News

IT risk management

• December 06, 2019 06 Dec'19

  Great Cannon DDoS operation fires on Hong Kong protesters

  AT&T’s security unit has evidence that China is pressing its Great Cannon DDoS tool into service once again, specifically to target pro-democracy protests in Hong Kong

• December 05, 2019 05 Dec'19

  Black Hat Europe: Mental health websites are leaking user data

  At Black Hat Europe in London, researchers reveal the extent to which confidential data is being leaked to third parties by online mental health websites

• December 05, 2019 05 Dec'19

  Aviatrix VPN vulnerability left user endpoints wide open

  Immersive Labs has disclosed a serious vulnerability in VPN supplier Aviatrix’s enterprise client that could have granted hackers elevated user privileges across enterprise targets

• December 03, 2019 03 Dec'19

  Tenable buys Indegy to integrate IT and OT security

  Acquisition of industrial security specialist Indegy will create a unified, risk-based platform spanning both IT and OT security for Tenable

• December 03, 2019 03 Dec'19

  Chinese web users take more risks than Brits or Americans

  A research paper published by the University of Birmingham seems to show that differences in cultural values have an impact both on risky behaviour online and legal regulation

• November 29, 2019 29 Nov'19

  TfL locks down Oyster accounts to ward off credential stuffing

  Mandatory password reset for all travellers who use Oyster and contactless payment systems follows minor breach incident earlier in 2019

• November 28, 2019 28 Nov'19

  The Security Interviews: Do cyber weapons need a Geneva Convention?

  On a cold afternoon in Finland, F-Secure’s Mikko Hypponen discusses cyber weapons and nation state threats, and explains why arms limitations treaties might one day expand to include malware and other threats

• November 28, 2019 28 Nov'19

  Top APAC security predictions for 2020

  More attacks on critical infrastructure, supply chain vulnerabilities and file-less attacks are some of the security threats that enterprises should keep an eye on next year

• November 27, 2019 27 Nov'19

  Security skills gap will take a decade to fill

  The British education systems cannot move fast enough to address the security skills crisis, and in the absence of government action increased reliance on automation may be the least worst solution

• November 26, 2019 26 Nov'19

  Enterprises muddled over cloud security responsibilities

  A McAfee study suggests that 2020 will be a big year for cloud adoption, but confusion still persists over who is responsible for securing it

• November 26, 2019 26 Nov'19

  Facebook undermined rivals in bid to dominate global messaging

  Facebook used buyouts and bullying tactics towards competitors to grow its business empire, documents leaked to Computer Weekly reveal

• November 25, 2019 25 Nov'19

  AI may open dangerous new frontiers in geopolitics

  Truly artificial intelligence has the potential to provoke an international geopolitical crisis, warns F-Secure’s Mikko Hypponen

• November 25, 2019 25 Nov'19

  Uber app exploit posed safety risk to passengers

  A flaw in Uber’s system meant thousands of trips in London were taken with unauthorised drivers at the wheel

• November 25, 2019 25 Nov'19

  Conservatives propose national cyber crime force

  Manifesto also says Tories would “empower the police to safely use new technologies like biometrics and artificial intelligence, along with the use of DNA, within a strict legal framework”

• November 22, 2019 22 Nov'19

  Mystery surrounds leak of four billion user records

  Threat researchers uncover four billion user records on a wide-open Elasticsearch server but who left them there is a mystery

• November 22, 2019 22 Nov'19

  Some 29,000 UK web domains suspended for criminal activity

  Domain suspensions for criminal activity over the past year has dropped for the first time since 2014

• November 20, 2019 20 Nov'19

  Mimecast blocked 99 billion suspicious emails in third quarter

  Latest threat intelligence report reveals the scale of the threat posed by malicious emails, with the transport, legal and financial sectors hit hardest

• November 20, 2019 20 Nov'19

  Massive increase in fraud attacks on TSB customers during IT meltdown

  There was a massive spike in attempts by fraudsters to steal from TSB customers when the bank’s IT systems failed in 2018

• November 19, 2019 19 Nov'19

  Public sector risks downplayed by senior IT leaders

  Sophos reveals a significant cyber security perception gap between senior IT and security leaders in the public sector and their front-line teams

• November 19, 2019 19 Nov'19

  Businesses failing to wipe data from old endpoints

  Organisations are not taking adequate precautions to sanitise data held on endpoints when refreshing their PC or mobile device estates

• November 19, 2019 19 Nov'19

  Huawei shrugs off latest US reprieve

  Chinese tech giant dismisses the latest extension of the US Temporary General Licence and maintains that the US government is harming its own interests in banning it

• November 19, 2019 19 Nov'19

  Managed services fuelling APAC security market

  Spending on managed security services will account for almost half of Asia-Pacific’s cyber security market by 2023, as global and local providers shore up their offerings in the region

• November 14, 2019 14 Nov'19

  Home Office Brexit app contains multiple security flaws

  The Home Office’s Brexit app may be putting EU citizens’ personal data at risk

• November 13, 2019 13 Nov'19

  Business leaders fibbing to cover up lax security posture

  Nominet study finds evidence that many businesses tout the robustness of their security posture as a selling point even though their security teams lack confidence in themselves

• November 13, 2019 13 Nov'19

  Attack on Labour shows need for DDoS defence but should alarm few

  After being hit by two DDoS attacks in the space of 24 hours, many commentators are convinced the UK’s Labour Party is the victim of foreign interference in the General Election campaign. It probably isn’t

