News
IT security
-
July 29, 2024
29
Jul'24
Scam CrowdStrike domains growing in volume
Hundreds of malicious domains exploiting CrowdStrike’s branding are appearing all over the web in the wake of the 19 July outage. Experts from Akamai share some noteworthy examples, along with guidance on how to avoid getting caught out
-
July 29, 2024
29
Jul'24
CrowdStrike says most Falcon sensors now up and running
The vast majority of CrowdStrike Falcon sensors affected by a coding error have now been recovered, with a final resolution expected this week
-
July 29, 2024
29
Jul'24
WTO digital trade agreement aims to modernise global commerce
A digital trade deal negotiated over five years at the World Trade Organization has been signed by 91 countries, laying the groundwork for a new global digital trade regime
-
July 26, 2024
26
Jul'24
Ban predictive policing and facial recognition, says civil society
A coalition of civil society groups is calling for an outright ban on predictive policing and biometric surveillance in the UK
-
July 25, 2024
25
Jul'24
North Korean cyber APT targeting nuclear secrets
Mandiant has upgraded the North Korean threat actor known as Andariel to APT status and warned of coordinated efforts to steal western military IP, including nuclear secrets
-
July 25, 2024
25
Jul'24
Why is CrowdStrike allowed to run in the Windows kernel?
Microsoft has pointed the finger at EU regulators, blaming them for a ruling that means it needs to offer third parties access to the core Windows OS
-
July 25, 2024
25
Jul'24
Fortune 500 stands to lose $5bn plus from CrowdStrike incident
The largest global organisations hit by the CrowdStrike-Microsoft incident on 19 July will likely be out of pocket to the tune of billions of dollars
-
July 24, 2024
24
Jul'24
CrowdStrike blames outage on content configuration update
CrowdStrike publishes the preliminary findings of what will be a lengthy investigation into the root causes of the failed 19 July update that caused Windows computers to crash all over the world
-
July 24, 2024
24
Jul'24
Mimecast to buy insider threat specialist Code42
Mimecast is to buy fellow human-centred risk experts Code42 for an undisclosed sum to take advantage of its insider threat and data loss protection specialisms
-
July 24, 2024
24
Jul'24
CrowdStrike chaos: Enterprises urged to take protective action in wake of botched software update
Enterprises that emerged unscathed from the roll-out of the botched CrowdStrike software update are being urged to view it as a wake-up call rather than a lucky escape
-
July 24, 2024
24
Jul'24
WhatsApp and Signal messages at risk of surveillance following EncroChat ruling, court hears
Defence lawyers seek leave to appeal a decision by the Investigatory Powers Tribunal that the National Crime Agency lawfully obtained warrants to intercept messages sent over an encrypted phone network
-
July 23, 2024
23
Jul'24
NCA seizes thousands of social media accounts used by people smugglers
A three-year campaign has seen thousands of social media posts and accounts used to advertise the services of illegal people smugglers taken down
-
July 23, 2024
23
Jul'24
Innovations to power secure-by-design development
Secure Code Warrior unveils technology designed to help CISOs and AppSec teams ensure their projects remain safe and free of coding errors and vulnerabilities – a big issue following the CrowdStrike incident
-
July 23, 2024
23
Jul'24
Chrome cookies reprieved amid Google Privacy Sandbox changes
Google abruptly changes tack on third-party cookies in its Chrome web browser, cancelling plans to deprecate them in favour of an unspecified ‘new experience’ for users
-
July 23, 2024
23
Jul'24
Why did CrowdStrike cause the Windows Blue Screen?
The ‘blue screen of death’ signals a catastrophic Windows failure, which is exactly what many people faced on 19 July 2024 – but why did it happen?
