News

IT risk management

• April 19, 2024 19 Apr'24

  Tech companies operating with opacity in Israel-Palestine

  Tech firms operating in Occupied Palestinian Territories and Israel are falling “woefully short” of their human rights responsibilities amid escalating devastation in Gaza, says Business & Human Rights Resource Centre

• April 18, 2024 18 Apr'24

  CSA warns of emerging security risks with cloud and AI

  Few users appreciate the security risks of cloud and have the expertise to implement the complex security controls, says CSA chief executive David Koh

• April 18, 2024 18 Apr'24

  TUC publishes legislative proposal to protect workers from AI

  Proposed bill for regulating artificial intelligence in the UK seeks to translate well-meaning principles and values into concrete rights and obligations that protect workers from systems that make ‘high-risk’ decisions about them

• April 17, 2024 17 Apr'24

  Mandiant formally pins Sandworm cyber attacks on APT44 group

  Mandiant has formally attributed a long-running campaign of cyber attacks by a Russian state actor known as Sandworm to a newly designated advanced persistent threat group to be called APT44

• April 16, 2024 16 Apr'24

  US provides assurances over extradition of WikiLeaks founder Julian Assange

  Extradition of the WikiLeaks founder moves a step closer after the US government gives diplomatic assurances over his treatment in the US. Assange supporters accuse the US of ‘weasel words’

• April 16, 2024 16 Apr'24

  CISOs not yet convinced to invest in AI

  CISOs say their eyes are fixed firmly on threats like ransomware and supply chain attacks, and while AI is becoming a threat that needs to be dealt with, it’s not yet an immediate spending priority

• April 16, 2024 16 Apr'24

  CW Innovation Awards: Balancing security and user experience

  The National University of Singapore’s Safe initiative has strengthened the security of IT systems and end-user devices while prioritising user experience through passwordless access

• April 15, 2024 15 Apr'24

  More social engineering attacks on open source projects observed

  In the wake of the recent XZ Utils scare, maintainers of another open source project have come forward to say they may have experienced similar social engineering attacks

• April 15, 2024 15 Apr'24

  EU’s AI Act fails to protect the rule of law and civic space

  Analysis reveals that the AI Act is ‘riddled with far-reaching exceptions’ and its measures to protect fundamental rights are insufficient

• April 12, 2024 12 Apr'24

  Apple iPhone security alert renews spyware concerns

  An Apple security alert received by users in 92 countries raises fresh fears over ongoing campaigns by users of mercenary spyware products

• April 12, 2024 12 Apr'24

  UK in critical need of regulation to fight misinformation online

  Misinformation, where it is generated by AI, poses a serious threat due to the ease with which plausible false content can be created and spread

• April 11, 2024 11 Apr'24

  Government dismisses Lords’ concerns over facial recognition

  UK government is claiming police forces’ use of live facial recognition is comprehensively covered by existing laws, in response to a Lords investigation that found police lacked a clear legal basis to deploy it

• April 10, 2024 10 Apr'24

  Salesforce helps customers establish bug bounty programmes

  Salesforce has added new learning content to its Trailhead platform designed to help customers develop their own bug bounty programmes

• April 10, 2024 10 Apr'24

  Patch Tuesday: Windows Server 2008 receives emergency security patch

  Support for the OS ended in 2020, but four years on and there's a live exploit of a security flaw that impacts all Windows users

• April 09, 2024 09 Apr'24

  UK plc failing on multiple cyber measures

  Government report shows 50% of businesses and 32% of charities reported a cyber attack or breach in the past 12 months and organisations across the UK are failing on multiple cyber measures

• April 09, 2024 09 Apr'24

  Public worried by police and companies sharing biometric data

  More than half of the British public do not feel comfortable with police forces sharing biometric data with the private sector, including facial recognition images, to tackle crimes such as shoplifting

• April 09, 2024 09 Apr'24

  Is a cyber arms control treaty out of reach?

