News

IT supplier relationship management

• November 06, 2023 06 Nov'23

  Shadow IT use at Okta behind series of damaging breaches

  Okta now believes the initial access vector in a series of damaging breaches was one of its own employees who used a corporate device to sign into their personal Google account

• October 31, 2023 31 Oct'23

  SEC sues SolarWinds, alleging serious security failures

  SolarWinds and its CISO have been charged with fraud and internal control failures by the US authorities amid allegations of a series of cyber security failings leading up to the 2020 Sunburst attacks

• October 30, 2023 30 Oct'23

  UK government AI Summit already branded ‘missed opportunity’

  The dominance of big tech firms, a focus on speculative risks over real-world harms, and the exclusion of affected workers, mean the AI Safety Summit is a wasted opportunity, say civil society groups

• October 27, 2023 27 Oct'23

  Google launches bug bounties for generative AI attack scenarios

  Google expands its bug bounty programme to encompass generative AI and takes steps to grow its commitment to supply chain security as it relates to the emerging technology

• October 26, 2023 26 Oct'23

  Exploitation of Citrix NetScaler vulns reaching dangerous levels

  Observed activity exploiting two new Citrix NetScaler vulnerabilities disclosed earlier this month is ramping up, and users may be running out of time to patch lest they be attacked

• October 25, 2023 25 Oct'23

  Copilots, AI and Azure drive Microsoft revenue growth

  AI dominated the Microsoft’s latest quarterly earnings. Copilot trials are being run by 40% of the Fortune 100

• October 25, 2023 25 Oct'23

  1Password caught up in Okta support breach

  After breaches at BeyondTrust and Cloudflare, 1Password, a third customer of Okta operating in the same space, has revealed that it too was impacted in a breach of the IAM house’s support systems

• October 24, 2023 24 Oct'23

  Cisco hackers likely taking steps to avoid identification

  Cisco confirms that a drop in detections of devices compromised by two zero-days was likely the result of reactive measures taken by the threat actors to avoid discovery

• October 24, 2023 24 Oct'23

  Customers speak out over Okta’s response to latest breach

  Customers of identity specialist Okta have been attacked via a compromise of its systems, and are claiming Okta’s response leaves something to be desired

• October 23, 2023 23 Oct'23

  Dell updates PowerStore, PowerMax and PowerFlex storage

  Dell storage upgrades include improved AIOps, lower energy usage, real-time HA failover, seamless hardware replacement, and enhancements to take advantage of DPU acceleration

• October 23, 2023 23 Oct'23

  Cisco pushes update to stop exploitation of two IOS XE zero-days

  Cisco releases updates to thwart exploitation of two flaws affecting users of its IOS XE software

• October 19, 2023 19 Oct'23

  Fears grow over extent of Cisco IOS XE zero-day

  Researchers have identified spiking numbers of victims of a recently disclosed Cisco zero-day, as users of the networking supplier’s IOS XE software are urged to take defensive measures

• October 19, 2023 19 Oct'23

  Scality gets a jump with VMware Cloud Director integration

  S3-compliant object storage specialist will use new OSIS integration with VMware’s cloud management tool to target service providers that want to deliver regional cloud offers

• October 18, 2023 18 Oct'23

  Former Post Office executive admits he wouldn’t sign unfair contract he pushed on subpostmasters

  Former contract manager said contract that subpostmasters had to sign with Post Office “put them on the hook” for everything

• October 17, 2023 17 Oct'23

  Five Eyes issues five tips on thwarting nation state threats

  Intelligence chiefs from the UK, Australia, Canada, New Zealand and the US have published guidance on building resilience against nation state cyber threats

• October 13, 2023 13 Oct'23

  US SEC launches probe into mass MOVEit breach

  Progress Software is facing an investigation from the SEC for the breach of its MOVEit tool, as well as dozens of legal battles resulting from the exfiltration of personal data from the roughly 2,000 organisations affected

• October 13, 2023 13 Oct'23

  ‘Angry’ lawyer warned against Post Office computer investigation in 2010 email

  Angered by his exclusion from an important discussion, former Royal Mail lawyer told colleagues of the risks to the Post Office if, as planned, they publicly investigate allegations against its computer system

• October 12, 2023 12 Oct'23

  Scottish biometrics watchdog outlines police cloud concerns

  Police Scotland’s response to the biometrics commissioner’s formal information notice ‘did not ameliorate’ his concerns about the sovereignty and security of the sensitive biometric information being uploaded to cloud infrastructure that is subject ...

