News

IT security

October 21, 2020 21 Oct'20
NSA’s top CVE list a timely reminder to patch

Many of the CVEs detailed on the NSA’s top 25 chart are golden oldies
October 21, 2020 21 Oct'20
Charities warned over ‘Robin Hood’ cyber criminals

Accepting donations from cyber criminal groups could be deemed as profiting from crime, money laundering or handling stolen goods – so don’t do it
October 21, 2020 21 Oct'20
Trump and Biden campaign apps easy targets for cyber criminals

You don’t need a stellar IQ to exploit the dangerous StrandHogg Android vulnerability, and users of both Donald Trump’s and Joe Biden’s mobile apps are at risk of falling victim to it
October 21, 2020 21 Oct'20
Financial services staff want work-from-home policies to continue after Covid

About half of workers in the finance sector want their employers to retain remote working policies brought in during the pandemic

October 21, 2020 21 Oct'20
Customer loyalty accounts in danger from cyber criminals

Billions of credential stuffing attacks are harvesting valuable customer data for the dark web economy
October 21, 2020 21 Oct'20
Retailers get access to new security toolkit

The British Retail Consortium has worked with the NCSC to develop a new cyber security toolkit pitched at retailers
October 20, 2020 20 Oct'20
Hackney Council services to be disrupted ‘for some time’

Inability to make housing benefit payments is likely to sting some tenants as Hackney cyber attack drags on
October 20, 2020 20 Oct'20
Resilient Trickbot down but not yet knocked out

Global, Microsoft-led effort to disrupt the Trickbot botnet has seen some success, but new command and control servers continue to pop up
October 20, 2020 20 Oct'20
Police given access to self-isolation data

NHS Test and Trace self-isolation data will be made available to police after new guidance changes data-sharing rules
October 20, 2020 20 Oct'20
BA breach penalty sets new GDPR precedents

The 90% reduction in the fine levied on BA over a 2018 data breach has legal experts talking about the ramifications for the future of data protection

October 20, 2020 20 Oct'20
Six Russians charged over NotPetya and other attacks

Six members of the APT group known as Sandworm have been charged in the US over a series of attacks including the destructive NotPetya incident
October 16, 2020 16 Oct'20
BA argues ICO data breach fine down to £20m

Information Commissioner’s Office levies fine of £20m on British Airways for failing to protect the personal data of hundreds of thousands of passengers – a vast reduction on the initial £183m penalty
October 16, 2020 16 Oct'20
Spanish court to question witnesses over ‘illegal surveillance’ of WikiLeaks founder Julian Assange

The Spanish National Court in Madrid is to hear evidence from information security expert Andy Müller-Maguhn and two lawyers who were subject to ‘illegal surveillance’ of their meetings with Julian Assange at the Ecuadorian Embassy in London
October 15, 2020 15 Oct'20
Cloud data protection keeps the Crick’s medical research Covid-secure

Cloud data management services from Rubrik gave the Francis Crick Institute a data protection edge and have helped keep its vital work going through the pandemic
October 15, 2020 15 Oct'20
Arrests and indictments made in cyber money laundering ring

The NCA has revealed six men were arrested in the UK as part of an international investigation into a money laundering network which handled transactions for some of the world’s most prolific cyber criminal groups
October 15, 2020 15 Oct'20
Hackney services still offline in ongoing cyber attack

Services remain disrupted two days after council was hit by a serious incident, as residents are warned to be on their guard
October 14, 2020 14 Oct'20
Public sector security failings leave UK at risk, says think tank

Reform report urges adoption of new policies in the next version of the UK’s National Cyber Security Strategy
October 14, 2020 14 Oct'20
US Elections: Malicious internet domains spike as campaigns heat up

Internet domains related to the US presidential election are 56% more likely to be malicious than regular ones
October 14, 2020 14 Oct'20
Public data should not be held by US tech giants

One-off evidence sessions to follow up on the recommendations of the House of Lords AI Committee revisit the data and ethics debate
October 14, 2020 14 Oct'20
Fintech ‘unicorn’ Klarna probed over data misuse

Online bank blames misuse of user data on human error as Information Commissioner’s Office weighs in
October 14, 2020 14 Oct'20
Microsoft fixes 87 bugs in October 2020 Patch Tuesday

Smaller October Patch Tuesday update includes fixes for critical bugs in Windows 10 and Windows Server 2019
October 13, 2020 13 Oct'20
Suppliers neglecting virtual appliance security, putting users at risk

