News

Identity and access management products

• May 24, 2023 24 May'23

  Two-thirds of all 2022 breaches resulted from spear phishing

  Research by Barracuda Networks has found that, despite the low volume of spear-phishing attempts, the attacks are highly successful and have major consequences

• May 17, 2023 17 May'23

  Home Office pushes for more police facial-recognition deployments

  An independent report commissioned by the biometrics commissioner of England and Wales reveals that the UK policing minister is pushing for wider adoption of facial-recognition technology by police, and further criticises the government’s proposed ...

• May 17, 2023 17 May'23

  Pentera ups ante in penetration testing

  The Israeli startup, which expanded to the APAC region last year, scans for vulnerabilities and emulates cyber attacks through its automated security validation platform

• May 15, 2023 15 May'23

  MS macro-blocking has forced cyber criminals to innovate

  One year after Microsoft started blocking VBA and XL4 macros by default, the cyber criminal ecosystem has all but stopped exploiting macros in their attacks. They’re instead innovating at an unprecedented rate

• May 11, 2023 11 May'23

  Fujitsu staff had ‘unrestricted and unauditable’ remote access to Post Office branch systems

  Fujitsu engineers could make changes to Post Office branch accounts without anyone knowing

• May 10, 2023 10 May'23

  How datacentre operators can fend off cyber attacks

  Applying zero-trust principles in the form of strong authentication controls and network segmentation can help datacentre operators to mitigate cyber threats

• May 05, 2023 05 May'23

  Santander reports increase in scams and admits fraud head was impersonated

  Santander has reported an increase in impersonation scams, and admitted its own head of fraud was impersonated by a fraudster

• May 04, 2023 04 May'23

  Google debuts passwordless login options for users

  Launch of Google’s passkey service hailed as a great leap forward for passwordless technology

• May 03, 2023 03 May'23

  Cyber Action Plan for Wales launched

  The devolved Welsh government has set out four priorities in an action plan designed to foster cyber resilience, talent and innovation across the country

• April 27, 2023 27 Apr'23

  Google Cloud seals bug that could have led to data breaches

  The Asset Key Thief vulnerability gave rise to multiple potential attack scenarios that could have impacted thousands of Google Cloud users, but has now been safely fixed

• April 19, 2023 19 Apr'23

  Global finance firms take part in NATO cyber attack simulation

  Global financial services organisations take part in NATO annual event which simulates cyber attacks on critical infrastructure

• April 19, 2023 19 Apr'23

  How organisations can succeed with zero trust

  By starting small, taking a long-term view and prioritising the most critical assets in their zero-trust implementations, organisations will be able to reap returns from their investments in the security paradigm

• April 18, 2023 18 Apr'23

  Focus on these three risky behaviours to boost cloud security

  Some 80% of cloud security alerts are triggered by just 5% of security rules. Security teams can substantially improve their resilience by zeroing in on a small set of risky behaviours, according to a report

• April 13, 2023 13 Apr'23

  Three charged over banking fraud for hire website

  UK authorities have charged three men in connection with the operation of a website that sold social engineering tools to cyber fraudsters

• April 12, 2023 12 Apr'23

  UK police double down on ‘improved’ facial recognition

  The Met and South Wales Police have doubled down on their use of facial recognition technology after research found improved accuracy in their algorithms when using certain settings, but civil society groups maintain that the tech will still be used...

• April 12, 2023 12 Apr'23

  Okta integrates with Singapore’s national digital ID system

  The integration with Singpass will let Okta customers authenticate consumers using Singapore’s national digital ID system and is expected to expand the company’s reach in regulated industries

• April 06, 2023 06 Apr'23

  Prioritise automated hardening over traditional cyber controls, says report

  A report from strategic risk specialist Marsh McLennan advises security buyers to funnel their budgets towards automated cyber security hardening techniques, saying they have a much better chance of reducing risk in a meaningful way

• April 05, 2023 05 Apr'23

  Scottish police tech piloted despite major data protection issues

  Scottish policing bodies are pressing ahead with a data sharing pilot despite data protection issues around the use of US cloud providers, placing sensitive personal data of tens of thousands of people at risk

• March 30, 2023 30 Mar'23

  Reactive approach to cyber procurement risks damaging businesses

  Too many organisations are following a reactive approach to cyber security, which WithSecure believes is stifling security teams ability to demonstrate value and align with business outcomes

• March 21, 2023 21 Mar'23

  Nordics move towards common cyber defence strategy

  Nordic countries agree to work together to improve their cyber defences amid increasing threat

• March 21, 2023 21 Mar'23

  GDS signs £24m worth of contracts for One Login

  As the Government Digital Service (GDS) prepares for the official end of Gov.uk Verify, it signs three new contracts for its successor programme, One Login

• March 20, 2023 20 Mar'23

  NCSC launches cyber check-up tools for SMEs

  The NCSC has launched two new security services aimed at SMEs that lack the resources to address cyber issues, and may underestimate their vulnerability to attack

• March 20, 2023 20 Mar'23

  NatWest announces ID service for its customers

  The identities of NatWest customers engaging with businesses online can be confirmed by the bank's ID service in seconds

• March 08, 2023 08 Mar'23

  UK government introduces revised data reform bill to Parliament

  Designed in close collaboration with technology businesses, the UK government is re-introducing an updated version of its Data Protection and Digital Information Bill to Parliament, which civil society groups say upends key safeguards

• March 08, 2023 08 Mar'23

  How ForgeRock is tackling identity management

  ForgeRock CEO Fran Rosch has set the identity and access management software supplier on a path to deliver a frictionless identity experience without compromising security or privacy

