News

IT security

• November 10, 2020 10 Nov'20

  Intel and AMD processors affected by another side-channel exploit

  Two years after Spectre and Meltdown, the x86 processor faces another side-channel exploit – only this time, it is based on sensing temperature

• November 10, 2020 10 Nov'20

  Leaky AWS S3 bucket once again at centre of data breach

  Prestige Software exposed millions of records after failing to pay attention to the security of its cloud instances

• November 10, 2020 10 Nov'20

  Zoom rapped over historic security practices

  The US Federal Trade Commission rules that Zoom’s practices undermined the security of its users

• November 10, 2020 10 Nov'20

  Better data sharing needed to help children during pandemic

  Closing gaps in data infrastructure will help the education sector respond better to children’s needs during the Covid-19 pandemic, says Open Data Institute

• November 10, 2020 10 Nov'20

  IT Priorities 2020: After Covid-19, security goes back to basics

  This year’s transition to remote working highlighted big gaps in the fundamentals of security, as updated TechTarget/Computer Weekly data reveals

• November 09, 2020 09 Nov'20

  EU moves closer to encryption ban after Austria, France attacks

  Draft resolution document setting up an EU-wide ban on end-to-end encryption is set to be waved through this week

• November 06, 2020 06 Nov'20

  NHS warned over Ryuk spreading through Trickbot replacements

  NHS Digital tells healthcare organisations to be mindful of a marked rise in usage of the Bazar and Buer loaders

• November 06, 2020 06 Nov'20

  ICO sued over ‘failure’ to address ad industry practices

  Privacy campaigner the Open Rights Group claims the advertising technology industry is systematically breaching the GDPR, and the ICO is doing nothing about it

• November 05, 2020 05 Nov'20

  Microsoft to support next generation of security startups

  Tech giant lends its support to the NCSC Cyber Accelerator scheme, which is seeking its seventh cohort of startups

• November 05, 2020 05 Nov'20

  Consumer rights organisation warns of computer takeover scams

  Consumers warned to be on guard against criminals pretending to be IT support staff to gain access to personal banking information

• November 05, 2020 05 Nov'20

  Singapore government rolls out digital signature service

  Individuals and businesses will soon be able to sign documents digitally using a new service on the Singapore government’s SingPass digital identity platform

• November 04, 2020 04 Nov'20

  EU to introduce data-sharing measures with US in weeks

  The European Commission is to issue updated standard contractual clauses (SCCs) that will allow organisations in the EU to exchange data with the US, but they may arrive too late to incorporate into UK law

• November 04, 2020 04 Nov'20

  India and Japan report stronger concern over cyber threats

  Security operations teams in the two Asian giants see the increased volume of cyber threats as their biggest challenge amid the Covid-19 pandemic

• November 03, 2020 03 Nov'20

  GDPR lawsuit against Oracle and Salesforce moves forward

  Class action suit seeks claims worth more than £10bn over the processing of personal information

• November 02, 2020 02 Nov'20

  NHS weathers cyber crime storm during pandemic, says NCSC

  The NCSC dealt with over 700 incidents in the 12 months to August 2020, with over 200 specifically related to Covid-19, and the NHS a critical area of focus

• November 02, 2020 02 Nov'20

  Maze ransomware shuts down with bizarre announcement

  The operators of Maze announce they are shutting down, and claim their crime spree was merely intended to demonstrate lax security at their targets

• October 30, 2020 30 Oct'20

  Accidental heroes: How one scaleup pivoted to cyber

  Simeon Quarrie designed his business using virtual reality and interactivity as a tool to tell stories that effect cultural change in enterprise environments – then a cyber criminal emptied his bank account

• October 30, 2020 30 Oct'20

  CISOs more confident in identity practice after pandemic shock

  Identity practice and management has become a critical element of cyber security strategies to support remote workers

• October 30, 2020 30 Oct'20

  ICO slashes Marriott breach fine to £18.4m

  Reduced fine reflects both improvements made to hotel group’s cyber security and impact of coronavirus on the travel and hospitality sector

• October 29, 2020 29 Oct'20

  Surge in Ryuk ransomware attacks has hospitals on alert

  Russian cyber criminals are conducting a targeted campaign against hospitals with Ryuk ransomware

• October 29, 2020 29 Oct'20

  Zero-trust investment seen accelerating through pandemic

  New analyst report details some of the main indicators for success in zero-trust implementation

