News

IT security

October 13, 2023 13 Oct'23
US SEC launches probe into mass MOVEit breach

Progress Software is facing an investigation from the SEC for the breach of its MOVEit tool, as well as dozens of legal battles resulting from the exfiltration of personal data from the roughly 2,000 organisations affected
October 12, 2023 12 Oct'23
Scottish biometrics watchdog outlines police cloud concerns

Police Scotland’s response to the biometrics commissioner’s formal information notice ‘did not ameliorate’ his concerns about the sovereignty and security of the sensitive biometric information being uploaded to cloud infrastructure that is subject ...
October 11, 2023 11 Oct'23
Why only 1% of the Snowden Archive will ever be published

Speaking to Computer Weekly after we published new revelations from the Snowden archive, the Guardian’s Pulitzer Prize winner, Ewen MacAskill, explains why more of the Snowden trove is unlikely to see the light of day
October 10, 2023 10 Oct'23
MGM faces £100m loss from cyber attack on its casinos

MGM Resorts has provided further details on the fallout of the hack targeting its casinos in early September, confirming that a range of personal information has been stolen and that it will likely cost the firm around $100m

October 05, 2023 05 Oct'23
Microsoft: Nation-state cyber espionage on rise in 2023

Microsoft’s latest Digital Defence Report outlines how nation-state cyber activity has largely moved from destructive attacks to espionage and intelligence gathering
October 05, 2023 05 Oct'23
Red Cross issues rules of engagement for hackers in conflicts

The digital rules of engagement are the first time cyber activity has been looked at by the conflict watchdog, but a number of hacker groups have already come out and said they will not be following them
October 05, 2023 05 Oct'23
Policing minister wants to use UK passport data in facial recognition

The policing minister’s plans to integrate the UK’s passport database with police facial-recognition systems have been met with criticism from campaigners, academics, and the biometrics commissioner for England and Wales
October 05, 2023 05 Oct'23
Ransomware dwell times now measured in hours, says Secureworks

Ransomware payloads are now being deployed and executed within 24 hours in more than 50% of cases, according to Secureworks’ annual report
October 04, 2023 04 Oct'23
Lloyds Bank launches digital identity app

Lloyds Bank has launched a digital identity app with tech startup Yoti, after it invested £10m in the firm
October 04, 2023 04 Oct'23
ICO issues guidance on workplace surveillance

Guidance on employee monitoring covers how employers can conduct their digital surveillance lawfully, transparently and fairly, and warns against businesses intruding on their workers’ private lives

October 03, 2023 03 Oct'23
IT decision-makers confident they can handle tech disruptions

The majority of IT decision-makers polled in a recent survey have admitted their organisations has been adversely affected by IT failures
October 03, 2023 03 Oct'23
Cyber experts urge EU to rethink vulnerability disclosure plans

The European Union’s proposed cyber security vulnerability disclosure measures are well-intentioned but ultimately counterproductive, as making unmitigated vulnerabilities public knowledge increases the risk of their exploitation by various actors, ...
October 03, 2023 03 Oct'23
RSA and other crypto systems vulnerable to side-channel attack

A researcher has found that a flaw in RSA is still vulnerable – a quarter of a century after it was first discovered
October 03, 2023 03 Oct'23
CIISec scores DSIT funding to expand successful CyberEPQ scheme

DSIT has committed to enhanced funding to expand CIISec’s CyberEPQ education programme after recording excellent results to date
October 03, 2023 03 Oct'23
Top science journal faced secret attacks from Covid conspiracy theory group

A conspiratorial group of extreme Brexit lobbyists mounted an extraordinary campaign against one of the world’s most prestigious science journals – part of a series of joint investigations between Byline Times and Computer Weekly
September 28, 2023 28 Sep'23
Strasbourg court condemns Turkey for jailing teacher for using ByLock encrypted messaging app

The case is expected to have implications for the use of digital evidence in prosecutions against users of other encrypted phone apps
September 28, 2023 28 Sep'23
Businesses disconnected from realities of API security

