News

IT security

• September 29, 2022 29 Sep'22

  Five startups to join NCSC for Startups initiative

  The NCSC has invited five startups to join its NCSC for Startups programme to help the government with pressing cyber challenges facing the UK

• September 29, 2022 29 Sep'22

  Failure of Russia’s cyber attacks on Ukraine is most important lesson for NCSC

  Russia has so far failed in its attempts to destabilise the Ukraine through cyber attacks due to strength of Ukrainian, security industry and international efforts

• September 29, 2022 29 Sep'22

  Optus breach casts spotlight on cyber resilience

  The massive data breach that affected more than 10 million Optus customers has cast the spotlight on API security and other factors that contribute to the cyber resilience of organisations in Australia

• September 28, 2022 28 Sep'22

  UK suffers third highest number of ransomware attacks globally

  Based on an analysis of around 5,000 ransomware incidents, NordLocker has found that UK businesses, and small businesses in particular, are a priority target for ransomware gangs

• September 28, 2022 28 Sep'22

  Whistleblower Peter Duffy calls for oversight of NHS records to prevent evidence tampering

  A whistleblower has called for greater oversight in the handling of ‘safety-critical digital information’ across the NHS, in light of a number of cases that raise questions about data governance and record-keeping within the health service

• September 28, 2022 28 Sep'22

  Data protection in Finland, four years after GDPR came into force

  Data privacy has always been a big concern in Finland, so the country naturally has a lot to say about the General Data Protection Regulation four years on

• September 28, 2022 28 Sep'22

  Most hackers exfiltrate data within five hours of gaining access

  Insights from more than 300 sanctioned adversaries, otherwise known as ‘ethical’ hackers, reveal that around two-thirds are able to collect and exfiltrate data within just five hours of gaining access

• September 27, 2022 27 Sep'22

  Fraudsters adapt phishing scams to exploit cost-of-living crisis

  Around 80,000 Brits a month are falling victim to phishing attacks as fraudsters switch up tactics to take advantage of cost-of-living crisis and behavioural changes prompted by pandemic

• September 26, 2022 26 Sep'22

  Bank warns of spike in online cost-of-living scams

  Fraudsters are exploiting the cost-of-living crisis by tricking people into sending money to help friends and relatives pay bills, TSB has warned

• September 26, 2022 26 Sep'22

  How Russian intelligence hacked the encrypted emails of former MI6 boss Richard Dearlove

  Hack by Russian-linked ColdRiver group exposed former MI6 chief Richard Dearlove’s contacts and email communications with government, military, intelligence and political officials

• September 26, 2022 26 Sep'22

  More than 30 startups to join Plexal’s Cyber Runway accelerator

  Now in its second year, the Cyber Runway accelerator has been designed to support firms at various stages of growth, as well as help the cyber security sector to improve on its diversity, inclusion and regional representation

• September 23, 2022 23 Sep'22

  Conversation between two police officers formed basis of EncroChat warrant, court hears

  The National Crime Agency did not seek a written explanation of a French hacking technique before applying for a surveillance warrant to use French “intercept” in the UK, a court heard

• September 23, 2022 23 Sep'22

  NCA ‘deliberately concealed’ information when it applied for EncroChat warrants, tribunal hears

  Investigatory Powers Tribunal hears that the National Crime Agency made ‘serious and fundamental errors’

• September 23, 2022 23 Sep'22

  Threat actors abused lack of MFA, OAuth in spam campaign

  Microsoft threat researchers have reported on a series of cyber attacks in which enterprises with lax IAM policies had their systems hijacked to conduct spam email campaigns

• September 23, 2022 23 Sep'22

  How Great Eastern is transforming its IT organisation

  Singapore-based insurer Great Eastern made painstaking efforts to rid itself of legacy systems and transformed its IT organisation to become nimbler by building up its cloud and DevOps capabilities