• October 28, 2020 28 Oct'20

  Trump supporters targeted by cryptocurrency scammers

  The successful breach of Donald Trump’s official website shows up lax security on his campaign team and is yet another timely warning that nobody is immune to cyber crime

• October 28, 2020 28 Oct'20

  Finnish therapy centre accused of covering up cyber attack

  Private therapy practice Vastaamo faces questions over its security and business practices in the months leading up to one of the biggest data breaches in Finland’s history

• October 28, 2020 28 Oct'20

  Privacy and online safety are focus of new UKRI research funding

  Online safety research centre of excellence will look into technology to boost privacy and tackle disinformation, fake news, conspiracies and other online harms

• October 28, 2020 28 Oct'20

  Barracuda eyes Indochina markets

  Barracuda is looking to expand its local presence and headcount in fast-growing emerging markets of Vietnam, Cambodia and Laos

• October 27, 2020 27 Oct'20

  Commvault launches Metallic backup service in Europe

  Backup giant adds backup as a service, with cloud-to-cloud backup and e-discovery functionality that can work across on-site datacentres and the AWS and Azure clouds

• October 27, 2020 27 Oct'20

  ICO slams Experian over ‘invisible’ data processing

  Data processing practices used by Experian broke data protection law, says Information Commissioner’s Office

• October 27, 2020 27 Oct'20

  Calls for clarity over Amazon insider breach

  Security experts call for more clarity from Amazon over an apparent leak of customer data

• October 27, 2020 27 Oct'20

  Sopra Steria hit by new version of Ryuk ransomware

  IT services company Sopra Steria says it has contained the ransomware virus, but systems will take a few weeks to be fully operational

• October 27, 2020 27 Oct'20

  APAC CISOs warm up to zero trust

  Security leaders in Asia-Pacific are adopting zero-trust security, but challenges stand in their way of reaping the full potential of the security model

• October 26, 2020 26 Oct'20

  Highly unusual hacking attack directly threatens therapy patients

  A hacker has directly contacted therapy patients to say their highly personal therapy notes will be put on the internet unless they pay the ransom

• October 26, 2020 26 Oct'20

  Forrester: CIOs must prepare for Brexit data transfer

  With the end of the Brexit transition period just weeks away, multi-national organisations will need to re-evaluate how intercompany data is transmitted

• October 26, 2020 26 Oct'20

  Policy Exchange calls on government to publish digital ID strategy

  The lack of reliable digital ID services in the UK is limiting the country’s digital infrastructure potential, according to a report on digital identity, which also recommends the government to clarify the future of Gov.uk Verify

• October 26, 2020 26 Oct'20

  Cooperation between Norway’s security agencies planned following cyber attack on parliament

  Government seeks to develop enhanced national IT infrastructure with an embedded early warning system and defence shield to protect the IT systems of public and private organisations

• October 23, 2020 23 Oct'20

  Cyber attack on Hackney Council is ‘morally repugnant’, says mayor

  Mayor of Hackney is ‘incredibly angry’ at the cyber criminals behind the attack, which will continue to disrupt key council services for some time

• October 22, 2020 22 Oct'20

  SonicWall patches 11 firewall vulnerabilities

  SonicWall users are advised to download updates that fix 11 CVEs in the SonicOS operating system, uncovered by Positive Technologies

• October 22, 2020 22 Oct'20

  Protecting remote workers an opportunity to do security better

  Securing the fully remote workforce has been a challenge for IT teams, but it presents an opportunity to commit to a higher standard of cyber security, according to a Cisco report

• October 21, 2020 21 Oct'20

  NSA’s top CVE list a timely reminder to patch

  Many of the CVEs detailed on the NSA’s top 25 chart are golden oldies

• October 21, 2020 21 Oct'20

  Charities warned over ‘Robin Hood’ cyber criminals

  Accepting donations from cyber criminal groups could be deemed as profiting from crime, money laundering or handling stolen goods – so don’t do it

• October 21, 2020 21 Oct'20

  Trump and Biden campaign apps easy targets for cyber criminals

  You don’t need a stellar IQ to exploit the dangerous StrandHogg Android vulnerability, and users of both Donald Trump’s and Joe Biden’s mobile apps are at risk of falling victim to it

• October 21, 2020 21 Oct'20

  Financial services staff want work-from-home policies to continue after Covid

  About half of workers in the finance sector want their employers to retain remote working policies brought in during the pandemic

