News

Managing IT and business issues

• September 13, 2023 13 Sep'23

  GitHub fixes race condition that could have led to ‘repojacking’

  A subtle flaw in how GitHub handled repository creation and user renaming could have had serious consequences for the open source community, but has now been fixed. Learn more about how it worked

• September 13, 2023 13 Sep'23

  BianLian ransomware gang holds Save the Children hostage

  The dangerous and prolific BianLian ransomware gang claims to have stolen almost 7TB of data from NGO Save the Children, but thankfully the charity’s vital work on the ground appears to be unaffected

• September 13, 2023 13 Sep'23

  Storm-0324 gathers over Microsoft Teams

  An initial access broker associated with several different ransomware operations is now conducting Microsoft Teams phishing attacks

• September 13, 2023 13 Sep'23

  NCSC and ICO sign MoU to forge deeper collaborative links

  The scope of the MoU signed by the NCSC and the ICO includes collaboration on new cyber regulations and guidance, and how to support cyber attack victims appropriately and minimise regulatory penalties

• September 13, 2023 13 Sep'23

  Patch Tuesday: Microsoft fixes zero-days in Word and Streaming Service

  September 2023 brings a light Patch Tuesday, with two zero-days and five critical vulnerabilities listed in the latest release

• September 13, 2023 13 Sep'23

  ExtraHop open sources 16 million rows of threat domain data

  NDR specialist ExtraHop says making its entire machine learning dataset available for anybody to view will help organisations better defend against cyber attacks originating from malicious domains generated by algorithms

• September 12, 2023 12 Sep'23

  Ancient MoD IT systems could cause supply issues for frontline troops

  Deliveries of inventory to the front line are being put at risk due to legacy IT systems and poor data, according to the National Audit Office

• September 12, 2023 12 Sep'23

  US casino giant MGM Resorts battles 36-hour outage after cyber attack

  Multiple systems at US hotel and casino operator MGM went down in the wake of the incident on 10 September, crippling several of Las Vegas’ most prominent casinos

• September 12, 2023 12 Sep'23

  IT spending in Australia to grow 7.8% in 2024

  The growth will be led by investments in cyber security, cloud, analytics and application modernisation as Australian CIOs look to improve cost and operational efficiencies

• September 11, 2023 11 Sep'23

  Brits happy to break cyber law if the price is right

  A study conducted ahead of an upcoming security trade fair reveals a slim majority of Brits would come out in favour of offensive government security ops and even engage in cyber criminality themselves in the right circumstances

• September 11, 2023 11 Sep'23

  Professional ransomware gangs clearly a threat, but attacks can be easily stopped

  NCSC and NCA report reveals insight into business models and underpinnings of ransomware gangs and their affiliates, but also urges defenders to take heart, as stopping a ransomware attack is not that hard to do

• September 11, 2023 11 Sep'23

  UK boardrooms and CISOs increasingly aligned on cyber risks

  Board members and CISOs in UK organisations seem to be working together much better, but while this is an encouraging sign, there remain some areas of concern over how the two relate to each other

• September 11, 2023 11 Sep'23

  Salesforce and Zoom embrace ethical hackers. You should, too

  Software companies Salesforce and Zoom discuss their successful bug bounty programmes, what they learned at a recent in-person hackathon in which they participated, and why others shouldn’t be scared of hackers

• September 08, 2023 08 Sep'23

  Apple patches Blastpass exploit abused by spyware makers

  Apple has patched two vulnerabilities that formed an exploit chain which has been allegedly abused by spyware company NSO

• September 08, 2023 08 Sep'23

  UK broadband users fume at providers’ service but stay loyal

  Research released by leading alternative broadband provider shows nation’s broadband providers offer the worst customer service of any industry, but customers still maintain loyalty

• September 08, 2023 08 Sep'23

  Deputy PM urges UK plc not to lose focus on cyber

  In a speech at TechUK, deputy prime minister Oliver Dowden urges the cyber security community not to lose focus, and to do more to further collaboration across sectors

