News
IT security
-
August 15, 2024
15
Aug'24
ASEAN organisations lack mature AI strategy
IBM-commissioned study reveals that while ASEAN organisations are engaging with AI, only 4% have reached a transformative level of AI maturity
-
August 14, 2024
14
Aug'24
August Patch Tuesday proves busy with six zero-days to fix
Microsoft patches six actively exploited zero-days among over 100 issues during its regular monthly update
-
August 14, 2024
14
Aug'24
Dawn Project calls out Big Tech for selling AI snake oil
A campaigning group focused on safety critical technology has called out the major tech firms for putting people’s lives at risk with flawed AI
-
August 14, 2024
14
Aug'24
Automated police tech contributes to UK structural racism problem
Civil society groups say automated policing technologies are helping to fuel the disparities that people of colour face across the criminal justice sector, as part of wider warning about the UK’s lack of progress in dealing with systemic racism
-
August 14, 2024
14
Aug'24
Leeds Teaching Hospitals deploys patient records and data sharing on Azure
In-house patient records system has been migrated to the Microsoft public cloud, opening up the potential for greater data sharing
-
August 13, 2024
13
Aug'24
NIST debuts three quantum-safe encryption algorithms
NIST has launched the first three quantum-resistant encryption algorithms, and as the threat of quantum-enabled cyber attacks grows greater, organisations are encouraged to adopt them as soon as they can
-
August 13, 2024
13
Aug'24
Cyber criminal kingpin ‘J.P. Morgan’ appears in US court
‘J.P. Morgan’, a Belarusian cyber criminal who ran a major ransomware campaign supported by malvertising scams, faces decades in prison in the United States after being extradited from the EU
-
August 13, 2024
13
Aug'24
Australia’s cyber security skills gap remains pressing issue
Study reveals Australia’s critical shortage of cyber security professionals, escalating the risk of data breaches
-
August 09, 2024
09
Aug'24
The Security Interviews: Google’s take on confidential computing
We speak to Google’s Nelly Porter about the company’s approach to keeping data as safe as possible on Google Cloud
-
August 08, 2024
08
Aug'24
Royal ransomware crew puts on a BlackSuit in rebrand
The Royal ransomware gang is back, with a new name and refreshed capabilities, including an apparently unique ‘partial encryption’ gambit, according to CISA
-
August 08, 2024
08
Aug'24
US lawmakers seek to brand ransomware gangs as terrorists
Proposals from legislators in Washington DC could shake up the global ransomware ecosystem and give law enforcement sweeping new powers
-
August 08, 2024
08
Aug'24
Ofcom issues online safety warning to firms in wake of UK riots
Ofcom has issued a warning reminding social media firms of their upcoming online safety obligations, after misinformation about the Southport stabbings sparked racist riots throughout the UK
-
August 07, 2024
07
Aug'24
Microsoft and CrowdStrike hit back at Delta’s legal threats
Microsoft and CrowdStrike have rejected claims by Delta Air Lines that it was left high and dry amid thousands of flight cancellations during July’s software outage, accusing the airline of ignoring their offers of help and running out-of-date IT ...
