News

IT security

• September 11, 2023 11 Sep'23

  Salesforce and Zoom embrace ethical hackers. You should, too

  Software companies Salesforce and Zoom discuss their successful bug bounty programmes, what they learned at a recent in-person hackathon in which they participated, and why others shouldn’t be scared of hackers

• September 11, 2023 11 Sep'23

  How Culture Amp is tapping generative AI

  Australia’s Culture Amp is building a generative AI capability that summarises employee survey responses, automating a process that typically takes HR admins up to hundreds of hours to complete

• September 08, 2023 08 Sep'23

  Apple patches Blastpass exploit abused by spyware makers

  Apple has patched two vulnerabilities that formed an exploit chain which has been allegedly abused by spyware company NSO

• September 08, 2023 08 Sep'23

  Deputy PM urges UK plc not to lose focus on cyber

  In a speech at TechUK, deputy prime minister Oliver Dowden urges the cyber security community not to lose focus, and to do more to further collaboration across sectors

• September 08, 2023 08 Sep'23

  North Koreans using new zero-day to target security researchers

  A threat actor linked to the North Korean government is continuing a long-running campaign targeting legitimate security researchers, using an as-yet undisclosed zero-day vulnerability to gain access to their victims

• September 08, 2023 08 Sep'23

  Sensitive NatWest customer files set to be returned after High Court agreement

  Sensitive NatWest customer files set to be secured by bank after years in the home of a data breach whistleblower

• September 08, 2023 08 Sep'23

  How Netskope is driving growth in APAC

  Netskope is growing at over 50% year on year in the Asia-Pacific region, but the single-vendor SASE supplier is not limiting its customers to its own offerings

• September 08, 2023 08 Sep'23

  HGS to provide contact centre support for One Login

  The partnership between the Government Digital Service and Hinduja Global Solutions will see the supplier provide contact centre services for the digital identity platform

• September 07, 2023 07 Sep'23

  UK minister fails to reassure tech companies over encryption risk

  Technology companies say reassurances by government ministers that they have no intention of weakening end-to-end encrypted communication services do not go far enough

• September 07, 2023 07 Sep'23

  Honeywell goes quantum to protect utilities from future threats

  Honeywell and quantum computing specialist Quantinuum will integrate quantum-hardened encryption keys into future smart meters

• September 07, 2023 07 Sep'23

  UK and US slap fresh sanctions on Conti ransomware crew

  London and Washington DC have imposed sanctions on 11 more members of the cyber criminal gang behind the Conti ransomware attacks

• September 07, 2023 07 Sep'23

  Duplicate waypoints root cause of Nats subsystem failover

  Processing of waypoints that determine when a flight enters and leaves UK airspace caused the air traffic system to report a critical error

• September 07, 2023 07 Sep'23

  Microsoft finds Storm-0558 exploited crash dump to steal signing key

  Microsoft has published new information on how the Chinese state threat actor Storm-0558 was able to exploit a rare race condition following a crash dump in order to acquire a consumer signing key

• September 07, 2023 07 Sep'23

  Finnish government to bolster spending on cyber-AI defences

  Finland’s government will increase spending on cyber security amid heightened threats from artificial intelligence-based attacks

• September 06, 2023 06 Sep'23

  French supreme court dismisses legal challenge to EncroChat cryptophone evidence

  Defence lawyers plan to appeal to the European Court of Human Rights after the French supreme court disallowed an appeal over the legality of EncroChat evidence

• September 06, 2023 06 Sep'23

  German court unclear whether intercepted EncroChat cryptophone messages are legally admissible

  Germany’s Federal Constitutional Court is waiting to hear five complaints that could decide whether data from the hacked EncroChat phone network can be lawfully used in German courts, but situation remains unclear for now

• September 06, 2023 06 Sep'23

  Meet the professional BEC op that targeted Microsoft 365 users for years

  The so-called W3LL cyber crime operation ran a phishing empire that has played a large role in compromising Microsoft 365 accounts for years. Its activities are now coming to light thanks to Group-IB researchers