• October 21, 2020 21 Oct'20

  Customer loyalty accounts in danger from cyber criminals

  Billions of credential stuffing attacks are harvesting valuable customer data for the dark web economy

• October 21, 2020 21 Oct'20

  Retailers get access to new security toolkit

  The British Retail Consortium has worked with the NCSC to develop a new cyber security toolkit pitched at retailers

• October 20, 2020 20 Oct'20

  Hackney Council services to be disrupted ‘for some time’

  Inability to make housing benefit payments is likely to sting some tenants as Hackney cyber attack drags on

• October 20, 2020 20 Oct'20

  Resilient Trickbot down but not yet knocked out

  Global, Microsoft-led effort to disrupt the Trickbot botnet has seen some success, but new command and control servers continue to pop up

• October 20, 2020 20 Oct'20

  Police given access to self-isolation data

  NHS Test and Trace self-isolation data will be made available to police after new guidance changes data-sharing rules

• October 20, 2020 20 Oct'20

  BA breach penalty sets new GDPR precedents

  The 90% reduction in the fine levied on BA over a 2018 data breach has legal experts talking about the ramifications for the future of data protection

• October 20, 2020 20 Oct'20

  Six Russians charged over NotPetya and other attacks

  Six members of the APT group known as Sandworm have been charged in the US over a series of attacks including the destructive NotPetya incident

• October 16, 2020 16 Oct'20

  BA argues ICO data breach fine down to £20m

  Information Commissioner’s Office levies fine of £20m on British Airways for failing to protect the personal data of hundreds of thousands of passengers – a vast reduction on the initial £183m penalty

• October 16, 2020 16 Oct'20

  Spanish court to question witnesses over ‘illegal surveillance’ of WikiLeaks founder Julian Assange

  The Spanish National Court in Madrid is to hear evidence from information security expert Andy Müller-Maguhn and two lawyers who were subject to ‘illegal surveillance’  of their meetings with Julian Assange at the Ecuadorian Embassy in London

• October 15, 2020 15 Oct'20

  Arrests and indictments made in cyber money laundering ring

  The NCA has revealed six men were arrested in the UK as part of an international investigation into a money laundering network which handled transactions for some of the world’s most prolific cyber criminal groups

• October 15, 2020 15 Oct'20

  Cloud data protection keeps the Crick’s medical research Covid-secure

  Cloud data management services from Rubrik gave the Francis Crick Institute a data protection edge and have helped keep its vital work going through the pandemic

• October 15, 2020 15 Oct'20

  Hackney services still offline in ongoing cyber attack

  Services remain disrupted two days after council was hit by a serious incident, as residents are warned to be on their guard

• October 14, 2020 14 Oct'20

  Public sector security failings leave UK at risk, says think tank

  Reform report urges adoption of new policies in the next version of the UK’s National Cyber Security Strategy

• October 14, 2020 14 Oct'20

  US Elections: Malicious internet domains spike as campaigns heat up

  Internet domains related to the US presidential election are 56% more likely to be malicious than regular ones

• October 14, 2020 14 Oct'20

  Public data should not be held by US tech giants

  One-off evidence sessions to follow up on the recommendations of the House of Lords AI Committee revisit the data and ethics debate

• October 14, 2020 14 Oct'20

  Fintech ‘unicorn’ Klarna probed over data misuse

  Online bank blames misuse of user data on human error as Information Commissioner’s Office weighs in

• October 14, 2020 14 Oct'20

  Microsoft fixes 87 bugs in October 2020 Patch Tuesday

  Smaller October Patch Tuesday update includes fixes for critical bugs in Windows 10 and Windows Server 2019

• October 13, 2020 13 Oct'20

  Suppliers neglecting virtual appliance security, putting users at risk

  Software suppliers are often distributing their products on virtual appliances that contain known vulnerabilities or are running outdated or unsupported operating systems, according to a report

• October 13, 2020 13 Oct'20

  Hackney Council services offline after ‘serious’ cyber attack

  Services to residents of the London borough of Hackney are being disrupted by a cyber attack

• October 12, 2020 12 Oct'20

  Trickbot forced offline in major cyber security victory

  Coalition led by Microsoft obtained a court order enabling them to take down the infamous Trickbot botnet’s back-end server infrastructure

