News

IT risk management

• May 12, 2021 12 May'21

  Inside DarkSide: Researchers share intel on break-out cyber gang

  Security researchers swap information on the newly famous DarkSide ransomware gang, the group that doesn’t appear to understand what ‘being a criminal’ actually means

• May 12, 2021 12 May'21

  CyberUK 2021: NCSC encourages startups to invest in cyber

  National Cyber Security Centre is launching bespoke cyber security guidance aimed at the UK’s valuable startup community

• May 12, 2021 12 May'21

  UK to fund national cyber teams in Global South

  Government will commit millions of pounds to supporting vulnerable countries in establishing cyber capacity

• May 12, 2021 12 May'21

  Microsoft fixes four critical bugs on lighter Patch Tuesday

  Four critical RCE vulnerabilities put users of various Microsoft products at risk, and should be patched right away

• May 12, 2021 12 May'21

  The Security Interviews: Why helpful bots could hurt vaccine roll-outs

  Earlier this year, spikes in traffic to websites containing information about Covid-19 vaccines were attributed by Imperva to automated bots scraping data. Why is that a problem?

• May 11, 2021 11 May'21

  UK Plc invited to sign up for Early Warning of cyber incidents

  The launch of the Early Warning incident notification service is among the enhancements being made by the NCSC to its service packages

• May 11, 2021 11 May'21

  NCSC cyber guidance targets cloud and home working

  The NCSC’s refreshed cyber security guidance for larger organisations places particular emphasis on cloud, home working and ransomware

• May 11, 2021 11 May'21

  Government to reform Computer Misuse Act

  Home secretary Priti Patel will explore reforming the Computer Misuse Act as calls mount for the 31-year-old law to be updated to reflect the changed online world

• May 11, 2021 11 May'21

  SolarWinds CEO calls for collective action against state attacks

  SolarWinds CEO tells NCSC’s CyberUK conference he is exploring the possibility of collaborating with other companies on collective cyber action against attacks backed by nation states

• May 11, 2021 11 May'21

  Colonial Pipeline ransomware attack has grave consequences

  The ramifications of a major ransomware attack against a US fuel pipeline operator could spread far and wide

• May 10, 2021 10 May'21

  NCSC Active Cyber Defence blocks surge of pandemic scams

  The NCSC responded to a surge in online scams last year as it moved to protect both the general public and critical national services during the pandemic

• May 07, 2021 07 May'21

  NCSC, CISA publish new information on Russia’s Cozy Bear

  New intelligence from UK and US cyber agencies suggests that APT29, or Cozy Bear, has been switching up its tactics

• May 07, 2021 07 May'21

  NCSC publishes smart city security guidelines

  Guidance for local authorities, IT and cyber professionals aims to ensure the security of connected, smart city projects

• May 07, 2021 07 May'21

  Cyber accreditation to improve legal standing of security pros

  Institute of Cyber Digital Investigations Professionals will help incident responders and cyber investigators get the professional recognition they deserve

• May 07, 2021 07 May'21

  Reddit enlists HackerOne to run public bug bounty programme

  Online community platform is opening up its HackerOne bug bounty programme to any ethical hacker who cares to have a look under the bonnet

• May 07, 2021 07 May'21

  Ransomware, supply chain attacks show no sign of abating

  Security experts at Black Hat Asia 2021 discuss the state of ransomware and supply chain attacks, two of the most common attack vectors that offer high returns for threat actors

• May 06, 2021 06 May'21

  Google to introduce mandatory MFA for users

  In future, holders of Google accounts will have no option but to use multifactor authentication if they want to use the firm’s services

• May 05, 2021 05 May'21

  Dysfunctional cyber, network teams disrupt digital transformation

  Despite shared goals, combative and dysfunctional relationships within specialist tech teams are putting digital transformation projects at risk, according to a report

• May 04, 2021 04 May'21

  Half of organisations breached via a third party in 12 months

  New report highlights the risks of outsourcing key business processes without paying due care and attention to your service provider’s security

• May 03, 2021 03 May'21

  New standard to simplify IoT device onboarding

  Fido Alliance’s device onboarding protocol will automate the process of connecting internet-of-things devices to device management platforms while improving security

• April 30, 2021 30 Apr'21

  EncroChat: Top lawyer warned CPS of risk that phone hacking warrants could be unlawful

  Lord David Anderson QC warned prosecutors that there were formidable arguments against the lawfulness of a police operation to infiltrate the encrypted phone network, EncroChat

• April 30, 2021 30 Apr'21

  End of support for Build 1909 leaves some Windows open to attack

  Biannual Windows updates free IT staff from major updates, but some people prefer older builds of Windows, which leaves a gaping security hole

• April 28, 2021 28 Apr'21

  Covid-19 security challenges leave bank customers at risk

  Challenges arising from the pandemic have left gaping holes in banking security, putting consumers at risk of fraud

• April 28, 2021 28 Apr'21

  Recruiters can’t afford to hold out for cyber ‘unicorns’

  The perfect security candidate is hard to find, so hiring policy needs to be more pragmatic

• April 28, 2021 28 Apr'21

  NHS App to serve as vaccine passport for foreign holidays

  Existing NHS App will have vaccine passport functionality added to it, transport secretary confirms

