News

IT security

• October 25, 2022 25 Oct'22

  Apple patches new iPhone zero-day

  Apple’s latest patch fixes yet another zero-day, as security issues keep surfacing in its mobile products

• October 25, 2022 25 Oct'22

  Dutch lawyers raise human rights concerns over hacked cryptophone data

  Dutch defence lawyers say in an open letter that there is a risk of unfair trials unless they are allowed to test the reliability and legitimacy of hacked cryptophone evidence

• October 25, 2022 25 Oct'22

  US authorities charge two Chinese spies over telco security probe

  Two Chinese nationals have been charged with attempting to obstruct the criminal prosecution of a prominent Chinese telecoms firm

• October 25, 2022 25 Oct'22

  Germany: European Court of Justice asked to rule on legality of hacked EncroChat phone evidence

  Berlin’s Regional Court has asked the European Court of Justice to answer questions about whether the use of hacked EncroChat phone evidence complies with European law

• October 25, 2022 25 Oct'22

  Global digital trust market to double by 2027

  The global market for digital trust technology is expected to double to $537bn by 2027, up from $270bn today as demand for cyber security and other capabilities continues to grow

• October 25, 2022 25 Oct'22

  Digital-first businesses more willing to accept some fraud

  Companies founded in the past 20 years appear more willing to accept higher levels of fraudulent activity during the customer onboarding process, according to a report

• October 24, 2022 24 Oct'22

  Complacency biggest cyber risk to UK plc, says ICO

  Information commissioner John Edwards warns against complacency as his office issues a multimillion-pound fine to a building company that failed to prevent a ransomware attack

• October 24, 2022 24 Oct'22

  Half of staff might quit after a cyber attack, report says

  Findings from a survey of CISOs, IT leaders and staffers reveal how experiencing a cyber incident may take a larger-than-thought toll on employee retention

• October 21, 2022 21 Oct'22

  Microsoft slams external researchers over its own data leak

  Microsoft inadvertently leaked customer data after misconfiguring an Azure Blob, but has hit out at the organisation that discovered its error, claiming it is exaggerating the scope of the issue

• October 20, 2022 20 Oct'22

  The Security Interviews: Why now for ZTNA 2.0?

  With organisations facing escalating online threats, security teams need to improve their defences using zero-trust network access to preserve the integrity of their systems. Palo Alto Networks’ Simon Crocker shares his views on zero-trust network ...

• October 20, 2022 20 Oct'22

  Cyber professional shortfall hits 3.4 million

  Shortage of cyber security professionals continues to grow and shows no signs of abating, says report

• October 20, 2022 20 Oct'22

  NatWest data breach whistleblower demands bank pay data controller fee to ICO

  Whistleblower calls for NatWest to pay the Information Commissioner’s Office annual data controller fee, as the personal details of 1,600 current and former NatWest customers remain under her bed

• October 20, 2022 20 Oct'22

  Singapore extends cyber security labelling scheme to medical devices

  The Cyber Security Agency of Singapore is extending its cyber security labelling scheme to medical devices to encourage medical device manufacturers to adopt a security-by-design approach to product development

• October 19, 2022 19 Oct'22

  Ransomware crews regrouping as LockBit rise continues

  Overall ransomware activity dropped off in the third quarter of 2022, but increasing attack volumes in September may herald a difficult few months ahead

• October 19, 2022 19 Oct'22

  Treat cyber crime as a ‘strategic threat’, UK businesses told

  The government’s new National Cyber Advisory Board aims to help elevate cyber discussion and spur action in the business community

• October 18, 2022 18 Oct'22

  Apache vulnerability a risk, but not as widespread as Log4Shell

  A newly disclosed Apache Commons Text vulnerability may put many at risk, but does not appear to be as impactful or widespread as Log4Shell

• October 18, 2022 18 Oct'22

  Virtually all vulnerable open source downloads are avoidable

  Some 96% of known vulnerable open source downloads could have been avoided altogether, according to a report

• October 14, 2022 14 Oct'22

  Malicious WhatsApp add-on highlights risks of third-party mods

  Kaspersky researchers discovered a malicious version of a widely used WhatsApp messenger mod, highlighting the risks of using so-called mods

• October 14, 2022 14 Oct'22

  Annual costs of Hackney ransomware attack exceed £12m

  Hackney Council reveals new insight into the ongoing cost of a ransomware attack that devastated its systems two years ago

• October 14, 2022 14 Oct'22

  Office 365 email encryption flaw could pose risk to user privacy

  A vulnerability in Microsoft Office 365 Message Encryption could leave the contents of emails dangerously exposed, but with no fix coming it’s up to users to decide how at risk they are

• October 14, 2022 14 Oct'22

  Advanced: Healthcare data was stolen in LockBit 3.0 attack

  Advanced has revealed a total of 16 of its health and social care sector customers had their data exfiltrated in a recent ransomware attack

• October 14, 2022 14 Oct'22

  Protecting children by scanning encrypted messages is ‘magical thinking’, says Cambridge professor

  Ross Anderson argues in a rebuttal to GCHQ experts that using artificial intelligence to scan encrypted messaging services is the wrong approach to protecting children and preventing terrorism

• October 14, 2022 14 Oct'22

  Australia becoming hotbed for cyber attacks

  Research by Imperva shows an 81% increase in cyber security incidents in Australia between July 2021 and June 2022, including automated attacks that doubled in frequency

• October 13, 2022 13 Oct'22

  Cyber training firm KnowBe4 bought by private equity firm

  Acquisition of KnowBe4 supposedly reflects the success the company has seen since its spring 2021 IPO

• October 13, 2022 13 Oct'22

  Unsung Heroes Awards celebrate diversity in cyber community

  The seventh annual Security Serious Unsung Heroes Awards recognise those trying to improve diversity and mental health in cyber for the first time

