News

IT risk management

• August 13, 2024 13 Aug'24

  NIST debuts three quantum-safe encryption algorithms

  NIST has launched the first three quantum-resistant encryption algorithms, and as the threat of quantum-enabled cyber attacks grows greater, organisations are encouraged to adopt them as soon as they can

• August 13, 2024 13 Aug'24

  Australia’s cyber security skills gap remains pressing issue

  Study reveals Australia’s critical shortage of cyber security professionals, escalating the risk of data breaches

• August 08, 2024 08 Aug'24

  Royal ransomware crew puts on a BlackSuit in rebrand

  The Royal ransomware gang is back, with a new name and refreshed capabilities, including an apparently unique ‘partial encryption’ gambit, according to CISA

• August 08, 2024 08 Aug'24

  US lawmakers seek to brand ransomware gangs as terrorists

  Proposals from legislators in Washington DC could shake up the global ransomware ecosystem and give law enforcement sweeping new powers

• August 08, 2024 08 Aug'24

  Ofcom issues online safety warning to firms in wake of UK riots

  Ofcom has issued a warning reminding social media firms of their upcoming online safety obligations, after misinformation about the Southport stabbings sparked racist riots throughout the UK

• August 07, 2024 07 Aug'24

  Microsoft and CrowdStrike hit back at Delta’s legal threats

  Microsoft and CrowdStrike have rejected claims by Delta Air Lines that it was left high and dry amid thousands of flight cancellations during July’s software outage, accusing the airline of ignoring their offers of help and running out-of-date IT ...

• August 06, 2024 06 Aug'24

  2024 seeing more CVEs than ever before, but few are weaponised

  The number of disclosed CVEs soared by 30% in the first seven-and-a-half months of the year, but a tiny fraction of these have been exploited by threat actors, a reminder of the importance of focused security strategies

• August 05, 2024 05 Aug'24

  World’s largest companies at near-universal risk of supply chain breach

  Data from SecurityScorecard once again focuses on the interconnected nature of business supply chains and the risk posed to operational resilience by unexpected IT problems and cyber threats

• August 02, 2024 02 Aug'24

  How CrowdStrike is leveraging AI to empower security teams

  CrowdStrike CTO Elia Zaitsev explains how the company’s multi-agent AI architecture can help to enhance analyst efficiency and tackle cyber security challenges

• August 01, 2024 01 Aug'24

  CrowdStrike shareholders sue, alleging false security claims

  A US pension fund is lining up a lawsuit against CrowdStrike, claiming the cyber company lied about the integrity of its systems, leading to failings that caused a worldwide IT outage

• August 01, 2024 01 Aug'24

  Banks, telcos call for more data sharing to fight fraud

  A Which?-led coalition of banks and telecoms operators is calling on the UK's new government to take the lead on enabling data sharing to help fight digital fraud

• July 31, 2024 31 Jul'24

  API attacks surge by 65% in APAC, fuelled by rapid digitisation

  Akamai's report reveals a significant rise in cyber attacks on web applications and APIs in the region over the past year, with financial and commerce sectors hardest hit

• July 31, 2024 31 Jul'24

  Campaigners call for evidence to reform UK cyber laws

  The CyberUp Campaign for reform of the 1990 Computer Misuse Act launches an industry survey inviting cyber experts to share their views on how the outdated law hinders legitimate work

• July 31, 2024 31 Jul'24

  Breach costs soar as record ransomware payment made

  IBM publishes data on the spiralling costs of cyber attacks and data breaches, while researchers identify what appears to be the largest ransomware payment ever made

• July 30, 2024 30 Jul'24

  Basic failures led to hack of Electoral Commission data on 40 million people

  UK government identifies Chinese state-linked hackers as likely to have been behind attack on the Electoral Commission

• July 29, 2024 29 Jul'24

  Scam CrowdStrike domains growing in volume

  Hundreds of malicious domains exploiting CrowdStrike’s branding are appearing all over the web in the wake of the 19 July outage. Experts from Akamai share some noteworthy examples, along with guidance on how to avoid getting caught out

