News

IT risk management

• September 14, 2022 14 Sep'22

  Ex-CISA head Krebs: Disrupt ransomware support networks to win the war

  Speaking at an event hosted by data protection specialist Rubrik, former CISA director Chris Krebs calls for the security community to work collectively to kick out the supports from under ransomware gangs

• September 14, 2022 14 Sep'22

  NCSC warns public of potential Queen-related phishing attacks

  The National Cyber Security Centre is urging users to be on guard against phishing attacks during the period of national mourning for the Queen

• September 13, 2022 13 Sep'22

  Cloud compromise a doddle for threat actors as victims attest

  Two separate studies into the state of public cloud security reveal insight into the ease with which threat actors can compromise vast numbers of targets, and some of the challenges security teams are facing in the cloud

• September 13, 2022 13 Sep'22

  Users warned over Azure Active Directory authentication flaw

  Secureworks researchers found what they say is a serious vulnerability in an Azure Active Directory authentication method, but Microsoft says it should not pose a serious risk to users

• September 12, 2022 12 Sep'22

  Mandiant floats off into Google Cloud

  As planned, the acquisition of Mandiant will see the threat intel and incident response giant become a part of Google’s Cloud business

• September 12, 2022 12 Sep'22

  CISOs should spend on critical apps, cloud, zero-trust, in 2023

  Faced with a global recession next year, security buyers should try to direct investment towards technology that protects customer-facing and revenue-generating workloads, say analysts

• September 08, 2022 08 Sep'22

  NCSC CyberUK event heads to Belfast in 2023

  National Cyber Security Centre’s annual CyberUK roadshow is crossing the Irish Sea to Belfast in April 2023

• September 08, 2022 08 Sep'22

  Chinese APT using PlugX malware on espionage targets

  China’s Bronze President APT is once again targeting government officials of interest to its paymasters, this time using forged diplomatic correspondence, according to the Secureworks Counter Threat Unit

• September 08, 2022 08 Sep'22

  Dutch cyber security organisations to join forces

  Cyber security organisations in the Netherlands are going to merge into a single central expertise centre and information hub, which all organisations in the country will soon be able to tap into

• September 08, 2022 08 Sep'22

  India’s wake-up call on health data privacy

  Health app developers and industry watchers in India are keeping an eye on data privacy following the reversal of the Roe vs Wade ruling in the US

• September 07, 2022 07 Sep'22

  Albania cuts diplomatic ties with Iran after cyber attack

  In a global geopolitical first, the Albanian government has severed diplomatic ties with Iran and expelled its ambassador after it was targeted by an APT backed by Tehran

• September 07, 2022 07 Sep'22

  Digital identity is key to coping with surge in air travel

  The International Air Transport Association’s One ID digital identity initiative will pave the way for seamless air travel from curb to gate and help airports cope with growing passenger traffic

• September 05, 2022 05 Sep'22

  How Okta is regaining customer trust after a cyber attack

  In early 2022, cyber firm Okta was among several tech companies hit by the Lapsus$ gang. Vice-president of customer trust Ben King talks about how he has been working behind the scenes to rebuild confidence after the incident

• September 01, 2022 01 Sep'22

  Local authorities experience 10,000 attempted cyber attacks every day

  Local authorities across the UK face a daily deluge of cyber incidents, with phishing and DDoS attacks the most prevalent, according to an insurance broker

• September 01, 2022 01 Sep'22

  Swedish Electronics Protection Act coincides with major cyber spend

  Swedish cyber security law comes at a time of heavy government investment

• September 01, 2022 01 Sep'22

  New (ISC)² cyber careers schemes go live

  (ISC)² has opened up two new global cyber careers schemes to applicants to try to help organisations fill 2.7 million vacant roles worldwide

• August 30, 2022 30 Aug'22

  UK government presses on with new cyber rules for telcos

  Government has finalised new security rules for telecoms companies and will move to make them binding in the near future