• October 13, 2022 13 Oct'22

  Dutch influence standards for post-quantum cryptography

  Cryptology group at Dutch research institute is involved in the two primary algorithms of the next NIST portfolio comprising four new standards

• October 13, 2022 13 Oct'22

  Gartner: Remote work, zero trust, cloud still driving cyber spend

  Security leaders are eager to spend on categories including remote and hybrid cyber offerings, zero-trust network access, and cloud

• October 12, 2022 12 Oct'22

  NCSC urges organisations to secure supply chains

  NCSC’s latest guidance package centres supply chain security, helping medium to large organisations assess and mitigate cyber risks from suppliers

• October 12, 2022 12 Oct'22

  French Supreme Court rejects EncroChat verdict after lawyers question secrecy over hacking operation

  France’s Supreme Court has sent a case back to the court of appeal after police failed to disclose technical details of EncroChat hacking operation

• October 12, 2022 12 Oct'22

  Microsoft fixes lone zero-day on October Patch Tuesday

  Microsoft patched a solitary zero-day vulnerability in its latest monthly drop, but fixes for two others disclosed in the past few weeks are nowhere to be seen

• October 12, 2022 12 Oct'22

  ICO selectively discloses reprimands for data protection breaches

  Data protection experts question ICO’s selective approach to publishing formal reprimands for contravening the law, after FoI request reveals the Cabinet Office was among the organisations reprimanded

• October 11, 2022 11 Oct'22

  Contractor left Toyota source code exposed for five years

  Source code related to Toyota’s T-Connect service was left exposed on GitHub for over five years by a contractor

• October 10, 2022 10 Oct'22

  How Cloudflare is staying ahead of the curve

  Cloudflare co-founder and CEO Matthew Prince talks up what has changed since the company’s first business plan was written in 2009 and how it keeps pace with the fast-moving network security landscape

• October 10, 2022 10 Oct'22

  Ukraine and EU explore deeper cyber collaboration

  A Ukrainian delegation has met with officials from the EU’s ENISA cyber agency to explore deeper cooperation on cyber security issues

• October 07, 2022 07 Oct'22

  Australia to amend telecoms regulations following Optus breach

  Amendments to Australia’s telecoms regulations are in the works to temporarily allow sharing of individuals’ identifier information between telcos and financial institutions

• October 06, 2022 06 Oct'22

  EU rolling out measures for online safety and AI liability

  The European Council has approved the passage of the Digital Services Act to protect people’s rights online, while the European Commission has announced proposals to help those negatively affected by artificial intelligence to claim compensation

• October 06, 2022 06 Oct'22

  Proposals for scanning encrypted messages should be cut from Online Safety Bill, say researchers

  Automatic scanning of messaging services for illegal content could lead to one billion false alarms each day in Europe

• October 05, 2022 05 Oct'22

  Italian Supreme Court calls for prosecutors to disclose information on Sky ECC hacking operation

  Italy’s Supreme Court says Italian prosecutors and police should disclose information on how they obtained intercepted messages from the Sky ECC cryptophone network

• October 05, 2022 05 Oct'22

  Forrester: US set to dominate AI enterprise software market

  Artificial intelligence is the fastest growth area in software. This is driving adoption, which will make AI mainstream technology in business software

• October 05, 2022 05 Oct'22

  Inside Dell Technologies’ zero-trust approach

  Dell Technologies’ zero-trust reference model starts with defining business controls and having a central control plane that manages all the security aspects of an organisation’s infrastructure

• October 04, 2022 04 Oct'22

  Tories to replace GDPR

  IT industry reacts to the government’s plan to replace the pan-European data protection regulation

• October 04, 2022 04 Oct'22

  France extradites Spanish EncroChat cryptophone distributors for complicity with organised crime

  Three phone sellers have been extradited from Spain to France to face charges that they were complicit in the activities of criminal EncroChat phone users  

• October 03, 2022 03 Oct'22

  Digital right to work checks officially go live

  Under the new government guidance, employers can choose between 16 certified identity service providers to digitally check their employees legal right to work in the UK

• October 03, 2022 03 Oct'22

  Security regulation cuts online payment fraud at 73% of retailers

  New online payments security standard, Strong Customer Authentication (SCA), sees immediate fall in fraudulent payments to retailers

• October 03, 2022 03 Oct'22

  CIO interview: James Fleming, Francis Crick Institute

  Francis Crick Institute CIO discusses how Europe’s largest biomedical research institute has co-developed a framework for data sharing

• September 30, 2022 30 Sep'22

  Surveillance tech firms complicit in MENA human rights abuses

  Research finds companies are profiting from surveillance technologies that facilitate human rights abuses against migrants, asylum seekers and refugees in the Middle East and North Africa, with little to no oversight

• September 29, 2022 29 Sep'22

  Five startups to join NCSC for Startups initiative

  The NCSC has invited five startups to join its NCSC for Startups programme to help the government with pressing cyber challenges facing the UK

• September 29, 2022 29 Sep'22

  Failure of Russia’s cyber attacks on Ukraine is most important lesson for NCSC

  Russia has so far failed in its attempts to destabilise Ukraine through cyber attacks due to strength of Ukrainian, security industry and international efforts

• September 29, 2022 29 Sep'22

  Optus breach casts spotlight on cyber resilience

  The massive data breach that affected more than 10 million Optus customers has cast the spotlight on API security and other factors that contribute to the cyber resilience of organisations in Australia

• September 28, 2022 28 Sep'22

  UK suffers third highest number of ransomware attacks globally

  Based on an analysis of around 5,000 ransomware incidents, NordLocker has found that UK businesses, and small businesses in particular, are a priority target for ransomware gangs