• April 27, 2021 27 Apr'21

  Total cost of ransomware attack heading towards $2m

  Sophos’ latest study finds that ransomware attacks are proving increasingly disruptive to their victims’ finances

• April 27, 2021 27 Apr'21

  Leaky Azure storage account puts software developer IP at risk

  Source code for multiple products was left exposed in an unsecured Microsoft Azure cloud storage account, say researchers, but attributing responsibility for the error has proved difficult

• April 27, 2021 27 Apr'21

  The Security Interviews: Making sense of outbound email security

  Screening inbound emails is an accepted part of an organisation’s security posture, but the topic of securing outbound traffic is less often discussed. Zivver’s Rick Goud is on a mission to change this

• April 22, 2021 22 Apr'21

  GCHQ: Cyber investment a guarantor of UK’s global status

  GCHQ director Jeremy Fleming sets out a vision for the UK’s cyber security future

• April 22, 2021 22 Apr'21

  Automation, zero-trust, API-based security priorities for EMEA CISOs

  Report by FireMon sheds light on buyer behaviour across the EMEA region

• April 22, 2021 22 Apr'21

  ToxicEye malware exploits Telegram messaging service

  The Telegram instant messaging service is being used by malicious actors to manage a remote access trojan called ToxicEye

• April 21, 2021 21 Apr'21

  NCSC offers teachers free cyber security training

  The NCSC’s latest security training offer builds on a package of measures designed to protect schools from cyber attack

• April 21, 2021 21 Apr'21

  SonicWall Email Security zero-days need urgent patch

  Users of SonicWall Email Security are advised to patch immediately, but the supplier is being criticised for the pace of its response

• April 21, 2021 21 Apr'21

  Time is running out to probe networks for Emotet

  Security teams will lose an unprecedented opportunity to gain valuable intelligence to enhance their defences when Emotet is finally ‘executed’ in a few days’ time

• April 20, 2021 20 Apr'21

  Health app myGP adds Covid-19 vaccine passport function

  The new feature is described as the UK’s first NHS-assured Covid-19 certification feature

• April 20, 2021 20 Apr'21

  UK’s proposed IoT cyber security law gathers momentum

  New statistics appear to vindicate UK government proposals to force suppliers to be upfront about IoT security

• April 20, 2021 20 Apr'21

  Chinese APT exploits critical CVE in Pulse Secure VPN

  A newly disclosed vulnerability in Pulse Secure’s VPN is being exploited by a Chinese advanced persistent threat group – assume compromise and mitigate today

• April 20, 2021 20 Apr'21

  Codecov supply chain attack has echoes of SolarWinds

  Supply chain attack on code auditing service may have compromised the likes of HPE and IBM

• April 20, 2021 20 Apr'21

  Singapore’s ViewQwest debuts security service

  ViewQwest’s SecureNet service uses Palo Alto Networks’ next-generation firewall with deep packet inspection capabilities to guard against cyber threats

• April 18, 2021 18 Apr'21

  Government puts Facebook under pressure to stop end-to-end encryption over child abuse risks

  Facebook faces growing government pressure to abandon its plans to offer users end-to-end encryption to secure the privacy of their messages as the NSPCC raises concerns about child protection

• April 16, 2021 16 Apr'21

  Finnish government strengthens country’s IT network security

  Finland’s government has created a new national organisation to help public and private bodies improve network security

• April 15, 2021 15 Apr'21

  Biden sanctions Russia over SolarWinds cyber attacks

  US president imposes new sanctions on Russia following malicious cyber attacks against the US and allies

• April 15, 2021 15 Apr'21

  How Windows patching leaves security exposed

  Four years on since it devastated IT systems across the NHS, WannaCry remains a threat to organisations around the world

• April 14, 2021 14 Apr'21

  NSA unearths more MS Exchange vulnerabilities

  Microsoft patches more critical vulnerabilities in Exchange Server a month after the ProxyLogon incident, after being warned by the US National Security Agency

• April 13, 2021 13 Apr'21

  MP told to ditch official email over hacking fears

  MP Tom Tugendhat claims the intelligence services advised him to switch to the Gmail service due to concerns his parliamentary email could be hacked

• April 13, 2021 13 Apr'21

  Covid-19 left people feeling vulnerable to cyber crime

  Around 15 million people in the UK experienced cybercrime in the past 12 months, with a cumulative 64 million hours wasted dealing with the fallout

• April 13, 2021 13 Apr'21

  Millions of devices at risk from NAME:WRECK DNS bugs

  Newly disclosed set of nine DNS vulnerabilities puts over 100 million consumer, enterprise and industrial IoT devices at risk

• April 12, 2021 12 Apr'21

  Vaccine passports and travel plans race up Covid threat charts

  With lockdown restrictions easing in the UK, cyber criminals are tailoring their phishing lures to new areas of interest

• April 11, 2021 11 Apr'21

  Executive interview: Unleashing blockchain’s potential

  Labrys founder and CEO Lachlan Feeney offers his observations about blockchain adoption in Australia, and what his firm is doing to help organisations unleash the full potential of the technology

• April 09, 2021 09 Apr'21

  NCSC: Using your pet’s name as a password is very stupid

  If your email password is still Rex, Rover or Mr Fluffles, it’s probably best to change it, the NCSC has said