• September 08, 2023 08 Sep'23

  North Koreans using new zero-day to target security researchers

  A threat actor linked to the North Korean government is continuing a long-running campaign targeting legitimate security researchers, using an as-yet undisclosed zero-day vulnerability to gain access to their victims

• September 07, 2023 07 Sep'23

  Honeywell goes quantum to protect utilities from future threats

  Honeywell and quantum computing specialist Quantinuum will integrate quantum-hardened encryption keys into future smart meters

• September 07, 2023 07 Sep'23

  UK and US slap fresh sanctions on Conti ransomware crew

  London and Washington DC have imposed sanctions on 11 more members of the cyber criminal gang behind the Conti ransomware attacks

• September 07, 2023 07 Sep'23

  Government AI taskforce appoints new advisory board members

  An initial progress report published by the Taskforce provides detail on new appointments to its external advisory board as well as rebrand to focus on “frontier” artificial intelligence

• September 07, 2023 07 Sep'23

  Microsoft finds Storm-0558 exploited crash dump to steal signing key

  Microsoft has published new information on how the Chinese state threat actor Storm-0558 was able to exploit a rare race condition following a crash dump in order to acquire a consumer signing key

• September 07, 2023 07 Sep'23

  Singapore taps Lidar and laser scanning in remote building inspections

  With the 3D data generated reality capture technologies, detailed inspections can be conducted remotely, eliminating the need for inspectors from technical authorities to be present onsite

• September 06, 2023 06 Sep'23

  Business leaders anxious over tech disruption

  Although there is significant investment in AI, the rate of change is a concern for many business leaders

• September 06, 2023 06 Sep'23

  Meet the professional BEC op that targeted Microsoft 365 users for years

  The so-called W3LL cyber crime operation ran a phishing empire that has played a large role in compromising Microsoft 365 accounts for years. Its activities are now coming to light thanks to Group-IB researchers

• September 06, 2023 06 Sep'23

  Okta customers targeted in new wave of social engineering attacks

  Authentication specialist Okta has warned customers to be on alert for a campaign of social engineering attacks exploiting highly privileged users

• September 05, 2023 05 Sep'23

  Researchers find flaw in Mend.io security platform

  WithSecure’s research team uncovered an authentication flaw in an application security platform developed by Mend.io, which has now been fixed

• September 05, 2023 05 Sep'23

  Law firm Fieldfisher launches data breach management tool

  UK and European data breach law specialist Fieldfisher has enlisted legal tech specialist Lawcadia to supply a 24-hour data breach notification assessment platform

• September 05, 2023 05 Sep'23

  Hacked Electoral Commission failed Cyber Essentials audit

  The Electoral Commission failed an NCSC Cyber Essentials audit on multiple counts at about the same time as cyber criminals breached its systems in 2021, it has emerged

• September 05, 2023 05 Sep'23

  Ryder Cup testbed to feature tech firsts in Rome

  This year’s Ryder Cup will test out technology to improve how fans digitally consume the event while reducing the workload on IT teams

• September 05, 2023 05 Sep'23

  NCSC names ex-NCC man as new CTO

  New NCSC CTO Ollie Whitehouse joins from NCC Group, having also worked at BlackBerry and Symantec

• September 05, 2023 05 Sep'23

  Plymouth Uni spearheads research into wind farm cyber resilience

  Project hosted at the University of Plymouth in Devon aims to develop cyber security measures to protect the UK’s increasingly important offshore wind farm assets

• September 05, 2023 05 Sep'23

  London Stock Exchange plans blockchain-based market

  The London Stock Exchange plans to have a blockchain-based trading venue available in the next 12 months

• September 04, 2023 04 Sep'23

  LockBit ransomware gang allegedly leaks MoD data after hit on supplier

  The UK government appears to have become entangled in a LockBit ransomware attack after data was leaked from a third-party supplier online

