News

Managing IT and business issues

• November 15, 2023 15 Nov'23

  November Patch Tuesday heralds five new MS zero-days

  Microsoft pushes fixes for five new zero-days in its latest monthly update

• November 15, 2023 15 Nov'23

  US government reinforces ICBC hack link to Citrix Bleed

  US Treasury adds weight to reports that a ransomware gang gained access to the systems of Chinese bank ICBC by exploiting a critical Citrix flaw

• November 14, 2023 14 Nov'23

  Million Brits could lose access to bank branch if closure rate continues

  Even people in urban constituencies could lose access to a local bank branch, according to research

• November 14, 2023 14 Nov'23

  Fast-acting cyber gangs increasingly disabling telemetry logs

  Sophos guidance for security practitioners and defenders highlights a growing trend for threat actors to disable or wipe telemetry logs to cover their tracks

• November 14, 2023 14 Nov'23

  Francis Maude calls for GDS and CDDO to merge

  Review into the civil service by the former Cabinet Office minister says the two organisations should become one entity to avoid sending mixed signals around accountability and leadership

• November 13, 2023 13 Nov'23

  Rogue state-aligned actors are most critical cyber threat to UK

  The prospect of rogue nation-state-aligned attackers bringing down the UK’s critical infrastructure is keeping the NCSC up at night

• November 13, 2023 13 Nov'23

  Victims’ legal action over 2015 Carphone Warehouse breach moves forward

  A class action against Currys Retail over the 2015 data breach of Carphone Warehouse customers has been granted permission to move forward in the courts

• November 13, 2023 13 Nov'23

  Shawbrook Bank slashes mortgage processing time through low code

  Specialist business lending and savings bank is using Pegasystems’ low-code platform to rewrite and automate the customer journey

• November 10, 2023 10 Nov'23

  Ransomware attack on major Chinese lender disrupts financial markets

  The financial services arm of one of the world’s largest banks was taken offline by a supposed LockBit ransomware attack, causing problems for US markets

• November 09, 2023 09 Nov'23

  Revealed: How Russia’s Sandworm ramped up attacks on Ukraine’s critical infrastructure

  New Mandiant intelligence reveals how the APT known as Sandworm has been evolving its playbook, twisting legitimate executables known as LoLBins into malicious tools as it seeks to disrupt daily life in Ukraine

• November 09, 2023 09 Nov'23

  Ex-Coca-Cola VPs debut ChatGPT-like AI tool to help enterprises solve their sustainability woes

  The Ubuntoo AI tool is already in use within several Fortune 500 companies to help these firms hone their sustainability strategies

• November 09, 2023 09 Nov'23

  Suspected ransomware attack hits Scottish council

  Systems at Comhairle nan Eilean Siar were downed on 7 November in a suspected ransomware attack

• November 09, 2023 09 Nov'23

  The Security Interviews: Why cyber needs to integrate better

  Cyber security is an intensely technical field, but we shouldn’t ignore the soft skills of communication and collaboration. Wipro’s Tony Buffomante explains why a robust security posture is dependent on a security team engaging with the wider ...

• November 09, 2023 09 Nov'23

  How Village Roadshow modernised ITSM with cloud

  Australian theme park and cinema operator reduced ITSM costs by 60% to improve problem resolution and other outcomes from use of Freshworks' cloud-based ITSM service

• November 08, 2023 08 Nov'23

  Former Post Office manager has no memory of preparing witness statement in legal dispute

  Evidence of computer problems was omitted from the witness statement of a former Post Office manager in a legal battle with a subpostmaster blamed for unexplained accounting shortfalls

• November 08, 2023 08 Nov'23

  Data-sharing management gap highlights cyber risk, says report

  Organisations are struggling to secure their use of communications tools to share data with third-party partners and suppliers, and in the process are exposing themselves to heightened levels of risk, according to a report

• November 08, 2023 08 Nov'23

  AI Summit not the place for human rights, says French finance minister

  Despite commitments at the UK’s AI Safety Summit to respect and protect human rights, the French finance minister said it was not the right forum to discuss signatories' human rights records