• September 06, 2023 06 Sep'23

  Okta customers targeted in new wave of social engineering attacks

  Authentication specialist Okta has warned customers to be on alert for a campaign of social engineering attacks exploiting highly privileged users

• September 05, 2023 05 Sep'23

  Executive interview: ManageEngine president Rajesh Ganesan on the ‘three Ws’ of digital change

  Today's IT management model must assume that the workforce can operate from any workplace and use any workload with ease and security, as the security and service management software supplier explains

• September 05, 2023 05 Sep'23

  Researchers find flaw in Mend.io security platform

  WithSecure’s research team uncovered an authentication flaw in an application security platform developed by Mend.io, which has now been fixed

• September 05, 2023 05 Sep'23

  Law firm Fieldfisher launches data breach management tool

  UK and European data breach law specialist Fieldfisher has enlisted legal tech specialist Lawcadia to supply a 24-hour data breach notification assessment platform

• September 05, 2023 05 Sep'23

  Hacked Electoral Commission failed Cyber Essentials audit

  The Electoral Commission failed an NCSC Cyber Essentials audit on multiple counts at about the same time as cyber criminals breached its systems in 2021, it has emerged

• September 05, 2023 05 Sep'23

  NCSC names ex-NCC man as new CTO

  New NCSC CTO Ollie Whitehouse joins from NCC Group, having also worked at BlackBerry and Symantec

• September 05, 2023 05 Sep'23

  Plymouth Uni spearheads research into wind farm cyber resilience

  Project hosted at the University of Plymouth in Devon aims to develop cyber security measures to protect the UK’s increasingly important offshore wind farm assets

• September 04, 2023 04 Sep'23

  LockBit ransomware gang allegedly leaks MoD data after hit on supplier

  The UK government appears to have become entangled in a LockBit ransomware attack after data was leaked from a third-party supplier online

• September 04, 2023 04 Sep'23

  How startup Once.net and Cloudflare secured the 2023 Eurovision vote

  When the Eurovision Song Contest introduced paid-for public voting from outside Europe in 2023, it faced new cyber challenges. Learn how Dutch startup Once.net and Cloudflare teamed up to secure and support the big night

• September 01, 2023 01 Sep'23

  Police Scotland five-year digital strategy approved

  Police Scotland’s new strategy outlines how the force will approach and invest in its digital transformation over the next five years, but notes its ability to achieve its ambitions is subject to the availability of funding

• September 01, 2023 01 Sep'23

  IT experts issue new warnings over Online Safety Bill plans to weaken end-to-end encryption

  BCS, The Chartered Institute for IT, argues the government is seeking a technical fix to terrorism and child abuse without understanding the risks and implications

• September 01, 2023 01 Sep'23

  Threat actors exploiting unpatched Juniper Networks devices

  A series of vulnerabilities in Juniper Networks firewalls and switches appear to be being exploited in the wild to enable remote code execution, with thousands of devices thought to be exposed

• August 31, 2023 31 Aug'23

  Sandworm attacks Ukraine with Infamous Chisel malware

  The UK and its allies have attributed a novel malware campaign against Ukrainian state targets to the Russian intelligence-backed Sandworm APT

• August 31, 2023 31 Aug'23

  Ducktail social media marketing malware rears its head again

  Use of the Ducktail infostealer, which first popped up in 2022 targeting Meta Business accounts, seems to be increasing

• August 31, 2023 31 Aug'23

  Home Office and MoD seeking new facial-recognition tech

  The UK’s Defence and Security Accelerator is running a ‘market exploration’ exercise on behalf of the Home Office to identify new facial-recognition capabilities for security and policing bodies in the UK

• August 31, 2023 31 Aug'23

  Post Office to provide in-person identity checks for One Login

  Partnership between the Government Digital Service and the Post Office will see postmasters and staff provide face-to-face identity checks for those unable to use the One Login app or website

