News
IT security
-
April 08, 2022
08
Apr'22
Ukrainian cyber criminal gets five years in jail
A US court has sentenced Denys Iarmak, who worked as a penetration tester for the FIN7 cyber crime group, to a five-year prison sentence
-
April 08, 2022
08
Apr'22
Was Spring4Shell a lot of hot air? No, but...
Find out why Spring4Shell was apparently not as impactful a security problem as many had at first feared, and why it’s on the cyber community as a whole to do better
-
April 07, 2022
07
Apr'22
US shuts down Russia’s Cyclops Blink botnet operation
Operation by US authorities has taken the Russia-attributed Cyclops Blink botnet ‘off the board’
-
April 07, 2022
07
Apr'22
MPs and editors sound alarm over threat to Freedom of Information
Government secrecy and trend for departments to block Freedom of Information requests pose a long-term risk to accountability
-
April 06, 2022
06
Apr'22
Apple criticised over unpatched CVEs in Catalina, Big Sur
Apple patched two zero-days in macOS Monterey last week, but did not address the same issue in Catalina or Big Sur, raising questions
-
April 06, 2022
06
Apr'22
Denonia malware may be first to target AWS Lambda
The newly discovered Denonia malware appears to be custom designed to target AWS Lambda environments, and may be the first of its kind
-
April 06, 2022
06
Apr'22
Hydra takedown merely shifts cyber criminal problem elsewhere
The seizure of the Hydra dark web marketplace is a positive development in the fight against cyber crime, but will only be a temporary setback for determined criminals
-
April 05, 2022
05
Apr'22
Secrecy over police EncroChat hacking is unconstitutional, defence lawyers tell top French court
France’s constitutional court, the Conseil Constitutionnel, has heard arguments that the use of ‘defence secrecy’ to withhold information about police surveillance operations breaches the French constitution
-
April 05, 2022
05
Apr'22
Discount retailer The Works hit by cyber attack
A small number of The Works’ bricks-and-mortar stores were forced to close amid a cyber attack of an undisclosed nature
-
April 05, 2022
05
Apr'22
Triple-threat Borat malware no joke for victims
Unlike its namesake, the newly discovered Borat malware won’t raise a smile for IT security pros
-
April 05, 2022
05
Apr'22
IBM z16 tackles financial fraud and quantum hacks
New addition to Z series mainframe family uses IBM Telum processor to accelerate AI for real-time credit card fraud detection
-
April 04, 2022
04
Apr'22
How remote browser isolation can mitigate cyber threats
Remote browser isolation can help to mitigate browser-based attacks by separating a user’s browsing activity from the device
-
April 01, 2022
01
Apr'22
Two teenagers charged with Lapsus$ cyber attacks
City of London Police have charged two teenagers in connection with the Lapsus$ cyber crime spree
-
April 01, 2022
01
Apr'22
Four moves to ‘checkmate’ critical assets thanks to lax cloud security
Malicious actors can compromise 94% of critical assets within four steps of the initial breach point, according to a report
-
April 01, 2022
01
Apr'22
Apple drops emergency patches for two zero-days
Apple has fixed two zero-day vulnerabilities that appear to have been actively exploited in the wild
-
April 01, 2022
01
Apr'22
TechUK calls on government to seize post-Brexit data opportunities
Ahead of the government’s reply to its late 2021 consultation about proposed post-Brexit reforms to the data protection regime, TechUK has published a paper declaring six data governance principles
-
March 31, 2022
31
Mar'22
Global upheaval shows cyber security isn’t good enough, says GCHQ director
Generational global upheaval has laid bare significant gaps in national cyber strategies, GCHQ chief Jeremy Fleming has said in a speech
-
March 31, 2022
31
Mar'22
Bank fraud prevention scheme blocked £60m in fraud last year
Scheme to catch fraudsters, including online scammers, before they commit their crimes has reported a significant increase in crimes prevented
-
March 31, 2022
31
Mar'22
Lapsus$ cyber crime spree continues despite arrests
The arrests of seven people in connection with the Lapsus$ cyber crime group has not dented the gang’s enthusiasm for causing chaos
-
March 31, 2022
31
Mar'22
Spring4Shell zero-day sprung on security teams
Some are describing a newly disclosed Spring Java framework vulnerability as the next Log4Shell, but what is Spring4Shell, and what can we do about it?
