News

Managing IT and business issues

February 14, 2023 14 Feb'23
OSC&R framework to stop supply chain attacks in the wild

The backers of a new MITRE ATT&CK style framework called OSC&R hope to help organisations get to grips with threats to their software supply chains
February 13, 2023 13 Feb'23
KPMG launches metaverse and digital twin hub in Saudi Arabia

The Saudi Arabian government’s commitment to investing in metaverse technology has attracted a KPMG centre of excellence to its shores
February 13, 2023 13 Feb'23
Security buyers lack insight into threats, attackers, report finds

The majority of cyber security purchasing decisions are made without proper insight into the attackers organisations are facing, according to a Mandiant report
February 13, 2023 13 Feb'23
Killnet DDoS attacks disrupt Nato websites

A series of distributed denial of service attacks on various public websites belonging to the Nato alliance were largely repelled but some resources remain unavailable

February 13, 2023 13 Feb'23
Police tech needs clear legal rules, says biometrics regulator

Police use of artificial intelligence and facial recognition needs to be controlled by strict rules and mechanisms to ensure public trust
February 10, 2023 10 Feb'23
BNPL accounted for 12% of UK online spending in January

Buy now, pay later products from fintech providers accounted for 12% of the £8bn spent online in the UK in January, according to analysis
February 10, 2023 10 Feb'23
Social media platform Reddit breached in phishing attack

An unspecified threat actor obtained access to internal documents, code and business systems at Reddit after stealing employee credentials in a phishing attack
February 09, 2023 09 Feb'23
UK imposes sanctions on Conti ransomware gang leaders

Seven Russian nationals associated with the Conti and Ryuk ransomware operations have been sanctioned by the UK
February 08, 2023 08 Feb'23
Prolific social media fraudster jailed for three years

Ramzan Abubakarov of Hendon will serve three-year prison sentence after using Telegram to coordinate series of frauds which netted almost £2m
February 08, 2023 08 Feb'23
Campaigners lament lack of movement on Computer Misuse Act reform

Westminster has opened a new consultation on proposed reforms to the Computer Misuse Act of 1990, but campaigners who want the law changed to protect cyber professionals have been left disappointed

February 07, 2023 07 Feb'23
LockBit cartel finally claims Royal Mail ransomware attack

The LockBit ransomware gang claims it has stolen sensitive data from Royal Mail and will leak it later this week if its demands go unmet
February 07, 2023 07 Feb'23
Benelux CIO interview: Marijn Grevink, leader of digital transformation, Mars

In an interview with Computer Weekly, the digital head at Mars, Marijn Grevink, takes the wrapper off digital transformation at the company in the Netherlands
February 07, 2023 07 Feb'23
TSB pilots pods as branch replacements

TSB joins Barclays in adopting banking pods to ensure customers have access to physical banking services as the number of high street branches declines
February 06, 2023 06 Feb'23
Online banks still riddled with cyber security flaws, report says

Online bank Virgin Money was found to have the weakest online and application security measures in a Which? study but Nationwide, TSB and The Co-Operative Bank all failed on multiple points, too.
February 06, 2023 06 Feb'23
Post Office branches struggling after Royal Mail cyber attack

Royal Mail has restored almost all of its international services to some extent, but remains unable to accept parcels bought over the counter in a Post Office branch
February 06, 2023 06 Feb'23
The Security Interviews: How to overcome data protection compliance challenges

Complying with the vast swathe of data protection legislation around the world is complex, especially for smaller organisations without the necessary expertise. Could the compliance process be simplified, and if so, how?
February 06, 2023 06 Feb'23
Ransomware operator turns their fire on two-year-old VMware bug

A vulnerability in VMware ESXi servers that users should have patched in 2021 is now being exploited to spread ransomware
February 03, 2023 03 Feb'23
LockBit gang confirms Ion cyber attack as disruption continues

The LockBit ransomware cartel has taken responsibility for this week’s attack on financial software firm Ion, and is threatening to leak stolen data on Saturday 4 February
February 03, 2023 03 Feb'23
FCA cracks down on misleading promos by social media influencers

Social media is becoming a major part of the FCA’s work in clamping down on misleading financial advertising and promotions, with multiple influencers rapped for their behaviour
February 03, 2023 03 Feb'23
MEPs vote to amend platform worker directive

MEPs have voted in favour of amendments to the European Commission’s platform worker directive that would introduce a presumption of employment and increase algorithmic transparency
February 02, 2023 02 Feb'23
North Korea’s Lazarus gang exposes itself in opsec failure

WithSecure researchers linked a campaign of cyber attacks targeting medical research and energy firms to North Korea’s infamous Lazarus APT after a group member accidentally screwed up
February 02, 2023 02 Feb'23
Suspected LockBit ransomware attack causes havoc in City of London

A suspected LockBit ransomware attack on trading software firm Ion has caused chaos for City of London traders
February 02, 2023 02 Feb'23
Arnold Clark customer data was stolen in Play ransomware attack

Arnold Clark confirms data leaked on dark web was stolen from its systems in ransomware attack
February 01, 2023 01 Feb'23
Cisco fixes two bugs that could have led to supply chain attacks on users

Two vulnerabilities uncovered in Cisco hardware could have opened the door to serious supply chain cyber attacks, according to the Trellix researchers who found them
February 01, 2023 01 Feb'23
Cloud security top risk to enterprises in 2023, says study

A PwC study finds senior executives expect cyber attacks on cloud services to increase significantly this year
February 01, 2023 01 Feb'23
UK Cyber Council and ISACA launch audit, assurance programme

