News

IT security

• July 28, 2022 28 Jul'22

  NCSC startups scheme turns focus to operational technology, SME security

  NCSC for Startups initiative turns its focus to supporting innovation around securing operational technology and addressing the challenges facing small businesses

• July 28, 2022 28 Jul'22

  Cyber criminals pivot away from macros as Microsoft changes bite

  As Microsoft resumes blocking macros by default in its Office application suite, reversing a temporary reversal, analysis from Proofpoint suggests the action has had a remarkable effect

• July 27, 2022 27 Jul'22

  Consumers left out of pocket as security costs soar

  As the average cost of a security incident reaches an all-time high of nearly $4.5m, an IBM Security study reveals how these costs are being passed on to ordinary people

• July 27, 2022 27 Jul'22

  US doubles bounty on Lazarus cyber crime group to $10m

  US State Department doubles a previously announced reward for information on North Korean cyber criminals, including the notorious Lazarus group

• July 27, 2022 27 Jul'22

  Retail software firm PrestaShop warns users about SQL injection attacks

  Open source e-commerce platform PrestaShop warns thousands of small retailers that their customers’ credit card details may be at risk of compromise

• July 27, 2022 27 Jul'22

  Cyber security training ‘boring’ and largely ignored

  Two-thirds of employees don’t bother to pay attention to cyber security training – and the fault does not lie with them

• July 26, 2022 26 Jul'22

  Secret court asked to quash a decade of MI5 surveillance warrants following ‘systemic breaches’

  The culture at MI5 was to ‘prioritise’ missions ‘over everything else’, including compliance with safeguards designed to protect the public, the UK’s most secret court heard yesterday

• July 26, 2022 26 Jul'22

  No More Ransom initiative helps 1.5 million people in six years

  One and a half million people have now taken advantage of free ransomware decryption tools offered by a joint European project

• July 26, 2022 26 Jul'22

  Visibility and proactive stance needed to secure OT systems

  Critical infrastructure operators need to have more visibility into their IT and operational technology environment, and take a more active stance to fend off sophisticated adversaries, expert says

• July 26, 2022 26 Jul'22

  Ducktail infostealer targets Facebook Business users

  Newly uncovered Ducktail operation targets individuals with access to Facebook Business service and tries to steal their accounts

• July 25, 2022 25 Jul'22

  Home Office ‘unlawfully’ approved MI5 bulk surveillance warrants

  MI5 provided ‘false information’ to the Home Office to secure bulk surveillance warrants, the Investigatory Powers Tribunal heard

• July 25, 2022 25 Jul'22

  NCSC seeks community input for Cyber Advisor service

  The NCSC is proposing to establish a new Cyber Advisor service to train up experts in security guidance, and is inviting interested parties to come forward

• July 25, 2022 25 Jul'22

  Latest Atlassian Confluence vulnerability raises concerns

  CVE-2022-26138 is the second major vulnerability disclosure made for Atlassian’s Confluence collaboration platform in recent months

• July 25, 2022 25 Jul'22

  The Security Interviews: Why you need to protect abandoned digital assets

  The war in Ukraine and subsequent boycott of Russia resulted in a swathe of digital infrastructure being abandoned, becoming a potential vulnerability for many organisations, says Cyberpion’s Ran Nahmias

• July 25, 2022 25 Jul'22

  TMT firms among top targets for cyber attacks in Singapore

  Organisations in the technology, media and telecoms sector were among the most lucrative targets for malicious actors as their services penetrate almost every aspect of society

• July 22, 2022 22 Jul'22

  LinkedIn most impersonated brand in phishing attacks

  Social network LinkedIn, along with Microsoft and DHL, are just some of the brands that are most frequently imitated by cyber criminals conducting phishing attacks

• July 21, 2022 21 Jul'22

  GCHQ experts back scanning of encrypted phone messages to fight child abuse

  Ian Levy, technical director of the NCSC, and Crispin Robinson, technical director of GCHQ, back client-side scanning software on mobile phones to detect child abuse

• July 21, 2022 21 Jul'22

  Buy ‘plug-n-play’ malware for the price of a pint of beer

  Three-quarters of malwares and almost 90% of exploits retail on the dark web for about £8.40 or less, according to a report

• July 21, 2022 21 Jul'22

  Russia-linked APTs targeted fleeing Ukrainian civilians

  Mandiant and the US authorities have shared details of a phishing campaign that spoofed humanitarian information on evacuation procedures to target Ukrainians fleeing Russian bombardment

• July 21, 2022 21 Jul'22

  UK government introduces data reforms legislation to Parliament

  Proposed changes to UK’s data protection regime include new grounds for data processing, significant powers for the secretary of state to direct the regime’s application, and fewer restrictions on law enforcement’s use of data

• July 20, 2022 20 Jul'22

  (ISC)² expands entry-level cyber programme after UK success

  Flush with success from a UK certification programme, reaching 100k in the UK, (ISC)² now wants to provide free security certification to a million people worldwide

• July 20, 2022 20 Jul'22

  Transatlantic PET contest open for entries

  A joint UK-US innovation prize challenge for developers of privacy-enhancing technologies has opened for entries

• July 20, 2022 20 Jul'22

  Cato aims to bust cyber myths as it extends network protections

  Cato Networks is beefing up its platform’s security features with ransomware and data loss protections, and the firm’s security strategy lead Etay Maor is using the occasion – and his unique access to billions of data points from the firm’s network ...

