News

IT strategy

September 07, 2022 07 Sep'22
August ’22 a bumper month for high-impact vulnerabilities

Bugs in products from Apple, Google, Microsoft and VMware dominated the threat landscape in August, says Recorded Future
September 07, 2022 07 Sep'22
Prince’s Trust teams with threat management specialist in skills push

Prince’s Trust hopes to address shortfall in cyber professionals and improve diversity in the industry
September 06, 2022 06 Sep'22
Bus company Go-Ahead fighting off cyber attack

Go-Ahead Group, which operates bus companies around the UK, says it is in the process of dealing with a cyber attack that may cause disruption to services
September 05, 2022 05 Sep'22
How Okta is regaining customer trust after a cyber attack

In early 2022, cyber firm Okta was among several tech companies hit by the Lapsus$ gang. Vice-president of customer trust Ben King talks about how he has been working behind the scenes to rebuild confidence after the incident

September 02, 2022 02 Sep'22
Dutch government finally allowed to use public cloud

Public cloud is finally within reach for Dutch public services. Previously, the Dutch government was only allowed to use private clouds due to risks concerning privacy and security
September 01, 2022 01 Sep'22
Local authorities experience 10,000 attempted cyber attacks every day

Local authorities across the UK face a daily deluge of cyber incidents, with phishing and DDoS attacks the most prevalent, according to an insurance broker
September 01, 2022 01 Sep'22
New (ISC)² cyber careers schemes go live

(ISC)² has opened up two new global cyber careers schemes to applicants to try to help organisations fill 2.7 million vacant roles worldwide
August 31, 2022 31 Aug'22
Google debuts open source bug bounty programme

Google is calling on hackers to take pot-shots at its open source projects for the first time through a new vulnerability research programme
August 31, 2022 31 Aug'22
VMware CEO: Broadcom acquisition is on track

Raghu Raghuram claims VMware customers are getting more comfortable with the Broadcom acquisition while employees are ‘more or less focused’ on the job at hand
August 30, 2022 30 Aug'22
UK government presses on with new cyber rules for telcos

Government has finalised new security rules for telecoms companies and will move to make them binding in the near future

August 30, 2022 30 Aug'22
LastPass breach limited in scale and well-managed, say experts

A breach of LastPass’s developer environment does not seem to have affected users of the password management service, but it may still be time for a credential reset
August 30, 2022 30 Aug'22
NetApp storage goes GA for VMware Cloud on AWS

Move will bring up to 50% decrease in TCO for customers running VMware apps in the Amazon cloud, says NetApp. No date yet for extension of the service across other public clouds
August 25, 2022 25 Aug'22
CIOs: Geopolitics impacts your IT strategy

Research from analyst Gartner illustrates how geopolitics is influencing IT strategies
August 25, 2022 25 Aug'22
Criminal 0ktapus spoofed IAM firm in massive phishing attack

Researchers at Group-IB have published research on a major phishing campaign that ensnared victims at the likes of Cloudflare and Twilio
August 25, 2022 25 Aug'22
Adaptive RedAlert, Monster ransomwares go cross-platform

Kaspersky researchers have shared new intelligence on two emergent cyber criminal groups that have adapted their ransomwares to target different operating systems at the same time
August 25, 2022 25 Aug'22
Millions of Plex users may be at risk in password breach

Up to half of Plex’s 30 million users may have had their personal data stolen by an unknown threat actor
August 25, 2022 25 Aug'22
Security pros fret about stress and promotion over cyber attacks

CIISec’s annual report on the state of the security profession reveals some home truths for security leaders
August 24, 2022 24 Aug'22
Most CISOs think they’ve been attacked by a nation state

Most organisations have made changes to their cyber strategies and policies following Russia’s invasion, and almost two-thirds suspect they have been directly targeted or impacted by a nation-state cyber attack
August 24, 2022 24 Aug'22
Alleged Twitter security failings spell trouble ahead

Twitter’s former security head, Peiter Zatko, has alleged a number of serious cyber failures at the social media platform, raising the spectre of investigations and sanctions
August 23, 2022 23 Aug'22
Home Office announces Scale-up visa for fast-growth firms

Scale-up visa launched to help high-growth businesses employ talent from overseas, but sponsorship requirements could undermine effectiveness
August 23, 2022 23 Aug'22
NCSC shares cyber guidance for large infrastructure builds

Balfour Beatty and McAlpine are among the large construction firms to have input into latest NCSC guidance for ensuring the security of major infrastructure projects
August 22, 2022 22 Aug'22
Kaspersky threat data added to Microsoft Sentinel service

Microsoft and Kaspersky have agreed a collaboration to integrate Kaspersky’s threat data feeds into Microsoft’s cloud-native SIEM/SOAR service
August 22, 2022 22 Aug'22
Lloyd’s to end insurance coverage for state cyber attacks

Lloyd’s of London has instructed its members to exclude nation state cyber attacks from insurance policies beginning in 2023, saying they pose unacceptable levels of risk
August 19, 2022 19 Aug'22
Google employees demand end to collection of abortion data

In the wake of the US Supreme Court rolling back abortion rights, Google employees are calling on the company to stop collecting abortion-related data, so that it can never be shared with police
August 19, 2022 19 Aug'22
Cozy Bear targets MS 365 environments with new tactics

Cozy Bear, or APT29, is trying out new tricks as it seeks access to its targets’ Microsoft 365 environments
August 19, 2022 19 Aug'22
Apple patches two zero-days in macOs, iOS

