News

IT security

• April 08, 2022 08 Apr'22

  Ukrainian cyber criminal gets five years in jail

  A US court has sentenced Denys Iarmak, who worked as a penetration tester for the FIN7 cyber crime group, to a five-year prison sentence

• April 08, 2022 08 Apr'22

  Was Spring4Shell a lot of hot air? No, but...

  Find out why Spring4Shell was apparently not as impactful a security problem as many had at first feared, and why it’s on the cyber community as a whole to do better

• April 07, 2022 07 Apr'22

  US shuts down Russia’s Cyclops Blink botnet operation

  Operation by US authorities has taken the Russia-attributed Cyclops Blink botnet ‘off the board’

• April 07, 2022 07 Apr'22

  MPs and editors sound alarm over threat to Freedom of Information

  Government secrecy and trend for departments to block Freedom of Information requests pose a long-term risk to accountability

• April 06, 2022 06 Apr'22

  Apple criticised over unpatched CVEs in Catalina, Big Sur

  Apple patched two zero-days in macOS Monterey last week, but did not address the same issue in Catalina or Big Sur, raising questions

• April 06, 2022 06 Apr'22

  Denonia malware may be first to target AWS Lambda

  The newly discovered Denonia malware appears to be custom designed to target AWS Lambda environments, and may be the first of its kind

• April 06, 2022 06 Apr'22

  Hydra takedown merely shifts cyber criminal problem elsewhere

  The seizure of the Hydra dark web marketplace is a positive development in the fight against cyber crime, but will only be a temporary setback for determined criminals

• April 05, 2022 05 Apr'22

  Secrecy over police EncroChat hacking is unconstitutional, defence lawyers tell top French court

  France’s constitutional court, the Conseil Constitutionnel, has heard arguments that the use of ‘defence secrecy’ to withhold information about police surveillance operations breaches the French constitution

• April 05, 2022 05 Apr'22

  Discount retailer The Works hit by cyber attack

  A small number of The Works’ bricks-and-mortar stores were forced to close amid a cyber attack of an undisclosed nature

• April 05, 2022 05 Apr'22

  Triple-threat Borat malware no joke for victims

  Unlike its namesake, the newly discovered Borat malware won’t raise a smile for IT security pros

• April 05, 2022 05 Apr'22

  IBM z16 tackles financial fraud and quantum hacks

  New addition to Z series mainframe family uses IBM Telum processor to accelerate AI for real-time credit card fraud detection

• April 04, 2022 04 Apr'22

  How remote browser isolation can mitigate cyber threats

  Remote browser isolation can help to mitigate browser-based attacks by separating a user’s browsing activity from the device

• April 01, 2022 01 Apr'22

  Two teenagers charged with Lapsus$ cyber attacks

  City of London Police have charged two teenagers in connection with the Lapsus$ cyber crime spree

• April 01, 2022 01 Apr'22

  Four moves to ‘checkmate’ critical assets thanks to lax cloud security

  Malicious actors can compromise 94% of critical assets within four steps of the initial breach point, according to a report

• April 01, 2022 01 Apr'22

  Apple drops emergency patches for two zero-days

  Apple has fixed two zero-day vulnerabilities that appear to have been actively exploited in the wild

• April 01, 2022 01 Apr'22

  TechUK calls on government to seize post-Brexit data opportunities

  Ahead of the government’s reply to its late 2021 consultation about proposed post-Brexit reforms to the data protection regime, TechUK has published a paper declaring six data governance principles

• March 31, 2022 31 Mar'22

  Global upheaval shows cyber security isn’t good enough, says GCHQ director

  Generational global upheaval has laid bare significant gaps in national cyber strategies, GCHQ chief Jeremy Fleming has said in a speech

• March 31, 2022 31 Mar'22

  Bank fraud prevention scheme blocked £60m in fraud last year

  Scheme to catch fraudsters, including online scammers, before they commit their crimes has reported a significant increase in crimes prevented

• March 31, 2022 31 Mar'22

  Lapsus$ cyber crime spree continues despite arrests

  The arrests of seven people in connection with the Lapsus$ cyber crime group has not dented the gang’s enthusiasm for causing chaos

• March 31, 2022 31 Mar'22

  Spring4Shell zero-day sprung on security teams

  Some are describing a newly disclosed Spring Java framework vulnerability as the next Log4Shell, but what is Spring4Shell, and what can we do about it?

• March 30, 2022 30 Mar'22

  One-third of UK firms suffer a cyber attack every week

  New statistics from the annual DCMS Cyber security breaches survey reveal the extent and frequency with which UK organisations are being attacked by malicious actors

• March 30, 2022 30 Mar'22

  Australia to spend A$9.9bn on intelligence and cyber capabilities

  The Morrison government is investing in a landmark package of measures to shore up the intelligence and cyber security capabilities of the Australian Signals Directorate

• March 29, 2022 29 Mar'22

  Overhaul of UK police tech needed to prevent abuse

  Lords inquiry finds UK police are deploying artificial intelligence and algorithmic technologies without a thorough examination of their efficacy or outcomes, and are essentially ‘making it up as they go along’

• March 29, 2022 29 Mar'22

  NCSC: Not necessarily wise to ditch Kaspersky

  UK’s National Cyber Security Centre issues refreshed guidance on organisations’ usage of technology and services of Russian origin, but stops short of advising users to expunge all Russian products from their IT estates

• March 29, 2022 29 Mar'22

  Wave of Log4j-linked attacks targeting VMware Horizon

  Sophos issues a new warning to organisations that have so far failed to patch their VMware Horizon servers against Log4Shell