• October 12, 2020 12 Oct'20

  Five Eyes spy group again demands access to private messages

  Spooks are once again calling for the tech industry to break end-to-end encryption in messaging platforms

• October 12, 2020 12 Oct'20

  Cyber security skills ad branded ‘crass’ by minister

  Security skills campaign advert depicting a ballet dancer comes in for criticism as the arts sector struggles in the pandemic

• October 12, 2020 12 Oct'20

  Software AG caught in double extortion ransomware hit

  Data stolen from prominent German software company by Clop ransomware gang appears on the dark web

• October 12, 2020 12 Oct'20

  Making sense of zero-trust security

  Implementing zero-trust security is not an easy feat, but enterprises can still get it right if they approach it from a process perspective and get a handle on their infrastructure footprint

• October 09, 2020 09 Oct'20

  Magecart strikes website of school payments service Wisepay

  Magecart credit card skimmer harvested financial data of users of Wisepay’s platform over a two-day period

• October 08, 2020 08 Oct'20

  NCSC relaunches SME security guide with home working focus

  The NCSC is issuing an updated version of its guide to security for SMEs, reflecting the long-lasting changes to the world of work seen in 2020

• October 08, 2020 08 Oct'20

  Emotet rated September’s ‘most popular’ malware

  The current resurgence of Emotet is attracting attention as governments issue new warnings and cyber criminals rush to exploit the chaotic US election

• October 08, 2020 08 Oct'20

  Coronavirus face mask spammer fined by ICO

  The director of software company Studios MG spammed members of the public at the height of the pandemic as one of its directors tried to shift a job lot of face masks

• October 08, 2020 08 Oct'20

  Crown Prosecution Service suffers 1,600 data breaches in 12 months

  CPS sees a spike in data security incidents, many of them serious enough to be reported to the Information Commissioner’s Office

• October 08, 2020 08 Oct'20

  Threat of GDPR fines increasingly driving security buying decisions

  Scaring the people who hold the purse strings may be the best option for CISOs who need a little extra budget

• October 07, 2020 07 Oct'20

  5G regulation failures are a threat to UK’s national security

  Defence Committee report on the security of 5G brands existing regulations outdated and unsatisfactory

• October 07, 2020 07 Oct'20

  Department for Education failed to protect data on millions of children, says ICO

  The Department for Education’s National Pupil Database, which contains millions of items of data on the UK’s schoolchildren, was found to be non-compliant with data protection regulations across the board

• October 07, 2020 07 Oct'20

  UK accounts for 45% of Europe’s card fraud as criminals target online transactions

  Payment card fraudsters steal €1.5bn, with card-not-present attacks accounting for three-quarters of this sum

• October 07, 2020 07 Oct'20

  ICO wraps up Cambridge Analytica investigation

  Information Commissioner’s Office concludes its investigation into Cambridge Analytica, saying no additional evidence has come to light that would change its previous assessments

• October 07, 2020 07 Oct'20

  Southeast Asia remains hotspot for cyber attacks

  Geopolitics and Covid-19 have been fodder for cyber criminals to advance their motives in Southeast Asia in 2020

• October 06, 2020 06 Oct'20

  EU’s top court questions legality of UK phone and internet data surveillance

  European Court of Justice rules that the UK and EU member states must comply with EU privacy laws when harvesting people’s sensitive communications data from telecoms and internet companies

• October 06, 2020 06 Oct'20

  Scotland digital identity prototype pilot successful

  Digital Identity Scotland’s 10-week test of its digital identity prototype finds that users understand the concept of two-factor authentication and using the same credentials across services

• October 06, 2020 06 Oct'20

  Ransomware attacks go through the roof

  The volume of ransomware attacks has jumped 50% in the past three months, according to data produced at Check Point

• October 06, 2020 06 Oct'20

  CISOs struggle to keep up with MITRE ATT&CK framework

  Despite its proven benefits for security, the MITRE ATT&CK framework is proving difficult for many, according to a joint study from McAfee and UC Berkeley

• October 06, 2020 06 Oct'20

  John McAfee arrested over cryptocurrency fraud

  Erratic tech baron allegedly promoted initial coin offerings without disclosing he was being paid to do so

• October 05, 2020 05 Oct'20

  MosaicRegressor APT campaign using rare malware variant

  Kaspersky researchers have shared details of a APT campaign utilising a rarely seen and hard-to-stop variety of malware

