News
IT security
-
May 20, 2022
20
May'22
Applying international law to cyber will be a tall order
Many in the security community have voiced their support for the UK government’s ambitions to work towards agreement with other countries on the application of international law to cyber space, but not without some reservations
-
May 20, 2022
20
May'22
Microsoft drops emergency patch after Patch Tuesday screw up
Microsoft fixed a certificate mapping issue that caused server authentication failures on domain controllers for users that had installed the most recent Patch Tuesday updates
-
May 20, 2022
20
May'22
Former Welsh steelworks becomes ‘living’ cyber lab
ResilientWorks security centre in Ebbw Vale provides an education hub for students and a testbed for industry
-
May 20, 2022
20
May'22
Chinese cyber spooks exploit western sanctions on Russia
The actor behind an ongoing Chinese espionage campaign targeting Russian defence research bodies is taking advantage of the Ukraine war in their phishing lures
-
May 19, 2022
19
May'22
Defensive cyber attacks may be justified, says attorney general
Speaking ahead of a speech at the Chatham House think tank, the UK’s attorney general has suggested defensive cyber attacks against hostile countries may be legally justifiable
-
May 19, 2022
19
May'22
Top cyber criminal earnings outpace those of business leaders
Cyber crime can pay significantly better than leading a FTSE 100 organisation, according to a report
-
May 19, 2022
19
May'22
Nature of cyber war evolving in real time, says Microsoft president
The past three months have seen the rapid evolution of the very nature warfare to incorporate cyber attacks, Microsoft’s Brad Smith tells the audience at its Envision conference in London
-
May 19, 2022
19
May'22
Deliveroo accused of ‘soft union busting’ with GMB deal
Smaller grassroots unions have criticised Deliveroo and GMB for making a “hollow” deal that will ultimately undermine workers’ self-organising efforts
-
May 19, 2022
19
May'22
Red teaming will be standard in Dutch governmental organisations by 2025
The Dutch government wants to include the testing of the digital security of systems, processes and people – also known as red teaming – in all of its governmental organisations’ test planning and budgeting by 2025 at the latest
-
May 19, 2022
19
May'22
Singapore opens security testing centre
Joint centre set up by the Cyber Security Agency of Singapore and a local university will facilitate security testing and train security evaluation talent
-
May 18, 2022
18
May'22
Mastercard biometric programme will allow payment authentication by smile
Mastercard is inviting banks and merchants to join a programme to set standards for biometric payments technology
-
May 17, 2022
17
May'22
Veeam outlines data protection vision
Veeam is looking to achieve an “outsized market leading position” by tapping its strengths in data protection and doubling down on innovation to help enterprises secure emerging workloads
-
May 17, 2022
17
May'22
(ISC)² to train 100,000 cyber pros in UK
Security association (ISC)² unveils ambitious UK training programme
-
May 17, 2022
17
May'22
Australian CISOs least prepared for cyber attacks
Australian CISOs are under pressure and feel the least prepared globally to deal with the consequences of a cyber attack, study finds
-
May 16, 2022
16
May'22
Europol gears up to collect big data on European citizens after MEPs vote to expand policing power
The European Parliament has voted to expand Europol’s role, legalising its processing of bulk datasets containing personal information and endorsing research into predictive policing technologies
-
May 16, 2022
16
May'22
Keeping Singapore’s critical systems secure
Tracy Thng offers a glimpse into her work in strengthening the cyber resilience of 11 essential service sectors in Singapore
-
May 13, 2022
13
May'22
Open source community sets out path to secure software
A 10-point plan to improve the security and resilience of open source software was presented this week at a summit in the US
-
May 12, 2022
12
May'22
GPDPR data scrape a ‘mistake’, says leading scientist
Giving evidence to the Science and Technology Committee, academic, physician and science writer Ben Goldacre has expressed serious misgivings about the on-hold GPDPR NHS data scrape
-
May 12, 2022
12
May'22
APAC career guide: Becoming a cyber security pro
The region’s burgeoning cyber security industry has attracted more talent last year, but it takes more than just technical knowhow to succeed in the field
-
May 11, 2022
11
May'22
Nerbian RAT enjoys using Covid-19 phishing lures
The world is slowly coming to terms with Covid-19, but fear of the coronavirus is no less useful to cyber criminals because of it, as Proofpoint researchers have discovered
-
May 11, 2022
11
May'22
Emotet has commanding lead on Check Point monthly threat chart
Emotet remains by some margin the most prevalent malware, according to Check Point’s latest monthly statistics
-
May 11, 2022
11
May'22
CyberUK 22: Five Eyes focuses on MSP security
The western intelligence community has set out practical steps IT service providers and their customers can take to protect themselves
-
May 11, 2022
11
May'22
CyberUK 22: Data-sharing service to protect public from scams
A new data-sharing service set up by the NCSC and industry partners will give ISPs access to real-time threat data that they can use to block fraudulent websites
-
May 11, 2022
11
May'22
Analysts confirm return of REvil ransomware gang
Secureworks CTU analysis has found that the REvil ransomware is undergoing active development, possibly heralding a new campaign of cyber attacks
-
May 11, 2022
11
May'22
Cyber accreditation body Crest forges new training partnerships
Crest says partnerships with Hack The Box and Immersive Labs will enhance its members’ defensive and offensive security skills
-
May 11, 2022
11
May'22
Nationwide stops thousands more attempted frauds with Strong Customer Authentication
Nationwide Building Society is blocking an additional 2000 attempted online shopping frauds a month through extra checks
-
May 11, 2022
11
May'22
Microsoft fixes three zero-days on May Patch Tuesday
It’s the second-to-last Patch Tuesday as we know it, and Microsoft has fixed a total of 75 bugs, including three zero-days
-
May 11, 2022
11
May'22
EU plans to police child abuse raise fresh fears over encryption and privacy rights
Draft regulation unveiled today will require internet and messaging firms to use algorithms to identify grooming and child abuse or face heavy fines
-
May 10, 2022
10
May'22
‘Spy cops’ inquiry delves into police relationship with MI5
There was ‘no filter’ on the information that undercover police officers were collecting on activists throughout the 1970s, despite senior managers and officials involved in directing the surveillance questioning the appropriateness of the ...