-
August 06, 2024
06
Aug'24
Advanced faces fine over LockBit attack that crippled NHS 111
Advanced Software faces a multimillion pound fine for a series of failings which directly led to a 2022 LockBit ransomware attack that disrupted NHS and social care services across the UK
-
August 06, 2024
06
Aug'24
2024 seeing more CVEs than ever before, but few are weaponised
The number of disclosed CVEs soared by 30% in the first seven-and-a-half months of the year, but a tiny fraction of these have been exploited by threat actors, a reminder of the importance of focused security strategies
-
August 05, 2024
05
Aug'24
Chinese cyber attack sparks alert over six-year-old MS vuln
After a proof-of-concept for a six-year-old Microsoft vulnerability emerged in a Chinese APT attack chain, defenders should be on the look-out for exploitation of CVE-2018-0824
-
August 05, 2024
05
Aug'24
World’s largest companies at near-universal risk of supply chain breach
Data from SecurityScorecard once again focuses on the interconnected nature of business supply chains and the risk posed to operational resilience by unexpected IT problems and cyber threats
-
August 05, 2024
05
Aug'24
Russia’s luxury car phish continues to prove effective
Government organisations and other bodies operating in Ukraine continue to be targeted by a relatively unsophisticated phishing campaign that has proven so effective for Russia’s cyber spooks that there are now multiple agencies involved
-
August 02, 2024
02
Aug'24
How CrowdStrike is leveraging AI to empower security teams
CrowdStrike CTO Elia Zaitsev explains how the company’s multi-agent AI architecture can help to enhance analyst efficiency and tackle cyber security challenges
-
August 01, 2024
01
Aug'24
Police hunt scammers after takedown of Russian Coms fraud platform
The National Crime Agency has arrested four people after taking down a phone number spoofing platform used by criminals to defraud hundreds of thousands of people in the UK with more arrests to follow
-
August 01, 2024
01
Aug'24
CrowdStrike shareholders sue, alleging false security claims
A US pension fund is lining up a lawsuit against CrowdStrike, claiming the cyber company lied about the integrity of its systems, leading to failings that caused a worldwide IT outage
-
August 01, 2024
01
Aug'24
Banks, telcos call for more data sharing to fight fraud
A Which?-led coalition of banks and telecoms operators is calling on the UK's new government to take the lead on enabling data sharing to help fight digital fraud
-
July 31, 2024
31
Jul'24
API attacks surge by 65% in APAC, fuelled by rapid digitisation
Akamai's report reveals a significant rise in cyber attacks on web applications and APIs in the region over the past year, with financial and commerce sectors hardest hit
-
July 31, 2024
31
Jul'24
Campaigners call for evidence to reform UK cyber laws
The CyberUp Campaign for reform of the 1990 Computer Misuse Act launches an industry survey inviting cyber experts to share their views on how the outdated law hinders legitimate work
-
July 31, 2024
31
Jul'24
Mayor launches London Privacy Register for smart city information
To increase transparency around and trust in London’s smart city technology deployments, the London Privacy Register aims to provide the public with more information about the systems they encounter in their day-to-day lives
-
July 31, 2024
31
Jul'24
Breach costs soar as record ransomware payment made
IBM publishes data on the spiralling costs of cyber attacks and data breaches, while researchers identify what appears to be the largest ransomware payment ever made
-
July 30, 2024
30
Jul'24
Basic failures led to hack of Electoral Commission data on 40 million people
UK government identifies Chinese state-linked hackers as likely to have been behind attack on the Electoral Commission
-
July 30, 2024
30
Jul'24
Core British Library services to return for new academic year
The British Library’s recovery from a devastating ransomware attack that laid waste to its IT systems continues - with hopes that some of its most popular services will be running again in September
-
July 29, 2024
29
Jul'24
Scam CrowdStrike domains growing in volume
Hundreds of malicious domains exploiting CrowdStrike’s branding are appearing all over the web in the wake of the 19 July outage. Experts from Akamai share some noteworthy examples, along with guidance on how to avoid getting caught out
-
July 29, 2024
29
Jul'24
CrowdStrike says most Falcon sensors now up and running
The vast majority of CrowdStrike Falcon sensors affected by a coding error have now been recovered, with a final resolution expected this week
-
July 29, 2024
29
Jul'24
WTO digital trade agreement aims to modernise global commerce
A digital trade deal negotiated over five years at the World Trade Organization has been signed by 91 countries, laying the groundwork for a new global digital trade regime
-
July 26, 2024
26
Jul'24
Ban predictive policing and facial recognition, says civil society
A coalition of civil society groups is calling for an outright ban on predictive policing and biometric surveillance in the UK
-
July 25, 2024
25
Jul'24
North Korean cyber APT targeting nuclear secrets
Mandiant has upgraded the North Korean threat actor known as Andariel to APT status and warned of coordinated efforts to steal western military IP, including nuclear secrets
-
July 25, 2024
25
Jul'24
Why is CrowdStrike allowed to run in the Windows kernel?