• October 11, 2023 11 Oct'23

  Public sector buyers of AI tech must interrogate its suitability

  The Ada Lovelace Institute has published a review on public sector use of artificial intelligence foundation models, looking at the risks and opportunities associated with the technology, and how these can be dealt with from the early stages of ...

• October 10, 2023 10 Oct'23

  Canalys sees glimmer of hope in PC sector

  The PC industry experienced another quarter of decline, but the outlook is more promising

• October 05, 2023 05 Oct'23

  Microsoft: Nation-state cyber espionage on rise in 2023

  Microsoft’s latest Digital Defence Report outlines how nation-state cyber activity has largely moved from destructive attacks to espionage and intelligence gathering

• October 04, 2023 04 Oct'23

  ICO issues guidance on workplace surveillance

  Guidance on employee monitoring covers how employers can conduct their digital surveillance lawfully, transparently and fairly, and warns against businesses intruding on their workers’ private lives

• October 03, 2023 03 Oct'23

  Cyber experts urge EU to rethink vulnerability disclosure plans

  The European Union’s proposed cyber security vulnerability disclosure measures are well-intentioned but ultimately counterproductive, as making unmitigated vulnerabilities public knowledge increases the risk of their exploitation by various actors, ...

• October 03, 2023 03 Oct'23

  Amnesia hides names of individuals behind Post Office’s ‘head on a spike’ strategy

  Former Post Office lawyer deflects individual responsibility for a strategy that crushed subpostmasters, blaming the organisation as a whole

• October 03, 2023 03 Oct'23

  Public sector needs systemic reform of capacity to innovate

  Improving the public sector’s capacity to innovate requires a culture of innovation underpinned by people, skills and new ways of working with the private sector

• September 29, 2023 29 Sep'23

  First subpostmaster Horizon conviction overturned in Scotland

  Scotland has seen its first Post Office Horizon conviction overturned, taking the UK total to 92

• September 29, 2023 29 Sep'23

  Government ‘breached privacy’ of Horizon victims with compensation offer, says lawyer

  The government breached the privacy of victims of the Post Office Horizon scandal through making a compensation offer public

• September 29, 2023 29 Sep'23

  Scottish watchdog urges wider biometric oversight

  Scotland’s biometrics watchdog urges Scottish Parliament to extend oversight of biometric information to include the entire criminal justice system, not just police

• September 28, 2023 28 Sep'23

  Businesses disconnected from realities of API security

  Business leaders feel confident they’ve got a handle on API security, but at the same time, incidents are through the roof, according to a report

• September 27, 2023 27 Sep'23

  Five more subpostmasters have IT system-related convictions overturned

  Over 90 former subpostmasters have so far seen wrongful convictions overturned since it was proved that software errors were to blame for accounting shortfalls

• September 27, 2023 27 Sep'23

  City of Las Vegas masters cyber incident response with Darktrace

  The high-rolling city of Las Vegas experiences unique cyber security challenges rarely seen elsewhere. CIO Mike Sherwood reveals how he turned to Darktrace to help address incidents quicker and with confidence

• September 22, 2023 22 Sep'23

  UK-US data bridge to open to traffic on 12 October

  Government forges ahead with the implementation of the UK-US data bridge, which will come into effect for real just under three weeks from now

• September 22, 2023 22 Sep'23

  Cyber experts set out plan to secure future US elections

  A group of experts are setting out to enhance election cyber security in the United States, and restore public faith in a process tainted by interference and misinformation in the past

• September 19, 2023 19 Sep'23

  New revelations from the Snowden archive surface

  A decade after Snowden exposed NSA’s mass surveillance in cooperation with the British GCHQ, only about 1% of the documents have been published – but three major facts can finally be revealed thanks to a doctoral thesis in applied cryptography by ...