• March 07, 2023 07 Mar'23

  Nine in 10 enterprises fell victim to successful phishing in 2022

  Egress annual email security risk report breaks down impacts of email-based phishing attacks and data loss, and the effect these can have on organisations in terms of staff retention and morale

• March 07, 2023 07 Mar'23

  Dutch hospitals underestimate impact of cyber attack

  IT failures in acute care organisations in the Netherlands have increased considerably since 2010, affecting patient care and stressing the need to improve IT security in hospitals

• March 02, 2023 02 Mar'23

  Uber introduces dynamic pricing algorithm in London

  The dynamic pricing algorithm will allow Uber to set variable pay and pricing levels, but drivers are concerned about how their personal data will be used and the impact the algorithm will have on their livelihoods

• March 02, 2023 02 Mar'23

  WH Smith staff data accessed in cyber attack

  The retailer has said that customer data has not been affected by the incident as it is held in different systems, and that investigations into the attack are ongoing

• March 02, 2023 02 Mar'23

  Salt Labs identifies OAuth security flaw within Booking.com

  Security flaw in Booking.com OAuth implementation could be used to launch account takeovers, but researchers discovered and flagged the issue before it could be exploited in the wild

• February 28, 2023 28 Feb'23

  LastPass attack saw employee’s home computer hacked

  The ongoing investigation into a series of linked security incidents at LastPass has found that the attacker was successfully able to compromise a developer’s home PC using a vulnerability in a media software package

• February 24, 2023 24 Feb'23

  UK police have ‘culture of retention’ around biometric data

  A culture of retention around biometric data in UK policing is damaging public trust, says UK biometrics commissioner, who is calling for clear regulation to govern police use of biometric technologies

• February 22, 2023 22 Feb'23

  Dutch cyber security professionals experience stress akin to soldiers in war zone, claims expert

  Cyber attacks are taking a heavy toll on Dutch IT professionals, with over a third reporting that their mental health suffers as a result

• February 20, 2023 20 Feb'23

  Twitter 2FA changes bring more risks than benefits

  Twitter’s approach to nudging users away from insecure SMS-based 2FA is being questioned over its logic

• February 16, 2023 16 Feb'23

  How to tame the identity sprawl

  Organisations should find a comprehensive way to gain full visibility into their digital identities and leverage automation to tame the identify sprawl

• February 13, 2023 13 Feb'23

  Police tech needs clear legal rules, says biometrics regulator

  Police use of artificial intelligence and facial recognition needs to be controlled by strict rules and mechanisms to ensure public trust

• February 13, 2023 13 Feb'23

  Whistleblower in limbo as sensitive NatWest customer files remain under her bed

  Whistleblower and NatWest at stalemate as regulators leave it up to them to come to an agreement on return of sensitive customer data

• February 10, 2023 10 Feb'23

  Social media platform Reddit breached in phishing attack

  An unspecified threat actor obtained access to internal documents, code and business systems at Reddit after stealing employee credentials in a phishing attack

• February 09, 2023 09 Feb'23

  Banking regulatory body wants a ‘tripwire’ to flag APP fraud

  Banking code of practice organisation wants banks to monitor where authorised push payment scammers are sending stolen money

• February 07, 2023 07 Feb'23

  APP fraud reimbursement proposal is ‘fundamentally flawed’, say MPs

  MPs claim the involvement of a bank-sponsored organisation in reimbursing victims of APP fraud would be a conflict of interest

• February 01, 2023 01 Feb'23

  NCSC for Startups inducts four companies into programme

  Four more startups are set to join the NCSC accelerator, which helps the UK government develop technology and approaches to pressing cyber security challenges

• February 01, 2023 01 Feb'23

  Innovative Technology deploys age estimation tech in shops and pubs

  A company involved in Home Office-led trials of biometric age estimation technologies has begun rolling out its hardware to UK shops and pubs so they can use its facial recognition algorithm to assure customers’ ages

• February 01, 2023 01 Feb'23

  Malware variant can block contactless payments

  Kaspersky warns that the latest variant of the Prilex malware can block contactless payments to force people to insert cards, enabling criminals to steal money

• January 31, 2023 31 Jan'23

  GitHub warns Desktop, Atom users after code-signing certificates pinched

  Threat actors stole encrypted code-signing certificates for GitHub’s Desktop and Atom applications in December 2022, prompting warnings for users

• January 25, 2023 25 Jan'23

  NCSC exposes Iranian, Russian spear-phishing campaign targeting UK

  Spear-phishing campaigns likely linked to Iranian and Russian espionage activity are targeting persons of interest in the UK, warns the NCSC

• January 23, 2023 23 Jan'23

  NCSC warning over cyber risk to charity sector

  Cash-strapped charities without the resource to tackle their resilience deficit are increasingly at risk from malicious actors, says the NCSC

• January 16, 2023 16 Jan'23

  The Security Interviews: Protecting your digital self

  Our digital self – the virtual presence of who we are online – has a pervasive influence in the real world. People make judgements based on these digital depictions, so what can be done to ensure positive representation?

• January 13, 2023 13 Jan'23

  Cabinet Office looks to expand public data sharing for digital ID

  Cabinet Office seeks feedback on proposed legislation to enhance data sharing across the public sector, in support of the UK government’s ambition to have a single sign-on identity-check system for all public services

• January 12, 2023 12 Jan'23

  UK government completes trials of age estimation technology

  Government-led trials of age estimation and verification technologies for the sale of alcohol in nightlife venues and supermarkets have been completed, with both government and retail lobbyists pushing for legislation that would allow retailers to ...

• January 08, 2023 08 Jan'23

  Vulnerable organisations to get free Cyber Essentials support

  Charities and legal aid firms are among those to be offered free security checks and certifications from the National Cyber Security Centre