News
IT security
-
April 14, 2022
14
Apr'22
Kyndryl kindles cyber incident recovery pact with Dell
IBM spin-out Kyndryl hops into bed with Dell Technologies in a joint cyber resilience proposition
-
April 14, 2022
14
Apr'22
Zhadnost DDoS botnet deployed against Finland
A coordinated DDoS attack hit two government ministries in Finland at the same time as Ukrainian president Volodymyr Zelensky delivered a virtual address to the Finnish parliament
-
April 14, 2022
14
Apr'22
Incontroller ICS malware has ‘rare, dangerous’ capabilities, says Mandiant
Mandiant joins a growing chorus of warnings over novel nation state threats to ICS systems
-
April 14, 2022
14
Apr'22
Government agrees bulk surveillance powers fail to protect journalists and sources
Campaign group Liberty to launch legal appeal that will call for journalists to receive stronger legal protections from state surveillance
-
April 13, 2022
13
Apr'22
WatchGuard firewall users urged to patch Cyclops Blink vulnerability
The US authorities have seen fit to add the WatchGuard vulnerability used by Sandworm to build the Cyclops Blink botnet to its list of must-patch vulnerabilities
-
April 13, 2022
13
Apr'22
Microsoft patches two zero-days, 10 critical bugs
Patch Tuesday is here once again. This month, security teams must fix two privilege escalation zero-days in the Windows Common Log File System Driver and the Windows User Profile Service
-
April 13, 2022
13
Apr'22
Criminals researched hacking TTPs post-breach in ‘messy’ cyber attack
Sophos shares details of a cyber attack that saw attackers hang out in their victim environment for five months while they prepared to sow further mischief
-
April 13, 2022
13
Apr'22
More ANZ organisations warm to DevSecOps
About four in 10 organisations in Australia and New Zealand are undertaking the transition to development, security and operations, while a further 36% plan to do so in 2022, study finds
-
April 12, 2022
12
Apr'22
Universal IAM policy failings put cloud environments at risk
Almost all organisations lack appropriate IAM policy controls to effectively secure their data in the cloud, according to a damning study
-
April 12, 2022
12
Apr'22
Multiple arrests made in RaidForums takedown
A Portuguese national and a 21-year-old man from Croydon are among a number of individuals arrested ahead of the closure of RaidForums by police
-
April 12, 2022
12
Apr'22
Sandworm rolls out Industroyer2 malware against Ukraine
A second generation of the Sandworm-linked Industroyer malware has been identified by ESET researchers and Ukraine’s national CERT
-
April 12, 2022
12
Apr'22
AI researcher says police tech suppliers are hostile to transparency
Expert witness in Lords police tech inquiry welcomes committee’s findings but questions whether its recommendations on how to end the ‘Wild West’ of police artificial intelligence and algorithmic technologies in the UK would be implemented
-
April 11, 2022
11
Apr'22
Singapore to start licensing cyber security service providers
Those providing penetration testing and SOC services will need to apply for a licence under a new licensing regime that is expected to safeguard consumer interests and improve service standards
-
April 11, 2022
11
Apr'22
Border IT system fixed after 10-day outage
Post-Brexit border IT system failure fixed after going down at the start of April, allowing traders to once again file customs documents electronically rather than by hand
-
April 11, 2022
11
Apr'22
Open source CMS platform Directus patches XSS bug
A stored cross-site scripting vulnerability in the Directus platform could have enabled malicious actors to gain access to valuable data
-
April 11, 2022
11
Apr'22
Raspberry Pi Foundation ditches default username policy
Raspberry Pi owners will no longer be able to use the default ‘pi’ username, as the Raspberry Pi Foundation clamps down on insecure practices
-
April 11, 2022
11
Apr'22
Nordic countries discuss joint cyber defence capability
Nordic countries are in talks to increase their cyber defences in the face of the threat from Russia
-
April 08, 2022
08
Apr'22
EncroChat: France says ‘defence secrecy’ in police surveillance operations is constitutional
Constitutional court finds that invoking ‘defence secrecy’ to withhold information about the state hacking of EncroChat cryptophones is constitutional. Defence lawyers now head for the supreme court
-
April 08, 2022
08
Apr'22
Ukrainian cyber criminal gets five years in jail
A US court has sentenced Denys Iarmak, who worked as a penetration tester for the FIN7 cyber crime group, to a five-year prison sentence
-
April 08, 2022
08
Apr'22
Was Spring4Shell a lot of hot air? No, but...