• August 25, 2022 25 Aug'22

  CIOs: Geopolitics impacts your IT strategy

  Research from analyst Gartner illustrates how geopolitics is influencing IT strategies

• August 24, 2022 24 Aug'22

  Most CISOs think they’ve been attacked by a nation state

  Most organisations have made changes to their cyber strategies and policies following Russia’s invasion, and almost two-thirds suspect they have been directly targeted or impacted by a nation-state cyber attack

• August 24, 2022 24 Aug'22

  Alleged Twitter security failings spell trouble ahead

  Twitter’s former security head, Peiter Zatko, has alleged a number of serious cyber failures at the social media platform, raising the spectre of investigations and sanctions

• August 23, 2022 23 Aug'22

  NCSC shares cyber guidance for large infrastructure builds

  Balfour Beatty and McAlpine are among the large construction firms to have input into latest NCSC guidance for ensuring the security of major infrastructure projects

• August 22, 2022 22 Aug'22

  Lloyd’s to end insurance coverage for state cyber attacks

  Lloyd’s of London has instructed its members to exclude nation state cyber attacks from insurance policies beginning in 2023, saying they pose unacceptable levels of risk

• August 19, 2022 19 Aug'22

  Google employees demand end to collection of abortion data

  In the wake of the US Supreme Court rolling back abortion rights, Google employees are calling on the company to stop collecting abortion-related data, so that it can never be shared with police

• August 18, 2022 18 Aug'22

  Amazon Ring vulnerability could have been used to spy on users

  A now-patched vulnerability in the Amazon Ring mobile app could have been exploited to expose users’ video recordings, but was complex to exploit, according to the researchers who stumbled upon it

• August 18, 2022 18 Aug'22

  It takes a breach to force boards to take notice of cyber, says UK government

  Too often, it takes a major incident for business leadership to pay attention to cyber issues, according to a government-commissioned study of victims

• August 16, 2022 16 Aug'22

  Why organisations need to harmonise their CIO and CISO roles

  Unless properly managed, conflicting responsibilities between the chief information officer and the chief information security officer can cause project delays and budget overruns, says Netskope’s Mike Anderson

• August 15, 2022 15 Aug'22

  Lawyers and journalists sue CIA and Mike Pompeo over Assange surveillance claims

  CIA and its former director sued over allegations that they authorised unlawful spying on US citizens when they visited WikiLeaks founder Julian Assange at the Ecuadorian Embassy in London

• August 12, 2022 12 Aug'22

  How critical infrastructure operators can secure OT data

  Cohesity’s CISO discusses the challenges of securing data in operational technology systems and what can be done to mitigate security threats

• August 10, 2022 10 Aug'22

  ‘Coopetition’ a growing trend among ransomware gangs

  Sophos shares data from its new X-Ops unit at Black Hat in Las Vegas, revealing a growing number of ransomware victims being attacked by multiple gangs at the same time

• August 09, 2022 09 Aug'22

  Cyber insurance getting harder to obtain

  Organisations looking to shore up their security postures face more and more barriers to obtaining cyber insurance

• August 08, 2022 08 Aug'22

  NHS recovering key services after attack on supplier

  Incident at software provider Advanced took out multiple NHS services before the weekend, including the 111 advice service

• August 05, 2022 05 Aug'22

  Reliance on PSN may have exacerbated cyber attack impact

  As it seeks a new supplier to reinvigorate the migration away from the Public Services Network, the Cabinet Office says relying on the legacy network may be putting public sector bodies at heightened risk in cyber attacks

• August 04, 2022 04 Aug'22

  UK has biggest card fraud problem in Europe

  Social Market Foundation calls on the UK to get a grip on its huge problem with bank card fraud in Europe

• August 04, 2022 04 Aug'22

  SBRC to administer NCSC training across Scotland

  The Scottish Business Resilience Centre has been awarded a £500,000 contract to extend cyber resilience training across more than 250 at-risk organisations

• August 03, 2022 03 Aug'22

  New EU due diligence law needs amending to stop tech sector abuse

  European corporate due diligence directive seeking to transform how companies approach their human rights and environmental risk is welcome, but without further changes, it will fail to effectively curb tech firms’ harmful practices, claims ...

