News

IT security

February 22, 2023 22 Feb'23
UK forces lead live-fire cyber war exercise

The seven-day Defence Cyber Marvel 2 exercise put cyber responders from 11 countries through their paces
February 22, 2023 22 Feb'23
Researchers find new bug ‘class’ in Apple devices

A group of vulnerabilities in Apple products that stem from the ForcedEntry exploit used by spyware firm NSO constitutes a whole new class of bug, say researchers at Trellix
February 22, 2023 22 Feb'23
Dutch cyber security professionals experience stress akin to soldiers in war zone, claims expert

Cyber attacks are taking a heavy toll on Dutch IT professionals, with over a third reporting that their mental health suffers as a result
February 22, 2023 22 Feb'23
Half of cyber leaders to switch jobs by 2025, citing stress

A substantial number of cyber security leaders are plotting their great escape, saying the industry is leaving them too stressed to go on, according to a study

February 22, 2023 22 Feb'23
Institute for Government cautions government to draw right lessons from pandemic

The Institute for Government has published a policy document warning government not to draw wrong lessons from data sharing during pandemic
February 21, 2023 21 Feb'23
Royal Mail resumes full export service after cyber attack

Royal Mail resumes the last of its international services as it recovers from a ransomware attack, while the Post Office offers postmasters compensation for their lost business
February 21, 2023 21 Feb'23
US government Strike Force aims to prevent adversaries from accessing disruptive tech

The US Strike Force law enforcement initiative will target rogue nation-states that pose a national security threat
February 20, 2023 20 Feb'23
Singapore organisations struggle to operationalise threat intelligence

Organisations in the city-state were satisfied with the quality of their threat intelligence, but they struggled to operationalise the information due to talent shortages and other challenges
February 20, 2023 20 Feb'23
Twitter 2FA changes bring more risks than benefits

Twitter’s approach to nudging users away from insecure SMS-based 2FA is being questioned over its logic
February 20, 2023 20 Feb'23
Why CIOs need to revisit desktop virtualisation

Cloud computing is the next revolution in infrastructure, but desktop IT is still very much on-premise

February 16, 2023 16 Feb'23
Mock crime prediction tool profiles MEPs as potential criminals

Developed by Fair Trials, the example crime prediction tool uses the same information as police systems to assess the likelihood of someone committing a crime in the future
February 16, 2023 16 Feb'23
Financial advisory firm Succession Wealth probes cyber attack

Aviva-owned wealth consultancy and financial advisory practice Succession Wealth was hit by an undisclosed security incident on 8 February
February 16, 2023 16 Feb'23
How to tame the identity sprawl

Organisations should find a comprehensive way to gain full visibility into their digital identities and leverage automation to tame the identify sprawl
February 15, 2023 15 Feb'23
Multi-purpose malwares can use more than 20 MITRE ATT&CK TTPs

Report warns of the development of increasingly sophisticated, multi-purpose malwares, and calls on defenders to play close attention to the MITRE ATT&CK framework to ward them off
February 15, 2023 15 Feb'23
Microsoft fixes three zero-days in February update

February’s Patch Tuesday update contains fixes for three previously unpublicised zero-days in Microsoft Office, Windows Graphics Component and Windows Common Log File System Driver
February 15, 2023 15 Feb'23
Royal Mail refused to pay £66m LockBit ransom demand, logs reveal

Leaked chat logs reveal Royal Mail has supposedly refused to pay a £66m ransom demand from the LockBit ransomware gang
February 14, 2023 14 Feb'23
Vidar, nJRAT re-emerge as prominent malware threats in January

Trojans and infostealers once again dominate the list of most commonly observed threats, according to Check Point’s latest telemetry
February 14, 2023 14 Feb'23
UK authorities clamp down on illegal crypto ATMs

The Financial Conduct Authority and West Yorkshire Police have disrupted a number of illegal crypto ATMs
February 14, 2023 14 Feb'23
OSC&R framework to stop supply chain attacks in the wild

The backers of a new MITRE ATT&CK style framework called OSC&R hope to help organisations get to grips with threats to their software supply chains
February 14, 2023 14 Feb'23
Researcher exposes crypto scam network exploiting YouTube

A massive network of fake YouTube videos promoted by automated sock puppet accounts is reeling in hundreds of cryptocurrency enthusiasts and persuading them to hand over their money, WithSecure researchers found
February 14, 2023 14 Feb'23
Akamai eyes cloud market with Connected Cloud

Akamai marks foray into cloud computing with a distributed cloud computing platform that is touted to make it easier for enterprises to get applications and data closer to their customers
February 13, 2023 13 Feb'23
Russian spear phishing campaign escalates efforts toward critical UK, US and European targets

Russian hacking group Seaborgium refines its tactics in a continuation of attacks against targets including not-for-profit organisations with geopolitical affiliations
February 13, 2023 13 Feb'23
Investigatory Powers Act: Home Office proposes rethink of safeguards on bulk data collection

David Anderson KC will review the safeguards on intelligence service and police use of bulk datasets following a Home Office assessment that they are 'disproportionate'.
February 13, 2023 13 Feb'23
Security buyers lack insight into threats, attackers, report finds

The majority of cyber security purchasing decisions are made without proper insight into the attackers organisations are facing, according to a Mandiant report
February 13, 2023 13 Feb'23
Killnet DDoS attacks disrupt Nato websites

A series of distributed denial of service attacks on various public websites belonging to the Nato alliance were largely repelled but some resources remain unavailable
February 13, 2023 13 Feb'23
Police tech needs clear legal rules, says biometrics regulator

