News

IT security

• September 07, 2023 07 Sep'23

  Finnish government to bolster spending on cyber-AI defences

  Finland’s government will increase spending on cyber security amid heightened threats from artificial intelligence-based attacks

• September 06, 2023 06 Sep'23

  French supreme court dismisses legal challenge to EncroChat cryptophone evidence

  Defence lawyers plan to appeal to the European Court of Human Rights after the French supreme court disallowed an appeal over the legality of EncroChat evidence

• September 06, 2023 06 Sep'23

  German court unclear whether intercepted EncroChat cryptophone messages are legally admissible

  Germany’s Federal Constitutional Court is waiting to hear five complaints that could decide whether data from the hacked EncroChat phone network can be lawfully used in German courts, but situation remains unclear for now

• September 06, 2023 06 Sep'23

  Meet the professional BEC op that targeted Microsoft 365 users for years

  The so-called W3LL cyber crime operation ran a phishing empire that has played a large role in compromising Microsoft 365 accounts for years. Its activities are now coming to light thanks to Group-IB researchers

• September 06, 2023 06 Sep'23

  Okta customers targeted in new wave of social engineering attacks

  Authentication specialist Okta has warned customers to be on alert for a campaign of social engineering attacks exploiting highly privileged users

• September 05, 2023 05 Sep'23

  Executive interview: ManageEngine president Rajesh Ganesan on the ‘three Ws’ of digital change

  Today's IT management model must assume that the workforce can operate from any workplace and use any workload with ease and security, as the security and service management software supplier explains

• September 05, 2023 05 Sep'23

  Researchers find flaw in Mend.io security platform

  WithSecure’s research team uncovered an authentication flaw in an application security platform developed by Mend.io, which has now been fixed

• September 05, 2023 05 Sep'23

  Law firm Fieldfisher launches data breach management tool

  UK and European data breach law specialist Fieldfisher has enlisted legal tech specialist Lawcadia to supply a 24-hour data breach notification assessment platform

• September 05, 2023 05 Sep'23

  Hacked Electoral Commission failed Cyber Essentials audit

  The Electoral Commission failed an NCSC Cyber Essentials audit on multiple counts at about the same time as cyber criminals breached its systems in 2021, it has emerged

• September 05, 2023 05 Sep'23

  NCSC names ex-NCC man as new CTO

  New NCSC CTO Ollie Whitehouse joins from NCC Group, having also worked at BlackBerry and Symantec

• September 05, 2023 05 Sep'23

  Plymouth Uni spearheads research into wind farm cyber resilience

  Project hosted at the University of Plymouth in Devon aims to develop cyber security measures to protect the UK’s increasingly important offshore wind farm assets

• September 04, 2023 04 Sep'23

  LockBit ransomware gang allegedly leaks MoD data after hit on supplier

  The UK government appears to have become entangled in a LockBit ransomware attack after data was leaked from a third-party supplier online

• September 04, 2023 04 Sep'23

  How startup Once.net and Cloudflare secured the 2023 Eurovision vote

  When the Eurovision Song Contest introduced paid-for public voting from outside Europe in 2023, it faced new cyber challenges. Learn how Dutch startup Once.net and Cloudflare teamed up to secure and support the big night

• September 01, 2023 01 Sep'23

  Police Scotland five-year digital strategy approved

  Police Scotland’s new strategy outlines how the force will approach and invest in its digital transformation over the next five years, but notes its ability to achieve its ambitions is subject to the availability of funding

• September 01, 2023 01 Sep'23

  IT experts issue new warnings over Online Safety Bill plans to weaken end-to-end encryption

  BCS, The Chartered Institute for IT, argues the government is seeking a technical fix to terrorism and child abuse without understanding the risks and implications

• September 01, 2023 01 Sep'23

  Threat actors exploiting unpatched Juniper Networks devices

  A series of vulnerabilities in Juniper Networks firewalls and switches appear to be being exploited in the wild to enable remote code execution, with thousands of devices thought to be exposed