• September 04, 2023 04 Sep'23

  How startup Once.net and Cloudflare secured the 2023 Eurovision vote

  When the Eurovision Song Contest introduced paid-for public voting from outside Europe in 2023, it faced new cyber challenges. Learn how Dutch startup Once.net and Cloudflare teamed up to secure and support the big night

• September 01, 2023 01 Sep'23

  Police Scotland five-year digital strategy approved

  Police Scotland’s new strategy outlines how the force will approach and invest in its digital transformation over the next five years, but notes its ability to achieve its ambitions is subject to the availability of funding

• September 01, 2023 01 Sep'23

  Threat actors exploiting unpatched Juniper Networks devices

  A series of vulnerabilities in Juniper Networks firewalls and switches appear to be being exploited in the wild to enable remote code execution, with thousands of devices thought to be exposed

• September 01, 2023 01 Sep'23

  Google Cloud eyes bigger market share with AI

  Google Cloud CEO Thomas Kurian is confident the company’s generative AI capabilities will enable it to grow faster than the market and narrow the gap with rivals

• August 31, 2023 31 Aug'23

  Sandworm attacks Ukraine with Infamous Chisel malware

  The UK and its allies have attributed a novel malware campaign against Ukrainian state targets to the Russian intelligence-backed Sandworm APT

• August 31, 2023 31 Aug'23

  Ducktail social media marketing malware rears its head again

  Use of the Ducktail infostealer, which first popped up in 2022 targeting Meta Business accounts, seems to be increasing

• August 31, 2023 31 Aug'23

  Home Office and MoD seeking new facial-recognition tech

  The UK’s Defence and Security Accelerator is running a ‘market exploration’ exercise on behalf of the Home Office to identify new facial-recognition capabilities for security and policing bodies in the UK

• August 30, 2023 30 Aug'23

  Cyber world hails downfall of Qakbot trojan

  A multinational law enforcement hacking operation disrupted the botnet infrastructure used to distribute the Qakbot trojan at the weekend, in a major setback for the cyber criminal underworld

• August 30, 2023 30 Aug'23

  NCSC warns over possible AI prompt injection attacks

  The UK’s NCSC says it sees alarming potential for so-called prompt injection attacks driven by the large language models that power AI chatbots

• August 30, 2023 30 Aug'23

  Met police data platform deployed with data protection issues

  Met Police deploys integrated record management system despite data protection ‘compliance issues' that would inhibit its ability to retrieve data, meet its statutory logging requirements, and respond to subject access requests

• August 30, 2023 30 Aug'23

  Zurich Insurance slashes ServiceNow application development time

  Insurance giant cuts time it takes to complete development of ServiceNow applications by days

• August 29, 2023 29 Aug'23

  Zero-day that forced Barracuda users to bin kit was exploited by China

  Mandiant has published details of how a Chinese threat actor targeted high-profile users of Barracuda Networks' Email Security Gateway appliances, including government agencies of interest to Beijing's intelligence goals

• August 29, 2023 29 Aug'23

  Top-performing CISOs reserve time for professional development

  Survey of chief information security officers conducted by Gartner sheds light on habits shared by the top-performing members of the profession

• August 28, 2023 28 Aug'23

  India gets ready for new data protection regime

  The Digital Personal Data Protection Act will shape the way businesses collect, secure and use personal data as India looks to protect data privacy while driving innovation and economic growth

• August 24, 2023 24 Aug'23

  Google bets on AI-backed cyber controls for Workspace users

  Zero-trust and digital sovereignty controls are the focus of a series of enhancements being made for Google Workspace users

• August 23, 2023 23 Aug'23

  Inside Micron Singapore’s sustainability journey

  The chipmaker has been doubling down on sustainability efforts in Singapore by tapping solar power, recycling water and waste, as well as treating greenhouse gases, in a bid to achieve net zero by 2050

• August 23, 2023 23 Aug'23

  St Helens Council in Merseyside hit by ransomware attack

  St Helens Borough Council is investigating a suspected ransomware incident targeting its systems, and is advising residents to be on the alert for follow-on phishing attacks