News
IT security
-
February 06, 2023
06
Feb'23
Executive interview, Eric Muntz, Mailchimp
We speak to Intuit Mailchimp’s former CTO about how the company manages IT engineering and supports different ways of working
-
February 06, 2023
06
Feb'23
The Security Interviews: How to overcome data protection compliance challenges
Complying with the vast swathe of data protection legislation around the world is complex, especially for smaller organisations without the necessary expertise. Could the compliance process be simplified, and if so, how?
-
February 06, 2023
06
Feb'23
Ransomware operator turns their fire on two-year-old VMware bug
A vulnerability in VMware ESXi servers that users should have patched in 2021 is now being exploited to spread ransomware
-
February 05, 2023
05
Feb'23
Australian organisations underinvesting in cyber security
Over half of Australian organisations failed to invest enough in cyber security over past three years, though awareness is improving in aftermath of high-profile data breaches
-
February 03, 2023
03
Feb'23
LockBit gang confirms Ion cyber attack as disruption continues
The LockBit ransomware cartel has taken responsibility for this week’s attack on financial software firm Ion, and is threatening to leak stolen data on Saturday 4 February
-
February 03, 2023
03
Feb'23
FCA cracks down on misleading promos by social media influencers
Social media is becoming a major part of the FCA’s work in clamping down on misleading financial advertising and promotions, with multiple influencers rapped for their behaviour
-
February 03, 2023
03
Feb'23
MEPs vote to amend platform worker directive
MEPs have voted in favour of amendments to the European Commission’s platform worker directive that would introduce a presumption of employment and increase algorithmic transparency
-
February 02, 2023
02
Feb'23
North Korea’s Lazarus gang exposes itself in opsec failure
WithSecure researchers linked a campaign of cyber attacks targeting medical research and energy firms to North Korea’s infamous Lazarus APT after a group member accidentally screwed up
-
February 02, 2023
02
Feb'23
Suspected LockBit ransomware attack causes havoc in City of London
A suspected LockBit ransomware attack on trading software firm Ion has caused chaos for City of London traders
-
February 02, 2023
02
Feb'23
Arnold Clark customer data was stolen in Play ransomware attack
Arnold Clark confirms data leaked on dark web was stolen from its systems in ransomware attack
-
February 01, 2023
01
Feb'23
Romance fraudsters stole £65m from Brits since 2020
Online romance fraudsters have scammed Brits out of £65m in the past three years, according to retail bank TSB
-
February 01, 2023
01
Feb'23
NCSC for Startups inducts four companies into programme
Four more startups are set to join the NCSC accelerator, which helps the UK government develop technology and approaches to pressing cyber security challenges
-
February 01, 2023
01
Feb'23
Cisco fixes two bugs that could have led to supply chain attacks on users
Two vulnerabilities uncovered in Cisco hardware could have opened the door to serious supply chain cyber attacks, according to the Trellix researchers who found them
-
February 01, 2023
01
Feb'23
Cloud security top risk to enterprises in 2023, says study
A PwC study finds senior executives expect cyber attacks on cloud services to increase significantly this year
-
February 01, 2023
01
Feb'23
CryptoRom scam abuses Apple and Google app stores to claim victims
Sophos researchers report on two fake apps used by romance scammers to lure victims into parting with their money, both of which were able to escape the attention of Apple and Google app store safeguards
-
February 01, 2023
01
Feb'23
Innovative Technology deploys age estimation tech in shops and pubs
A company involved in Home Office-led trials of biometric age estimation technologies has begun rolling out its hardware to UK shops and pubs so they can use its facial recognition algorithm to assure customers’ ages
-
February 01, 2023
01
Feb'23
Malware variant can block contactless payments
Kaspersky warns that the latest variant of the Prilex malware can block contactless payments to force people to insert cards, enabling criminals to steal money
-
February 01, 2023
01
Feb'23
UK Cyber Council and ISACA launch audit, assurance programme
The UK Cyber Security Council has teamed up with ISACA to partner on a new audit and assurance programme for security pros
-
January 31, 2023
31
Jan'23
Cyber training firm launches £20k data protection scholarship
Training specialist Freevacy has launched a £20,000 scholarship fund to train data privacy and protection professionals
-
January 31, 2023
31
Jan'23
Russian DDoS hacktivists seen targeting western hospitals
A swathe of attacks by the Putin-supporting DDoS operation known as Killnet has targeted hospitals and other infrastructure in several Nato countries, with the UK thought to be at risk
-
January 31, 2023
31
Jan'23
GitHub warns Desktop, Atom users after code-signing certificates pinched
Threat actors stole encrypted code-signing certificates for GitHub’s Desktop and Atom applications in December 2022, prompting warnings for users
-
January 31, 2023
31
Jan'23
MI5 unlawfully collected and held millions of people’s data
Secretive court finds MI5 knowingly acted unlawfully in use of bulk surveillance warrants, and the Home Office continued granting warrants despite information the agency was operating outside the law
-
January 31, 2023
31
Jan'23
Royal Mail recovers more International Tracked services
Royal Mail is making further progress in recovering IT systems hit by a ransomware attack, and has re-enabled another tranche of international export services
-
January 31, 2023
31
Jan'23
ATO renews major Macquarie deal
The contract renewal will enable the Australian Tax Office to tap Macquarie’s security operations centre, among other services, to secure its IT environment and protect sensitive data
-
January 30, 2023
30
Jan'23
Data of 10 million JD Sports customers accessed in cyber attack
Data on 10 million people who shopped online at JD Sports over a two-year period was accessed and potentially stolen in a cyber attack
-
January 27, 2023
27
Jan'23
Hive ransomware gang taken down after FBI hacks back
