News
IT security
-
September 06, 2022
06
Sep'22
Bus company Go-Ahead fighting off cyber attack
Go-Ahead Group, which operates bus companies around the UK, says it is in the process of dealing with a cyber attack that may cause disruption to services
-
September 06, 2022
06
Sep'22
Saudi Arabian organisations choose to outsource to improve cyber security posture
Overwhelmed by rising threats and a growing number of government mandates, many organisations in Saudi Arabia are looking for outside help to take care of cyber security
-
September 05, 2022
05
Sep'22
Russian-speaking cyber criminals feel economic pinch
Russian-speaking cyber criminals are being forced to refine and adapt their techniques as Vladimir Putin’s invasion of Ukraine makes current methods redundant
-
September 05, 2022
05
Sep'22
How Okta is regaining customer trust after a cyber attack
In early 2022, cyber firm Okta was among several tech companies hit by the Lapsus$ gang. Vice-president of customer trust Ben King talks about how he has been working behind the scenes to rebuild confidence after the incident
-
September 02, 2022
02
Sep'22
Dutch government finally allowed to use public cloud
Public cloud is finally within reach for Dutch public services. Previously, the Dutch government was only allowed to use private clouds due to risks concerning privacy and security
-
September 01, 2022
01
Sep'22
Space nerds beware: James Webb images used to spread malware
Astronomy and space aficionados are being targeted by cyber criminals exploiting some of the now-famous images captured by Nasa’s James Webb Space Telescope to distribute malware
-
September 01, 2022
01
Sep'22
Local authorities experience 10,000 attempted cyber attacks every day
Local authorities across the UK face a daily deluge of cyber incidents, with phishing and DDoS attacks the most prevalent, according to an insurance broker
-
September 01, 2022
01
Sep'22
Swedish Electronics Protection Act coincides with major cyber spend
Swedish cyber security law comes at a time of heavy government investment
-
September 01, 2022
01
Sep'22
New (ISC)² cyber careers schemes go live
(ISC)² has opened up two new global cyber careers schemes to applicants to try to help organisations fill 2.7 million vacant roles worldwide
-
August 31, 2022
31
Aug'22
Google debuts open source bug bounty programme
Google is calling on hackers to take pot-shots at its open source projects for the first time through a new vulnerability research programme
-
August 31, 2022
31
Aug'22
Norway has NOK200m plan to bolster cyber defences
Norway is investing heavily in its cyber defences amid heightened threat from Russia
-
August 31, 2022
31
Aug'22
NHS staff fall further behind amid ransomware attack
While some NHS bodies are now recovering their services after the ransomware attack on a crucial software supplier, others are still being forced to rely on pen and paper, and some will be waiting months to recover
-
August 31, 2022
31
Aug'22
Four years into GDPR, Norway hopes for safer data transfer to US
Much of the data on the internet ends up on US servers at some point, and that is not always compatible with the General Data Protection Regulation, says Norwegian data protection authority
-
August 30, 2022
30
Aug'22
IAM house Okta confirms 0ktapus/Scatter Swine attack
Following last week’s disclosureby Group-IB researchers of a major phishing campaign, Okta has warned its customers to be on their guard
-
August 30, 2022
30
Aug'22
UK government presses on with new cyber rules for telcos
Government has finalised new security rules for telecoms companies and will move to make them binding in the near future
-
August 30, 2022
30
Aug'22
LastPass breach limited in scale and well-managed, say experts
A breach of LastPass’s developer environment does not seem to have affected users of the password management service, but it may still be time for a credential reset
-
August 30, 2022
30
Aug'22
One Login digital identity project makes headway
Government services are lining up to work with the GDS on its One Login digital identity system, according to its director of digital identity, Natalie Jones
-
August 25, 2022
25
Aug'22
CIOs: Geopolitics impacts your IT strategy
Research from analyst Gartner illustrates how geopolitics is influencing IT strategies
-
August 25, 2022
25
Aug'22
Criminal 0ktapus spoofed IAM firm in massive phishing attack
Researchers at Group-IB have published research on a major phishing campaign that ensnared victims at the likes of Cloudflare and Twilio
-
August 25, 2022
25
Aug'22
Adaptive RedAlert, Monster ransomwares go cross-platform
Kaspersky researchers have shared new intelligence on two emergent cyber criminal groups that have adapted their ransomwares to target different operating systems at the same time
-
August 25, 2022
25
Aug'22
Millions of Plex users may be at risk in password breach
Up to half of Plex’s 30 million users may have had their personal data stolen by an unknown threat actor
-
August 25, 2022
25
Aug'22
Security pros fret about stress and promotion over cyber attacks
CIISec’s annual report on the state of the security profession reveals some home truths for security leaders
-
August 25, 2022
25
Aug'22
LockBit 3.0 cements dominance of ransomware ecosystem
Ransomware attacks were up 47% in July compared with the previous month, according to the latest threat data from NCC Group, with the LockBit family largely to blame
-
August 24, 2022
24
Aug'22
Most CISOs think they’ve been attacked by a nation state
Most organisations have made changes to their cyber strategies and policies following Russia’s invasion, and almost two-thirds suspect they have been directly targeted or impacted by a nation-state cyber attack
-
August 24, 2022
24
Aug'22
Alleged Twitter security failings spell trouble ahead
Twitter’s former security head, Peiter Zatko, has alleged a number of serious cyber failures at the social media platform, raising the spectre of investigations and sanctions
-
August 23, 2022
23
Aug'22
DevSecOps: Software developers lack sufficient security focus