• September 22, 2022 22 Sep'22

  Nordic private equity firms pursue cyber security acquisitions

  Increasing interest in the security sector from Nordic private equity firms is a reflection of growing threats and increasing enterprise security budgets

• September 22, 2022 22 Sep'22

  Inside SolarWinds’ observability playbook

  SolarWinds’ CEO Sudhakar Ramakrishna talks up the company’s observability playbook and offers a glimpse into its technology roadmap

• September 22, 2022 22 Sep'22

  ALPHV/BlackCat ransomware family becoming more dangerous

  Researchers from Symantec share fresh insight into the ongoing development of the ransomware-as-a-service family known variously as ALPHV, BlackCat and Noberus

• September 22, 2022 22 Sep'22

  Privacy Pledge signatories dream of alternative internet

  A group of privacy-focused organisations have come together to establish a set of principles for taking the internet back from big tech and surveillance capitalism

• September 22, 2022 22 Sep'22

  Dr Martens goes feetfirst into cloud-to-cloud backup

  Iconic bootmaker laces up for a strategy to move all applications to the cloud, beginning with cloud-to-cloud backup for Microsoft 365 apps plus on-site VMware operations

• September 21, 2022 21 Sep'22

  NCSC publishes cyber guidance for retailers

  The NCSC has published tailored advice to support online retailers, hospitality providers and utility services in protecting themselves and their customers from cyber crime

• September 21, 2022 21 Sep'22

  15-year-old Python bug present in 350,000 open source projects

  A Python tarfile vulnerability first disclosed in 2007 still persists to this day, according to analysis from Trellix

• September 21, 2022 21 Sep'22

  ANZ organisations using antiquated backup and recovery systems

  Nearly half of ANZ organisations are still using backup and recovery systems from over a decade ago, hampering their ability to protect their data assets and recover from ransomware attacks

• September 20, 2022 20 Sep'22

  Thousands of customers affected in Revolut data breach

  Digital challenger bank has warned its customers to be vigilant after their data was exposed in a cyber attack

• September 20, 2022 20 Sep'22

  IHG attackers phished employee to deploy destructive wiper

  A couple from Vietnam who claim to be behind a destructive wiper cyber attack on hotel operator IHG told the BBC how they orchestrated their operation

• September 20, 2022 20 Sep'22

  Reports Uber and Rockstar incidents work of same attacker

  Rockstar Games was hit over the weekend by an attacker who claimed to have accessed its Slack channel to steal data on an upcoming release, and may be the same person who compromised Uber

• September 16, 2022 16 Sep'22

  Six new vulnerabilities added to CISA catalogue

  CISA adds six new vulnerabilities to its most-wanted list, including one that dates back to 2010

• September 16, 2022 16 Sep'22

  Uber suffers major cyber attack

  Details are trickling out of an apparent ‘near total’ compromise of ride-sharing service Uber by an alleged teenage hacktivist

• September 15, 2022 15 Sep'22

  EU Cyber Resilience Act sets global standard for connected products

  European Commission lays out proposed security regulations on device and software security to better protect consumers and drive global standards

• September 15, 2022 15 Sep'22

  Nominations closing soon for annual cyber awards

  Nominations for the annual Security Serious Unsung Heroes Awards closes 16 September

• September 15, 2022 15 Sep'22

  New player pioneers ‘active cyber insurance’ for UK market

  Arrival of US-based insurer Coalition in London will supposedly offer SMEs more options when it comes to cyber security insurance

• September 15, 2022 15 Sep'22

  Organisations failing to account for digital trust

  The vast majority of businesses are well aware of the importance of digital trust, yet very few have a dedicated staff role responsible for it, report finds

• September 15, 2022 15 Sep'22

  US charges three Iranians over CNI cyber attacks

  Three Iranian nationals have been indicted over a spate of ransomware attacks against organisations in the US, UK, Israel and Iran

