News

IT risk management

• November 29, 2022 29 Nov'22

  AWS doubles down on data management

  Cloud giant Amazon Web Services declares a bold vision to eliminate the need to extract, transform and load data alongside other efforts to address business problems in domains like cyber security and logistics

• November 29, 2022 29 Nov'22

  ‘Legal but harmful’ clause dropped from Online Safety Bill

  Online Safety Bill’s ‘legal but harmful’ provision will be dropped by the UK government in favour of public risk assessments, tools to help users control the content they consume, and new criminal offences around self-harm

• November 27, 2022 27 Nov'22

  Plexal inducts six into cyber leadership scheme

  Tech innovation hub Plexal is expanding its Cyber Runway programme with a new Ignite strand dedicated to supporting high-potential security leaders

• November 25, 2022 25 Nov'22

  Data management, backup becoming the CISO's responsibility

  More and more CISOs are taking on responsibility for wider data management strategies, and this trend looks set to grow next year

• November 24, 2022 24 Nov'22

  Not-for-profit aims to encourage 1,300 girls into cyber careers

  CyNam, a not-for-profit cyber security initiative, is collaborating with industry, education providers and government to encourage young women into cyber

• November 23, 2022 23 Nov'22

  South Korea data adequacy pact brings £15m Brexit bonus

  UK government finalises a data adequacy agreement with South Korea, saying it will unlock a post-Brexit business bonus of just under £15m

• November 23, 2022 23 Nov'22

  Red team tool developer slams ‘irresponsible’ disclosure

  UK security firm MDSec defends its Nighthawk command and control penetration testing framework after suggestions were made that it could be appropriated by threat actors

• November 23, 2022 23 Nov'22

  Dutch national cyber security strategy aims to protect digital society

  Cabinet sets up national cyber security strategy to make the Netherlands digitally secure

• November 22, 2022 22 Nov'22

  Killnet DDoS hacktivists target Royal Family and others

  Russia-aligned hacktivists targeted multiple UK websites, including those of the Royal Family, in a new campaign of DDoS attacks

• November 22, 2022 22 Nov'22

  C-suite mystified by cyber security jargon

  Malware, supply chain attack, zero-day, IoC, TTP and Mitre ATT&CK are just some of the everyday terms that security pros use that risk making the world of cyber incomprehensible to outsiders

• November 21, 2022 21 Nov'22

  NHS trust that deleted up to 90,000 emails cleared of deliberately concealing evidence

  A tribunal found in a high-profile case brought by whistleblower Chris Day that an NHS trust had not deliberately concealed evidence when a director deleted up to 90,000 emails before he was due to testify

• November 18, 2022 18 Nov'22

  Is Elon Musk’s Twitter safe, and should you stop using it?

  With a litany of security and compliance issues exposed and in many cases caused by Elon Musk’s takeover of social media platform Twitter, some may be asking if it’s still safe or appropriate to use

• November 18, 2022 18 Nov'22

  CyberPeace Institute helps NGOs improve their security resilience

  Adrien Ogée of the CyberPeace Institute talks about his work supporting NGOs and humanitarian organisations, and how the security community at large can help protect the world’s most vulnerable people

• November 16, 2022 16 Nov'22

  Global network fragmentation a source of increasing risk

  Risk consultancy’s report says the weaponisation of cyber space and geopolitical clashes herald a breakdown of global networks into distinct regional or national architectures

• November 15, 2022 15 Nov'22

  APP fraud volumes expected to double by 2026, says report

  Losses to authorised push payment fraud in the UK are expected to climb to over $1.5bn in the next four years. Meanwhile, the NAO accuses the Home Office of lagging on progress to tackle the issue

• November 15, 2022 15 Nov'22

  Inside Singapore’s public sector IT strategy

  Adopting a platform approach with products that can scale across the board and building a strong engineering bench are some of the key aspects in Singapore’s public sector IT strategy

