News
IT security
-
July 28, 2022
28
Jul'22
NCSC startups scheme turns focus to operational technology, SME security
NCSC for Startups initiative turns its focus to supporting innovation around securing operational technology and addressing the challenges facing small businesses
-
July 28, 2022
28
Jul'22
Cyber criminals pivot away from macros as Microsoft changes bite
As Microsoft resumes blocking macros by default in its Office application suite, reversing a temporary reversal, analysis from Proofpoint suggests the action has had a remarkable effect
-
July 27, 2022
27
Jul'22
Consumers left out of pocket as security costs soar
As the average cost of a security incident reaches an all-time high of nearly $4.5m, an IBM Security study reveals how these costs are being passed on to ordinary people
-
July 27, 2022
27
Jul'22
US doubles bounty on Lazarus cyber crime group to $10m
US State Department doubles a previously announced reward for information on North Korean cyber criminals, including the notorious Lazarus group
-
July 27, 2022
27
Jul'22
Retail software firm PrestaShop warns users about SQL injection attacks
Open source e-commerce platform PrestaShop warns thousands of small retailers that their customers’ credit card details may be at risk of compromise
-
July 27, 2022
27
Jul'22
Cyber security training ‘boring’ and largely ignored
Two-thirds of employees don’t bother to pay attention to cyber security training – and the fault does not lie with them
-
July 26, 2022
26
Jul'22
Secret court asked to quash a decade of MI5 surveillance warrants following ‘systemic breaches’
The culture at MI5 was to ‘prioritise’ missions ‘over everything else’, including compliance with safeguards designed to protect the public, the UK’s most secret court heard yesterday
-
July 26, 2022
26
Jul'22
No More Ransom initiative helps 1.5 million people in six years
One and a half million people have now taken advantage of free ransomware decryption tools offered by a joint European project
-
July 26, 2022
26
Jul'22
Visibility and proactive stance needed to secure OT systems
Critical infrastructure operators need to have more visibility into their IT and operational technology environment, and take a more active stance to fend off sophisticated adversaries, expert says
-
July 26, 2022
26
Jul'22
Ducktail infostealer targets Facebook Business users
Newly uncovered Ducktail operation targets individuals with access to Facebook Business service and tries to steal their accounts
-
July 25, 2022
25
Jul'22
Home Office ‘unlawfully’ approved MI5 bulk surveillance warrants
MI5 provided ‘false information’ to the Home Office to secure bulk surveillance warrants, the Investigatory Powers Tribunal heard
-
July 25, 2022
25
Jul'22
NCSC seeks community input for Cyber Advisor service
The NCSC is proposing to establish a new Cyber Advisor service to train up experts in security guidance, and is inviting interested parties to come forward
-
July 25, 2022
25
Jul'22
Latest Atlassian Confluence vulnerability raises concerns
CVE-2022-26138 is the second major vulnerability disclosure made for Atlassian’s Confluence collaboration platform in recent months
-
July 25, 2022
25
Jul'22
The Security Interviews: Why you need to protect abandoned digital assets
The war in Ukraine and subsequent boycott of Russia resulted in a swathe of digital infrastructure being abandoned, becoming a potential vulnerability for many organisations, says Cyberpion’s Ran Nahmias
-
July 25, 2022
25
Jul'22
TMT firms among top targets for cyber attacks in Singapore
Organisations in the technology, media and telecoms sector were among the most lucrative targets for malicious actors as their services penetrate almost every aspect of society
-
July 22, 2022
22
Jul'22
LinkedIn most impersonated brand in phishing attacks
Social network LinkedIn, along with Microsoft and DHL, are just some of the brands that are most frequently imitated by cyber criminals conducting phishing attacks
-
July 21, 2022
21
Jul'22
GCHQ experts back scanning of encrypted phone messages to fight child abuse
Ian Levy, technical director of the NCSC, and Crispin Robinson, technical director of GCHQ, back client-side scanning software on mobile phones to detect child abuse
-
July 21, 2022
21
Jul'22
Buy ‘plug-n-play’ malware for the price of a pint of beer
Three-quarters of malwares and almost 90% of exploits retail on the dark web for about £8.40 or less, according to a report
-
July 21, 2022
21
Jul'22
Russia-linked APTs targeted fleeing Ukrainian civilians
Mandiant and the US authorities have shared details of a phishing campaign that spoofed humanitarian information on evacuation procedures to target Ukrainians fleeing Russian bombardment
-
July 21, 2022
21
Jul'22
UK government introduces data reforms legislation to Parliament
Proposed changes to UK’s data protection regime include new grounds for data processing, significant powers for the secretary of state to direct the regime’s application, and fewer restrictions on law enforcement’s use of data
-
July 20, 2022
20
Jul'22
(ISC)² expands entry-level cyber programme after UK success
Flush with success from a UK certification programme, reaching 100k in the UK, (ISC)² now wants to provide free security certification to a million people worldwide
-
July 20, 2022
20
Jul'22
Transatlantic PET contest open for entries
A joint UK-US innovation prize challenge for developers of privacy-enhancing technologies has opened for entries
-
July 20, 2022
20
Jul'22
Cato aims to bust cyber myths as it extends network protections
Cato Networks is beefing up its platform’s security features with ransomware and data loss protections, and the firm’s security strategy lead Etay Maor is using the occasion – and his unique access to billions of data points from the firm’s network ...