The FBI hacked into Hive’s servers, stole its decryption keys and then took down its servers in a major action that has successfully disrupted a prolific and dangerous ransomware operation
-
January 26, 2023
26
Jan'23
Royal Mail resumes some international parcel services from UK
Royal Mail has successfully stood up its International Tracked and Signed, and International Signed, services as it continues to recover from a ransomware attack
-
January 26, 2023
26
Jan'23
Zero-trust implementations remain work in progress
Just one in 10 large enterprises are expected to have mature and measurable zero-trust programmes in place by 2026, study finds
-
January 25, 2023
25
Jan'23
NCSC exposes Iranian, Russian spear-phishing campaign targeting UK
Spear-phishing campaigns likely linked to Iranian and Russian espionage activity are targeting persons of interest in the UK, warns the NCSC
-
January 25, 2023
25
Jan'23
Arnold Clark cyber attack claimed by Play ransomware gang
A cyber attack that struck car dealer Arnold Clark prior to Christmas has been claimed as the work of the Play ransomware cartel
-
January 25, 2023
25
Jan'23
Boards struggle to resolve cyber risk in digital supply chains
Accelerated digitisation of supply chains is introducing more cyber risk for which many organisations seem unprepared, according to the BSI’s annual report on supply chain risk
-
January 25, 2023
25
Jan'23
Japan researchers develop new data encryption method
Researchers from Tokyo University of Science have combined the best of homomorphic encryption and secret sharing in a new method to handle encrypted data
-
January 24, 2023
24
Jan'23
Chinese IoT suppliers expose UK businesses to espionage and data theft
Chinese companies supplying network components, known as IoT modules, post a greater long-term threat to UK security than the now banned 5G supplier Huawei, according to a study by a Chinese expert and former diplomat
-
January 24, 2023
24
Jan'23
UK insurers need to up their game on cyber gaps, says PRA
Gaps and limitations in how insurers respond to cyber risk need to be addressed, according to the Bank of England regulator, the Prudential Regulation Authority
-
January 24, 2023
24
Jan'23
SSRF attacks hit 100,000 businesses globally since November
There has been a dramatic increase in attacks exploiting the ProxyNotShell/OWASSRF exploit chains to target Microsoft Exchange servers
-
January 24, 2023
24
Jan'23
Fake online contest makes Yahoo! most phished brand of Q4 2022
Yahoo! was the most frequently phished brand during the last three months of 2022, according to a report
-
January 23, 2023
23
Jan'23
Trellix automates patching for 62,000 vulnerable open source projects
Since revealing startling statistics about the prevalence of a 15-year-old Python vulnerability, Trellix says it has helped fix almost 62,000 vulnerable projects in the past four months
-
January 23, 2023
23
Jan'23
Royal Society calls on public sector to pilot privacy tech
The Royal Society says public sector bodies should lead the way in piloting privacy-enhancing technologies to unlock the value of data without compromising privacy and data rights, but lack of standards and incentives mean adoption is slow
-
January 23, 2023
23
Jan'23
NCSC warning over cyber risk to charity sector
Cash-strapped charities without the resource to tackle their resilience deficit are increasingly at risk from malicious actors, says the NCSC
-
January 22, 2023
22
Jan'23
Royal Mail making limited progress on ransomware recovery
Royal Mail asks customers to hold back from sending post overseas as some services get back on track, while a report warns that disruptive attacks on critical infrastructure are set to become more common
-
January 20, 2023
20
Jan'23
Veeam survey finds ransomware blocks digital transformation
Annual report shows secular trend to the cloud and increased use of containers, but prevalence of ransomware attacks means digital transformation is hindered
-
January 20, 2023
20
Jan'23
WhatsApp’s £4.8m fine raises questions for organisations using behavioural advertising
The Irish Data Protection Commissioner has fined WhatsApp, owned by Meta, in a case that will raise questions for organisations that rely on contracts rather than consent to comply with GDPR when offering behavioural advertising
-
January 19, 2023
19
Jan'23
International post resumes thanks to Royal Mail ‘workarounds’
Royal Mail has resumed limited international services after putting in place operational workarounds to bypass the impact of a ransomware attack
-
January 19, 2023
19
Jan'23
KFC, Pizza Hut parent shuts UK restaurants after cyber attack
A ransomware attack on Yum! Brands, the parent organisation of restaurants including KFC and Pizza Hut, was forced to shut approximately 300 outlets in the UK following a ransomware attack by an unspecified group
-
January 19, 2023
19
Jan'23
Fraudsters and cyber criminals stole more than £4bn in the UK through 2022
The amount of money stolen by fraudsters and cybercriminals in the UK saw a huge increase in 2022
-
January 19, 2023
19
Jan'23
Mailchimp suffers third breach in 12 months
Email marketing service Mailchimp has suffered its third data breach in a year, but has been praised for being open about its latest attack
-
January 19, 2023
19
Jan'23
Newham Council rejects use of live facial-recognition tech by police
Live facial-recognition technology should not be used by police in Newham until biometric and anti-discrimination safeguards are in place, according to a motion passed unanimously by the council, but the Met Police and the Home Office have indicated...
-
January 19, 2023
19
Jan'23
Outdated IT infrastructure poses growing risk to UK Security Vetting
Delays to UKSV’s important work in safeguarding the country’s national security are in part down to a legacy IT estate in dire need of modernisation, says the NAO
-
January 18, 2023
18
Jan'23
Ukraine CERT leaders touch down in London for talks
The UK’s NCSC has been hosting Ukrainian cyber security leaders for a round of bilateral talks on improving resilience
-
January 18, 2023
18
Jan'23
David Anderson KC to review UK surveillance laws
Home Office commissions independent review of the Investigatory Powers Act, known as the snoopers’ charter. It will include a review of bulk datasets and government access to internet connection records held by phone and internet companies