Mac users should urgently apply new patches addressing vulnerabilities in its desktop and mobile operating systems
August 18, 2022 18 Aug'22
It takes a breach to force boards to take notice of cyber, says UK government

Too often, it takes a major incident for business leadership to pay attention to cyber issues, according to a government-commissioned study of victims
August 18, 2022 18 Aug'22
Ukraine war drives DDoS attack volumes ever higher

There has been a boom in distributed denial-of-service attacks in the first six months of 2022, according to a report, with Russia’s war on Ukraine helping to drive activity
August 17, 2022 17 Aug'22
CTO interview: Steve Otto, CTO, The R&A

The Open Championship was fully back in 2022 after Covid, and back at golf’s spiritual home of St Andrews – and it was an opportunity for the club’s CTO to reflect on where technology will take the sport next
August 16, 2022 16 Aug'22
South Staffs Water is victim of botched Clop attack

South Staffordshire Water moves to reassure customers that their supplies remain safe after its attackers screw up their initial assault
August 16, 2022 16 Aug'22
Why organisations need to harmonise their CIO and CISO roles

Unless properly managed, conflicting responsibilities between the chief information officer and the chief information security officer can cause project delays and budget overruns, says Netskope’s Mike Anderson
August 15, 2022 15 Aug'22
Lightbits offers NVMe-over-TCP at 5x less than NVMe-over-FC et al

Lightbits builds NVMe-overTCP SAN clusters for Linux servers with Intel cards that accelerate network processing to give millions of IOPS with storage for public and private clouds
August 15, 2022 15 Aug'22
Report reveals consensus around Computer Misuse Act reform

A study produced by the CyberUp campaign reveals broad alignment among security professionals on questions around the Computer Misuse Act, which it hopes will give confidence to policymakers as they explore its reform
August 12, 2022 12 Aug'22
Microsoft doles out $13.7m in bug bounties

Microsoft’s Bug Bounty programme has paid a total of $13.7m to more than 300 researchers in almost 50 countries
August 11, 2022 11 Aug'22
Researcher finds 10 vulnerabilities in Cisco firewalls

At Black Hat USA, Rapid7 researchers report on 10 security issues in popular Cisco firewall products, many of which do not yet have patches
August 11, 2022 11 Aug'22
NHS may take a month to recover from supply chain attack

Ransomware attack victim Advanced warns its NHS customers they could be waiting until early September to fully recover their operations
August 10, 2022 10 Aug'22
Microsoft fixes two-year-old MSDT vulnerability in August update

August’s Patch Tuesday drop fixes more than 120 CVEs, including another MSDT RCE zero-day that is being actively exploited.
August 10, 2022 10 Aug'22
‘Coopetition’ a growing trend among ransomware gangs

Sophos shares data from its new X-Ops unit at Black Hat in Las Vegas, revealing a growing number of ransomware victims being attacked by multiple gangs at the same time
August 09, 2022 09 Aug'22
Cyber insurance getting harder to obtain

Organisations looking to shore up their security postures face more and more barriers to obtaining cyber insurance
August 09, 2022 09 Aug'22
HS2 sets aside £9.5m to cover cost of IR35 non-compliance

HS2 has become the latest public sector entity to have fallen foul of the IR35 rules, with its accounts confirming that it is anticipating a tax bill of £9.5m for failing to assess the status of contractors provided to it by a third party
August 08, 2022 08 Aug'22
NHS recovering key services after attack on supplier

Incident at software provider Advanced took out multiple NHS services before the weekend, including the 111 advice service
August 05, 2022 05 Aug'22
CIO interview: Stephen Booth, CIO, Coventry University

After more than 20 years at the university, the CIO is still taking on new responsibilities – including his team becoming a commercial entity and acquiring its own software
August 05, 2022 05 Aug'22
Reliance on PSN may have exacerbated cyber attack impact

As it seeks a new supplier to reinvigorate the migration away from the Public Services Network, the Cabinet Office says relying on the legacy network may be putting public sector bodies at heightened risk in cyber attacks
August 04, 2022 04 Aug'22
SBRC to administer NCSC training across Scotland

The Scottish Business Resilience Centre has been awarded a £500,000 contract to extend cyber resilience training across more than 250 at-risk organisations
August 04, 2022 04 Aug'22
Spyware activity particularly impactful in July

After a quiet June, vulnerability exploitation ramped up in July, with intrusions linked to spyware seeing unusually high volumes of activity, according to a report
August 03, 2022 03 Aug'22
New EU due diligence law needs amending to stop tech sector abuse

European corporate due diligence directive seeking to transform how companies approach their human rights and environmental risk is welcome, but without further changes, it will fail to effectively curb tech firms’ harmful practices, claims ...
August 03, 2022 03 Aug'22
DrayTek patches SOHO router bug that left thousands exposed

Network hardware supplier has fixed an unauthenticated RCE vulnerability in multiple routers in its Vigor line, after being alerted by Trellix researchers
July 29, 2022 29 Jul'22
Austrian data firm accused of selling malware, conducting cyber attacks

Microsoft has accused DSIRF, an Austrian data services firm, of involvement in a string of cyber attacks
July 28, 2022 28 Jul'22
Ex-youth footballers kick-start cyber careers

New programme aims to find fresh careers for former youth footballers in cyber security
July 28, 2022 28 Jul'22
H0lyGh0st ransomware gang faces challenges, but still a threat

Digital Shadows reports on the recently identified H0lyGh0st ransomware outfit, a new threat actor operating out of North Korea that faces some clear challenges, but is nevertheless still a live threat