• August 03, 2022 03 Aug'22

  DrayTek patches SOHO router bug that left thousands exposed

  Network hardware supplier has fixed an unauthenticated RCE vulnerability in multiple routers in its Vigor line, after being alerted by Trellix researchers

• July 28, 2022 28 Jul'22

  H0lyGh0st ransomware gang faces challenges, but still a threat

  Digital Shadows reports on the recently identified H0lyGh0st ransomware outfit, a new threat actor operating out of North Korea that faces some clear challenges, but is nevertheless still a live threat

• July 28, 2022 28 Jul'22

  NCSC startups scheme turns focus to operational technology, SME security

  NCSC for Startups initiative turns its focus to supporting innovation around securing operational technology and addressing the challenges facing small businesses

• July 28, 2022 28 Jul'22

  Cyber criminals pivot away from macros as Microsoft changes bite

  As Microsoft resumes blocking macros by default in its Office application suite, reversing a temporary reversal, analysis from Proofpoint suggests the action has had a remarkable effect

• July 27, 2022 27 Jul'22

  Consumers left out of pocket as security costs soar

  As the average cost of a security incident reaches an all-time high of nearly $4.5m, an IBM Security study reveals how these costs are being passed on to ordinary people

• July 27, 2022 27 Jul'22

  Cyber security training ‘boring’ and largely ignored

  Two-thirds of employees don’t bother to pay attention to cyber security training – and the fault does not lie with them

• July 26, 2022 26 Jul'22

  Secret court asked to quash a decade of MI5 surveillance warrants following ‘systemic breaches’

  The culture at MI5 was to ‘prioritise’ missions ‘over everything else’, including compliance with safeguards designed to protect the public, the UK’s most secret court heard yesterday

• July 26, 2022 26 Jul'22

  No More Ransom initiative helps 1.5 million people in six years

  One and a half million people have now taken advantage of free ransomware decryption tools offered by a joint European project

• July 26, 2022 26 Jul'22

  Visibility and proactive stance needed to secure OT systems

  Critical infrastructure operators need to have more visibility into their IT and operational technology environment, and take a more active stance to fend off sophisticated adversaries, expert says

• July 26, 2022 26 Jul'22

  Ducktail infostealer targets Facebook Business users

  Newly uncovered Ducktail operation targets individuals with access to Facebook Business service and tries to steal their accounts

• July 25, 2022 25 Jul'22

  Home Office ‘unlawfully’ approved MI5 bulk surveillance warrants

  MI5 provided ‘false information’ to the Home Office to secure bulk surveillance warrants, the Investigatory Powers Tribunal heard

• July 25, 2022 25 Jul'22

  NCSC seeks community input for Cyber Advisor service

  The NCSC is proposing to establish a new Cyber Advisor service to train up experts in security guidance, and is inviting interested parties to come forward

• July 25, 2022 25 Jul'22

  The Security Interviews: Why you need to protect abandoned digital assets

  The war in Ukraine and subsequent boycott of Russia resulted in a swathe of digital infrastructure being abandoned, becoming a potential vulnerability for many organisations, says Cyberpion’s Ran Nahmias

• July 25, 2022 25 Jul'22

  TMT firms among top targets for cyber attacks in Singapore

  Organisations in the technology, media and telecoms sector were among the most lucrative targets for malicious actors as their services penetrate almost every aspect of society

• July 21, 2022 21 Jul'22

  GCHQ experts back scanning of encrypted phone messages to fight child abuse

  Ian Levy, technical director of the NCSC, and Crispin Robinson, technical director of GCHQ, back client-side scanning software on mobile phones to detect child abuse