Business leaders feel confident they’ve got a handle on API security, but at the same time, incidents are through the roof, according to a report
September 28, 2023 28 Sep'23
How Akamai is driving growth in APAC

Akamai's managing director for the region outlines the company’s growth journey, how it sets itself apart from competitors, and its strategies to drive the next phase of growth
September 28, 2023 28 Sep'23
Security and risk management spending to grow 14% next year

Growth in public cloud services will stand out over the next 12 months, as Gartner projects an overall 14% increase in cyber spending in 2024
September 28, 2023 28 Sep'23
Yahoo picks Intigriti to run crowdsourced bug bounty programme

Digital media brand Yahoo is setting up a crowdsourced bug bounty programme with ethical hacking specialist Intigriti, and is reaching out to the Capture the Flag community to participate
September 27, 2023 27 Sep'23
Researchers offer free threat briefings on Vegas casino hackers

Permiso, a cloud detection and response startup, is making its threat intel team available to speak on Scattered Spider, the group behind recent cyber attacks on MGM Resorts and Caesars Entertainment
September 27, 2023 27 Sep'23
City of Las Vegas masters cyber incident response with Darktrace

The high-rolling city of Las Vegas experiences unique cyber security challenges rarely seen elsewhere. CIO Mike Sherwood reveals how he turned to Darktrace to help address incidents quicker and with confidence
September 26, 2023 26 Sep'23
Sony alleged victim of new extortion gang

A little-known threat actor claims it has breached IT systems and networks at electronics and entertainment giant Sony, and is threatening to release the organisation’s data unless paid off
September 26, 2023 26 Sep'23
Cover-ups still the norm in the wake of a cyber incident

Almost half of organisations that have experienced a cyber incident did not report it to the appropriate authorities, according to a report
September 26, 2023 26 Sep'23
Crest and IASME to deliver upcoming NCSC Cyber Exercise programme

Crest and IASME have been tasked with assuring that security services providers signing up to a soon-to-launch NCSC Cyber Incident Exercising scheme are up to the job
September 25, 2023 25 Sep'23
Apple fixes three vulnerabilities found by spyware researchers

Apple has patched three more vulnerabilities uncovered by spyware and surveillance researchers at The Citizen Lab
September 22, 2023 22 Sep'23
Annual Security Serious Awards nominations announced

Annual Security Serious Awards will recognise the professionals and organisations doing the most to safeguard and advance cyber security, as well as those committed to diversity and mental health in the industry
September 22, 2023 22 Sep'23
UK-US data bridge to open to traffic on 12 October

Government forges ahead with the implementation of the UK-US data bridge, which will come into effect for real just under three weeks from now
September 22, 2023 22 Sep'23
Cyber experts set out plan to secure future US elections

A group of experts are setting out to enhance election cyber security in the United States, and restore public faith in a process tainted by interference and misinformation in the past
September 21, 2023 21 Sep'23
‘Top’ ransomware gangs favour smaller businesses

Despite high-profile attacks on prominent organisations, the world’s most prolific ransomware operations tend to target smaller businesses
September 21, 2023 21 Sep'23
Poor digital experience a blocker for cyber resilience

Organisations that neglect the digital employee experience are not only vulnerable to employee attrition, but putting themselves at increased cyber risk, an Ivanti report finds
September 20, 2023 20 Sep'23
Parliament passes sweeping Online Safety Bill but tech companies still concerned over encryption

Ofcom will consult on standards to enforce new powers, but tech companies remain concerned about the impact of the bill’s ‘spy clause’, which could require them to scan encrypted messages
September 20, 2023 20 Sep'23
Organisations failing to proactively address insider cyber risk

Organisations are spending less than 10% of their annual security budgets on trying to solve one of the costliest problems in cyber: insider risk
September 20, 2023 20 Sep'23
Multi-agency pilot aims to help innovators navigate regulatory landscape

Regulators join forces in pilot scheme to help businesses deploy new technologies in a way that complies with cross-industry regulations
September 19, 2023 19 Sep'23
Braverman puts pressure on Meta to pause end-to-end encryption plans