-
March 30, 2022
30
Mar'22
One-third of UK firms suffer a cyber attack every week
New statistics from the annual DCMS Cyber security breaches survey reveal the extent and frequency with which UK organisations are being attacked by malicious actors
-
March 30, 2022
30
Mar'22
Australia to spend A$9.9bn on intelligence and cyber capabilities
The Morrison government is investing in a landmark package of measures to shore up the intelligence and cyber security capabilities of the Australian Signals Directorate
-
March 29, 2022
29
Mar'22
Overhaul of UK police tech needed to prevent abuse
Lords inquiry finds UK police are deploying artificial intelligence and algorithmic technologies without a thorough examination of their efficacy or outcomes, and are essentially ‘making it up as they go along’
-
March 29, 2022
29
Mar'22
NCSC: Not necessarily wise to ditch Kaspersky
UK’s National Cyber Security Centre issues refreshed guidance on organisations’ usage of technology and services of Russian origin, but stops short of advising users to expunge all Russian products from their IT estates
-
March 29, 2022
29
Mar'22
Wave of Log4j-linked attacks targeting VMware Horizon
Sophos issues a new warning to organisations that have so far failed to patch their VMware Horizon servers against Log4Shell
-
March 29, 2022
29
Mar'22
FCA reports 52% jump in security incidents
The Financial Conduct Authority received 116 cyber incident reports in 2021, a fifth of them involving ransomware
-
March 29, 2022
29
Mar'22
Singapore rolls out cyber security certification scheme
Two new cyber security marks are expected to provide an edge for Singapore businesses with good cyber security practices
-
March 28, 2022
28
Mar'22
IT professionals wary of government campaign to limit end-to-end encryption
Members of the Chartered Institute of IT, the professional body for technology professionals in the UK, warn against limiting end-to-end encryption
-
March 25, 2022
25
Mar'22
US offers concessions on surveillance and privacy as EU and US agree successor to Privacy Shield
EU and US agree data privacy framework allowing trans-Atlantic data transfers after US offers concessions on surveillance and new rights of redress for EU citizens
-
March 25, 2022
25
Mar'22
European Commission proposes new cyber security regulations
New cyber and information security regulations have been proposed by the European Commission to create a minimum set of standards in both areas
-
March 25, 2022
25
Mar'22
London police arrest seven in connection to Lapsus$
Seven people arrested by London police over cyber attacks carried out by Lapsus$ group, which is responsible for a number of recent, high profile attacks
-
March 25, 2022
25
Mar'22
How Lapsus$ exploited the failings of multifactor authentication
Attacks on Nvidia and Okta highlight weak MFA and the risk of employees being bribed or falling victim to social engineering
-
March 24, 2022
24
Mar'22
Anonymous claims it has hacked the Central Bank of Russia
Hackers operating under the Anonymous banner claim to have stolen more than 35,000 sensitive files from the Central Bank of Russia as part of its cyber war against the Russian state
-
March 24, 2022
24
Mar'22
Ransomware demands and payments increase with use of leak sites
Ransomware demands and payments continue to climb as gangs increasingly turn to Dark Web leak sites to add pressure on victims
-
March 24, 2022
24
Mar'22
The Security Interviews: Red gets automated
We speak to Jack Stockdale, CTO of Darktrace, about Cambridge’s strong data analytics and artificial intelligence links and the role of AI in cyber security
-
March 24, 2022
24
Mar'22
How India organisations can mitigate cyber threats
Organisations in India will need to invest more in cloud security, gain more visibility into their systems and improve security awareness among employees to fend off cyber attacks
-
March 24, 2022
24
Mar'22
Hiring and retention challenges in cyber security persist
Latest ISACA report shows that enterprises are struggling to find and retain cyber security talent
-
March 23, 2022
23
Mar'22
Private equity house spins SSE company out of McAfee Enterprise
The launch of Skyhigh Security completes division of McAfee Enterprise into separate businesses by Symphony Technology Group, which acquired the long-standing cyber security firm for $4bn in March 2021
-
March 23, 2022
23
Mar'22
NHS urgent care provider uses ID and access management to reduce complexity for clinicians
Provider of care through NHS 111 is using a cloud-based identity and access management system to remove the need for clinicians to remember multiple passwords
-
March 22, 2022
22
Mar'22
Biden issues warning about Russian cyber attacks
President Biden has said that US companies running critical infrastructure should immediately harden their defences in anticipation of potential cyber attacks from Russia
-
March 22, 2022
22
Mar'22
Details of Conti ransomware affiliate released
Information about a new Conti affiliate has been released by eSentire and BreakPoint Lab after a joint investigation into the group’s indicators of compromise
-
March 21, 2022
21
Mar'22
Siloed data holding back coordinated health responses
Digital health experts discuss the role of data in coordinating the NHS’s pandemic response and how managing privacy and governance issues are key to further success
-
March 18, 2022
18
Mar'22
Dark web littered with Ukraine crypto scammers
Cryptocurrency scammers are actively targeting people trying to donate funds to support Ukraine
-
March 18, 2022
18
Mar'22
Ukrainian cyber defences prove resilient
Thanks to a combination of prior experience and global support, Ukraine’s defences against cyber incidents are holding strong in the face of Russian attacks
-
March 17, 2022
17
Mar'22
NCSC catches 10 million phishes
Nation Cyber Security Centre’s scam email reporting service enjoys great success as government embarks on new cyber awareness campaign
-
March 17, 2022
17
Mar'22
Kaspersky CEO: Ukraine war must end through diplomacy
Eugene Kaspersky speaks out on the war in Ukraine, and rebuffs Germany’s BSI, branding its warnings over his company’s trustworthiness as insulting
-
March 17, 2022
17
Mar'22
Online Safety Bill introduced in Parliament
The government has introduced its long-awaited Online Safety Bill in Parliament, alongside new criminal offences and sanctions for tech company execs
-
March 17, 2022
17
Mar'22
Alarm raised over ‘trickster’ LokiLocker ransomware
The new LokiLocker ransomware is, like its namesake, adept at tricks and misdirection, say BlackBerry researchers
-
March 17, 2022
17
Mar'22
Value of contactless transactions doubles in two years
Almost £166bn was spent in the UK last year using contactless technology, compared with £80.5bn in 2019
-
March 17, 2022
17
Mar'22
FCSA takes steps to help umbrella company members protect themselves better from cyber attacks
After a spate of suspected ransomware attacks on its members, the Freelance and Contractor Services Association is partnering with a cyber security firm that can coach its umbrella firms on how to protect themselves better