-
July 22, 2024
22
Jul'24
NCA cracks digitalstress DDoS-for-hire operation
The UK authorities have taken down a major component of the multinational DDoS cyber attack-for-hire ecosystem, hacking into the digitalstress.su service and exfiltrating data on its users, who now face arrest
-
July 22, 2024
22
Jul'24
NCSC: Beware of criminal CrowdStrike opportunists
Financially motivated cyber criminals are already conducting opportunistic attacks on organisations that leverage the CrowdStrike incident, and more targeted attacks are sure to follow
-
July 22, 2024
22
Jul'24
CrowdStrike chaos shows risks of concentrated ‘big IT’
The concentration of so much mission-critical technology in the hands of a few large suppliers makes incidents like the Microsoft-CrowdStrike outage all the more dangerous
-
July 21, 2024
21
Jul'24
CrowdStrike update snafu affected 8.5 million Windows devices
About 8.5 million devices globally were hit by the botched CrowdStrike update, with a significant number now back online and operational
-
July 19, 2024
19
Jul'24
Global Microsoft outage hits NHS GP IT system
The Emis Web IT system used by more than half of GP practices in the UK is down, following the worldwide Microsoft outage
-
July 19, 2024
19
Jul'24
CrowdStrike security update fails Windows PCs globally
An update to the security firm’s Falcon service has led to many Windows users being unable to work this morning. Microsoft 365 is also affected
-
July 18, 2024
18
Jul'24
Lawyers and journalists seeking ‘payback’ over police phone surveillance, claims former detective
Former Durham detective will be required to give evidence to a tribunal investigating allegations that police unlawfully monitored journalists’ phones
-
July 18, 2024
18
Jul'24
Growth in nude image sharing heightens cyber abuse risk
The normalisation of sharing self-created intimate content with others is putting great numbers of people at risk of online abuse, says Kaspersky
-
July 18, 2024
18
Jul'24
Netscout expands network observability for the digital edge
Network performance management firm announces business edge observability for networks, applications and user experience to mitigate risk and reduce mean time to respond
-
July 17, 2024
17
Jul'24
UK Cyber Bill teases mandatory ransomware reporting
In the Cyber Security and Resilience Bill introduced in the King's Speech, the UK's new government pledges to give regulators more teeth to ensure compliance with security best practice and to mandate incident reporting
-
July 17, 2024
17
Jul'24
Hackney Council reprimanded over 2020 ransomware attack
The London Borough of Hackney has been reprimanded by the ICO over a series of failures that led to a devastating cyber attack, but at the same time, the regulator praised the local authority for its response and commitment to making improvements
-
July 17, 2024
17
Jul'24
Labour government plans new laws around cyber security, data sharing and skills
The King's Speech outlined the legislative agenda for the new Parliament, including several bills that will impact the tech community
-
July 17, 2024
17
Jul'24
How iProov is fending off deepfake fraud
Facial biometrics and controlled illumination can detect liveness, verify identities and help prevent deepfake attacks
-
July 16, 2024
16
Jul'24
Strategic Defence Review must emphasise cyber security, says industry
Cyber security leaders say the new government's Strategic Defence Review needs to put digital security front and centre
-
July 16, 2024
16
Jul'24
Incubator Plexal heads to Singapore for CyberBoost
Cyber startup hub Plexal expands its presence to Singapore through a new initiative, and sets its sights on helping new UK businesses break into the booming Asia-Pacific market
-
July 16, 2024
16
Jul'24
Cloud spend trumps AI but data, security and cost a common headache
Nasuni-sponsored survey finds cloud projects higher on the to do list than AI, but data management, security and cost reduction are common themes in all areas of investment
-
July 15, 2024
15
Jul'24
NHS Trusts cancelled over 6,000 appointments after Qilin cyber attack
The two NHS Trusts most heavily impacted by the Qilin ransomware attack on pathology services provider Synnovis have cancelled over 6,000 appointments and procedures in the past five weeks
-
July 15, 2024
15