Software suppliers are often distributing their products on virtual appliances that contain known vulnerabilities or are running outdated or unsupported operating systems, according to a report
October 13, 2020 13 Oct'20
Hackney Council services offline after ‘serious’ cyber attack

Services to residents of the London borough of Hackney are being disrupted by a cyber attack
October 12, 2020 12 Oct'20
Trickbot forced offline in major cyber security victory

Coalition led by Microsoft obtained a court order enabling them to take down the infamous Trickbot botnet’s back-end server infrastructure
October 12, 2020 12 Oct'20
Five Eyes spy group again demands access to private messages

Spooks are once again calling for the tech industry to break end-to-end encryption in messaging platforms
October 12, 2020 12 Oct'20
Cyber security skills ad branded ‘crass’ by minister

Security skills campaign advert depicting a ballet dancer comes in for criticism as the arts sector struggles in the pandemic
October 12, 2020 12 Oct'20
Software AG caught in double extortion ransomware hit

Data stolen from prominent German software company by Clop ransomware gang appears on the dark web
October 12, 2020 12 Oct'20
Making sense of zero-trust security

Implementing zero-trust security is not an easy feat, but enterprises can still get it right if they approach it from a process perspective and get a handle on their infrastructure footprint
October 09, 2020 09 Oct'20
Magecart strikes website of school payments service Wisepay

Magecart credit card skimmer harvested financial data of users of Wisepay’s platform over a two-day period
October 08, 2020 08 Oct'20
NCSC relaunches SME security guide with home working focus

The NCSC is issuing an updated version of its guide to security for SMEs, reflecting the long-lasting changes to the world of work seen in 2020
October 08, 2020 08 Oct'20
Emotet rated September’s ‘most popular’ malware

The current resurgence of Emotet is attracting attention as governments issue new warnings and cyber criminals rush to exploit the chaotic US election
October 08, 2020 08 Oct'20
Coronavirus face mask spammer fined by ICO

The director of software company Studios MG spammed members of the public at the height of the pandemic as one of its directors tried to shift a job lot of face masks
October 08, 2020 08 Oct'20
Crown Prosecution Service suffers 1,600 data breaches in 12 months

CPS sees a spike in data security incidents, many of them serious enough to be reported to the Information Commissioner’s Office
October 08, 2020 08 Oct'20
Threat of GDPR fines increasingly driving security buying decisions

Scaring the people who hold the purse strings may be the best option for CISOs who need a little extra budget
October 07, 2020 07 Oct'20
5G regulation failures are a threat to UK’s national security

Defence Committee report on the security of 5G brands existing regulations outdated and unsatisfactory
October 07, 2020 07 Oct'20
Department for Education failed to protect data on millions of children, says ICO

The Department for Education’s National Pupil Database, which contains millions of items of data on the UK’s schoolchildren, was found to be non-compliant with data protection regulations across the board
October 07, 2020 07 Oct'20
UK accounts for 45% of Europe’s card fraud as criminals target online transactions

Payment card fraudsters steal €1.5bn, with card-not-present attacks accounting for three-quarters of this sum
October 07, 2020 07 Oct'20
ICO wraps up Cambridge Analytica investigation

Information Commissioner’s Office concludes its investigation into Cambridge Analytica, saying no additional evidence has come to light that would change its previous assessments
October 07, 2020 07 Oct'20
Southeast Asia remains hotspot for cyber attacks

Geopolitics and Covid-19 have been fodder for cyber criminals to advance their motives in Southeast Asia in 2020
October 06, 2020 06 Oct'20
EU’s top court questions legality of UK phone and internet data surveillance

European Court of Justice rules that the UK and EU member states must comply with EU privacy laws when harvesting people’s sensitive communications data from telecoms and internet companies
October 06, 2020 06 Oct'20
Scotland digital identity prototype pilot successful

Digital Identity Scotland’s 10-week test of its digital identity prototype finds that users understand the concept of two-factor authentication and using the same credentials across services
October 06, 2020 06 Oct'20
Ransomware attacks go through the roof

The volume of ransomware attacks has jumped 50% in the past three months, according to data produced at Check Point
October 06, 2020 06 Oct'20
CISOs struggle to keep up with MITRE ATT&CK framework

