News

Identity and access management products

• May 24, 2022 24 May'22

  Ransomware volumes grew faster than ever in 2021

  Verizon’s annual DBIR assessment of the security landscape highlights an unprecedented boom in ransomware volumes, to the surprise of nobody

• May 19, 2022 19 May'22

  Deliveroo accused of ‘soft union busting’ with GMB deal

  Smaller grassroots unions have criticised Deliveroo and GMB for making a “hollow” deal that will ultimately undermine workers’ self-organising efforts

• May 19, 2022 19 May'22

  Red teaming will be standard in Dutch governmental organisations by 2025

  The Dutch government wants to include the testing of the digital security of systems, processes and people – also known as red teaming – in all of its governmental organisations’ test planning and budgeting by 2025 at the latest

• May 11, 2022 11 May'22

  Nationwide stops thousands more attempted frauds with Strong Customer Authentication

  Nationwide Building Society is blocking an additional 2000 attempted online shopping frauds a month through extra checks

• May 04, 2022 04 May'22

  NHS email accounts hijacked for phishing campaign

  Microsoft credentials targeted in phishing operation using hijacked NHSMail accounts

• May 03, 2022 03 May'22

  Five TLS comms vulnerabilities hit Aruba, Avaya switching kit

  Five new vulnerabilities in the implementation of transport layer security communications leave several popular switches vulnerable to remote code execution

• April 28, 2022 28 Apr'22

  Manufacturer sues JPMorgan after cyber criminals stole $272m

  Manufacturer files lawsuit alleging that US bank failed to inform it of suspicious transaction activity

• April 27, 2022 27 Apr'22

  Log4Shell, ProxyLogon, ProxyShell among most exploited bugs of 2021

  These 15 CVEs were the most commonly exploited last year, and if you haven’t mitigated against them, now is the time

• April 25, 2022 25 Apr'22

  US mobile network emerges as latest Lapsus$ victim

  Lapsus$ extortion gang hit T-Mobile and attempted to perform SIM-swapping attacks and code theft

• April 22, 2022 22 Apr'22

  How Adnovum is leveraging its Swiss roots

  Software company Adnovum is leveraging its strengths in identity and access management and its Swiss heritage as it expands into new markets and areas such as zero-trust security

• April 22, 2022 22 Apr'22

  UAE bolsters cyber security

  The United Arab Emirates has successfully improved its security posture amid mounting cyber threats

• April 22, 2022 22 Apr'22

  Finance regulator identifies challenger bank financial crime weaknesses

  Financial Conduct Authority review finds challenger banks need to do more to prevent their platforms being used to commit financial crime, such as money laundering

• April 21, 2022 21 Apr'22

  Five Eyes in new Russia cyber warning

  Latest cross-body alert warns of Russian threat to utilities and other core elements of national infrastructure

• April 21, 2022 21 Apr'22

  Impact of Lapsus$ attack on Okta less than feared

  Okta’s investigation into Lapsus$ breach of its systems via a Sitel workstation has concluded that the impact was significantly less than the maximum potential

• April 20, 2022 20 Apr'22

  One-third of scams that hit TSB are impersonation fraud

  TSB reports an increase in fraudsters impersonating trusted organisations to trick consumers into making payments to them

• April 14, 2022 14 Apr'22

  Lack of expertise hurting UK government’s cyber preparedness

  UK government bodies and critical infrastructure owners cite a lack of staff resources, and internal and external expertise, as hampering factors when it comes to cyber readiness, according to a report

• April 12, 2022 12 Apr'22

  Universal IAM policy failings put cloud environments at risk

  Almost all organisations lack appropriate IAM policy controls to effectively secure their data in the cloud, according to a damning study

• April 12, 2022 12 Apr'22

  AI researcher says police tech suppliers are hostile to transparency

  Expert witness in Lords police tech inquiry welcomes committee’s findings but questions whether its recommendations on how to end the ‘Wild West’ of police artificial intelligence and algorithmic technologies in the UK would be implemented

• April 11, 2022 11 Apr'22

  Open source CMS platform Directus patches XSS bug

  A stored cross-site scripting vulnerability in the Directus platform could have enabled malicious actors to gain access to valuable data

• April 11, 2022 11 Apr'22

  Raspberry Pi Foundation ditches default username policy

  Raspberry Pi owners will no longer be able to use the default ‘pi’ username, as the Raspberry Pi Foundation clamps down on insecure practices

• April 01, 2022 01 Apr'22

  Two teenagers charged with Lapsus$ cyber attacks

  City of London Police have charged two teenagers in connection with the Lapsus$ cyber crime spree

• April 01, 2022 01 Apr'22

  Four moves to ‘checkmate’ critical assets thanks to lax cloud security

  Malicious actors can compromise 94% of critical assets within four steps of the initial breach point, according to a report

• March 31, 2022 31 Mar'22

  Bank fraud prevention scheme blocked £60m in fraud last year

  Scheme to catch fraudsters, including online scammers, before they commit their crimes has reported a significant increase in crimes prevented

• March 31, 2022 31 Mar'22

  Lapsus$ cyber crime spree continues despite arrests

  The arrests of seven people in connection with the Lapsus$ cyber crime group has not dented the gang’s enthusiasm for causing chaos

• March 29, 2022 29 Mar'22

  Overhaul of UK police tech needed to prevent abuse

  Lords inquiry finds UK police are deploying artificial intelligence and algorithmic technologies without a thorough examination of their efficacy or outcomes, and are essentially ‘making it up as they go along’