-
May 10, 2022
10
May'22
CyberUK 22: Cyber leaders affirm UK’s whole-of-society strategy
On the opening day of CyberUK 2022, GCHQ director Jeremy Fleming and NCSC CEO Lindy Cameron have spoken of their commitment to the government’s ambition for a whole-of-society cyber strategy
-
May 10, 2022
10
May'22
NCSC pins Viasat cyber attack on Russia
UK authorities have attributed the 24 February cyber attack on the network of satellite comms company Viasat to Russia
-
May 10, 2022
10
May'22
CyberUK 22: NCSC refreshes cloud security guidance
The National Cyber Security Centre is revising its cloud guidance as increasing uptake of potentially vulnerable cloud services puts more organisations at risk of compromise
-
May 10, 2022
10
May'22
CyberUK 22: Wales splashes £9.5m on cyber innovation hub
A new innovation hub hopes to spur on cyber security innovation in Wales
-
May 09, 2022
09
May'22
CyberUK 22: NCSC’s ACD programme blocks 2.7 million scams
On the opening day of its annual CyberUK event, the NCSC reveals how organisations around the country have used its Active Cyber Defence programme to their advantage
-
May 06, 2022
06
May'22
UK digital markets regulator to be given statutory powers
Digital Markets Unit will be put on statutory footing by UK government to ensure technology giants do not abuse market power, but announcement comes with no clear indication of when legislation will be introduced
-
May 06, 2022
06
May'22
IT infrastructure used to launch DDoS attack on Russian targets
Organisations could unwittingly be participating in hostile activity against the Russian government as compromised IT infrastructure is used without their knowledge to launch denial of service attacks
-
May 05, 2022
05
May'22
Five companies join NCSC for Startups to deal with ransomware
The NCSC has invited five startups to join the NCSC for Startups programme to develop tech that can help deal with the threat of ransomware
-
May 04, 2022
04
May'22
NHS email accounts hijacked for phishing campaign
Microsoft credentials targeted in phishing operation using hijacked NHSMail accounts
-
May 04, 2022
04
May'22
Intellectual property theft operation attributed to Winnti group
Winnti conducted a prolonged cyber espionage campaign that went undetected for years, allowing it to exfiltrate massive amounts of corporate data and intellectual property
-
May 04, 2022
04
May'22
UK government puts pressure on IT sector to clean up app security
Apps can be exploited to carry malicious payloads that steal personal information and cause financial loss – and not enough is being done to secure them
-
May 04, 2022
04
May'22
PeerGFS to add AI/ML anomaly detection to distributed file system product
Peer will add AI/ML-based anomaly detection as it ramps up security protection in its PeerGFS distributed file management software, with Linux server support also to come in 2022
-
May 03, 2022
03
May'22
Five TLS comms vulnerabilities hit Aruba, Avaya switching kit
Five new vulnerabilities in the implementation of transport layer security communications leave several popular switches vulnerable to remote code execution
-
April 29, 2022
29
Apr'22
Attackers enlist cloud providers in large HTTPS DDoS hit
A recent large-scale DDoS incident shows how cyber criminals are switching up their tactics to conduct more sophisticated attacks
-
April 29, 2022
29
Apr'22
Orange Business Services delivers global SD-WAN to Siemens
Digital services company and global enterprise division of the global telco teams with leading German technology firm to complete what is said to be one of the largest software-defined wide area network deployments in the world, covering 1,168 ...
-
April 28, 2022
28
Apr'22
Ransomware recovery costs dwarf actual ransoms
The cost of recovering from a ransomware attack far outweighs the ransoms now being demanded by cyber criminals, according to recent data
-
April 28, 2022
28
Apr'22
SoftBank invests in Aryaka for international SD-WAN service, SD-core
With the objective of shoring up its international networking service, enabling a flexible and highly secure network that meets overseas customer needs, Japanese multinational upgrades software-defined wide area network and core
-
April 28, 2022
28
Apr'22
Manufacturer sues JPMorgan after cyber criminals stole $272m
Manufacturer files lawsuit alleging that US bank failed to inform it of suspicious transaction activity
-
April 28, 2022
28
Apr'22
Russia plumbs new depths in cyber war on Ukraine
Microsoft details cyber attacks on Ukrainian civilian communications, nuclear safety authorities, and the exploitation of the destruction of Mariupol in a phishing campaign
-
April 28, 2022
28
Apr'22
CIOs have the greatest impact on business
Chief information officers see their role as core in building out the IT and security infrastructure and talent pool that their organisations require to grow post-pandemic
-
April 27, 2022
27
Apr'22
Log4Shell, ProxyLogon, ProxyShell among most exploited bugs of 2021
These 15 CVEs were the most commonly exploited last year, and if you haven’t mitigated against them, now is the time