  The world needs cyber arms control more than ever, but the challenges facing a multilateral agreement will be hard to surmount, according to researchers at Germany’s Digital Society Institute

• April 08, 2024 08 Apr'24

  What Cisco’s Splunk acquisition means for APAC customers

  APAC organisations can expect better visibility and insights into their networks and applications along with automation and response capabilities to improve their digital resilience

• April 05, 2024 05 Apr'24

  China ramps up use of AI misinformation

  Microsoft researchers have identified a growing pattern of AI-laced misinformation and political interference coming from Chinese threat actors

• April 05, 2024 05 Apr'24

  How Oracle Red Bull Racing guards against cyber threats

  The F1 team is tapping managed security services, conducting penetration tests and improving security awareness among employees to fend off cyber threats such as phishing and ransomware

• April 04, 2024 04 Apr'24

  Changes needed for SOCs and CSIRTs, claims Dutch research institute

  Cyber security specialists need a game-changer to keep up with their adversaries, who increasingly use automation and AI for their attacks

• April 04, 2024 04 Apr'24

  Obituary: Professor Ross Anderson, pioneer in security engineering and campaigner

  Ross Anderson, a titan in the field of security engineering and campaigner for privacy and security, has passed away

• April 03, 2024 03 Apr'24

  RDP abused in over 90% of cyber attacks, Sophos finds

  Threat actors continue to see great success using simple, tried and tested methods, and many defenders are failing to do the basics

• March 29, 2024 29 Mar'24

  Organisations getting better at spotting identity fraud

  As the barriers to committing identity fraud continue to drop, organisations should consider more sophisticated technical measures to successfully up their game, according to a report

• March 28, 2024 28 Mar'24

  UK plc going backwards on cyber maturity, Cisco report claims

  Fewer UK organisations believe their cyber security postures have reached a mature level than did so 12 months ago, as they struggle to keep up with new challenges and a fast-evolving threat landscape

• March 28, 2024 28 Mar'24

  Sellafield to be prosecuted over alleged cyber compliance failure

  Sellafield Ltd, the organisation responsible for cleaning up and decommissioning the UK's largest nuclear waste site, is to be prosecuted over alleged cyber security failings dating back to 2019

• March 26, 2024 26 Mar'24

  Shareholders win when businesses do better at cyber

  The more advanced a company’s cyber security performance, and the more engaged its board is with security issues, the greater the return for shareholders, a report has found

• March 26, 2024 26 Mar'24

  NCSC reaffirms guidance for those at risk of Chinese state hacking

  As the UK and US governments announce sanctions and indictments of a Chinese state threat actor, the NCSC has reiterated its security advice for individuals at risk of being targeted for espionage purposes

• March 25, 2024 25 Mar'24

  Chinese hackers responsible for two ‘malicious’ cyber campaigns against UK

  Government sanctions two Chinese nationals and a Chinese company identified as responsible for cyber campaigns against government officials and members of parliament

• March 25, 2024 25 Mar'24

  Britain’s democracy under threat from Chinese cyber attackers, government warns

  The deputy prime minister, Oliver Dowden, is due to tell Parliament that Beijing is behind a hacking attack that obtained details of 40 million UK voters and has targeted parliamentarians who have criticised the regime

• March 22, 2024 22 Mar'24

  Court finds EncroChat hacked messages admissible as former footballer is jailed

  A judge in ‘lead’ EncroChat case found that messages obtained by police from the encrypted phone network can be lawfully used in evidence

• March 21, 2024 21 Mar'24

  NCSC guidance to help CEOs work through cyber incidents

  The NCSC has published in-depth guidance on how business leaders should respond to a cyber attack or data breach. Learn about some of the key steps you will need to follow

• March 20, 2024 20 Mar'24

  UK’s cyber resilience stagnates as more fall victim to attacks

  The government is calling on businesses to ramp up their cyber protections as study shows improvements to resilience are stagnating amid an ever-growing volume of attacks