• July 20, 2022 20 Jul'22

  How NEC is transforming its business

  While NEC is known for its public safety systems, the company has been expanding into new areas including e-government, financial services and customer experience in Asia-Pacific

• July 20, 2022 20 Jul'22

  Russia’s Cozy Bear abusing Dropbox, Google Drive to target victims

  Russian APT known as Cozy Bear has become adept at quickly incorporating popular cloud storage services into its attack chain to avoid detection

• July 18, 2022 18 Jul'22

  US cyber agency CISA to open London office

  The US Cybersecurity and Infrastructure Security Agency has chosen London to host its first office outside America

• July 15, 2022 15 Jul'22

  NHS trust ‘deliberately’ deleted up to 90,000 emails before tribunal hearing

  A high-profile case brought by NHS whistleblower Chris Day raises questions about the adequacy of information governance practices in NHS hospital trusts

• July 15, 2022 15 Jul'22

  Log4Shell on its way to becoming ‘endemic’

  US government report concludes that, like Covid, Log4Shell will be with us for a long time to come

• July 14, 2022 14 Jul'22

  Videogame maker Bandai Namco confirms cyber attack

  Bandai Namco, developer of videogames including Pac-Man, Tekken and Dark Souls, has broken days of silence to confirm it has been hit by a cyber attack

• July 14, 2022 14 Jul'22

  How hostile government APTs target journalists for cyber intrusions

  Proofpoint shares data on multiple campaigns of cyber intrusions against journalists originating from threat actors aligned to the governments of China, Iran, North Korea and Turkey

• July 14, 2022 14 Jul'22

  Government pauses Online Safety Bill’s progress

  The government has paused the Online Safety Bill’s journey towards becoming law, amid timetable pressure

• July 14, 2022 14 Jul'22

  ICO wants to ‘empower people through information’

  Information Commissioner’s Office sets out commitment to safeguard the information rights of the most vulnerable people in UK society

• July 13, 2022 13 Jul'22

  Slippery phish wriggles around MFA protections, says Microsoft

  Microsoft’s threat researchers share details of a phishing campaign that hit 10,000 organisations, against which standard multifactor authentication provides little defence

• July 13, 2022 13 Jul'22

  Digital break-up kit to help women get out of bad relationships safely

  Domestic abuse charity Refuge teams up with Avast to equip women with the knowledge to effectively and safely end a relationship digitally

• July 13, 2022 13 Jul'22

  July Patch Tuesday brings more than 80 fixes, one zero-day

  While some admins can put their feet up and let Windows Autopatch do the hard work of updating their Microsoft estates, for the rest of us, the Patch Tuesday bandwagon keeps on keeping on

• July 13, 2022 13 Jul'22

  ICO calls for review into government use of private email and WhatsApp messages

  Information Commissioner’s Office reprimands Department of Health and Social Care after ministers and officials conducted government business on their own email accounts and messaging apps

• July 12, 2022 12 Jul'22

  Brits say social media must do more to block harmful content

  UK citizens want social media companies to do more to prevent harmful content appearing on their platforms

• July 12, 2022 12 Jul'22

  MaliBot Android malware spreading fast, says Check Point

  The MaliBot malware is becoming a persistent and widespread problem, and Android users should be on their guard, says Check Point

• July 12, 2022 12 Jul'22

  Microsoft Windows Autopatch now generally available

  Microsoft customers with Windows Enterprise E3 and E5 licences can now take full advantage of its new automated patching service

• July 12, 2022 12 Jul'22

  Singapore doubles down on OT security

  The Cyber Security Agency of Singapore will fund 80 scholarships to groom a talent pool of operational technology security experts, among other efforts to bolster the security of critical infrastructure in the city-state

• July 11, 2022 11 Jul'22

  Microsoft VBA macro block will return

  Microsoft provides more details about its sudden decision to rollback a landmark security policy, and reassures users it is a temporary measure

• July 11, 2022 11 Jul'22

  SMEs lagging on multifactor authentication

  Only 46% of small business owners say they have implemented multifactor authentication, and just 13% mandate its use, according to a report

• July 08, 2022 08 Jul'22

  Stop telling clients to pay ransomware gangs, solicitors told

  The NCSC and the ICO are calling on solicitors to help tackle the rising number of ransomware payments being made, and to stop giving erroneous advice to victims

• July 08, 2022 08 Jul'22

  Sweden and GDPR – four years on

  Swedish data protection coordinator talks to Computer Weekly four years into the General Data Protection Regulation

• July 08, 2022 08 Jul'22

  Microsoft appears to reverse VBA macro-blocking

  Microsoft quietly reverses VBA macro-blocking across its Office portfolio in a move that has left security experts puzzled

• July 07, 2022 07 Jul'22

  UK government does not yet understand threat of technology to foreign policy

  Select committee chair warns government that the threat posed to global security by malign actors influencing tech standards is no ‘dystopian fantasy’

• July 07, 2022 07 Jul'22

  MI5, FBI chiefs warn of Chinese cyber espionage threat

  In a joint appearance in London, MI5 director general Ken McCallum and FBI director Chris Wray warn of the growing threat posed by the Chinese government to UK and US interests

• July 07, 2022 07 Jul'22

  UK signs ‘in principle’ data adequacy agreement with South Korea

  Bilateral adequacy agreement will allow businesses to conduct cross-border data transfers with minimal restrictions

• July 07, 2022 07 Jul'22

  Amid NSO lawsuit, Apple expands spyware protections

  Apple previews a new feature called Lockdown Mode to protect iPhone and iPad users from ‘mercenary spyware’

• July 07, 2022 07 Jul'22

  Latest Marriott data breach not as serious as others

  Questions are again being raised over Marriott’s cyber security practices following yet another incident, but fortunately it seems limited in its scope, and the company is responding appropriately