News

IT risk management

March 25, 2022 25 Mar'22
How Lapsus$ exploited the failings of multifactor authentication

Attacks on Nvidia and Okta highlight weak MFA and the risk of employees being bribed or falling victim to social engineering
March 24, 2022 24 Mar'22
Ransomware demands and payments increase with use of leak sites

Ransomware demands and payments continue to climb as gangs increasingly turn to Dark Web leak sites to add pressure on victims
March 24, 2022 24 Mar'22
The Security Interviews: Red gets automated

We speak to Jack Stockdale, CTO of Darktrace, about Cambridge’s strong data analytics and artificial intelligence links and the role of AI in cyber security
March 24, 2022 24 Mar'22
How India organisations can mitigate cyber threats

Organisations in India will need to invest more in cloud security, gain more visibility into their systems and improve security awareness among employees to fend off cyber attacks

March 23, 2022 23 Mar'22
NHS urgent care provider uses ID and access management to reduce complexity for clinicians

Provider of care through NHS 111 is using a cloud-based identity and access management system to remove the need for clinicians to remember multiple passwords
March 22, 2022 22 Mar'22
Biden issues warning about Russian cyber attacks

President Biden has said that US companies running critical infrastructure should immediately harden their defences in anticipation of potential cyber attacks from Russia
March 22, 2022 22 Mar'22
Details of Conti ransomware affiliate released

Information about a new Conti affiliate has been released by eSentire and BreakPoint Lab after a joint investigation into the group’s indicators of compromise
March 18, 2022 18 Mar'22
Dark web littered with Ukraine crypto scammers

Cryptocurrency scammers are actively targeting people trying to donate funds to support Ukraine
March 18, 2022 18 Mar'22
Ukrainian cyber defences prove resilient

Thanks to a combination of prior experience and global support, Ukraine’s defences against cyber incidents are holding strong in the face of Russian attacks
March 17, 2022 17 Mar'22
Online Safety Bill introduced in Parliament

The government has introduced its long-awaited Online Safety Bill in Parliament, alongside new criminal offences and sanctions for tech company execs

March 17, 2022 17 Mar'22
Alarm raised over ‘trickster’ LokiLocker ransomware

The new LokiLocker ransomware is, like its namesake, adept at tricks and misdirection, say BlackBerry researchers
March 16, 2022 16 Mar'22
Biden signs ransomware reporting mandate into law

CNI operators in the US must now report cyber attacks within 72 hours, and ransomware payments within 24 hours
March 16, 2022 16 Mar'22
German authorities warn on Kaspersky but stop short of ban

Germany authorities warn Kaspersky users to consider alternatives to the firm’s flagship antivirus software, citing national security concerns and the war on Ukraine
March 15, 2022 15 Mar'22
Supreme Court refuses Julian Assange extradition appeal

The case will be referred to the home secretary Priti Patel to make a decision. The WikiLeaks founder has yet to say whether he will file further appeals
March 09, 2022 09 Mar'22
Paid-for advertising measures included in Online Safety Bill

New measures to deal with fraudulent paid-for advertising have been included in the government’s draft Online Safety Bill, marking the fourth extension in two months
March 09, 2022 09 Mar'22
Microsoft serves up three zero-days on March Patch Tuesday

Three zero-days pop up in Microsoft’s March update, along with a number of other noteworthy concerns for defenders
March 03, 2022 03 Mar'22
Direct action is a risky business for Ukraine's volunteer hackers

Hackers have been responding to Ukraine’s call to create an IT army, but there are many reasons why taking direct action in a kinetic conflict is a bad idea
March 02, 2022 02 Mar'22
Cyber companies step up support for Ukraine

Security companies Bitdefender and Vectra AI are both to offer products and services in support of Ukraine
March 02, 2022 02 Mar'22
SunSeed malware hits those involved in Ukraine refugee relief

European governments involved in managing the logistics of hundreds of thousands of people fleeing Ukraine have been targeted by a suspected state-backed actor
March 02, 2022 02 Mar'22
Ban predictive policing systems in EU AI Act, says civil society

A coalition of civil society groups has called on European lawmakers to use the upcoming Artificial Intelligence Act as an opportunity to ban predictive policing systems
March 01, 2022 01 Mar'22
DCMS opens consultation on telecoms cyber standards

Proposed rules will set out the specific measures telecoms providers need to take to fulfil their legal duties under the Telecommunications Security Act
February 28, 2022 28 Feb'22
Cloudflare: Our network is our product

Cloudflare’s chief product officer explains why its network is its product and how it protects organisations against cyber threats
February 24, 2022 24 Feb'22
KnowBe4 cyber drama tackles Colonial Pipeline in fourth season

KnowBe4’s ongoing cyber security training drama, The Inside Man, reaches its fourth season with a plot drawing inspiration from one of the most impactful cyber attacks of 2021
February 24, 2022 24 Feb'22
Security organisations form Nonprofit Cyber coalition

Founding members of the Nonprofit Cyber coalition pledge to enhance joint action on cyber security around the world
February 24, 2022 24 Feb'22
New cyber guidelines to safeguard construction sector

NCSC launches sector-specific security guidance for organisations in the construction industry, with input from the Chartered Institute of Building
February 24, 2022 24 Feb'22
Russia behind dangerous Cyclops Blink malware