Despite its proven benefits for security, the MITRE ATT&CK framework is proving difficult for many, according to a joint study from McAfee and UC Berkeley
October 06, 2020 06 Oct'20
John McAfee arrested over cryptocurrency fraud

Erratic tech baron allegedly promoted initial coin offerings without disclosing he was being paid to do so
October 05, 2020 05 Oct'20
MosaicRegressor APT campaign using rare malware variant

Kaspersky researchers have shared details of a APT campaign utilising a rarely seen and hard-to-stop variety of malware
October 05, 2020 05 Oct'20
Fake news tops list of online concerns worldwide

Receiving false information is a greater worry than other online risks such as cyber bullying and fraud, says the Lloyd’s Register Foundation
October 05, 2020 05 Oct'20
HMRC warns locked-down freshers of ‘wave’ of tax scams

New university intake may be being targeted by cyber criminals amid Covid-19 confusion
October 05, 2020 05 Oct'20
FBI seized ‘legally privileged’ material from Ecuador Embassy, claims Julian Assange’s lawyer

The US struck a secret deal with Ecuador to seize WikiLeaks founder Julian Assange’s property from the Ecuadorian Embassy in London days before his arrest. The haul included legally privileged documents, says his solicitor
October 02, 2020 02 Oct'20
WikiLeaks led the way for newsrooms to use encryption to protect sources, says Italian journalist

Stefania Maurizi says in written evidence that Julian Assange pioneered the use of encryption by journalists to protect sources. Her work shows that the US put pressure on Italy to stop the extradition and prosecution of CIA officers responsible for...
October 02, 2020 02 Oct'20
Honesty is the best policy: Forging a security culture in the NHS

Clinician and technologist Sam Shah helped set up NHSX in 2019. Now he’s helping advance digital transformation in healthcare from the outside, and a big part of that is addressing security in the sector
October 02, 2020 02 Oct'20
Security pros face sanctions if they help ransomware victims pay

New advisory from the US government warns cyber insurance and incident response specialists that they could be skating on thin ice if they help ransomware victims pay their attackers off
October 02, 2020 02 Oct'20
Find and fix your Adobe Flash dependencies, says NCSC

As Adobe’s Flash Player approaches end-of-life, the National Cyber Security Centre is urging organisations to fix their Flash dependencies
October 01, 2020 01 Oct'20
Judge to give verdict on Julian Assange’s extradition after Christmas

Judge Vanessa Baraitser said today that she would make a ruling in early January on whether WikiLeaks founder Julian Assange should be extradited to the US
October 01, 2020 01 Oct'20
WikiLeaks revelations ‘shed light of truth’ on war on terror, court hears

WikiLeaks disclosures led to ‘revelations of extraordinary journalistic importance’ about detention in Guantamo Bay and civilian casualties in Iraq and Afghanistan
October 01, 2020 01 Oct'20
Blackbaud admits hackers stole banking details, passwords

Software firm paid off a ransomware gang, believed its hackers when they said they had destroyed the data, and has now discovered the cyber criminals accessed even more sensitive information than it thought
September 30, 2020 30 Sep'20
GitHub makes code vulnerability scanning feature public

Code-scanning service is now out of beta and generally available, helping teams to bake security into their code at the development stage
September 30, 2020 30 Sep'20
‘American friends’ spied on Julian Assange in Ecuadorian Embassy, court hears

Two former employees of UC Global, which provides security services to the Ecuadorian Embassy in London, claim the company shared surveillance footage with the US of the WikiLeaks founder meeting with lawyers and other visitors
September 29, 2020 29 Sep'20
Julian Assange would be held with convicted terrorist Abu Hamza in supermax prison, court hears

WikiLeaks founder Julian Assange would be held alongside convicted terrorist Abu Hamza in a supermax federal prison in Colorado, isolated from other prisoners, if he is extradited to the US, Old Bailey told
September 29, 2020 29 Sep'20
Threat actors becoming vastly more sophisticated

Malicious actors have been busily honing their craft and cyber security incidents are up across the board as a result, according to a Microsoft report
September 29, 2020 29 Sep'20
NCSC expands schools programme to north-east England and Northern Ireland

Following an initial roll-out in Gloucestershire and Wales, the NCSC’s CyberFirst Schools programme is being extended to north-east England and Northern Ireland
September 29, 2020 29 Sep'20
NatWest offers online banking customers free security services