• October 05, 2020 05 Oct'20

  Fake news tops list of online concerns worldwide

  Receiving false information is a greater worry than other online risks such as cyber bullying and fraud, says the Lloyd’s Register Foundation

• October 05, 2020 05 Oct'20

  HMRC warns locked-down freshers of ‘wave’ of tax scams

  New university intake may be being targeted by cyber criminals amid Covid-19 confusion

• October 05, 2020 05 Oct'20

  FBI seized ‘legally privileged’ material from Ecuador Embassy, claims Julian Assange’s lawyer

  The US struck a secret deal with Ecuador to seize WikiLeaks founder Julian Assange’s property from the Ecuadorian Embassy in London days before his arrest. The haul included legally privileged documents, says his solicitor

• October 02, 2020 02 Oct'20

  WikiLeaks led the way for newsrooms to use encryption to protect sources, says Italian journalist

  Stefania Maurizi says in written evidence that Julian Assange pioneered the use of encryption by journalists to protect sources. Her work shows that the US put pressure on Italy to stop the extradition and prosecution of CIA officers responsible for...

• October 02, 2020 02 Oct'20

  Honesty is the best policy: Forging a security culture in the NHS

  Clinician and technologist Sam Shah helped set up NHSX in 2019. Now he’s helping advance digital transformation in healthcare from the outside, and a big part of that is addressing security in the sector

• October 02, 2020 02 Oct'20

  Security pros face sanctions if they help ransomware victims pay

  New advisory from the US government warns cyber insurance and incident response specialists that they could be skating on thin ice if they help ransomware victims pay their attackers off

• October 02, 2020 02 Oct'20

  Find and fix your Adobe Flash dependencies, says NCSC

  As Adobe’s Flash Player approaches end-of-life, the National Cyber Security Centre is urging organisations to fix their Flash dependencies

• October 01, 2020 01 Oct'20

  Judge to give verdict on Julian Assange’s extradition after Christmas

  Judge Vanessa Baraitser said today that she would make a ruling in early January on whether WikiLeaks founder Julian Assange should be extradited to the US

• October 01, 2020 01 Oct'20

  WikiLeaks revelations ‘shed light of truth’ on war on terror, court hears

  WikiLeaks disclosures led to ‘revelations of extraordinary journalistic importance’ about detention in Guantamo Bay and civilian casualties in Iraq and Afghanistan

• October 01, 2020 01 Oct'20

  Blackbaud admits hackers stole banking details, passwords

  Software firm paid off a ransomware gang, believed its hackers when they said they had destroyed the data, and has now discovered the cyber criminals accessed even more sensitive information than it thought

• September 30, 2020 30 Sep'20

  GitHub makes code vulnerability scanning feature public

  Code-scanning service is now out of beta and generally available, helping teams to bake security into their code at the development stage

• September 30, 2020 30 Sep'20

  ‘American friends’ spied on Julian Assange in Ecuadorian Embassy, court hears

  Two former employees of UC Global, which provides security services to the Ecuadorian Embassy in London, claim the company shared surveillance footage with the US of the WikiLeaks founder meeting with lawyers and other visitors

• September 29, 2020 29 Sep'20

  Julian Assange would be held with convicted terrorist Abu Hamza in supermax prison, court hears

  WikiLeaks founder Julian Assange would be held alongside convicted terrorist Abu Hamza in a supermax federal prison in Colorado, isolated from other prisoners, if he is extradited to the US, Old Bailey told

• September 29, 2020 29 Sep'20

  Threat actors becoming vastly more sophisticated

  Malicious actors have been busily honing their craft and cyber security incidents are up across the board as a result, according to a Microsoft report

• September 29, 2020 29 Sep'20

  NCSC expands schools programme to north-east England and Northern Ireland

  Following an initial roll-out in Gloucestershire and Wales, the NCSC’s CyberFirst Schools programme is being extended to north-east England and Northern Ireland

• September 29, 2020 29 Sep'20

  NatWest offers online banking customers free security services

  Bank responds to a surge in cyber crime targeting users of online banking services

• September 29, 2020 29 Sep'20

  Ryuk attack downs private health provider in major incident

  Private healthcare provider UHS has been been hit by a major big game hunting cyber attack that infected its systems with the Ryuk ransomware

• September 29, 2020 29 Sep'20

  Organisations locked out by Azure AD crash

  The Azure Active Directory was unavailable for a few hours in the evening of 28 September, preventing many from accessing MS online services