News

IT risk management

September 09, 2021 09 Sep'21
UK GDPR faces changes under planned reforms

DCMS is launching a major consultation on proposed changes to the UK’s data protection regime, under which several key elements of the GDPR are likely to change
September 09, 2021 09 Sep'21
Latest Microsoft zero-day being actively exploited

New Microsoft zero-day CVE-2021-40444 affects multiple versions of Windows and is probably being exploited through convincing phishing attacks
September 08, 2021 08 Sep'21
REvil reappearance may herald new ransom campaigns

The re-emergence of the infamous REvil ransomware gang is a likely sign that more high-profile attacks will unfold over the coming weeks
September 08, 2021 08 Sep'21
Covid positive for security market, but still a source of stress

CIISec’s latest “State of the profession report” highlights both positives and challenges for cyber pros arising from the past two years

September 08, 2021 08 Sep'21
Stolen credit card data worth about £13 on dark web, PayPal worth more

The average price of a stolen credit card on a dark web marketplace comes in at around $17.40, or £12.60, according to new data – but the real money for cyber criminals is in hacked PayPal accounts
September 07, 2021 07 Sep'21
OT security in APAC remains work in progress

Two operational technology security experts shed light on the state of OT security in the region, and what’s being done to address skills, competency and organisational challenges
September 03, 2021 03 Sep'21
Mandiant, Sophos detail dangerous ProxyShell attacks

Threat researchers and incident responders continue to track threat activity around the dangerous ProxyShell Microsoft Exchange vulnerabilities, including impactful ransomware hits
September 03, 2021 03 Sep'21
China accused of cyber attacks on Norwegian IT systems

China-based cyber attackers have been blamed for multiple assaults on IT systems in Norway
September 02, 2021 02 Sep'21
How high can the contactless card limit go without two-factor authentication?

The spending limit for contactless cards has reached an eyebrow-raising triple-digit figure – £100 – raising questions about the need for user authentication
September 02, 2021 02 Sep'21
WhatsApp fined €225m over GDPR breaches

Irish data protection watchdog has issued one of the largest GDPR fines to date against Facebook-owned WhatsApp

September 02, 2021 02 Sep'21
Finance firms faced up to £760,000 costs per DNS attack during pandemic

Financial services firms have been the focus of attacks by cyber criminals during the Covid-19 crisis
September 01, 2021 01 Sep'21
Experts warn on Office 365 phishing attacks

Newly observed campaign is particularly dangerous because it appears to neutralise one of the most widely known anti-phishing techniques
September 01, 2021 01 Sep'21
Remote workers routinely bypassed security tools during pandemic

New data from Palo Alto Networks reveals that over 25% of UK security leaders saw their employees circumventing or switching off security measures at the height of the pandemic
August 31, 2021 31 Aug'21
GovTech launches vulnerability rewards programme

Vulnerability rewards programme will offer rewards ranging from $250 to $5,000 to white hat hackers who find vulnerabilities in critical government systems
August 27, 2021 27 Aug'21
Are proposed data protection changes a threat to UK citizens’ privacy?

Though changes are as-yet undefined pending an upcoming consultation, concerns are already being expressed over the government’s plan to liberalise data protection laws in the service of innovation and growth
August 26, 2021 26 Aug'21
Government unveils post-Brexit data flow proposals

The government will pursue data partnerships with countries including Australia, South Korea and the US as part of a post-Brexit data regime that may also see substantial changes to the UK’s data protection law
August 26, 2021 26 Aug'21
NZ privacy lead John Edwards named new information commissioner

DCMS has named John Edwards, currently New Zealand privacy commissioner, to succeed Elizabeth Denham as UK information commissioner
August 25, 2021 25 Aug'21
Calling the cops for ransomware attacks doesn’t help, say cyber pros

A new study for the #Ransomaware campaign reveals some insight into why so few victims report ransomware attacks
August 25, 2021 25 Aug'21
UK loses £1.3bn to fraud and cyber crime so far this year

New figures from the National Fraud Intelligence Bureau show a threefold spike in reported financial losses to fraud and cyber crime in the first six months of 2021
August 24, 2021 24 Aug'21
Half of MS Exchange servers at risk in ProxyShell debacle

Up to 50% of MS Exchange users in the UK are exposed to three vulnerabilities that are now being actively exploited
August 24, 2021 24 Aug'21
Over a million opt out of NHS data-sharing

Failure to communicate benefits of data-sharing proposals and privacy concerns are prompting large numbers of people to opt out of a proposed NHS Digital scheme
August 23, 2021 23 Aug'21
Flexxon and Lenovo tie up on AI-infused SSDs

Singapore-based Flexxon teams up with Lenovo to make its solid-state drive that uses artificial intelligence to fend off cyber threats available on ThinkPad-based laptops
August 19, 2021 19 Aug'21
Pub apps harvesting swathes of customer data unnecessarily

Some pub and restaurant chain apps demand data such as gender and marital status, raising eyebrows among privacy campaigners
August 19, 2021 19 Aug'21
IT leaders fear ‘trickle-down’ of nation-state cyber attacks

Three-quarters of IT decision-makers are concerned that the tactics, techniques and procedures used by nation-state attackers could be used against them
August 18, 2021 18 Aug'21
MoD seeks security tech to harden military systems

The Defence and Security Accelerator has launched a programme to root out technology that will reduce the military’s exposure to cyber attacks
August 17, 2021 17 Aug'21
Educational publisher Pearson fined for data breach cover-up