The UK Cyber Security Council has teamed up with ISACA to partner on a new audit and assurance programme for security pros
January 31, 2023 31 Jan'23
Tech Nation to shutter after more than a decade

Tech Nation due to shutter after losing core funding to Barclays Eagle Labs, which will take over its role in supporting UK technology startups and scaleups
January 31, 2023 31 Jan'23
Cyber training firm launches £20k data protection scholarship

Training specialist Freevacy has launched a £20,000 scholarship fund to train data privacy and protection professionals
January 31, 2023 31 Jan'23
Russian DDoS hacktivists seen targeting western hospitals

A swathe of attacks by the Putin-supporting DDoS operation known as Killnet has targeted hospitals and other infrastructure in several Nato countries, with the UK thought to be at risk
January 31, 2023 31 Jan'23
GitHub warns Desktop, Atom users after code-signing certificates pinched

Threat actors stole encrypted code-signing certificates for GitHub’s Desktop and Atom applications in December 2022, prompting warnings for users
January 31, 2023 31 Jan'23
Royal Mail recovers more International Tracked services

Royal Mail is making further progress in recovering IT systems hit by a ransomware attack, and has re-enabled another tranche of international export services
January 31, 2023 31 Jan'23
MPs warned of AI arms race to the bottom

Expert tells Parliamentary committee that tech companies developing artificial intelligence are cutting corners and placing safety on the backburner, opening up ‘enormous risks’ for the future of AI
January 30, 2023 30 Jan'23
Data of 10 million JD Sports customers accessed in cyber attack

Data on 10 million people who shopped online at JD Sports over a two-year period was accessed and potentially stolen in a cyber attack
January 30, 2023 30 Jan'23
Noventiq eyes APAC IT services market

IT services provider Noventiq has been expanding its presence in APAC through several acquisitions in India, and is eyeing a bigger slice of the region’s IT services pie
January 27, 2023 27 Jan'23
Hive ransomware gang taken down after FBI hacks back

The FBI hacked into Hive’s servers, stole its decryption keys and then took down its servers in a major action that has successfully disrupted a prolific and dangerous ransomware operation
January 26, 2023 26 Jan'23
Royal Mail resumes some international parcel services from UK

Royal Mail has successfully stood up its International Tracked and Signed, and International Signed, services as it continues to recover from a ransomware attack
January 25, 2023 25 Jan'23
NCSC exposes Iranian, Russian spear-phishing campaign targeting UK

Spear-phishing campaigns likely linked to Iranian and Russian espionage activity are targeting persons of interest in the UK, warns the NCSC
January 25, 2023 25 Jan'23
Leeds Building Society uses AIops in Dynatrace to improve observability

Automation and AI is improving how the service delivery team assesses the business impact of an IT service degradation
January 25, 2023 25 Jan'23
Arnold Clark cyber attack claimed by Play ransomware gang

A cyber attack that struck car dealer Arnold Clark prior to Christmas has been claimed as the work of the Play ransomware cartel
January 25, 2023 25 Jan'23
Boards struggle to resolve cyber risk in digital supply chains

Accelerated digitisation of supply chains is introducing more cyber risk for which many organisations seem unprepared, according to the BSI’s annual report on supply chain risk
January 24, 2023 24 Jan'23
Chinese IoT suppliers expose UK businesses to espionage and data theft

Chinese companies supplying network components, known as IoT modules, post a greater long-term threat to UK security than the now banned 5G supplier Huawei, according to a study by a Chinese expert and former diplomat
January 24, 2023 24 Jan'23
UK insurers need to up their game on cyber gaps, says PRA

Gaps and limitations in how insurers respond to cyber risk need to be addressed, according to the Bank of England regulator, the Prudential Regulation Authority
January 24, 2023 24 Jan'23
Nationwide Building Society CIO to join Co-operative Bank

Gary Delooze to join Co-operative Bank as CIO after six years heading up Nationwide Building Society’s IT department
January 24, 2023 24 Jan'23
SSRF attacks hit 100,000 businesses globally since November

There has been a dramatic increase in attacks exploiting the ProxyNotShell/OWASSRF exploit chains to target Microsoft Exchange servers
January 24, 2023 24 Jan'23
Fake online contest makes Yahoo! most phished brand of Q4 2022

Yahoo! was the most frequently phished brand during the last three months of 2022, according to a report
January 24, 2023 24 Jan'23
SMEs keen on embedded finance, but more choice needed to increase take-up

Suppliers to small and medium-sized enterprises need to offer more choice when embedding financial products in their services if take-up is to increase
January 24, 2023 24 Jan'23
Executive interview: Andrew Roughan, CEO, Plexal

Plexal CEO Andrew Roughan talks about how tech startups collaborate with the government to transform public services, the barriers to entry, and how the process can be improved
January 23, 2023 23 Jan'23
Trellix automates patching for 62,000 vulnerable open source projects

Since revealing startling statistics about the prevalence of a 15-year-old Python vulnerability, Trellix says it has helped fix almost 62,000 vulnerable projects in the past four months
January 23, 2023 23 Jan'23
Royal Society calls on public sector to pilot privacy tech

The Royal Society says public sector bodies should lead the way in piloting privacy-enhancing technologies to unlock the value of data without compromising privacy and data rights, but lack of standards and incentives mean adoption is slow
January 23, 2023 23 Jan'23
NCSC warning over cyber risk to charity sector

Cash-strapped charities without the resource to tackle their resilience deficit are increasingly at risk from malicious actors, says the NCSC