The home secretary is calling on Meta to halt its plans to introduce encrypted messaging services on Facebook and Instagram until the company puts measures in place to detect abuse
September 19, 2023 19 Sep'23
New revelations from the Snowden archive surface

A decade after Snowden exposed NSA’s mass surveillance in cooperation with the British GCHQ, only about 1% of the documents have been published – but three major facts can finally be revealed thanks to a doctoral thesis in applied cryptography by ...
September 19, 2023 19 Sep'23
Okta confirms link to cyber attacks on Las Vegas casinos

Okta CISO David Bradbury confirms widespread speculation about the high-profile cyber attacks on two Las Vegas casino operators, revealing that the threat actors responsible had indeed abused its services as they earlier claimed
September 19, 2023 19 Sep'23
38TB Microsoft data leak highlights risks of oversharing

An accidentally disclosed SAS token with excessive privileges enabled researchers to access nearly 40TB of Microsoft’s data, highlighting the risks of privilege mismanagement and oversharing
September 19, 2023 19 Sep'23
Nominet and European counterparts link up on intelligence sharing

The new European TLD ISAC, a collaborative project between top-level domain providers across Europe, aims to enhance their collective security posture to better protect internet users
September 18, 2023 18 Sep'23
Unregulated DeFi services abused in latest pig butchering twist

Pig butchering scammers are taking advantage of the unregulated nature of DeFi crypto trading apps to siphon off even more money from their victims, according to the latest findings of an ongoing investigation
September 18, 2023 18 Sep'23
Government seeks industry views on cyber threat to UK CNI

The Science, Innovation and Technology Select Committee is seeking evidence from the cyber sector as it launches an inquiry into the resilience of the UK's critical national infrastructure
September 15, 2023 15 Sep'23
TikTok fined €345m under GDPR for failing to protect children’s privacy

Data protection regulators warn social media companies to take all necessary measures to protect children’s privacy
September 15, 2023 15 Sep'23
Las Vegas mainstay Caesars Palace likely paid off ransomware crew

Caesars Entertainment, owner of the lavish Roman Empire-themed Caesars Palace casino in Las Vegas, has revealed it also suffered a ransomware attack, and appears to have paid off its hackers
September 15, 2023 15 Sep'23
Manchester police data breach a classic supply chain incident

The developing data breach at Greater Manchester Police follows a cyber attack on the systems of a key supplier of ID services to the force
September 14, 2023 14 Sep'23
Data on over 3,000 Airbus suppliers leaked after breach

An emergent threat actor has leaked details of multiple sensitive Airbus suppliers after claiming to have accessed the firm’s systems having hacked customer Turkish Airlines
September 14, 2023 14 Sep'23
BlackCat on the hook for cyber attack that crippled Vegas casinos

The ALPHV/BlackCat ransomware operation claimed responsibility for an attack that forced MGM Resorts to shut down systems at some of Las Vegas’ most popular gambling venues
September 14, 2023 14 Sep'23
Google, Microsoft and Mozilla push browser updates to foil zero-day

A zero-day in Google’s Chrome browser was first reported by surveillance researchers at The Citizen Lab and Apple, but also affects other browsers
September 14, 2023 14 Sep'23
As vehicle safety regulations loom, carmakers fret over cyber risks

Global, UN-backed car safety and security regulations come into force next year, and automotive bosses say they are not only unprepared, but “swamped” by a tide of compliance and security risks
September 13, 2023 13 Sep'23
GCHQ breached privacy rights of IT professional and security researcher, human rights court rules

The European Court of Human Rights in Strasbourg finds UK intelligence services breached the privacy rights of two overseas nationals – an IT professional and a security researcher
September 13, 2023 13 Sep'23
GitHub fixes race condition that could have led to ‘repojacking’

A subtle flaw in how GitHub handled repository creation and user renaming could have had serious consequences for the open source community, but has now been fixed. Learn more about how it worked