Joint NCSC CISA advisory attributes a dangerous malware, dubbed Cyclops Blink, to Russia’s Sandworm APT, likely a GRU unit, with WatchGuard users at particular risk
February 23, 2022 23 Feb'22
Backups ‘no longer effective’ for stopping ransomware attacks

Traditional methods of mitigating ransomware are less efficacious thanks to the rise in double and triple extortion techniques
February 23, 2022 23 Feb'22
No imminent cyber threat to UK from Russia

Intelligence officials say they have no evidence or indication that Russian cyber attackers are preparing offensive assaults on infrastructure or organisations in Britain
February 23, 2022 23 Feb'22
IBM opens cyber security hub in India

Big Blue’s new cyber security hub, comprising a cyber range, software development facilities and a security operations centre, will serve enterprises across the Asia-Pacific region
February 22, 2022 22 Feb'22
UK organisations swift to chide phishing victims

While UK organisations are doing better at security training, many are quick to punish employees who fall victim to phishing attacks, whether real or simulated
February 21, 2022 21 Feb'22
Zoom gains NCSC Cyber Essentials Plus and NHS security badges

Video platform Zoom has added a number of UK-specific cyber certifications to help it demonstrate its platform is safeguarded against common threats
February 17, 2022 17 Feb'22
Red Cross cyber attack the work of nation-state actors

The International Committee of the Red Cross now believes the January 2022 attack on its systems to have been the work of an undisclosed nation state
February 16, 2022 16 Feb'22
2021 another record year for UK cyber investment

Total revenue generated by the UK’s cyber sector was up 14% last year, and UK-registered security firms raised over £1bn in investment
February 16, 2022 16 Feb'22
DDoS attacks hit Ukrainian defence ministry and banks

A further wave of cyber attacks has taken place against targets in Ukraine amid heightened tension in the region
February 16, 2022 16 Feb'22
Cloud Security Alliance publishes guidelines to bridge compliance and DevOps

The Cloud Security Alliance has published a report detailing practices that organisations can adopt to bridge the gap between compliance and software development and operations
February 15, 2022 15 Feb'22
TA2451 targets aviation and transport sector with tailored lures

Newly designated cyber criminal group favours highly specific lures and a tried-and-tested modus operandi to compromise targets in the aviation, aerospace and transport sectors
February 15, 2022 15 Feb'22
China emerges as leader in vulnerability exploitation

Threat actors linked to China are emerging as a significant force in the weaponisation of newly discovered CVEs
February 11, 2022 11 Feb'22
Lack of knowledge disastrous for effective security strategy within Dutch companies

Most Dutch companies still haven’t realised that security is an integral part of their IT and company strategy
February 11, 2022 11 Feb'22
Why security professionals should pay attention to what Russia is doing

Even though the average organisation is an unlikely target for a Russian state cyber attack, here's why security teams still need to watch what Russian threat groups are up to
February 11, 2022 11 Feb'22
Hackney Council could be forced to answer questions about IT security training after Psya ransomware

Council is negotiating with the information commissioner after refusing to reply to questions under the Freedom of Information Act about staff IT and security training during the pandemic
February 10, 2022 10 Feb'22
How diplomatic immunity silenced the prosecutor who coordinated Sweden’s EncroChat probe

Defence lawyers claim Swedish court decision not to hear evidence from a Swedish prosecutor leaves important legal questions unanswered over international police operation to hack EncroChat cryptophone network
February 09, 2022 09 Feb'22
Linux-based clouds an open door for attackers, says VMware

Its prevalence as a cloud operating system means Linux is becoming a meal ticket for malicious actors, but the security industry does not seem to have cottoned on to this yet, says VMware
February 09, 2022 09 Feb'22
Ransomware ever more sophisticated and impactful, warns NCSC

UK’s National Cyber Security Centre teams up with US and Australian partners in a joint advisory warning organisations of the increasing sophistication exhibited by criminal ransomware gangs
February 09, 2022 09 Feb'22
Microsoft stomps on 48 bugs in February Patch Tuesday update

It’s a light Patch Tuesday for February 2022, as Microsoft issues fixes for just 48 CVEs, including a solitary zero-day
February 09, 2022 09 Feb'22
Tech companies risk being compelled by law to protect children, says online safety expert

John Carr, a child safety campaigner backing a government-funded campaign on the dangers of end-to-end encryption to children, says tech companies have no choice but to act
February 08, 2022 08 Feb'22
The Security Interviews: Building the UK’s future cyber ecosystem

As the government lays out the next iteration of its Cyber Security Strategy, we speak to Plexal and Lorca’s Saj Huq about his work building a cyber ecosystem to support the UK’s future ambitions
February 04, 2022 04 Feb'22
Check Point looks to plug ASEAN’s cyber security gap

Check Point is shoring up its sales force and partner ecosystem to address the cyber security needs of small and mid-sized businesses in a region that is highly targeted by threat actors
February 03, 2022 03 Feb'22
BlackCat crew supposedly behind OilTanking ransomware heist

Preliminary reports from Germany’s national cyber authority indicate the recent OilTanking ransomware attack may have been the work of the BlackCat group
February 03, 2022 03 Feb'22
Crisp supply shortage looms after KP Snacks hit by ransomware

Supplies of Hula Hoops and many other snack brands are under threat after a ransomware attack on the systems of KP Snacks
February 03, 2022 03 Feb'22
French Supreme Court raises constitutional questions over EncroChat hacking secrecy

Conseil Constitutionnel to decide whether ‘defence secrecy’ over state EncroChat cryptophone hacking breaches French constitution