Police use of artificial intelligence and facial recognition needs to be controlled by strict rules and mechanisms to ensure public trust
February 13, 2023 13 Feb'23
Whistleblower in limbo as sensitive NatWest customer files remain under her bed

Whistleblower and NatWest at stalemate as regulators leave it up to them to come to an agreement on return of sensitive customer data
February 10, 2023 10 Feb'23
Social media platform Reddit breached in phishing attack

An unspecified threat actor obtained access to internal documents, code and business systems at Reddit after stealing employee credentials in a phishing attack
February 09, 2023 09 Feb'23
UK imposes sanctions on Conti ransomware gang leaders

Seven Russian nationals associated with the Conti and Ryuk ransomware operations have been sanctioned by the UK
February 09, 2023 09 Feb'23
Banking regulatory body wants a ‘tripwire’ to flag APP fraud

Banking code of practice organisation wants banks to monitor where authorised push payment scammers are sending stolen money
February 09, 2023 09 Feb'23
How Check Point is keeping pace with the cyber security landscape

Check Point Software CEO Gil Shwed talks up the company’s growth areas, its approach to cloud security and the impact of generative AI on cyber security
February 08, 2023 08 Feb'23
Russian hacking group Seaborgium targets SNP MP Stewart McDonald

Scottish National Party MP Stewart McDonald says his personal emails have been hacked by a group linked to the Russian state in a targeted phishing attack
February 08, 2023 08 Feb'23
Prolific social media fraudster jailed for three years

Ramzan Abubakarov of Hendon will serve three-year prison sentence after using Telegram to coordinate series of frauds which netted almost £2m
February 08, 2023 08 Feb'23
Campaigners lament lack of movement on Computer Misuse Act reform

Westminster has opened a new consultation on proposed reforms to the Computer Misuse Act of 1990, but campaigners who want the law changed to protect cyber professionals have been left disappointed
February 08, 2023 08 Feb'23
India launches homegrown BharOS

The homegrown Android-based mobile operating system could reduce India’s reliance on foreign software, but uncertainties around market adoption and software updates remain
February 07, 2023 07 Feb'23
LockBit cartel finally claims Royal Mail ransomware attack

The LockBit ransomware gang claims it has stolen sensitive data from Royal Mail and will leak it later this week if its demands go unmet
February 07, 2023 07 Feb'23
APP fraud reimbursement proposal is ‘fundamentally flawed’, say MPs

MPs claim the involvement of a bank-sponsored organisation in reimbursing victims of APP fraud would be a conflict of interest
February 06, 2023 06 Feb'23
Cops make arrests and seize drugs after hacking Exclu encrypted messaging app

Police in the Netherlands, Belgium and Poland raided 80 addresses after covertly intercepting messages from the Exclu encrypted messaging app
February 06, 2023 06 Feb'23
Online banks still riddled with cyber security flaws, report says

Online bank Virgin Money was found to have the weakest online and application security measures in a Which? study but Nationwide, TSB and The Co-Operative Bank all failed on multiple points, too.
February 06, 2023 06 Feb'23
Estonian anti-money laundering platform used to fight APP fraud

A real-time data-sharing platform originally built to identify money laundering is also being applied to the fight against authorised push payment fraud
February 06, 2023 06 Feb'23
Post Office branches struggling after Royal Mail cyber attack

Royal Mail has restored almost all of its international services to some extent, but remains unable to accept parcels bought over the counter in a Post Office branch
February 06, 2023 06 Feb'23
Executive interview, Eric Muntz, Mailchimp

We speak to Intuit Mailchimp’s former CTO about how the company manages IT engineering and supports different ways of working
February 06, 2023 06 Feb'23
The Security Interviews: How to overcome data protection compliance challenges

Complying with the vast swathe of data protection legislation around the world is complex, especially for smaller organisations without the necessary expertise. Could the compliance process be simplified, and if so, how?
February 06, 2023 06 Feb'23
Ransomware operator turns their fire on two-year-old VMware bug

A vulnerability in VMware ESXi servers that users should have patched in 2021 is now being exploited to spread ransomware
February 05, 2023 05 Feb'23
Australian organisations underinvesting in cyber security

Over half of Australian organisations failed to invest enough in cyber security over past three years, though awareness is improving in aftermath of high-profile data breaches
February 03, 2023 03 Feb'23
LockBit gang confirms Ion cyber attack as disruption continues

The LockBit ransomware cartel has taken responsibility for this week’s attack on financial software firm Ion, and is threatening to leak stolen data on Saturday 4 February
February 03, 2023 03 Feb'23
FCA cracks down on misleading promos by social media influencers

Social media is becoming a major part of the FCA’s work in clamping down on misleading financial advertising and promotions, with multiple influencers rapped for their behaviour
February 03, 2023 03 Feb'23
MEPs vote to amend platform worker directive

MEPs have voted in favour of amendments to the European Commission’s platform worker directive that would introduce a presumption of employment and increase algorithmic transparency
February 02, 2023 02 Feb'23
North Korea’s Lazarus gang exposes itself in opsec failure

WithSecure researchers linked a campaign of cyber attacks targeting medical research and energy firms to North Korea’s infamous Lazarus APT after a group member accidentally screwed up
February 02, 2023 02 Feb'23
Suspected LockBit ransomware attack causes havoc in City of London

A suspected LockBit ransomware attack on trading software firm Ion has caused chaos for City of London traders