• March 25, 2022 25 Mar'22

  European Commission proposes new cyber security regulations

  New cyber and information security regulations have been proposed by the European Commission to create a minimum set of standards in both areas

• March 25, 2022 25 Mar'22

  London police arrest seven in connection to Lapsus$

  Seven people arrested by London police over cyber attacks carried out by Lapsus$ group, which is responsible for a number of recent, high profile attacks

• March 25, 2022 25 Mar'22

  How Lapsus$ exploited the failings of multifactor authentication

  Attacks on Nvidia and Okta highlight weak MFA and the risk of employees being bribed or falling victim to social engineering

• March 23, 2022 23 Mar'22

  Private equity house spins SSE company out of McAfee Enterprise

  The launch of Skyhigh Security completes division of McAfee Enterprise into separate businesses by Symphony Technology Group, which acquired the long-standing cyber security firm for $4bn in March 2021

• March 23, 2022 23 Mar'22

  NHS urgent care provider uses ID and access management to reduce complexity for clinicians

  Provider of care through NHS 111 is using a cloud-based identity and access management system to remove the need for clinicians to remember multiple passwords

• March 22, 2022 22 Mar'22

  Details of Conti ransomware affiliate released

  Information about a new Conti affiliate has been released by eSentire and BreakPoint Lab after a joint investigation into the group’s indicators of compromise

• March 18, 2022 18 Mar'22

  Ukrainian cyber defences prove resilient

  Thanks to a combination of prior experience and global support, Ukraine’s defences against cyber incidents are holding strong in the face of Russian attacks

• March 17, 2022 17 Mar'22

  NCSC catches 10 million phishes

  Nation Cyber Security Centre’s scam email reporting service enjoys great success as government embarks on new cyber awareness campaign

• March 17, 2022 17 Mar'22

  Online Safety Bill introduced in Parliament

  The government has introduced its long-awaited Online Safety Bill in Parliament, alongside new criminal offences and sanctions for tech company execs

• March 17, 2022 17 Mar'22

  Value of contactless transactions doubles in two years

  Almost £166bn was spent in the UK last year using contactless technology, compared with £80.5bn in 2019

• March 16, 2022 16 Mar'22

  SentinelOne adds Attivo Networks to identity portfolio

  SentinelOne adds identity threat detection and response technology to its cyber portfolio, saying it will benefit zero-trust adoption among its customers

• March 09, 2022 09 Mar'22

  Paid-for advertising measures included in Online Safety Bill

  New measures to deal with fraudulent paid-for advertising have been included in the government’s draft Online Safety Bill, marking the fourth extension in two months

• February 28, 2022 28 Feb'22

  Online Safety Bill updated to deal with anonymous abuse

  Social media companies will be forced to deal with anonymous abuse online by the introduction of new measures in the Online Safety Bill

• February 24, 2022 24 Feb'22

  KnowBe4 cyber drama tackles Colonial Pipeline in fourth season

  KnowBe4’s ongoing cyber security training drama, The Inside Man, reaches its fourth season with a plot drawing inspiration from one of the most impactful cyber attacks of 2021

• February 24, 2022 24 Feb'22

  New cyber guidelines to safeguard construction sector

  NCSC launches sector-specific security guidance for organisations in the construction industry, with input from the Chartered Institute of Building

• February 23, 2022 23 Feb'22

  Backups ‘no longer effective’ for stopping ransomware attacks

  Traditional methods of mitigating ransomware are less efficacious thanks to the rise in double and triple extortion techniques

• February 23, 2022 23 Feb'22

  Microsoft extends Defender umbrella to Google Cloud Platform

  Redmond says extending Defender for Cloud native capabilities to the Google Cloud Platform will help simplify security for organisations pursuing multicloud strategies by eliminating the gaps where the bad guys can get in

• February 22, 2022 22 Feb'22

  UK organisations swift to chide phishing victims

  While UK organisations are doing better at security training, many are quick to punish employees who fall victim to phishing attacks, whether real or simulated

• February 18, 2022 18 Feb'22

  Lawyers say ‘unprecedented’ secrecy deprived EncroChat defendants of fair trials

  Lawyers from seven countries say it is impossible for their clients to challenge the accuracy, authenticity, reliability and legality of the evidence against them

• February 16, 2022 16 Feb'22

  2021 another record year for UK cyber investment

  Total revenue generated by the UK’s cyber sector was up 14% last year, and UK-registered security firms raised over £1bn in investment

• February 11, 2022 11 Feb'22

  Lack of knowledge disastrous for effective security strategy within Dutch companies

  Most Dutch companies still haven’t realised that security is an integral part of their IT and company strategy

• February 10, 2022 10 Feb'22

  UK second in money laundering hall of shame

  Banks need to step up their anti-money laundering processes if billions of pounds’ worth of criminal activity is to be prevented

• February 08, 2022 08 Feb'22

  The Security Interviews: Building the UK’s future cyber ecosystem

  As the government lays out the next iteration of its Cyber Security Strategy, we speak to Plexal and Lorca’s Saj Huq about his work building a cyber ecosystem to support the UK’s future ambitions

• February 08, 2022 08 Feb'22

  Parasol data breach: Contractors rage as fallout from umbrella cyber attack continues

  Contractors working for the Parasol umbrella company are querying why it has taken so long for news of the firm's data breach, which is linked to a cyber attack on its systems five weeks ago, to come to light

• February 08, 2022 08 Feb'22

  Porn sites will be legally required to verify users’ ages

  Porn sites could be legally obliged to verify that their users are 18 or over under proposed online safety rules, in UK government’s second attempt to prevent children from accessing pornography online