News

IT security

October 24, 2022 24 Oct'22
Complacency biggest cyber risk to UK plc, says ICO

Information commissioner John Edwards warns against complacency as his office issues a multimillion-pound fine to a building company that failed to prevent a ransomware attack
October 24, 2022 24 Oct'22
Half of staff might quit after a cyber attack, report says

Findings from a survey of CISOs, IT leaders and staffers reveal how experiencing a cyber incident may take a larger-than-thought toll on employee retention
October 21, 2022 21 Oct'22
Microsoft slams external researchers over its own data leak

Microsoft inadvertently leaked customer data after misconfiguring an Azure Blob, but has hit out at the organisation that discovered its error, claiming it is exaggerating the scope of the issue
October 20, 2022 20 Oct'22
The Security Interviews: Why now for ZTNA 2.0?

With organisations facing escalating online threats, security teams need to improve their defences using zero-trust network access to preserve the integrity of their systems. Palo Alto Networks’ Simon Crocker shares his views on zero-trust network ...

October 20, 2022 20 Oct'22
Cyber professional shortfall hits 3.4 million

Shortage of cyber security professionals continues to grow and shows no signs of abating, says report
October 20, 2022 20 Oct'22
NatWest data breach whistleblower demands bank pay data controller fee to ICO

Whistleblower calls for NatWest to pay the Information Commissioner’s Office annual data controller fee, as the personal details of 1,600 current and former NatWest customers remain under her bed
October 20, 2022 20 Oct'22
Singapore extends cyber security labelling scheme to medical devices

The Cyber Security Agency of Singapore is extending its cyber security labelling scheme to medical devices to encourage medical device manufacturers to adopt a security-by-design approach to product development
October 19, 2022 19 Oct'22
Ransomware crews regrouping as LockBit rise continues

Overall ransomware activity dropped off in the third quarter of 2022, but increasing attack volumes in September may herald a difficult few months ahead
October 19, 2022 19 Oct'22
Treat cyber crime as a ‘strategic threat’, UK businesses told

The government’s new National Cyber Advisory Board aims to help elevate cyber discussion and spur action in the business community
October 18, 2022 18 Oct'22
Apache vulnerability a risk, but not as widespread as Log4Shell

A newly disclosed Apache Commons Text vulnerability may put many at risk, but does not appear to be as impactful or widespread as Log4Shell

October 18, 2022 18 Oct'22
Virtually all vulnerable open source downloads are avoidable

Some 96% of known vulnerable open source downloads could have been avoided altogether, according to a report
October 14, 2022 14 Oct'22
Malicious WhatsApp add-on highlights risks of third-party mods

Kaspersky researchers discovered a malicious version of a widely used WhatsApp messenger mod, highlighting the risks of using so-called mods
October 14, 2022 14 Oct'22
Annual costs of Hackney ransomware attack exceed £12m

Hackney Council reveals new insight into the ongoing cost of a ransomware attack that devastated its systems two years ago
October 14, 2022 14 Oct'22
Office 365 email encryption flaw could pose risk to user privacy

A vulnerability in Microsoft Office 365 Message Encryption could leave the contents of emails dangerously exposed, but with no fix coming it’s up to users to decide how at risk they are
October 14, 2022 14 Oct'22
Advanced: Healthcare data was stolen in LockBit 3.0 attack

Advanced has revealed a total of 16 of its health and social care sector customers had their data exfiltrated in a recent ransomware attack
October 14, 2022 14 Oct'22
Protecting children by scanning encrypted messages is ‘magical thinking’, says Cambridge professor

Ross Anderson argues in a rebuttal to GCHQ experts that using artificial intelligence to scan encrypted messaging services is the wrong approach to protecting children and preventing terrorism
October 14, 2022 14 Oct'22
Australia becoming hotbed for cyber attacks

Research by Imperva shows an 81% increase in cyber security incidents in Australia between July 2021 and June 2022, including automated attacks that doubled in frequency
October 13, 2022 13 Oct'22
Cyber training firm KnowBe4 bought by private equity firm

Acquisition of KnowBe4 supposedly reflects the success the company has seen since its spring 2021 IPO
October 13, 2022 13 Oct'22
Unsung Heroes Awards celebrate diversity in cyber community

The seventh annual Security Serious Unsung Heroes Awards recognise those trying to improve diversity and mental health in cyber for the first time
October 13, 2022 13 Oct'22
Dutch influence standards for post-quantum cryptography

Cryptology group at Dutch research institute is involved in the two primary algorithms of the next NIST portfolio comprising four new standards
October 13, 2022 13 Oct'22
Gartner: Remote work, zero trust, cloud still driving cyber spend

Security leaders are eager to spend on categories including remote and hybrid cyber offerings, zero-trust network access, and cloud
October 12, 2022 12 Oct'22
NCSC urges organisations to secure supply chains

NCSC’s latest guidance package centres supply chain security, helping medium to large organisations assess and mitigate cyber risks from suppliers
October 12, 2022 12 Oct'22
French Supreme Court rejects EncroChat verdict after lawyers question secrecy over hacking operation

France’s Supreme Court has sent a case back to the court of appeal after police failed to disclose technical details of EncroChat hacking operation
October 12, 2022 12 Oct'22
Microsoft fixes lone zero-day on October Patch Tuesday

Microsoft patched a solitary zero-day vulnerability in its latest monthly drop, but fixes for two others disclosed in the past few weeks are nowhere to be seen
October 12, 2022 12 Oct'22
ICO selectively discloses reprimands for data protection breaches

Data protection experts question ICO’s selective approach to publishing formal reprimands for contravening the law, after FoI request reveals the Cabinet Office was among the organisations reprimanded
October 11, 2022 11 Oct'22
Contractor left Toyota source code exposed for five years