• November 13, 2019 13 Nov'19

  Cyber risk insurance is more than just insurance

  Insurance companies such as Chubb are offering incident response services and security tools to help companies improve their cyber security posture and better cope with cyber attacks

• November 12, 2019 12 Nov'19

  Nordic SMEs lack the money needed for cyber security

  Businesses and governments in Denmark and Norway are working together to address a cyber security shortfall for SMEs in each country

• November 12, 2019 12 Nov'19

  PCI DSS payment security compliance drops again

  Worldwide, barely one-third of companies are maintaining full compliance with the PCI DSS security standard – and the numbers are falling

• November 12, 2019 12 Nov'19

  IBM drums up quantum computing future

  IBM’s head honcho, Ginni Rometty, welcomes Australia’s Woodside Energy to the quantum computing fold through a partnership to harness the technology to shore up cyber security and plant operations

• November 08, 2019 08 Nov'19

  Security pros urged to get ahead of incoming BlueKeep exploits

  The BlueKeep RDP vulnerability is beginning to be exploited in the wild, and security teams have no excuse for not trying to get in front of it, says Microsoft

• November 06, 2019 06 Nov'19

  Trend Micro insider breach exposes need for data-centric protection

  Simple measures could have saved consumer security product supplier from insider breach

• November 06, 2019 06 Nov'19

  Global security workforce must more than double to meet demand

  There are about 2.8 million cyber security professionals working today, and the world needs four million more

• November 04, 2019 04 Nov'19

  EU patches 20-year-old open source vulnerability

  Ethical hackers taking part in a bug bounty programme on behalf of the European Union have uncovered a 20-year-old vulnerability

• November 01, 2019 01 Nov'19

  CIO must focus on easing data access to help data scientists build models more quickly

  Data scientists struggle to get the right data in the right format to build artificial intelligence models, so to benefit from AI, CIOs will need to simplify data access

• October 31, 2019 31 Oct'19

  Alibaba Cloud earns security credentials in automotive and healthcare sectors

  Alibaba Cloud’s compliance with Tisax and GxP follows earlier efforts by major public cloud suppliers to win over enterprises with strict data protection and security rules

• October 30, 2019 30 Oct'19

  What will succeed the National Cyber Security Strategy?

  As the National Cyber Security Strategy nears the end of its working life, the government is considering what comes next, and is asking probing questions of its successes and failures

• October 29, 2019 29 Oct'19

  Fancy Bear resumes Olympic hacks ahead of Tokyo games

  Fancy Bear is back in action and once again targeting anti-doping bodies and sporting organisations, warns Microsoft

• October 24, 2019 24 Oct'19

  Endpoint security is a procurement issue, says HP, IDC study

  Report warns that buyers are falling at the first hurdle on security by not including it in their endpoint RFPs and tenders

• October 23, 2019 23 Oct'19

  Take responsibility for cyber security basics, urges NCSC CEO

  At the launch of its third annual review, NCSC head Ciaran Martin appealed for individuals and businesses to address the fundamentals of cyber security hygiene to help lighten the load

• October 22, 2019 22 Oct'19

  Banks move to contain impact of Samsung biometric flaw

  NatWest and Nationwide have moved to lock down their mobile banking apps after Samsung warned of a biometric security flaw on its Galaxy and Note S10 devices

• October 22, 2019 22 Oct'19

  Over-30s tend to do better at cyber security than younger colleagues

  Attitudes to workplace cyber security differ by age group, but not in the way one might imagine, according to a new study by NTT Security

• October 21, 2019 21 Oct'19

  Trend Micro buys cloud security firm to broaden offering

  Acquisition of Cloud Conformity will address often overlooked cloud security fundamentals

• October 21, 2019 21 Oct'19

  Sodinokibi emerging as a diverse, multi-vector threat to businesses

  McAfee shares insight into the Sodinokibi ransomware campaign gleaned from its network of honeypots

• October 18, 2019 18 Oct'19

  Amazon consumer devices vulnerable to two-year-old exploit

  Millions of older Amazon Echo and Kindle devices are still susceptible to a Wi-Fi vulnerability that was first disclosed in 2017

• October 17, 2019 17 Oct'19

  BEIS launches multimillion-pound security investment package

  Government is making available more than £50m to support a range of new cyber security initiatives and collaborations, including the latest phase of its Digital Security by Design programme

• October 17, 2019 17 Oct'19

  NHSX could transform NHS security capabilities

  The health sector is increasingly confident that NHSX can deliver a streamlined, effective cyber security policy for the health service

• October 17, 2019 17 Oct'19

  Security threat landscape becomes more organised and business-like

  Approaches to securing the enterprise need to change in the face of a rapidly maturing threat landscape

• October 16, 2019 16 Oct'19

  Pitney Bowes ‘considering options’ after malware attack

  Mailing and shipping services firm in recovery mode after key systems were encrypted by a malware attack

• October 08, 2019 08 Oct'19

  How APAC enterprises can keep pace with container security

  For all the promises of containers, changes in architecture and practices associated with the technology bring new challenges and opportunities

• October 03, 2019 03 Oct'19

  IT contractor charged over cyber attack on property valuation firm

  Australian police charge 49-year-old man with stealing and posting more than 170,000 data records belonging to ASX-listed Landmark White on the dark web