• August 31, 2023 31 Aug'23

  Sandworm attacks Ukraine with Infamous Chisel malware

  The UK and its allies have attributed a novel malware campaign against Ukrainian state targets to the Russian intelligence-backed Sandworm APT

• August 31, 2023 31 Aug'23

  Ducktail social media marketing malware rears its head again

  Use of the Ducktail infostealer, which first popped up in 2022 targeting Meta Business accounts, seems to be increasing

• August 31, 2023 31 Aug'23

  Home Office and MoD seeking new facial-recognition tech

  The UK’s Defence and Security Accelerator is running a ‘market exploration’ exercise on behalf of the Home Office to identify new facial-recognition capabilities for security and policing bodies in the UK

• August 31, 2023 31 Aug'23

  Post Office to provide in-person identity checks for One Login

  Partnership between the Government Digital Service and the Post Office will see postmasters and staff provide face-to-face identity checks for those unable to use the One Login app or website

• August 30, 2023 30 Aug'23

  Cyber world hails downfall of Qakbot trojan

  A multinational law enforcement hacking operation disrupted the botnet infrastructure used to distribute the Qakbot trojan at the weekend, in a major setback for the cyber criminal underworld

• August 30, 2023 30 Aug'23

  NCSC warns over possible AI prompt injection attacks

  The UK’s NCSC says it sees alarming potential for so-called prompt injection attacks driven by the large language models that power AI chatbots

• August 29, 2023 29 Aug'23

  Zero-day that forced Barracuda users to bin kit was exploited by China

  Mandiant has published details of how a Chinese threat actor targeted high-profile users of Barracuda Networks' Email Security Gateway appliances, including government agencies of interest to Beijing's intelligence goals

• August 29, 2023 29 Aug'23

  Nats resorts to fail-safe manual process after technical hitch

  Just a few hours of manual processing has resulted in a massive backlog in flights

• August 29, 2023 29 Aug'23

  Top-performing CISOs reserve time for professional development

  Survey of chief information security officers conducted by Gartner sheds light on habits shared by the top-performing members of the profession

• August 24, 2023 24 Aug'23

  Google bets on AI-backed cyber controls for Workspace users

  Zero-trust and digital sovereignty controls are the focus of a series of enhancements being made for Google Workspace users

• August 24, 2023 24 Aug'23

  Teenage Lapsus$ ringleader was responsible for crime spree, UK court rules

  A court has ruled that Arion Kurtaj, allegedly a key player in the Lapsus$ cyber extortion syndicate, was responsible for the group’s year-long campaign of cyber attacks

• August 23, 2023 23 Aug'23

  St Helens Council in Merseyside hit by ransomware attack

  St Helens Borough Council is investigating a suspected ransomware incident targeting its systems, and is advising residents to be on the alert for follow-on phishing attacks

• August 23, 2023 23 Aug'23

  Cyber attacks in 2023 develop quicker as average dwell times plummet

  The median attacker dwell time shrunk from 10 to eight days in the first seven months of 2023, and in the case of ransomware attacks it is down to just five days

• August 22, 2023 22 Aug'23

  Singapore to bolster OT security capabilities

  Cyber Security Agency of Singapore teams up with Dragos and the US Cybersecurity and Infrastructure Security Agency to bolster the country’s OT security capabilities

• August 22, 2023 22 Aug'23

  Clop’s MOVEit attacks drive ransomware volumes to record high

  Such has been the scope of Clop’s activity since May that ransomware attack volumes have more than doubled year on year, according to the latest data

• August 21, 2023 21 Aug'23

  Police worker could have put investigation into EncroChat encrypted phone network at risk

  A police intelligence analyst admitted tipping-off a criminal contact that police had infiltrated the EncroChat encrypted phone network