• July 29, 2024 29 Jul'24

  CrowdStrike says most Falcon sensors now up and running

  The vast majority of CrowdStrike Falcon sensors affected by a coding error have now been recovered, with a final resolution expected this week

• July 29, 2024 29 Jul'24

  WTO digital trade agreement aims to modernise global commerce

  A digital trade deal negotiated over five years at the World Trade Organization has been signed by 91 countries, laying the groundwork for a new global digital trade regime

• July 26, 2024 26 Jul'24

  Ban predictive policing and facial recognition, says civil society

  A coalition of civil society groups is calling for an outright ban on predictive policing and biometric surveillance in the UK

• July 25, 2024 25 Jul'24

  North Korean cyber APT targeting nuclear secrets

  Mandiant has upgraded the North Korean threat actor known as Andariel to APT status and warned of coordinated efforts to steal western military IP, including nuclear secrets

• July 25, 2024 25 Jul'24

  Fortune 500 stands to lose $5bn plus from CrowdStrike incident

  The largest global organisations hit by the CrowdStrike-Microsoft incident on 19 July will likely be out of pocket to the tune of billions of dollars

• July 24, 2024 24 Jul'24

  CrowdStrike blames outage on content configuration update

  CrowdStrike publishes the preliminary findings of what will be a lengthy investigation into the root causes of the failed 19 July update that caused Windows computers to crash all over the world

• July 24, 2024 24 Jul'24

  Mimecast to buy insider threat specialist Code42

  Mimecast is to buy fellow human-centred risk experts Code42 for an undisclosed sum to take advantage of its insider threat and data loss protection specialisms

• July 23, 2024 23 Jul'24

  Innovations to power secure-by-design development

  Secure Code Warrior unveils technology designed to help CISOs and AppSec teams ensure their projects remain safe and free of coding errors and vulnerabilities – a big issue following the CrowdStrike incident

• July 22, 2024 22 Jul'24

  NCSC: Beware of criminal CrowdStrike opportunists

  Financially motivated cyber criminals are already conducting opportunistic attacks on organisations that leverage the CrowdStrike incident, and more targeted attacks are sure to follow

• July 22, 2024 22 Jul'24

  CrowdStrike chaos shows risks of concentrated ‘big IT’

  The concentration of so much mission-critical technology in the hands of a few large suppliers makes incidents like the Microsoft-CrowdStrike outage all the more dangerous

• July 21, 2024 21 Jul'24

  CrowdStrike update snafu affected 8.5 million Windows devices

  About 8.5 million devices globally were hit by the botched CrowdStrike update, with a significant number now back online and operational

• July 19, 2024 19 Jul'24

  Global Microsoft outage hits NHS GP IT system

  The Emis Web IT system used by more than half of GP practices in the UK is down, following the worldwide Microsoft outage

• July 18, 2024 18 Jul'24

  Lawyers and journalists seeking ‘payback’ over police phone surveillance, claims former detective

  Former Durham detective will be required to give evidence to a tribunal investigating allegations that police unlawfully monitored journalists’ phones

• July 17, 2024 17 Jul'24

  UK Cyber Bill teases mandatory ransomware reporting

  In the Cyber Security and Resilience Bill introduced in the King's Speech, the UK's new government pledges to give regulators more teeth to ensure compliance with security best practice and to mandate incident reporting

• July 17, 2024 17 Jul'24

  How iProov is fending off deepfake fraud

  Facial biometrics and controlled illumination can detect liveness, verify identities and help prevent deepfake attacks

• July 16, 2024 16 Jul'24

  Strategic Defence Review must emphasise cyber security, says industry

  Cyber security leaders say the new government's Strategic Defence Review needs to put digital security front and centre

• July 15, 2024 15 Jul'24

  How Snowflake is tackling AI challenges

  Snowflake’s regional leader Sanjay Deshmukh outlines how the company is helping customers to tackle the security, skills and cost challenges of AI implementations