Securities and Exchange Commission says publisher misled its investors over the extent of a 2018 data breach
August 17, 2021 17 Aug'21
Security Think Tank: Building privacy-preserving apps and platforms

ISACA’s Gaurav Deep Singh Johar explores how to embed privacy practices into digital platform architecture
August 16, 2021 16 Aug'21
Nearly half of retailers hit by ransomware in 2020

In the face of increasingly prevalent and sophisticated ransomware attacks, retail organisations need to develop alternative ways of restoring lost or encrypted data, as paying the ransom does not guarantee its return in almost a third of cases
August 13, 2021 13 Aug'21
Cyber Runway programme supports new security businesses

The Cyber Runway programme is a government-backed scheme to support entrepreneurs, startups and scaleups in launching and growing new security businesses
August 12, 2021 12 Aug'21
ICO consults on new international data transfer agreement

Information Commissioner’s Office to consult on its draft international data transfer agreement and guidance, which will replace standard contractual clauses to protect personal data during overseas transfers
August 11, 2021 11 Aug'21
Microsoft fixes seven critical bugs on light Patch Tuesday

All seven critical vulnerabilities in Microsoft’s August Patch Tuesday were related to remote code execution, and there was one zero-day related to Windows Update Medic Service
August 11, 2021 11 Aug'21
The Netherlands still lacks digital resilience, says report

Report by National Coordinator for Counterterrorism and Security says the Netherlands’ digital resilience has improved, but is still insufficient
August 10, 2021 10 Aug'21
Ransomware demands and payments hit new records

Ransomware groups continue to intensify their operations as ransom demands and payments increase alongside use of “quadruple extortion” tactics during first half of 2021
August 10, 2021 10 Aug'21
Dutch lead the way in protecting themselves against internet risks

Dutch citizens come top in a study on awareness of internet risks in Europe, which showed major differences across the continent
August 10, 2021 10 Aug'21
Researchers uncover database with 126 million unsecured records

Business-to-business marketing firm OneMoreLead was storing tens of millions of records in an unsecured database, exposing at least 63 million people to fraud, identify theft and phishing campaigns
August 10, 2021 10 Aug'21
How Grab is using Kafka in fraud detection

Grab is using Apache Kafka in its fraud detection and prevention platform to ingest event streams from its mobile software development kits and client backends to pick up fraudulent activities
August 05, 2021 05 Aug'21
Nine security flaws found in critical hospital infrastructure

The ‘PwnedPiper’ vulnerabilities identified in systems used by 80% of US hospitals could be used to launch ransomware attacks
August 05, 2021 05 Aug'21
SAP customers more alert to internal than external threats

SAP customers are more concerned by insider threats than by external attacks, according to a report. And yet the average SAP customer has around 2,500 vulnerabilities within their customised SAP code
August 05, 2021 05 Aug'21
Cloud misconfiguration a growing cause of security incidents

Rapid cloud adoption during the pandemic has increased the attack surface and heightened the risk of misconfiguring services, leaving organisations more vulnerable to cyber attacks
August 04, 2021 04 Aug'21
Initial access brokers unaffected by ransomware content bans

Banning ransomware content from cyber crime forums has done little to prevent initial access brokers from advertising their services, with the number of access listings increasing in the second quarter of 2021
August 03, 2021 03 Aug'21
Ransomware attacks increase dramatically during 2021

Dramatic increase in ransomware attacks globally during first half of 2021 driven by triple extortion technique, and is only set to expand further
July 28, 2021 28 Jul'21
Almost half unaware of GP data-sharing plans

Around half of adults in England – approximately 20 million people – remain unaware of the scope of the NHS GPDPR programme, prompting calls for a public education campaign
July 28, 2021 28 Jul'21
Top vulnerabilities target perimeter devices

The most frequently exploited CVEs of the year so far are to be found in perimeter and network access devices, according to a joint advisory from the NCSC and partners
July 28, 2021 28 Jul'21
COP26 cyber resource hub launched for Glasgow businesses

New digital information hub for Glasgow business to help organisations keep secure both physically and online ahead of major climate change summit
July 27, 2021 27 Jul'21
ICO ends its involvement in dispute between NatWest Bank and data breach whistleblower

The Information Commissioner’s Office has ended its involvement in a dispute between a data breach whistleblower and NatWest bank
July 27, 2021 27 Jul'21
How IBM is solving the data privacy problem

IBM’s fully homomorphic encryption technology lets enterprises apply analytics and machine learning to encrypted data without compromising data privacy
July 25, 2021 25 Jul'21
Tokyo 2020 hit by data breach

The user names and passwords of Tokyo 2020 ticket holders and event volunteers were reportedly compromised, but government official claims the data leak was not large
July 25, 2021 25 Jul'21
OAIC: Uber failed to protect personal data of Australians

Uber did not take reasonable steps to protect Australians’ personal information from unauthorised access, says Australia’s national privacy watchdog
July 21, 2021 21 Jul'21
France’s Macron among alleged Pegasus targets

Data relating to devices used by French president Emmanuel Macron and the head of the World Health Organization, among others, has been uncovered in a dataset linked to government use of spyware
July 20, 2021 20 Jul'21
NCSC’s Cameron urges deeper cyber alliance-building

Speaking to an event in Israel, NCSC CEO Lindy Cameron has praised joint UK-Israeli efforts on security collaboration