Bank responds to a surge in cyber crime targeting users of online banking services
September 29, 2020 29 Sep'20
Ryuk attack downs private health provider in major incident

Private healthcare provider UHS has been been hit by a major big game hunting cyber attack that infected its systems with the Ryuk ransomware
September 29, 2020 29 Sep'20
Organisations locked out by Azure AD crash

The Azure Active Directory was unavailable for a few hours in the evening of 28 September, preventing many from accessing MS online services
September 29, 2020 29 Sep'20
Remote working world reveals cloud/SaaS security concerns

Research reveals pivotal moment when the cloud is playing a more important role than ever to support mass remote working, with CISO concerns over cloud security remaining stubbornly high
September 28, 2020 28 Sep'20
Julian Assange would be held in ‘solitary confinement’ in US jail

WikiLeaks founder would be held in a cell the size of a parking space for 22 or 23 hours a day without contact with other inmates before trial
September 28, 2020 28 Sep'20
Sustrans opens door to NCSC cyber certification via the cloud

Sustainable transport charity turned to Qualys to help it attain needed certifications to bid for government work
September 28, 2020 28 Sep'20
Government updates data ethics framework

The new data ethics framework was created to better reflect how projects are run in practice after finding there was “little awareness” of the previous framework across the public sector
September 28, 2020 28 Sep'20
TikTok ban stayed after last-minute court case

TikTok’s lawyers have staved off an imminent ban for the time being, after successfully arguing that it infringed rights guaranteed under the Constitution of the United States
September 28, 2020 28 Sep'20
Police Scotland to set up new cyber crime centre

National Centre of Excellence will employ specially trained officers to tackle a vertiginous rise in cyber crime
September 28, 2020 28 Sep'20
Security now main driving force behind digital transformation

Organisations are urgently remodelling their core technology stack in the light of the Covid-19 pandemic, and this is pushing security to the top of the agenda
September 28, 2020 28 Sep'20
Airbnb hosts’ account data exposed in internal leak

Data exposure within Airbnb’s system was the result of a technical issue but was swiftly fixed, says the firm
September 25, 2020 25 Sep'20
Forensic expert questions US claims that Julian Assange conspired to crack military password

Forensic computer expert Patrick Eller told the Old Bailey that US allegations that WikiLeaks founder Julian Assange attempted to decrypt a password to help former soldier Chelsea Manning leak sensitive government documents anonymously do not fit ...
September 24, 2020 24 Sep'20
‘Not unjust’ to extradite WilkiLeaks founder Julian Assange, court hears

Nigel Blackwood, NHS consultant psychiatrist, told the Old Bailey court that WikiLeaks founder Julian Assange had ‘moderate depression’ and autistic traits, but said they did not prevent his extradition
September 24, 2020 24 Sep'20
Third-party code bug left Instagram users at risk of account takeover

A critical vulnerability in Instagram’s image processing could have allowed attackers to take over not just their victim’s account, but their entire device
September 24, 2020 24 Sep'20
NHS whistleblower privacy concerns passed on to regulator, but campaigners not holding their breath

NHS Improvement chair Dido Harding acknowledges receiving concerns raised about the anonymity of whistleblowers, but campaigners have little faith that anything will be done
September 24, 2020 24 Sep'20
Coronavirus shows inadequacy of rear-view mirror planning

Looking at historical data has hampered businesses’ attempts to move forward effectively during the pandemic
September 24, 2020 24 Sep'20
Government blasted over ‘reckless’ contact-tracing security

The Open Rights Group and Big Brother Watch accuse the government of endangering public health with a reckless attitude to contact-tracing data security
September 24, 2020 24 Sep'20
Race to patch as Microsoft confirms Zerologon attacks in the wild

Don’t be the organisation that made the headlines because it failed to patch. Microsoft says it is seeing cyber attacks ramping up around the Zerologon CVE-2020-1472 bug
September 24, 2020 24 Sep'20
Data deluge grips enterprises amid digitisation

Two-thirds of respondents in a new Splunk study expect the quantity of data to grow by nearly five times by 2025 as they embrace more emerging technologies
September 24, 2020 24 Sep'20
Australians want more control over privacy

Nearly nine in 10 Australians want more control and choice over the collection and use of their personal information amid declining trust in how organisations handle personal data, survey finds
September 23, 2020 23 Sep'20
WikiLeaks founder Julian Assange has Asperger syndrome and depression, court hears