• July 11, 2024 11 Jul'24

  Dutch research firm TNO pictures the SOC of the future

  In only a few years, security operations centres will have a different design and layout, and far fewer will remain

• July 11, 2024 11 Jul'24

  Inside Israel’s cyber security operations

  An emergency phone line allows cyber security analysts at the Israel Computer Emergency Response Team to map threats against national infrastructure

• July 10, 2024 10 Jul'24

  The security interview: Managing the ‘no’ mindset

  Matt Riley, data protection and information security officer at Sharp Europe, discusses balancing cyber risks with business leaders’ goals

• July 09, 2024 09 Jul'24

  Hyper-V zero-day stands out on a busy Patch Tuesday

  Microsoft has fixed almost 140 vulnerabilities in its latest monthly update, with a Hyper-V zero-day singled out for urgent attention

• July 09, 2024 09 Jul'24

  Chinese spies target vulnerable home office kit to run cyber attacks

  China’s APT40 is ramping up targeting of victims using vulnerable small and home office networking kit as command and control infrastructure, according to an international alert

• July 08, 2024 08 Jul'24

  Synnovis attack highlights degraded, outdated state of NHS IT

  More cyber attacks against the health service are likely, and will succeed if something isn’t done to address the increasingly elderly NHS IT estate, experts are warning

• July 03, 2024 03 Jul'24

  NCA’s Operation Morpheus targets illicit Cobalt Strike use

  International law enforcement operation targets cyber criminals using the Cobalt Strike penetration testing framework for dodgy purposes

• June 28, 2024 28 Jun'24

  How FWD is driving its digital strategy

  FWD’s group chief technology and operations officer talks up how the pan-Asian insurer is driving change faster and putting technology at the heart of its services

• June 28, 2024 28 Jun'24

  How Recorded Future is operationalising threat intelligence

  Recorded Future is investing in APIs to enable automated security workflows, among other measures, to help organisations overcome the hurdles of operationalising threat intelligence

• June 26, 2024 26 Jun'24

  Israel’s cyber chief calls for international front against Iranian hackers

  Israel’s cyber chief has called for international action against Iran over state-backed hacking

• June 26, 2024 26 Jun'24

  Police Scotland did not consult ICO about high-risk cloud system

  Police Scotland chose not to formally consult with the data regulator about the risks identified with a cloud-based digital evidence sharing system, while the regulator itself did not follow up for nearly three months

• June 25, 2024 25 Jun'24

  WikiLeaks founder Julian Assange freed from prison

  A deal reached with US authorities will end the WikiLeaks founder’s years-long legal saga, setting him free if he pleads guilty to a criminal conspiracy charge

• June 24, 2024 24 Jun'24

  Sellafield pleads guilty to criminal charges over cyber security

  Nuclear Decommissioning Authority-backed organisation Sellafield Ltd pleads guilty to criminal charges brought over significant cyber security failings that could have compromised sensitive nuclear information

• June 21, 2024 21 Jun'24

  Sellafield whistleblower ordered to pay costs after email tampering claims

  A former consultant at Sellafield has been ordered to pay costs for having ‘acted unreasonably’ in claiming the nuclear facility tampered with metadata in letters used against her in court

• June 21, 2024 21 Jun'24

  Qilin ransomware gang publishes stolen NHS data online

  The ransomware gang behind a major cyber attack on NHS supplier Synnovis has published a 400GB trove of private healthcare data online

• June 21, 2024 21 Jun'24

  ICO police cloud guidance released under FOI

  Long-awaited guidance from the UK data regulator on police cloud deployments highlights some potential data transfer mechanisms it thinks can clear up ongoing legal issues, but tells forces it’s up to them to decide if the measures would work

• June 19, 2024 19 Jun'24

  Microsoft admits no guarantee of sovereignty for UK policing data

  Documents show Microsoft’s lawyers admitted to Scottish policing bodies that the company cannot guarantee sensitive law enforcement data will remain in the UK, despite long-standing public claims to the contrary