• November 14, 2022 14 Nov'22

  How Google and Mandiant are forging synergies in cyber security

  Google’s AI smarts and Mandiant’s intelligence on new and emerging threats could lay the foundation of proactive security

• November 11, 2022 11 Nov'22

  MoD recruits Immersive Labs to bolster cyber resilience

  UK’s Ministry of Defence will run cyber drills and address its security talent gap with Immersive Labs’ CyberPro, Cyber Crisis Simulator and Application Security products

• November 10, 2022 10 Nov'22

  Cyber criminals have World Cup Qatar 2022 in their sights

  Volumes of malicious cyber activity around the upcoming FIFA World Cup are already starting to tick upwards and are likely to continue to do so

• November 09, 2022 09 Nov'22

  Optus earmarks A$140m to cover cost of data breach

  Optus sets aside A$140m as an exceptional expense for a customer remediation programme following a massive data breach that affected 10 million customers

• November 09, 2022 09 Nov'22

  UK’s National Cyber Advisory Board convenes for first time

  Government convenes National Cyber Advisory Board to further its goals of making the UK one of the safest places to live and work online

• November 09, 2022 09 Nov'22

  Microsoft serves smorgasbord of six zero-days

  November’s Patch Tuesday fixes significantly fewer vulnerabilities of late, but includes six actively-exploited zero-days, three of them of critical severity

• November 09, 2022 09 Nov'22

  Why Sophos is bullish on managed security services

  Sophos has grown its managed detection and response business to more than $100m over the last three years as more organisations grapple with the increasingly complex cyber security landscape

• November 07, 2022 07 Nov'22

  Department for Education escapes £10m fine over data misuse

  Department entrusted data on 28 million children to a company called Trustopia, which turned out to be anything but trustworthy, but has escaped a £10m fine under new rules

• November 04, 2022 04 Nov'22

  Microsoft: Nation-state cyber attacks became increasingly destructive in 2022

  The willingness of nation-state actors to conduct destructive cyber attacks is a source of grave concern, as Microsoft’s latest annual Digital Defence Report lays bare

• November 03, 2022 03 Nov'22

  Global coalition reaffirms commitment to fight ransomware

  Representatives of 36 countries, as well as the EU, attended the second International Counter Ransomware Initiative Summit in Washington DC

• November 02, 2022 02 Nov'22

  OpenSSL vulnerabilities ‘not as bad as feared’

  As previously trailed, OpenSSL patched two buffer overflow vulnerabilities, neither of them as impactful as had been feared

• November 01, 2022 01 Nov'22

  A third of UK cyber leaders want to quit, report says

  Nearly a third of UK security leaders are considering leaving their current role, and more than half are struggling to keep on top of their workload

• November 01, 2022 01 Nov'22

  NCSC looks back on year of ‘profound change’ for cyber

  The NCSC ramped up its support for UK plc in the past 12 months, but it was events beyond the UK’s borders that proved the most impactful

• November 01, 2022 01 Nov'22

  How Elastic is going beyond enterprise search

  Elastic has been doubling down on the security and observability capabilities of its open-source platform, going beyond its roots in enterprise search

• October 31, 2022 31 Oct'22

  Prepare today for potentially high-impact OpenSSL bug

  OpenSSL trailed a critical vulnerability patch last week, which will be only the second such flaw ever found in the open source encryption project. Unfortunately, the first was Heartbleed

• October 31, 2022 31 Oct'22

  Cyber crime officer says French legal challenges to EncroChat are ‘hype’

  Matthieu Audibert, officer of the French Gendarmerie’s cyber space command, gets into a spat with defence lawyers on Twitter over the lawfulness of evidence from the hacked phone network EncroChat

• October 27, 2022 27 Oct'22

  NCSC’s Levy steps down after 20-year intelligence career

  NCSC technical director Ian Levy bids farewell, telling his successor: ‘Don’t panic’