• September 19, 2023 19 Sep'23

  Post Office employee changed story for witness statement used to destroy subpostmaster

  Post Office inquiry hears how an auditor changed her story about a subpostmaster to help win court battle

• September 18, 2023 18 Sep'23

  Government offers £600,000 to subpostmasters with overturned convictions

  Subpostmasters wrongfully convicted of financial crimes based on evidence from faulty Horizon software will be offered £600,000 compensation by government

• September 15, 2023 15 Sep'23

  Las Vegas mainstay Caesars Palace likely paid off ransomware crew

  Caesars Entertainment, owner of the lavish Roman Empire-themed Caesars Palace casino in Las Vegas, has revealed it also suffered a ransomware attack, and appears to have paid off its hackers

• September 15, 2023 15 Sep'23

  Manchester police data breach a classic supply chain incident

  The developing data breach at Greater Manchester Police follows a cyber attack on the systems of a key supplier of ID services to the force

• September 14, 2023 14 Sep'23

  Data on over 3,000 Airbus suppliers leaked after breach

  An emergent threat actor has leaked details of multiple sensitive Airbus suppliers after claiming to have accessed the firm’s systems having hacked customer Turkish Airlines

• September 14, 2023 14 Sep'23

  As vehicle safety regulations loom, carmakers fret over cyber risks

  Global, UN-backed car safety and security regulations come into force next year, and automotive bosses say they are not only unprepared, but “swamped” by a tide of compliance and security risks

• September 13, 2023 13 Sep'23

  GitHub fixes race condition that could have led to ‘repojacking’

  A subtle flaw in how GitHub handled repository creation and user renaming could have had serious consequences for the open source community, but has now been fixed. Learn more about how it worked

• September 13, 2023 13 Sep'23

  Patch Tuesday: Microsoft fixes zero-days in Word and Streaming Service

  September 2023 brings a light Patch Tuesday, with two zero-days and five critical vulnerabilities listed in the latest release

• September 12, 2023 12 Sep'23

  IT spending in Australia to grow 7.8% in 2024

  The growth will be led by investments in cyber security, cloud, analytics and application modernisation as Australian CIOs look to improve cost and operational efficiencies

• September 11, 2023 11 Sep'23

  Salesforce and Zoom embrace ethical hackers. You should, too

  Software companies Salesforce and Zoom discuss their successful bug bounty programmes, what they learned at a recent in-person hackathon in which they participated, and why others shouldn’t be scared of hackers

• September 08, 2023 08 Sep'23

  HGS to provide contact centre support for One Login

  The partnership between the Government Digital Service and Hinduja Global Solutions will see the supplier provide contact centre services for the digital identity platform

• September 06, 2023 06 Sep'23

  Okta customers targeted in new wave of social engineering attacks

  Authentication specialist Okta has warned customers to be on alert for a campaign of social engineering attacks exploiting highly privileged users

• September 05, 2023 05 Sep'23

  Ryder Cup testbed to feature tech firsts in Rome

  This year’s Ryder Cup will test out technology to improve how fans digitally consume the event while reducing the workload on IT teams

• September 04, 2023 04 Sep'23

  LockBit ransomware gang allegedly leaks MoD data after hit on supplier

  The UK government appears to have become entangled in a LockBit ransomware attack after data was leaked from a third-party supplier online

• September 01, 2023 01 Sep'23

  Police Scotland five-year digital strategy approved

  Police Scotland’s new strategy outlines how the force will approach and invest in its digital transformation over the next five years, but notes its ability to achieve its ambitions is subject to the availability of funding

• September 01, 2023 01 Sep'23

  Threat actors exploiting unpatched Juniper Networks devices

  A series of vulnerabilities in Juniper Networks firewalls and switches appear to be being exploited in the wild to enable remote code execution, with thousands of devices thought to be exposed