-
July 20, 2022
20
Jul'22
How NEC is transforming its business
While NEC is known for its public safety systems, the company has been expanding into new areas including e-government, financial services and customer experience in Asia-Pacific
-
July 20, 2022
20
Jul'22
Russia’s Cozy Bear abusing Dropbox, Google Drive to target victims
Russian APT known as Cozy Bear has become adept at quickly incorporating popular cloud storage services into its attack chain to avoid detection
-
July 18, 2022
18
Jul'22
US cyber agency CISA to open London office
The US Cybersecurity and Infrastructure Security Agency has chosen London to host its first office outside America
-
July 15, 2022
15
Jul'22
NHS trust ‘deliberately’ deleted up to 90,000 emails before tribunal hearing
A high-profile case brought by NHS whistleblower Chris Day raises questions about the adequacy of information governance practices in NHS hospital trusts
-
July 15, 2022
15
Jul'22
Log4Shell on its way to becoming ‘endemic’
US government report concludes that, like Covid, Log4Shell will be with us for a long time to come
-
July 14, 2022
14
Jul'22
Videogame maker Bandai Namco confirms cyber attack
Bandai Namco, developer of videogames including Pac-Man, Tekken and Dark Souls, has broken days of silence to confirm it has been hit by a cyber attack
-
July 14, 2022
14
Jul'22
How hostile government APTs target journalists for cyber intrusions
Proofpoint shares data on multiple campaigns of cyber intrusions against journalists originating from threat actors aligned to the governments of China, Iran, North Korea and Turkey
-
July 14, 2022
14
Jul'22
Government pauses Online Safety Bill’s progress
The government has paused the Online Safety Bill’s journey towards becoming law, amid timetable pressure
-
July 14, 2022
14
Jul'22
ICO wants to ‘empower people through information’
Information Commissioner’s Office sets out commitment to safeguard the information rights of the most vulnerable people in UK society
-
July 13, 2022
13
Jul'22
Slippery phish wriggles around MFA protections, says Microsoft
Microsoft’s threat researchers share details of a phishing campaign that hit 10,000 organisations, against which standard multifactor authentication provides little defence
-
July 13, 2022
13
Jul'22
Digital break-up kit to help women get out of bad relationships safely
Domestic abuse charity Refuge teams up with Avast to equip women with the knowledge to effectively and safely end a relationship digitally
-
July 13, 2022
13
Jul'22
July Patch Tuesday brings more than 80 fixes, one zero-day
While some admins can put their feet up and let Windows Autopatch do the hard work of updating their Microsoft estates, for the rest of us, the Patch Tuesday bandwagon keeps on keeping on
-
July 13, 2022
13
Jul'22
ICO calls for review into government use of private email and WhatsApp messages
Information Commissioner’s Office reprimands Department of Health and Social Care after ministers and officials conducted government business on their own email accounts and messaging apps
-
July 12, 2022
12
Jul'22
Brits say social media must do more to block harmful content
UK citizens want social media companies to do more to prevent harmful content appearing on their platforms
-
July 12, 2022
12
Jul'22
MaliBot Android malware spreading fast, says Check Point
The MaliBot malware is becoming a persistent and widespread problem, and Android users should be on their guard, says Check Point
-
July 12, 2022
12
Jul'22
Microsoft Windows Autopatch now generally available
Microsoft customers with Windows Enterprise E3 and E5 licences can now take full advantage of its new automated patching service
-
July 12, 2022
12
Jul'22
Singapore doubles down on OT security
The Cyber Security Agency of Singapore will fund 80 scholarships to groom a talent pool of operational technology security experts, among other efforts to bolster the security of critical infrastructure in the city-state
-
July 11, 2022
11
Jul'22
Microsoft VBA macro block will return
Microsoft provides more details about its sudden decision to rollback a landmark security policy, and reassures users it is a temporary measure
-
July 11, 2022
11
Jul'22
SMEs lagging on multifactor authentication
Only 46% of small business owners say they have implemented multifactor authentication, and just 13% mandate its use, according to a report
-
July 08, 2022
08
Jul'22
Stop telling clients to pay ransomware gangs, solicitors told
The NCSC and the ICO are calling on solicitors to help tackle the rising number of ransomware payments being made, and to stop giving erroneous advice to victims
-
July 08, 2022
08
Jul'22
Sweden and GDPR – four years on
Swedish data protection coordinator talks to Computer Weekly four years into the General Data Protection Regulation
-
July 08, 2022
08
Jul'22
Microsoft appears to reverse VBA macro-blocking
Microsoft quietly reverses VBA macro-blocking across its Office portfolio in a move that has left security experts puzzled
-
July 07, 2022
07
Jul'22
UK government does not yet understand threat of technology to foreign policy
Select committee chair warns government that the threat posed to global security by malign actors influencing tech standards is no ‘dystopian fantasy’
-
July 07, 2022
07
Jul'22
MI5, FBI chiefs warn of Chinese cyber espionage threat
In a joint appearance in London, MI5 director general Ken McCallum and FBI director Chris Wray warn of the growing threat posed by the Chinese government to UK and US interests
-
July 07, 2022
07
Jul'22
UK signs ‘in principle’ data adequacy agreement with South Korea
Bilateral adequacy agreement will allow businesses to conduct cross-border data transfers with minimal restrictions
-
July 07, 2022
07
Jul'22
Amid NSO lawsuit, Apple expands spyware protections
Apple previews a new feature called Lockdown Mode to protect iPhone and iPad users from ‘mercenary spyware’
-
July 07, 2022
07
Jul'22
Latest Marriott data breach not as serious as others
Questions are again being raised over Marriott’s cyber security practices following yet another incident, but fortunately it seems limited in its scope, and the company is responding appropriately