• September 14, 2022 14 Sep'22

  FormBook knocks Emotet off top of malware chart

  FormBook emerged as the most widely seen malware in August, according to Check Point’s latest data

• September 14, 2022 14 Sep'22

  Ex-CISA head Krebs: Disrupt ransomware support networks to win the war

  Speaking at an event hosted by data protection specialist Rubrik, former CISA director Chris Krebs calls for the security community to work collectively to kick out the supports from under ransomware gangs

• September 14, 2022 14 Sep'22

  Microsoft patches 64 vulnerabilities on September Patch Tuesday

  Microsoft drops fixes for five critical vulnerabilities and one zero-day in its latest monthly update

• September 14, 2022 14 Sep'22

  NCSC warns public of potential Queen-related phishing attacks

  The National Cyber Security Centre is urging users to be on guard against phishing attacks during the period of national mourning for the Queen

• September 14, 2022 14 Sep'22

  DDoS attacks on UK financial sector surged during Ukraine war

  A quarter of cyber security incidents reported to the Financial Conduct Authority in the first six months of 2022 involved DDoS, with a likely link to events in Ukraine

• September 13, 2022 13 Sep'22

  Cloud compromise a doddle for threat actors as victims attest

  Two separate studies into the state of public cloud security reveal insight into the ease with which threat actors can compromise vast numbers of targets, and some of the challenges security teams are facing in the cloud

• September 13, 2022 13 Sep'22

  Users warned over Azure Active Directory authentication flaw

  Secureworks researchers found what they say is a serious vulnerability in an Azure Active Directory authentication method, but Microsoft says it should not pose a serious risk to users

• September 13, 2022 13 Sep'22

  Cisco confirms leaked data was stolen in Yanluowang ransomware hit

  Cisco has confirmed that data leaked last week by the Yanluowang ransomware gang was that stolen during a May 2022 cyber attack

• September 13, 2022 13 Sep'22

  Blancco works with charity to provide IT for African schools

  Blancco is providing data sanitisation and erasure software to The Turing Trust so that old IT equipment can be securely reused by school children in Sub-Saharan Africa, instead of adding to world’s growing e-waste problem

• September 13, 2022 13 Sep'22

  Multi-persona impersonation adds new dimension to phishing

  Iranian APT used multiple personas on a single email thread to convince targets of the legitimacy of its phishing lures

• September 12, 2022 12 Sep'22

  Mandiant floats off into Google Cloud

  As planned, the acquisition of Mandiant will see the threat intel and incident response giant become a part of Google’s Cloud business

• September 12, 2022 12 Sep'22

  CISOs should spend on critical apps, cloud, zero-trust, in 2023

  Faced with a global recession next year, security buyers should try to direct investment towards technology that protects customer-facing and revenue-generating workloads, say analysts

• September 08, 2022 08 Sep'22

  NCSC CyberUK event heads to Belfast in 2023

  National Cyber Security Centre’s annual CyberUK roadshow is crossing the Irish Sea to Belfast in April 2023

• September 08, 2022 08 Sep'22

  Chinese APT using PlugX malware on espionage targets

  China’s Bronze President APT is once again targeting government officials of interest to its paymasters, this time using forged diplomatic correspondence, according to the Secureworks Counter Threat Unit

• September 08, 2022 08 Sep'22

  Dutch cyber security organisations to join forces

  Cyber security organisations in the Netherlands are going to merge into a single central expertise centre and information hub, which all organisations in the country will soon be able to tap into

• September 08, 2022 08 Sep'22

  India’s wake-up call on health data privacy

  Health app developers and industry watchers in India are keeping an eye on data privacy following the reversal of the Roe vs Wade ruling in the US

• September 07, 2022 07 Sep'22

  Albania cuts diplomatic ties with Iran after cyber attack

  In a global geopolitical first, the Albanian government has severed diplomatic ties with Iran and expelled its ambassador after it was targeted by an APT backed by Tehran