• August 21, 2023 21 Aug'23

  Cyber attack on Aussie energy services firm may hit UK CNI

  Energy One, an Australia-based supplier of tech services to the energy sector, is investigating the possibility that some UK customers may have been caught up in an ongoing cyber attack on its systems

• August 21, 2023 21 Aug'23

  Cyber Explorers programme reaches 50,000 11-14 year olds in 18 months

  The government-backed Cyber Explorers programme has reached 50,000 students in its first 18 months, and more schools are being invited to sign up for the Autumn Term

• August 18, 2023 18 Aug'23

  NatWest customer calls bank’s handling of breach of his data ‘disgusting’

  A second NatWest customer has contacted Computer Weekly after finding out from a whistleblower that his sensitive personal data has been in her home for 14 years

• August 18, 2023 18 Aug'23

  MongoDB secures IRAP certification

  MongoDB’s certification from Australia’s Information Security Registered Assessor Program will pave the way for federal government agencies to use its Atlas database service for protected workloads

• August 17, 2023 17 Aug'23

  Researchers demo fake airplane mode exploit that tricks iPhone users

  Exploit chain that tricks a victim into believing their iOS device is offline in airplane mode when it is not could open the door to grave privacy concerns

• August 17, 2023 17 Aug'23

  Top marks for graduates of CIISec vocational cyber course

  132 young people who sat the UK’s first Extended Project Qualification in Cyber Security have received their results today

• August 16, 2023 16 Aug'23

  CyberArk eyes growth beyond PAM

  CyberArk is seeing exponential growth in the broader identity security market as the company expands its capabilities beyond privileged access management

• August 16, 2023 16 Aug'23

  AI is the most hyped technology of 2023

  Gartner's 2023 hype cycle puts generative AI at the peak of inflated expectations in its latest analysis of emerging tech trends

• August 16, 2023 16 Aug'23

  BT flies into NATS network, cyber security project

  Organisation tasked with managing air travel in the UK implements ‘transformational’ technology programme to keep skies safe and support customers worldwide

• August 16, 2023 16 Aug'23

  NCSC expands Cyber Incident Response service more widely

  The NCSC has added a level to its CIR programme to enable more cyber attack victims to take advantage of the service, which offers access to assured incident response specialists

• August 16, 2023 16 Aug'23

  ITAM influence on cyber risk becoming a factor in credit ratings

  Credit agency S&P Global Ratings warns that organisations that pay inadequate attention to IT asset management as a factor in their cyber risk management processes may find their creditworthiness takes a dive

• August 15, 2023 15 Aug'23

  Norfolk and Suffolk police hit by FoI-linked data breach

  Latest UK police data breach relates to crime suspects, victims and witnesses across East Anglia, and comes just days after a similar incident at the Northern Irish service

• August 15, 2023 15 Aug'23

  Online safety message failing to get through to women

  The security community could be doing a lot more to make its advice and guidance more accessible to women, according to a study

• August 14, 2023 14 Aug'23

  NatWest offers compensation to customer affected by data breach exposed by whistleblower

  NatWest bank has offered compensation to a former customer affected by a data breach alongside around 1,600 other former and current customers

• August 14, 2023 14 Aug'23

  US Cyber Board to probe cloud security after latest Exchange hack

  CSRB review of cloud security comes in the wake of a major Chinese cyber attack on US government bodies orchestrated through Microsoft’s cloud services

• August 12, 2023 12 Aug'23

  Datacentre management vulnerabilities leave public clouds at risk

  At the annual DEF CON hacking convention, researchers from Trellix have disclosed multiple vulnerabilities in key datacentre products underpinning the world’s public cloud infrastructure

• August 10, 2023 10 Aug'23

  Google speeds up security update frequency for Chrome

  Changes to Google’s security update policy are supposed to help close the gap in which cyber criminals can exploit n-day vulnerabilities

• August 10, 2023 10 Aug'23

  A non-conventional career journey into IT security

  GCSEs and A-levels are not the only route to higher education. We speak to an IT security expert who left school with no formal qualifications