• November 08, 2023 08 Nov'23

  Iconic Singapore hotel caught up in major data breach

  The Marina Bay Sands resort in Singapore uncovered a data breach of its guest loyalty programme last month

• November 08, 2023 08 Nov'23

  The Security Interviews: ISC2’s Clar Rosso on cyber diversity and policy

  Computer Weekly catches up with ISC2 CEO Clar Rosso to talk about diversifying the cyber workforce and supporting cyber pros as they keep up with growing compliance and security policy demands

• November 07, 2023 07 Nov'23

  Post Office disclosure failures delay Horizon scandal inquiry again

  Many of the 300,000 emails unearthed could be relevant to evidence from future and past witnesses in the Post Office scandal inquiry

• November 07, 2023 07 Nov'23

  Researchers ‘break’ rule designed to guard against Barracuda vulnerability

  Vectra AI researchers found that a Suricata rule designed to detect exploitation of a dangerous Barracuda Email Security Gateway flaw was not entirely effective

• November 07, 2023 07 Nov'23

  Unesco unveils seven-point anti-disinformation plan

  United Nations body outlines seven proposals for civil society, governments, regulators and tech platforms to adopt to combat the source of disinformation

• November 07, 2023 07 Nov'23

  AI Safety Summit review

  Computer Weekly takes stock of the UK government’s AI Safety Summit and the differing perspectives around its success

• November 06, 2023 06 Nov'23

  Netherlands starts building its own AI language model

  Dutch government allocates €13.5m to develop an open artificial intelligence language model according to national values and guidelines.

• November 06, 2023 06 Nov'23

  Shadow IT use at Okta behind series of damaging breaches

  Okta now believes the initial access vector in a series of damaging breaches was one of its own employees who used a corporate device to sign into their personal Google account

• November 06, 2023 06 Nov'23

  How Trellix’s CISO keeps threat actors at bay

  Trellix’s chief information security officer, Harold Rivas, outlines how the company mitigates security threats through containment and by helping security analysts to respond faster to cyber incidents

• November 02, 2023 02 Nov'23

  Admins told to take action over F5 Big-IP platform flaws

  Two vulnerabilities in the widely used F5 Networks Big-IP platform are now being exploited in the wild

• November 02, 2023 02 Nov'23

  UK workers exhibit poor security behaviours, report reveals

  Report by KnowBe4 has found that four in five UK workers do not make security-conscious choices, whether in-office, remote or hybrid working

• November 02, 2023 02 Nov'23

  How the UK crime agency repurposed Amazon cloud platform to analyse EncroChat cryptophone data

  UK crime agency repurposed AWS-based analytics platform to triage EncroChat data and identify threats to life in messages sent on encrypted phone network

• November 02, 2023 02 Nov'23

  EU digital ID reforms should be ‘actively resisted’, say experts

  Over 300 cyber security experts have called for the EU to rethink its proposals for eIDAS digital identity reforms, saying some of the provisions risk damaging user privacy and security

• November 01, 2023 01 Nov'23

  AI Summit: 28 governments and EU agree to safe AI development

  In a joint communique at the UK government’s AI Safety Summit, all participating governments agreed to deepen their cooperation around the risks associated with artificial intelligence

• November 01, 2023 01 Nov'23

  Darktrace CEO Poppy Gustafsson on her AI Safety Summit goals

  As the AI Safety Summit at Bletchley Park takes place, Computer Weekly caught up with Darktrace CEO Poppy Gustafsson to find out what one of the UK’s most prominent AI advocates wants from proceedings

• October 31, 2023 31 Oct'23

  British Library falls victim to cyber attack

  The British Library is experiencing a major IT outage following a cyber incident of an undisclosed nature

• October 31, 2023 31 Oct'23

  SEC sues SolarWinds, alleging serious security failures

  SolarWinds and its CISO have been charged with fraud and internal control failures by the US authorities amid allegations of a series of cyber security failings leading up to the 2020 Sunburst attacks