Jul'24
How Snowflake is tackling AI challenges
Snowflake’s regional leader Sanjay Deshmukh outlines how the company is helping customers to tackle the security, skills and cost challenges of AI implementations
-
July 12, 2024
12
Jul'24
AT&T loses ‘nearly all’ phone records in Snowflake breach
Hackers have stolen records of virtually every call made by AT&T's customers during a six-month period in 2022, after compromising the US telco's Snowflake data environment
-
July 12, 2024
12
Jul'24
Public awareness of ID security grows, but big obstacles remain
Consumers are improving their awareness of the issues around digital identity security, but there are still some big issues preventing many from doing better, according to an Okta report
-
July 11, 2024
11
Jul'24
Dutch research firm TNO pictures the SOC of the future
In only a few years, security operations centres will have a different design and layout, and far fewer will remain
-
July 11, 2024
11
Jul'24
Inside Israel’s cyber security operations
An emergency phone line allows cyber security analysts at the Israel Computer Emergency Response Team to map threats against national infrastructure
-
July 10, 2024
10
Jul'24
The security interview: Managing the ‘no’ mindset
Matt Riley, data protection and information security officer at Sharp Europe, discusses balancing cyber risks with business leaders’ goals
-
July 09, 2024
09
Jul'24
Hyper-V zero-day stands out on a busy Patch Tuesday
Microsoft has fixed almost 140 vulnerabilities in its latest monthly update, with a Hyper-V zero-day singled out for urgent attention
-
July 09, 2024
09
Jul'24
Chinese spies target vulnerable home office kit to run cyber attacks
China’s APT40 is ramping up targeting of victims using vulnerable small and home office networking kit as command and control infrastructure, according to an international alert
-
July 09, 2024
09
Jul'24
Lessons from war: How Israel is fighting Iranian state-backed hacking
The general director of the Israel National Cyber Directorate talks about the rise in cyber attacks and what lessons the country has gleaned to defend against hacking from foreign parties
-
July 09, 2024
09
Jul'24
Atos jumps on ‘moving train’ for Euro 2024
Atos provides the IT supporting major recurring sporting events including Uefa’s European Football Championship
-
July 08, 2024
08
Jul'24
Synnovis attack highlights degraded, outdated state of NHS IT
More cyber attacks against the health service are likely, and will succeed if something isn’t done to address the increasingly elderly NHS IT estate, experts are warning
-
July 03, 2024
03
Jul'24
NCA’s Operation Morpheus targets illicit Cobalt Strike use
International law enforcement operation targets cyber criminals using the Cobalt Strike penetration testing framework for dodgy purposes
-
June 28, 2024
28
Jun'24
How FWD is driving its digital strategy
FWD’s group chief technology and operations officer talks up how the pan-Asian insurer is driving change faster and putting technology at the heart of its services
-
June 28, 2024
28
Jun'24
How Recorded Future is operationalising threat intelligence
Recorded Future is investing in APIs to enable automated security workflows, among other measures, to help organisations overcome the hurdles of operationalising threat intelligence
-
June 27, 2024
27
Jun'24
Gulf Edge to operate Google Distributed Cloud in Thailand
The Gulf Energy subsidiary will offer Google’s sovereign cloud service in Thailand with a focus on air-gapped configurations
-
June 26, 2024
26
Jun'24
Scottish Courts and Tribunal Service replaces legacy SD-WAN
Contract awarded for the deployment of cross-Scotland software-defined wide area network designed to ensure efficient, secure and reliable administrative services to the judiciaries of Scotland
-
June 26, 2024
26
Jun'24
Israel’s cyber chief calls for international front against Iranian hackers
Israel’s cyber chief has called for international action against Iran over state-backed hacking
-
June 26, 2024
26
Jun'24
Police Scotland did not consult ICO about high-risk cloud system
Police Scotland chose not to formally consult with the data regulator about the risks identified with a cloud-based digital evidence sharing system, while the regulator itself did not follow up for nearly three months