• October 27, 2022 27 Oct'22

  NHS to get new national CISO

  The Department for Health and Social Care is seeking a new national CISO, who will be tasked with providing strategic cyber leadership, direction and expertise across DHSC and the wider NHS

• October 27, 2022 27 Oct'22

  Medibank breach casts spotlight on data security

  Health insurer Medibank Private recently suffered a major data breach involving the personal and health information of millions of customers, once again casting the spotlight on data security in Australia

• October 27, 2022 27 Oct'22

  Santander calls for cooperation to tackle APP fraud

  New report puts forward key recommendations that the banking sector, government and other industries could take to tackle authorised push payment fraud

• October 26, 2022 26 Oct'22

  Cuba ransomware cartel spoofs Ukraine armed forces

  Ukrainian cyber experts issue a warning over the activities of the Cuba ransomware cartel

• October 26, 2022 26 Oct'22

  Australia budget closes in on digital divide, cyber resilience

  Australia’s latest budget is geared towards providing better broadband connectivity in regional and rural areas, shoring up the cyber security posture of its businesses and plugging tech talent shortages, among other areas

• October 25, 2022 25 Oct'22

  Global digital trust market to double by 2027

  The global market for digital trust technology is expected to double to $537bn by 2027, up from $270bn today as demand for cyber security and other capabilities continues to grow

• October 25, 2022 25 Oct'22

  Digital-first businesses more willing to accept some fraud

  Companies founded in the past 20 years appear more willing to accept higher levels of fraudulent activity during the customer onboarding process, according to a report

• October 21, 2022 21 Oct'22

  Microsoft slams external researchers over its own data leak

  Microsoft inadvertently leaked customer data after misconfiguring an Azure Blob, but has hit out at the organisation that discovered its error, claiming it is exaggerating the scope of the issue

• October 20, 2022 20 Oct'22

  The Security Interviews: Why now for ZTNA 2.0?

  With organisations facing escalating online threats, security teams need to improve their defences using zero-trust network access to preserve the integrity of their systems. Palo Alto Networks’ Simon Crocker shares his views on zero-trust network ...

• October 20, 2022 20 Oct'22

  Cyber professional shortfall hits 3.4 million

  Shortage of cyber security professionals continues to grow and shows no signs of abating, says report

• October 20, 2022 20 Oct'22

  Singapore extends cyber security labelling scheme to medical devices

  The Cyber Security Agency of Singapore is extending its cyber security labelling scheme to medical devices to encourage medical device manufacturers to adopt a security-by-design approach to product development

• October 19, 2022 19 Oct'22

  Ransomware crews regrouping as LockBit rise continues

  Overall ransomware activity dropped off in the third quarter of 2022, but increasing attack volumes in September may herald a difficult few months ahead

• October 19, 2022 19 Oct'22

  Treat cyber crime as a ‘strategic threat’, UK businesses told

  The government’s new National Cyber Advisory Board aims to help elevate cyber discussion and spur action in the business community

• October 18, 2022 18 Oct'22

  Apache vulnerability a risk, but not as widespread as Log4Shell

  A newly disclosed Apache Commons Text vulnerability may put many at risk, but does not appear to be as impactful or widespread as Log4Shell

• October 18, 2022 18 Oct'22

  Virtually all vulnerable open source downloads are avoidable

  Some 96% of known vulnerable open source downloads could have been avoided altogether, according to a report

• October 14, 2022 14 Oct'22

  Malicious WhatsApp add-on highlights risks of third-party mods

  Kaspersky researchers discovered a malicious version of a widely used WhatsApp messenger mod, highlighting the risks of using so-called mods

• October 14, 2022 14 Oct'22

  Office 365 email encryption flaw could pose risk to user privacy

  A vulnerability in Microsoft Office 365 Message Encryption could leave the contents of emails dangerously exposed, but with no fix coming it’s up to users to decide how at risk they are