Find out why Spring4Shell was apparently not as impactful a security problem as many had at first feared, and why it’s on the cyber community as a whole to do better
-
April 07, 2022
07
Apr'22
US shuts down Russia’s Cyclops Blink botnet operation
Operation by US authorities has taken the Russia-attributed Cyclops Blink botnet ‘off the board’
-
April 07, 2022
07
Apr'22
MPs and editors sound alarm over threat to Freedom of Information
Government secrecy and trend for departments to block Freedom of Information requests pose a long-term risk to accountability
-
April 06, 2022
06
Apr'22
Apple criticised over unpatched CVEs in Catalina, Big Sur
Apple patched two zero-days in macOS Monterey last week, but did not address the same issue in Catalina or Big Sur, raising questions
-
April 06, 2022
06
Apr'22
Denonia malware may be first to target AWS Lambda
The newly discovered Denonia malware appears to be custom designed to target AWS Lambda environments, and may be the first of its kind
-
April 06, 2022
06
Apr'22
Hydra takedown merely shifts cyber criminal problem elsewhere
The seizure of the Hydra dark web marketplace is a positive development in the fight against cyber crime, but will only be a temporary setback for determined criminals
-
April 05, 2022
05
Apr'22
Secrecy over police EncroChat hacking is unconstitutional, defence lawyers tell top French court
France’s constitutional court, the Conseil Constitutionnel, has heard arguments that the use of ‘defence secrecy’ to withhold information about police surveillance operations breaches the French constitution
-
April 05, 2022
05
Apr'22
Discount retailer The Works hit by cyber attack
A small number of The Works’ bricks-and-mortar stores were forced to close amid a cyber attack of an undisclosed nature
-
April 05, 2022
05
Apr'22
Triple-threat Borat malware no joke for victims
Unlike its namesake, the newly discovered Borat malware won’t raise a smile for IT security pros
-
April 05, 2022
05
Apr'22
IBM z16 tackles financial fraud and quantum hacks
New addition to Z series mainframe family uses IBM Telum processor to accelerate AI for real-time credit card fraud detection
-
April 04, 2022
04
Apr'22
How remote browser isolation can mitigate cyber threats
Remote browser isolation can help to mitigate browser-based attacks by separating a user’s browsing activity from the device
-
April 01, 2022
01
Apr'22
Two teenagers charged with Lapsus$ cyber attacks
City of London Police have charged two teenagers in connection with the Lapsus$ cyber crime spree
-
April 01, 2022
01
Apr'22
Four moves to ‘checkmate’ critical assets thanks to lax cloud security
Malicious actors can compromise 94% of critical assets within four steps of the initial breach point, according to a report
-
April 01, 2022
01
Apr'22
Apple drops emergency patches for two zero-days
Apple has fixed two zero-day vulnerabilities that appear to have been actively exploited in the wild
-
April 01, 2022
01
Apr'22
TechUK calls on government to seize post-Brexit data opportunities
Ahead of the government’s reply to its late 2021 consultation about proposed post-Brexit reforms to the data protection regime, TechUK has published a paper declaring six data governance principles
-
March 31, 2022
31
Mar'22
Global upheaval shows cyber security isn’t good enough, says GCHQ director
Generational global upheaval has laid bare significant gaps in national cyber strategies, GCHQ chief Jeremy Fleming has said in a speech
-
March 31, 2022
31
Mar'22
Bank fraud prevention scheme blocked £60m in fraud last year
Scheme to catch fraudsters, including online scammers, before they commit their crimes has reported a significant increase in crimes prevented
-
March 31, 2022
31
Mar'22
Lapsus$ cyber crime spree continues despite arrests
The arrests of seven people in connection with the Lapsus$ cyber crime group has not dented the gang’s enthusiasm for causing chaos
-
March 31, 2022
31
Mar'22
Spring4Shell zero-day sprung on security teams
Some are describing a newly disclosed Spring Java framework vulnerability as the next Log4Shell, but what is Spring4Shell, and what can we do about it?
-
March 30, 2022
30
Mar'22
One-third of UK firms suffer a cyber attack every week
New statistics from the annual DCMS Cyber security breaches survey reveal the extent and frequency with which UK organisations are being attacked by malicious actors
-
March 30, 2022
30
Mar'22
Australia to spend A$9.9bn on intelligence and cyber capabilities
The Morrison government is investing in a landmark package of measures to shore up the intelligence and cyber security capabilities of the Australian Signals Directorate
-
March 29, 2022
29
Mar'22
Overhaul of UK police tech needed to prevent abuse
Lords inquiry finds UK police are deploying artificial intelligence and algorithmic technologies without a thorough examination of their efficacy or outcomes, and are essentially ‘making it up as they go along’
-
March 29, 2022
29
Mar'22
NCSC: Not necessarily wise to ditch Kaspersky
UK’s National Cyber Security Centre issues refreshed guidance on organisations’ usage of technology and services of Russian origin, but stops short of advising users to expunge all Russian products from their IT estates
-
March 29, 2022
29
Mar'22
Wave of Log4j-linked attacks targeting VMware Horizon
Sophos issues a new warning to organisations that have so far failed to patch their VMware Horizon servers against Log4Shell
-
March 29, 2022
29
Mar'22
FCA reports 52% jump in security incidents
The Financial Conduct Authority received 116 cyber incident reports in 2021, a fifth of them involving ransomware
-
March 29, 2022
29
Mar'22
Singapore rolls out cyber security certification scheme
Two new cyber security marks are expected to provide an edge for Singapore businesses with good cyber security practices
-
March 28, 2022
28
Mar'22
IT professionals wary of government campaign to limit end-to-end encryption
Members of the Chartered Institute of IT, the professional body for technology professionals in the UK, warn against limiting end-to-end encryption
-
March 25, 2022
25
Mar'22
US offers concessions on surveillance and privacy as EU and US agree successor to Privacy Shield
EU and US agree data privacy framework allowing trans-Atlantic data transfers after US offers concessions on surveillance and new rights of redress for EU citizens
-
March 25, 2022
25
Mar'22
European Commission proposes new cyber security regulations
New cyber and information security regulations have been proposed by the European Commission to create a minimum set of standards in both areas
-
March 25, 2022
25
Mar'22
London police arrest seven in connection to Lapsus$
Seven people arrested by London police over cyber attacks carried out by Lapsus$ group, which is responsible for a number of recent, high profile attacks
-
March 25, 2022
25
Mar'22
How Lapsus$ exploited the failings of multifactor authentication
Attacks on Nvidia and Okta highlight weak MFA and the risk of employees being bribed or falling victim to social engineering