• March 29, 2022 29 Mar'22

  FCA reports 52% jump in security incidents

  The Financial Conduct Authority received 116 cyber incident reports in 2021, a fifth of them involving ransomware

• March 29, 2022 29 Mar'22

  Singapore rolls out cyber security certification scheme

  Two new cyber security marks are expected to provide an edge for Singapore businesses with good cyber security practices

• March 28, 2022 28 Mar'22

  IT professionals wary of government campaign to limit end-to-end encryption

  Members of the Chartered Institute of IT, the professional body for technology professionals in the UK, warn against limiting end-to-end encryption

• March 25, 2022 25 Mar'22

  US offers concessions on surveillance and privacy as EU and US agree successor to Privacy Shield

  EU and US agree data privacy framework allowing trans-Atlantic data transfers after US offers concessions on surveillance and new rights of redress for EU citizens

• March 25, 2022 25 Mar'22

  European Commission proposes new cyber security regulations

  New cyber and information security regulations have been proposed by the European Commission to create a minimum set of standards in both areas

• March 25, 2022 25 Mar'22

  London police arrest seven in connection to Lapsus$

  Seven people arrested by London police over cyber attacks carried out by Lapsus$ group, which is responsible for a number of recent, high profile attacks

• March 25, 2022 25 Mar'22

  How Lapsus$ exploited the failings of multifactor authentication

  Attacks on Nvidia and Okta highlight weak MFA and the risk of employees being bribed or falling victim to social engineering

• March 24, 2022 24 Mar'22

  Anonymous claims it has hacked the Central Bank of Russia

  Hackers operating under the Anonymous banner claim to have stolen more than 35,000 sensitive files from the Central Bank of Russia as part of its cyber war against the Russian state

• March 24, 2022 24 Mar'22

  Ransomware demands and payments increase with use of leak sites

  Ransomware demands and payments continue to climb as gangs increasingly turn to Dark Web leak sites to add pressure on victims

• March 24, 2022 24 Mar'22

  The Security Interviews: Red gets automated

  We speak to Jack Stockdale, CTO of Darktrace, about Cambridge’s strong data analytics and artificial intelligence links and the role of AI in cyber security

• March 24, 2022 24 Mar'22

  How India organisations can mitigate cyber threats

  Organisations in India will need to invest more in cloud security, gain more visibility into their systems and improve security awareness among employees to fend off cyber attacks

• March 24, 2022 24 Mar'22

  Hiring and retention challenges in cyber security persist

  Latest ISACA report shows that enterprises are struggling to find and retain cyber security talent

• March 23, 2022 23 Mar'22

  Private equity house spins SSE company out of McAfee Enterprise

  The launch of Skyhigh Security completes division of McAfee Enterprise into separate businesses by Symphony Technology Group, which acquired the long-standing cyber security firm for $4bn in March 2021

• March 23, 2022 23 Mar'22

  NHS urgent care provider uses ID and access management to reduce complexity for clinicians

  Provider of care through NHS 111 is using a cloud-based identity and access management system to remove the need for clinicians to remember multiple passwords

• March 22, 2022 22 Mar'22

  Biden issues warning about Russian cyber attacks

  President Biden has said that US companies running critical infrastructure should immediately harden their defences in anticipation of potential cyber attacks from Russia

• March 22, 2022 22 Mar'22

  Details of Conti ransomware affiliate released

  Information about a new Conti affiliate has been released by eSentire and BreakPoint Lab after a joint investigation into the group’s indicators of compromise

• March 21, 2022 21 Mar'22

  Siloed data holding back coordinated health responses

  Digital health experts discuss the role of data in coordinating the NHS’s pandemic response and how managing privacy and governance issues are key to further success

• March 18, 2022 18 Mar'22

  Dark web littered with Ukraine crypto scammers

  Cryptocurrency scammers are actively targeting people trying to donate funds to support Ukraine

• March 18, 2022 18 Mar'22

  Ukrainian cyber defences prove resilient

  Thanks to a combination of prior experience and global support, Ukraine’s defences against cyber incidents are holding strong in the face of Russian attacks

• March 17, 2022 17 Mar'22

  NCSC catches 10 million phishes

  Nation Cyber Security Centre’s scam email reporting service enjoys great success as government embarks on new cyber awareness campaign

• March 17, 2022 17 Mar'22

  Kaspersky CEO: Ukraine war must end through diplomacy

  Eugene Kaspersky speaks out on the war in Ukraine, and rebuffs Germany’s BSI, branding its warnings over his company’s trustworthiness as insulting

• March 17, 2022 17 Mar'22

  Online Safety Bill introduced in Parliament

  The government has introduced its long-awaited Online Safety Bill in Parliament, alongside new criminal offences and sanctions for tech company execs

• March 17, 2022 17 Mar'22

  Alarm raised over ‘trickster’ LokiLocker ransomware

  The new LokiLocker ransomware is, like its namesake, adept at tricks and misdirection, say BlackBerry researchers

• March 17, 2022 17 Mar'22

  Value of contactless transactions doubles in two years

  Almost £166bn was spent in the UK last year using contactless technology, compared with £80.5bn in 2019

• March 17, 2022 17 Mar'22

  FCSA takes steps to help umbrella company members protect themselves better from cyber attacks

  After a spate of suspected ransomware attacks on its members, the Freelance and Contractor Services Association is partnering with a cyber security firm that can coach its umbrella firms on how to protect themselves better