• August 30, 2023 30 Aug'23

  Cyber world hails downfall of Qakbot trojan

  A multinational law enforcement hacking operation disrupted the botnet infrastructure used to distribute the Qakbot trojan at the weekend, in a major setback for the cyber criminal underworld

• August 30, 2023 30 Aug'23

  NCSC warns over possible AI prompt injection attacks

  The UK’s NCSC says it sees alarming potential for so-called prompt injection attacks driven by the large language models that power AI chatbots

• August 29, 2023 29 Aug'23

  Zero-day that forced Barracuda users to bin kit was exploited by China

  Mandiant has published details of how a Chinese threat actor targeted high-profile users of Barracuda Networks' Email Security Gateway appliances, including government agencies of interest to Beijing's intelligence goals

• August 29, 2023 29 Aug'23

  Nats resorts to fail-safe manual process after technical hitch

  Just a few hours of manual processing has resulted in a massive backlog in flights

• August 29, 2023 29 Aug'23

  Top-performing CISOs reserve time for professional development

  Survey of chief information security officers conducted by Gartner sheds light on habits shared by the top-performing members of the profession

• August 24, 2023 24 Aug'23

  Google bets on AI-backed cyber controls for Workspace users

  Zero-trust and digital sovereignty controls are the focus of a series of enhancements being made for Google Workspace users

• August 24, 2023 24 Aug'23

  Teenage Lapsus$ ringleader was responsible for crime spree, UK court rules

  A court has ruled that Arion Kurtaj, allegedly a key player in the Lapsus$ cyber extortion syndicate, was responsible for the group’s year-long campaign of cyber attacks

• August 23, 2023 23 Aug'23

  St Helens Council in Merseyside hit by ransomware attack

  St Helens Borough Council is investigating a suspected ransomware incident targeting its systems, and is advising residents to be on the alert for follow-on phishing attacks

• August 23, 2023 23 Aug'23

  Cyber attacks in 2023 develop quicker as average dwell times plummet

  The median attacker dwell time shrunk from 10 to eight days in the first seven months of 2023, and in the case of ransomware attacks it is down to just five days

• August 22, 2023 22 Aug'23

  Singapore to bolster OT security capabilities

  Cyber Security Agency of Singapore teams up with Dragos and the US Cybersecurity and Infrastructure Security Agency to bolster the country’s OT security capabilities

• August 22, 2023 22 Aug'23

  Clop’s MOVEit attacks drive ransomware volumes to record high

  Such has been the scope of Clop’s activity since May that ransomware attack volumes have more than doubled year on year, according to the latest data

• August 21, 2023 21 Aug'23

  Police worker could have put investigation into EncroChat encrypted phone network at risk

  A police intelligence analyst admitted tipping-off a criminal contact that police had infiltrated the EncroChat encrypted phone network

• August 21, 2023 21 Aug'23

  Cyber attack on Aussie energy services firm may hit UK CNI

  Energy One, an Australia-based supplier of tech services to the energy sector, is investigating the possibility that some UK customers may have been caught up in an ongoing cyber attack on its systems

• August 21, 2023 21 Aug'23

  Cyber Explorers programme reaches 50,000 11-14 year olds in 18 months

  The government-backed Cyber Explorers programme has reached 50,000 students in its first 18 months, and more schools are being invited to sign up for the Autumn Term

• August 18, 2023 18 Aug'23

  NatWest customer calls bank’s handling of breach of his data ‘disgusting’

  A second NatWest customer has contacted Computer Weekly after finding out from a whistleblower that his sensitive personal data has been in her home for 14 years

• August 18, 2023 18 Aug'23

  MongoDB secures IRAP certification

  MongoDB’s certification from Australia’s Information Security Registered Assessor Program will pave the way for federal government agencies to use its Atlas database service for protected workloads

• August 17, 2023 17 Aug'23

  Researchers demo fake airplane mode exploit that tricks iPhone users

  Exploit chain that tricks a victim into believing their iOS device is offline in airplane mode when it is not could open the door to grave privacy concerns