Julian Assange is on the autistic spectrum and has a history of depression that would put him at risk of suicide if he is extradited to a US prison, psychiatrists tell the court
September 23, 2020 23 Sep'20
Over half of firms intend to continue US data transfers despite Schrems II

Survey shows many organisations do not intend to significantly change their data-sharing practices, at least until there is more guidance from regulators or governments
September 23, 2020 23 Sep'20
Public admires security professionals, but doesn’t want their jobs

(ISC)² research finds attitudes towards security roles are increasingly positive, but not many people fancy joining the fight against cyber crime
September 23, 2020 23 Sep'20
Video gamers barraged with cyber attacks

From credential stuffing to SQL injection and DDoS, video game producers and players are seeing massive volumes of cyber attacks
September 23, 2020 23 Sep'20
US agencies warn of election disinformation and cyber attacks

Federal agencies are warning of heightened disinformation as the crucial 2020 presidential election nears
September 22, 2020 22 Sep'20
Activision shoots down data breach claims

Gaming company denies there has been any data breach after up to 500,000 accounts appeared to have been compromised, but evidence mounts that credential stuffing attacks are to blame
September 22, 2020 22 Sep'20
GDS reviewing Cloud First policy post-Schrems II

Review seeks to determine the future of government engagement with cloud hosting services as they relate to cross-border data flows
September 22, 2020 22 Sep'20
Scam mobile apps spreading via rogue TikTok accounts

Malicious TikTok accounts are promoting a number of adware scam mobile apps
September 22, 2020 22 Sep'20
WikiLeaks published unredacted cables after password was disclosed in book

WikiLeaks published a cache of unredacted government cables after the publication of a book containing the password led to their publication on other parts of the internet, court told
September 21, 2020 21 Sep'20
Trump implicated in plans to prosecute Assange over war leaks

US journalist and Trump supporter, Cassandra Fairbanks, said she was given advanced details of US plans to oust Wikileaks founder Julian Assange from the Ecuadorian Embassy and to arrest him for over documents leaked by former soldier Chelsea Manning
September 21, 2020 21 Sep'20
Big questions to be answered over TikTok and WeChat reprieve

TikTok and WeChat seem to have received a stay of execution, but big questions and contradictions remain
September 21, 2020 21 Sep'20
WikiLeaks cables showed US interfered in German torture investigation

Khalid El-Masri, a German citizen who was kidnapped and tortured by the CIA in a case of mistaken identity, told a court that disclosures by WikiLeaks showed that the US had intervened in a German judicial investigation into his treatment
September 21, 2020 21 Sep'20
WikiLeaks video ‘electrified’ public to civilian war deaths, court hears

New Zealand investigative journalist and author Nicky Hager said that WikiLeaks’ publication of a video showing a US helicopter firing on civilians, along with the publication of secret war logs, ‘electrified’ the world to civilian deaths
September 18, 2020 18 Sep'20
Ex-NCSC boss Ciaran Martin joins cyber venture capital outfit

Outgoing NCSC CEO Ciaran Martin is to take up a new role guiding new investments in cyber security
September 18, 2020 18 Sep'20
Outgoing NCSC CEO: Ransomware threat kept us up at night

Former NCSC CEO Ciaran Martin sheds some light on some of the biggest cyber threats currently facing the UK
September 18, 2020 18 Sep'20
Congressman offered Julian Assange a ‘win-win’ deal that would help President Trump

Details have emerged of US congressman Dana Rohrabacher’s offer of a pardon to WikiLeaks founder Julian Assange in a ‘win-win deal that would benefit US President Donald Trump
September 18, 2020 18 Sep'20
US government deplatforms TikTok and WeChat

The Commerce Department of the US government has banned new downloads of TikTok and WeChat in the US, and announced new prohibitions on doing business with them
September 18, 2020 18 Sep'20
German authorities probe ransomware hospital death

Hackers failed to extort a ransom from University Hospital Düsseldorf, but indirectly caused the death of a patient
September 18, 2020 18 Sep'20
Rampant Kitten spent six years hacking Iranian dissidents

Details emerge of an ongoing campaign by Tehran-backed threat actors targeting dissidents and activists
September 17, 2020 17 Sep'20
Maze ransomware borrows Ragnar Locker tactics to sneak past defences

New research from the Sophos threat response team has found the Maze ransomware gang has adopted techniques pioneered by the cyber criminals behind Ragnar Locker