Microsoft has pointed the finger at EU regulators, blaming them for a ruling that means it needs to offer third parties access to the core Windows OS
-
July 25, 2024
25
Jul'24
Fortune 500 stands to lose $5bn plus from CrowdStrike incident
The largest global organisations hit by the CrowdStrike-Microsoft incident on 19 July will likely be out of pocket to the tune of billions of dollars
-
July 24, 2024
24
Jul'24
CrowdStrike blames outage on content configuration update
CrowdStrike publishes the preliminary findings of what will be a lengthy investigation into the root causes of the failed 19 July update that caused Windows computers to crash all over the world
-
July 24, 2024
24
Jul'24
Mimecast to buy insider threat specialist Code42
Mimecast is to buy fellow human-centred risk experts Code42 for an undisclosed sum to take advantage of its insider threat and data loss protection specialisms
-
July 24, 2024
24
Jul'24
CrowdStrike chaos: Enterprises urged to take protective action in wake of botched software update
Enterprises that emerged unscathed from the roll-out of the botched CrowdStrike software update are being urged to view it as a wake-up call rather than a lucky escape
-
July 24, 2024
24
Jul'24
WhatsApp and Signal messages at risk of surveillance following EncroChat ruling, court hears
Defence lawyers seek leave to appeal a decision by the Investigatory Powers Tribunal that the National Crime Agency lawfully obtained warrants to intercept messages sent over an encrypted phone network
-
July 23, 2024
23
Jul'24
NCA seizes thousands of social media accounts used by people smugglers
A three-year campaign has seen thousands of social media posts and accounts used to advertise the services of illegal people smugglers taken down
-
July 23, 2024
23
Jul'24
Innovations to power secure-by-design development
Secure Code Warrior unveils technology designed to help CISOs and AppSec teams ensure their projects remain safe and free of coding errors and vulnerabilities – a big issue following the CrowdStrike incident
-
July 23, 2024
23
Jul'24
Chrome cookies reprieved amid Google Privacy Sandbox changes
Google abruptly changes tack on third-party cookies in its Chrome web browser, cancelling plans to deprecate them in favour of an unspecified ‘new experience’ for users
-
July 23, 2024
23
Jul'24
Why did CrowdStrike cause the Windows Blue Screen?
The ‘blue screen of death’ signals a catastrophic Windows failure, which is exactly what many people faced on 19 July 2024 – but why did it happen?
-
July 22, 2024
22
Jul'24
NCA cracks digitalstress DDoS-for-hire operation
The UK authorities have taken down a major component of the multinational DDoS cyber attack-for-hire ecosystem, hacking into the digitalstress.su service and exfiltrating data on its users, who now face arrest
-
July 22, 2024
22
Jul'24
NCSC: Beware of criminal CrowdStrike opportunists
Financially motivated cyber criminals are already conducting opportunistic attacks on organisations that leverage the CrowdStrike incident, and more targeted attacks are sure to follow
-
July 22, 2024
22
Jul'24
CrowdStrike chaos shows risks of concentrated ‘big IT’
The concentration of so much mission-critical technology in the hands of a few large suppliers makes incidents like the Microsoft-CrowdStrike outage all the more dangerous
-
July 21, 2024
21
Jul'24
CrowdStrike update snafu affected 8.5 million Windows devices
About 8.5 million devices globally were hit by the botched CrowdStrike update, with a significant number now back online and operational
-
July 19, 2024
19
Jul'24
Global Microsoft outage hits NHS GP IT system
The Emis Web IT system used by more than half of GP practices in the UK is down, following the worldwide Microsoft outage
-
July 19, 2024
19
Jul'24
CrowdStrike security update fails Windows PCs globally
An update to the security firm’s Falcon service has led to many Windows users being unable to work this morning. Microsoft 365 is also affected
-
July 18, 2024
18
Jul'24
Lawyers and journalists seeking ‘payback’ over police phone surveillance, claims former detective
Former Durham detective will be required to give evidence to a tribunal investigating allegations that police unlawfully monitored journalists’ phones