Ransomware demands and payments increase with use of leak sites

  Ransomware demands and payments continue to climb as gangs increasingly turn to Dark Web leak sites to add pressure on victims

• March 24, 2022 24 Mar'22

  The Security Interviews: Red gets automated

  We speak to Jack Stockdale, CTO of Darktrace, about Cambridge’s strong data analytics and artificial intelligence links and the role of AI in cyber security

• March 24, 2022 24 Mar'22

  How India organisations can mitigate cyber threats

  Organisations in India will need to invest more in cloud security, gain more visibility into their systems and improve security awareness among employees to fend off cyber attacks

• March 23, 2022 23 Mar'22

  NHS urgent care provider uses ID and access management to reduce complexity for clinicians

  Provider of care through NHS 111 is using a cloud-based identity and access management system to remove the need for clinicians to remember multiple passwords

• March 22, 2022 22 Mar'22

  Biden issues warning about Russian cyber attacks

  President Biden has said that US companies running critical infrastructure should immediately harden their defences in anticipation of potential cyber attacks from Russia

• March 22, 2022 22 Mar'22

  Details of Conti ransomware affiliate released

  Information about a new Conti affiliate has been released by eSentire and BreakPoint Lab after a joint investigation into the group’s indicators of compromise

• March 18, 2022 18 Mar'22

  Dark web littered with Ukraine crypto scammers

  Cryptocurrency scammers are actively targeting people trying to donate funds to support Ukraine

• March 18, 2022 18 Mar'22

  Ukrainian cyber defences prove resilient

  Thanks to a combination of prior experience and global support, Ukraine’s defences against cyber incidents are holding strong in the face of Russian attacks

• March 17, 2022 17 Mar'22

  Online Safety Bill introduced in Parliament

  The government has introduced its long-awaited Online Safety Bill in Parliament, alongside new criminal offences and sanctions for tech company execs

• March 17, 2022 17 Mar'22

  Alarm raised over ‘trickster’ LokiLocker ransomware

  The new LokiLocker ransomware is, like its namesake, adept at tricks and misdirection, say BlackBerry researchers

• March 16, 2022 16 Mar'22

  Biden signs ransomware reporting mandate into law

  CNI operators in the US must now report cyber attacks within 72 hours, and ransomware payments within 24 hours

• March 16, 2022 16 Mar'22

  German authorities warn on Kaspersky but stop short of ban

  Germany authorities warn Kaspersky users to consider alternatives to the firm’s flagship antivirus software, citing national security concerns and the war on Ukraine

• March 15, 2022 15 Mar'22

  Supreme Court refuses Julian Assange extradition appeal

  The case will be referred to the home secretary Priti Patel to make a decision. The WikiLeaks founder has yet to say whether he will file further appeals

• March 09, 2022 09 Mar'22

  Paid-for advertising measures included in Online Safety Bill

  New measures to deal with fraudulent paid-for advertising have been included in the government’s draft Online Safety Bill, marking the fourth extension in two months

• March 09, 2022 09 Mar'22

  Microsoft serves up three zero-days on March Patch Tuesday

  Three zero-days pop up in Microsoft’s March update, along with a number of other noteworthy concerns for defenders

• March 03, 2022 03 Mar'22

  Direct action is a risky business for Ukraine's volunteer hackers

  Hackers have been responding to Ukraine’s call to create an IT army, but there are many reasons why taking direct action in a kinetic conflict is a bad idea

• March 02, 2022 02 Mar'22

  Cyber companies step up support for Ukraine

  Security companies Bitdefender and Vectra AI are both to offer products and services in support of Ukraine

• March 02, 2022 02 Mar'22

  SunSeed malware hits those involved in Ukraine refugee relief

  European governments involved in managing the logistics of hundreds of thousands of people fleeing Ukraine have been targeted by a suspected state-backed actor

• March 02, 2022 02 Mar'22

  Ban predictive policing systems in EU AI Act, says civil society

  A coalition of civil society groups has called on European lawmakers to use the upcoming Artificial Intelligence Act as an opportunity to ban predictive policing systems

• March 01, 2022 01 Mar'22

  DCMS opens consultation on telecoms cyber standards

  Proposed rules will set out the specific measures telecoms providers need to take to fulfil their legal duties under the Telecommunications Security Act

• February 28, 2022 28 Feb'22

  Cloudflare: Our network is our product

  Cloudflare’s chief product officer explains why its network is its product and how it protects organisations against cyber threats

• February 24, 2022 24 Feb'22

  KnowBe4 cyber drama tackles Colonial Pipeline in fourth season

  KnowBe4’s ongoing cyber security training drama, The Inside Man, reaches its fourth season with a plot drawing inspiration from one of the most impactful cyber attacks of 2021

• February 24, 2022 24 Feb'22

  Security organisations form Nonprofit Cyber coalition

  Founding members of the Nonprofit Cyber coalition pledge to enhance joint action on cyber security around the world

• February 24, 2022 24 Feb'22

  New cyber guidelines to safeguard construction sector

  NCSC launches sector-specific security guidance for organisations in the construction industry, with input from the Chartered Institute of Building

• February 24, 2022 24 Feb'22

  Russia behind dangerous Cyclops Blink malware

  Joint NCSC CISA advisory attributes a dangerous malware, dubbed Cyclops Blink, to Russia’s Sandworm APT, likely a GRU unit, with WatchGuard users at particular risk

• February 23, 2022 23 Feb'22

  Backups ‘no longer effective’ for stopping ransomware attacks

  Traditional methods of mitigating ransomware are less efficacious thanks to the rise in double and triple extortion techniques

• February 23, 2022 23 Feb'22

  No imminent cyber threat to UK from Russia

  Intelligence officials say they have no evidence or indication that Russian cyber attackers are preparing offensive assaults on infrastructure or organisations in Britain

• February 23, 2022 23 Feb'22

  IBM opens cyber security hub in India

  Big Blue’s new cyber security hub, comprising a cyber range, software development facilities and a security operations centre, will serve enterprises across the Asia-Pacific region

• February 22, 2022 22 Feb'22

  UK organisations swift to chide phishing victims

  While UK organisations are doing better at security training, many are quick to punish employees who fall victim to phishing attacks, whether real or simulated