• March 19, 2024 19 Mar'24

  Australia’s cyber security spending to grow 11.5% this year

  Highly publicised cyber attacks and growing regulatory obligations are keeping security and risk top of mind for Australian organisations this year, says Gartner

• March 18, 2024 18 Mar'24

  Spring Budget risks funding legally questionable police tech

  Open legal questions around how UK police are using facial recognition and cloud technology could undermine the £230m investment committed in the Spring Budget to “time and money-saving technology” for police

• March 18, 2024 18 Mar'24

  The Security Interviews: Alex Yampolskiy, SecurityScorecard

  Alex Yampolskiy conceived the idea for risk management specialist SecurityScorecard after getting stung by a SaaS supplier that was being cavalier with its customer data. He tells his story to Computer Weekly

• March 18, 2024 18 Mar'24

  Cohesity: We won’t abandon NetBackup customers or force migration

  CEO promises no forced migration to Cohesity and not to abandon any NetBackup product while building new leadership in artificial intelligence and security around Cohesity Gaia

• March 17, 2024 17 Mar'24

  UK’s AI ambitions pointless while cyber security is still neglected

  The UK’s AI ambitions may be at considerable risk without stronger cyber defences across the private and public sectors

• March 14, 2024 14 Mar'24

  Questions raised over NHS deletion of thousands of emails during whistleblower tribunal

  NHS doctor Chris Day has won the right to challenge a tribunal ruling that found no procedural unfairness when an NHS trust deleted thousands of emails. The case that raises wider questions about the use of electronic evidence

• March 13, 2024 13 Mar'24

  US authorities move a step closer to banning TikTok

  Lawmakers in Washington DC have moved a step closer to enacting a broad national ban on controversial video app TikTok in the US, with global ramifications

• March 13, 2024 13 Mar'24

  Microsoft AI-powered cyber service to go live in April

  After a year being previewed by beta customers, Microsoft’s much vaunted Copilot for Security service is about to go on general release, promising time savings and improved accuracy for hard-pressed security pros

• March 13, 2024 13 Mar'24

  British Library opens up over ransomware attack to help others

  The British Library has opted for full transparency after experiencing a devastating ransomware attack, publishing details of the intrusion, its response and the lessons it has learned

• March 12, 2024 12 Mar'24

  March Patch Tuesday throws up two critical Hyper-V flaws

  Two critical vulnerabilities in Windows Hyper-V stand out on an otherwise unremarkable Patch Tuesday

• March 12, 2024 12 Mar'24

  More DDoS attacks launched against APAC financial firms

  The financial sector in Asia-Pacific saw more DDoS attacks in 2023, but no notable impact was reported, according to a report by Akamai and FS-ISAC

• March 11, 2024 11 Mar'24

  Government not facing up to CNI cyber risks, committee warns

  The Joint Committee on the National Security Strategy has accused the government of burying its head in the sand over the cyber threat to UK critical infrastructure

• March 11, 2024 11 Mar'24

  Dutch organisations vulnerable to deepfake fraud

  With the information many employees share on social media, Dutch companies are especially vulnerable to a new form of fraud

• March 11, 2024 11 Mar'24

  How Microsoft is easing GenAI adoption into financial services

  Microsoft is supporting enterprise deployment models, addressing the risks of the technology and leveraging its industry cloud capabilities to ease generative AI adoption in the financial sector

• March 11, 2024 11 Mar'24

  TechUK calls for next government to introduce ‘industrial strategy’ for AI

  Trade group TechUK publishes blueprint calling for winner of next election to boost tech startups, digitise government services and accelerate technology R&D

• March 08, 2024 08 Mar'24

  OSS leaders detail commitments to bolster software security

  CISA has announced a number of actions to help secure the global open source ecosystem, as leading package repositories including the Python and Rust foundations advance their own initiatives

• March 07, 2024 07 Mar'24

  PSNI chief denies ‘industrial’ use of surveillance powers against journalists

  PSNI chief constable Jon Boutcher has agreed to provide a report on police surveillance of journalists and lawyers to Northern Ireland’s policing watchdog