Source code related to Toyota’s T-Connect service was left exposed on GitHub for over five years by a contractor
October 10, 2022 10 Oct'22
How Cloudflare is staying ahead of the curve

Cloudflare co-founder and CEO Matthew Prince talks up what has changed since the company’s first business plan was written in 2009 and how it keeps pace with the fast-moving network security landscape
October 10, 2022 10 Oct'22
Ukraine and EU explore deeper cyber collaboration

A Ukrainian delegation has met with officials from the EU’s ENISA cyber agency to explore deeper cooperation on cyber security issues
October 07, 2022 07 Oct'22
Australia to amend telecoms regulations following Optus breach

Amendments to Australia’s telecoms regulations are in the works to temporarily allow sharing of individuals’ identifier information between telcos and financial institutions
October 06, 2022 06 Oct'22
EU rolling out measures for online safety and AI liability

The European Council has approved the passage of the Digital Services Act to protect people’s rights online, while the European Commission has announced proposals to help those negatively affected by artificial intelligence to claim compensation
October 06, 2022 06 Oct'22
Proposals for scanning encrypted messages should be cut from Online Safety Bill, say researchers

Automatic scanning of messaging services for illegal content could lead to one billion false alarms each day in Europe
October 05, 2022 05 Oct'22
Italian Supreme Court calls for prosecutors to disclose information on Sky ECC hacking operation

Italy’s Supreme Court says Italian prosecutors and police should disclose information on how they obtained intercepted messages from the Sky ECC cryptophone network
October 05, 2022 05 Oct'22
Forrester: US set to dominate AI enterprise software market

Artificial intelligence is the fastest growth area in software. This is driving adoption, which will make AI mainstream technology in business software
October 05, 2022 05 Oct'22
Inside Dell Technologies’ zero-trust approach

Dell Technologies’ zero-trust reference model starts with defining business controls and having a central control plane that manages all the security aspects of an organisation’s infrastructure
October 04, 2022 04 Oct'22
Tories to replace GDPR

IT industry reacts to the government’s plan to replace the pan-European data protection regulation
October 04, 2022 04 Oct'22
France extradites Spanish EncroChat cryptophone distributors for complicity with organised crime

Three phone sellers have been extradited from Spain to France to face charges that they were complicit in the activities of criminal EncroChat phone users
October 03, 2022 03 Oct'22
Digital right to work checks officially go live

Under the new government guidance, employers can choose between 16 certified identity service providers to digitally check their employees legal right to work in the UK
October 03, 2022 03 Oct'22
Security regulation cuts online payment fraud at 73% of retailers

New online payments security standard, Strong Customer Authentication (SCA), sees immediate fall in fraudulent payments to retailers
October 03, 2022 03 Oct'22
CIO interview: James Fleming, Francis Crick Institute

Francis Crick Institute CIO discusses how Europe’s largest biomedical research institute has co-developed a framework for data sharing
September 30, 2022 30 Sep'22
Surveillance tech firms complicit in MENA human rights abuses

Research finds companies are profiting from surveillance technologies that facilitate human rights abuses against migrants, asylum seekers and refugees in the Middle East and North Africa, with little to no oversight
September 29, 2022 29 Sep'22
Five startups to join NCSC for Startups initiative

The NCSC has invited five startups to join its NCSC for Startups programme to help the government with pressing cyber challenges facing the UK
September 29, 2022 29 Sep'22
Failure of Russia’s cyber attacks on Ukraine is most important lesson for NCSC

Russia has so far failed in its attempts to destabilise Ukraine through cyber attacks due to strength of Ukrainian, security industry and international efforts
September 29, 2022 29 Sep'22
Optus breach casts spotlight on cyber resilience

The massive data breach that affected more than 10 million Optus customers has cast the spotlight on API security and other factors that contribute to the cyber resilience of organisations in Australia
September 28, 2022 28 Sep'22
UK suffers third highest number of ransomware attacks globally

Based on an analysis of around 5,000 ransomware incidents, NordLocker has found that UK businesses, and small businesses in particular, are a priority target for ransomware gangs
September 28, 2022 28 Sep'22
Whistleblower Peter Duffy calls for oversight of NHS records to prevent evidence tampering

A whistleblower has called for greater oversight in the handling of ‘safety-critical digital information’ across the NHS, in light of a number of cases that raise questions about data governance and record-keeping within the health service
September 28, 2022 28 Sep'22
Data protection in Finland, four years after GDPR came into force

Data privacy has always been a big concern in Finland, so the country naturally has a lot to say about the General Data Protection Regulation four years on
September 28, 2022 28 Sep'22
Most hackers exfiltrate data within five hours of gaining access

Insights from more than 300 sanctioned adversaries, otherwise known as ‘ethical’ hackers, reveal that around two-thirds are able to collect and exfiltrate data within just five hours of gaining access
September 27, 2022 27 Sep'22
Fraudsters adapt phishing scams to exploit cost-of-living crisis

Around 80,000 Brits a month are falling victim to phishing attacks as fraudsters switch up tactics to take advantage of cost-of-living crisis and behavioural changes prompted by pandemic
September 26, 2022 26 Sep'22
Bank warns of spike in online cost-of-living scams

Fraudsters are exploiting the cost-of-living crisis by tricking people into sending money to help friends and relatives pay bills, TSB has warned
September 26, 2022 26 Sep'22
How Russian intelligence hacked the encrypted emails of former MI6 boss Richard Dearlove

Hack by Russian-linked ColdRiver group exposed former MI6 chief Richard Dearlove’s contacts and email communications with government, military, intelligence and political officials