• October 30, 2023 30 Oct'23

  UK government AI Summit already branded ‘missed opportunity’

  The dominance of big tech firms, a focus on speculative risks over real-world harms, and the exclusion of affected workers, mean the AI Safety Summit is a wasted opportunity, say civil society groups

• October 27, 2023 27 Oct'23

  Tech firms cite risk to end-to-end encryption as Online Safety Bill gets royal assent

  Tech firms continue to be concerned that the Online Safety Bill could undermine end-to-end encryption despite government reassurances

• October 27, 2023 27 Oct'23

  Domestic abuse charities surface fresh worries over NHS data sharing

  With new NHS data access options coming into effect at the end of October, a group of campaigners including womens' charities and the BMA have warned that the revived GP-patient data sharing scheme risks putting vulnerable people at risk

• October 27, 2023 27 Oct'23

  ‘Egregious’ to link passport data with facial recognition systems

  The Scottish biometrics watchdog has spoken out against the UK policing minister’s plans to integrate passport data with police facial recognition systems

• October 27, 2023 27 Oct'23

  Microsoft warns over growing threat from Octo Tempest gang

  The English-speaking Octo Tempest extortion gang – which became an ALPHV/BlackCat affiliate recently – presents one of the most significant and rapidly growing threats to large organisations at this time, says Microsoft

• October 27, 2023 27 Oct'23

  Google launches bug bounties for generative AI attack scenarios

  Google expands its bug bounty programme to encompass generative AI and takes steps to grow its commitment to supply chain security as it relates to the emerging technology

• October 27, 2023 27 Oct'23

  Webex deploys AI to enhance contact centre agent potential, boost CX

  AI-powered innovations in contact centre designed to generate agent efficiency and well-being, resulting in reduced turnover and improved customer experiences, faster resolution of customer needs and real business outcomes

• October 26, 2023 26 Oct'23

  ChatGPT, Bard, lack effective defences against fraudsters, Which? warns

  Consumer advocacy Which? warns that popular generative AI tools are vulnerable to loopholes that render existing protections against malicious usage easily bypassed

• October 26, 2023 26 Oct'23

  Boardrooms losing control in generative AI takeover, says Kaspersky

  C-suite executives are increasingly fretful about what they perceive as a ‘silent infiltration’ of generative AI tools across their organisations

• October 26, 2023 26 Oct'23

  Exploitation of Citrix NetScaler vulns reaching dangerous levels

  Observed activity exploiting two new Citrix NetScaler vulnerabilities disclosed earlier this month is ramping up, and users may be running out of time to patch lest they be attacked

• October 25, 2023 25 Oct'23

  UK Finance paints mixed picture of fraud as losses top £500m

  UK losses to fraud in the first six months of the year topped £500m, but a slight decline in overall crime rates was observed, according to UK Finance’s latest data

• October 25, 2023 25 Oct'23

  1Password caught up in Okta support breach

  After breaches at BeyondTrust and Cloudflare, 1Password, a third customer of Okta operating in the same space, has revealed that it too was impacted in a breach of the IAM house’s support systems

• October 24, 2023 24 Oct'23

  Cisco hackers likely taking steps to avoid identification

  Cisco confirms that a drop in detections of devices compromised by two zero-days was likely the result of reactive measures taken by the threat actors to avoid discovery

• October 24, 2023 24 Oct'23

  Research team tricks AI chatbots into writing usable malicious code

  Researchers at the University of Sheffield have demonstrated that so-called Text-to-SQL systems can be tricked into writing malicious code for use in cyber attacks

• October 24, 2023 24 Oct'23

  Kaspersky opens up over spyware campaign targeting its staffers

  Kaspersky has shared more details of the TriangleDB spyware that was used against its own workforce by an unknown APT group

• October 24, 2023 24 Oct'23

  Customers speak out over Okta’s response to latest breach

  Customers of identity specialist Okta have been attacked via a compromise of its systems, and are claiming Okta’s response leaves something to be desired