GitLab survey shows developers want to produce high-quality code, but ‘shifting’ security left is hard to achieve
-
August 23, 2022
23
Aug'22
NCSC shares cyber guidance for large infrastructure builds
Balfour Beatty and McAlpine are among the large construction firms to have input into latest NCSC guidance for ensuring the security of major infrastructure projects
-
August 22, 2022
22
Aug'22
Kaspersky threat data added to Microsoft Sentinel service
Microsoft and Kaspersky have agreed a collaboration to integrate Kaspersky’s threat data feeds into Microsoft’s cloud-native SIEM/SOAR service
-
August 22, 2022
22
Aug'22
Lloyd’s to end insurance coverage for state cyber attacks
Lloyd’s of London has instructed its members to exclude nation state cyber attacks from insurance policies beginning in 2023, saying they pose unacceptable levels of risk
-
August 19, 2022
19
Aug'22
Cradlepoint unveils networking architecture addressing 5G, SD-WAN, zero-trust intersection
Cloud-delivered LTE and 5G wireless network services provider launches software-based offering to manage remote connections and provide flow-level visibility
-
August 19, 2022
19
Aug'22
Google employees demand end to collection of abortion data
In the wake of the US Supreme Court rolling back abortion rights, Google employees are calling on the company to stop collecting abortion-related data, so that it can never be shared with police
-
August 19, 2022
19
Aug'22
Cozy Bear targets MS 365 environments with new tactics
Cozy Bear, or APT29, is trying out new tricks as it seeks access to its targets’ Microsoft 365 environments
-
August 19, 2022
19
Aug'22
Apple patches two zero-days in macOs, iOS
Mac users should urgently apply new patches addressing vulnerabilities in its desktop and mobile operating systems
-
August 19, 2022
19
Aug'22
Inside Singapore’s national digital identity journey
Singapore’s national digital identity system has evolved from providing single sign-on to e-government services to pandemic-related and digital document capabilities in recent years
-
August 18, 2022
18
Aug'22
Growing MFA use spurs ‘pass-the-cookie’ attacks
The exploitation of stolen session cookies by cyber criminals is once again back on the agenda, thanks to the growing popularity of multifactor authentication tools
-
August 18, 2022
18
Aug'22
Amazon Ring vulnerability could have been used to spy on users
A now-patched vulnerability in the Amazon Ring mobile app could have been exploited to expose users’ video recordings, but was complex to exploit, according to the researchers who stumbled upon it
-
August 18, 2022
18
Aug'22
It takes a breach to force boards to take notice of cyber, says UK government
Too often, it takes a major incident for business leadership to pay attention to cyber issues, according to a government-commissioned study of victims
-
August 18, 2022
18
Aug'22
Ukraine war drives DDoS attack volumes ever higher
There has been a boom in distributed denial-of-service attacks in the first six months of 2022, according to a report, with Russia’s war on Ukraine helping to drive activity
-
August 18, 2022
18
Aug'22
GPS tagging of migrants breaches UK data protection law, says Privacy International complaint
Privacy group files complaints with Information Commissioner’s Office and Forensic Science Regulator over Home Office’s GPS monitoring of migrants
-
August 16, 2022
16
Aug'22
Cyber security accelerator launches in Greater Manchester
Accelerator will add to Manchester’s growing cyber security ecosystem, which already includes several tech unicorns, arms companies and the offices of GCHQ
-
August 16, 2022
16
Aug'22
South Staffs Water is victim of botched Clop attack
South Staffordshire Water moves to reassure customers that their supplies remain safe after its attackers screw up their initial assault
-
August 16, 2022
16
Aug'22
Why organisations need to harmonise their CIO and CISO roles
Unless properly managed, conflicting responsibilities between the chief information officer and the chief information security officer can cause project delays and budget overruns, says Netskope’s Mike Anderson
-
August 15, 2022
15
Aug'22
Lawyers and journalists sue CIA and Mike Pompeo over Assange surveillance claims
CIA and its former director sued over allegations that they authorised unlawful spying on US citizens when they visited WikiLeaks founder Julian Assange at the Ecuadorian Embassy in London
-
August 15, 2022
15
Aug'22
Report reveals consensus around Computer Misuse Act reform
A study produced by the CyberUp campaign reveals broad alignment among security professionals on questions around the Computer Misuse Act, which it hopes will give confidence to policymakers as they explore its reform
-
August 12, 2022
12
Aug'22
Cyber criminal forum targets only Russia
The Digital Shadows Photon Research Team has been investigating a pro-Ukraine cyber criminal forum called Dumps, which appears to be one of a kind
-
August 12, 2022
12
Aug'22
Microsoft doles out $13.7m in bug bounties
Microsoft’s Bug Bounty programme has paid a total of $13.7m to more than 300 researchers in almost 50 countries
-
August 12, 2022
12
Aug'22
How critical infrastructure operators can secure OT data
Cohesity’s CISO discusses the challenges of securing data in operational technology systems and what can be done to mitigate security threats
-
August 11, 2022
11
Aug'22
Researcher finds 10 vulnerabilities in Cisco firewalls
At Black Hat USA, Rapid7 researchers report on 10 security issues in popular Cisco firewall products, many of which do not yet have patches
-
August 11, 2022
11
Aug'22
Cisco averts cyber disaster after successful phishing attack
A potentially serious cyber attack on Cisco’s systems that began after a threat actor successfully exploited an employee’s carelessly secured credentials was thwarted without major damage
-
August 11, 2022
11
Aug'22
Seacom teams up with BT to deliver enterprise communications services across Africa
Deal with leading UK telco intended for customers of Africa’s first broadband submarine cable system to benefit from what is claimed to be world-class portfolio of network services