News

Managing IT and business issues

September 13, 2022 13 Sep'22
Multi-persona impersonation adds new dimension to phishing

Iranian APT used multiple personas on a single email thread to convince targets of the legitimacy of its phishing lures
September 12, 2022 12 Sep'22
Mandiant floats off into Google Cloud

As planned, the acquisition of Mandiant will see the threat intel and incident response giant become a part of Google’s Cloud business
September 12, 2022 12 Sep'22
Mistakenly transferred $504m to be returned to Citigroup

Judge rules that creditors should return $504m that was accidentally transferred to them by Citigroup
September 12, 2022 12 Sep'22
CISOs should spend on critical apps, cloud, zero-trust, in 2023

Faced with a global recession next year, security buyers should try to direct investment towards technology that protects customer-facing and revenue-generating workloads, say analysts

September 12, 2022 12 Sep'22
Lloyd’s of London is digitally transforming through the front door

Centuries-old financial services organisation is transforming its complex IT infrastructure through digital data
September 09, 2022 09 Sep'22
Third of IT decision-makers rely on gut feel when choosing network operator

Study from customer experience technology provider shows lack of transparency is cited as the most consistent quality failure of network providers
September 09, 2022 09 Sep'22
Interview: Keeping an IT business going during the Russian invasion

After heading home and discovering that his country had been invaded, Konstantin Klyagin was forced to make life-changing family and business decisions
September 08, 2022 08 Sep'22
NCSC CyberUK event heads to Belfast in 2023

National Cyber Security Centre’s annual CyberUK roadshow is crossing the Irish Sea to Belfast in April 2023
September 08, 2022 08 Sep'22
Chinese APT using PlugX malware on espionage targets

China’s Bronze President APT is once again targeting government officials of interest to its paymasters, this time using forged diplomatic correspondence, according to the Secureworks Counter Threat Unit
September 08, 2022 08 Sep'22
The changing role of CIO in Sweden

New technologies and evolving business models are changing the missions of IT leaders around the world – and in most cases, the result is slightly different from one country to another

September 07, 2022 07 Sep'22
Albania cuts diplomatic ties with Iran after cyber attack

In a global geopolitical first, the Albanian government has severed diplomatic ties with Iran and expelled its ambassador after it was targeted by an APT backed by Tehran
September 07, 2022 07 Sep'22
August ’22 a bumper month for high-impact vulnerabilities

Bugs in products from Apple, Google, Microsoft and VMware dominated the threat landscape in August, says Recorded Future
September 07, 2022 07 Sep'22
Prince’s Trust teams with threat management specialist in skills push

Prince’s Trust hopes to address shortfall in cyber professionals and improve diversity in the industry
September 07, 2022 07 Sep'22
Hotel group IHG confirms cyber attack after two-day outage

IHG, the operator of hotel chains Crowne Plaza, Holiday Inn, Intercontinental and Kimpton, says it has been targeted by an unknown threat actor
September 07, 2022 07 Sep'22
Cyber threats to Europe’s grid: Utilities rethink strategy

The separation of operational and information technology at utilities across Europe is opening doors for cyber criminals
September 06, 2022 06 Sep'22
Campaigners call on Truss to change UK’s archaic hacking laws

The CyberUp coalition, a campaign to reform the Computer Misuse Act, has called on Liz Truss to push ahead with needed changes to protect cyber pros from potential prosecution
September 06, 2022 06 Sep'22
Bus company Go-Ahead fighting off cyber attack

Go-Ahead Group, which operates bus companies around the UK, says it is in the process of dealing with a cyber attack that may cause disruption to services
September 06, 2022 06 Sep'22
Saudi Arabian organisations choose to outsource to improve cyber security posture

Overwhelmed by rising threats and a growing number of government mandates, many organisations in Saudi Arabia are looking for outside help to take care of cyber security
September 05, 2022 05 Sep'22
UK payments upgrade to add more than £3bn to GDP, but much more on offer

UK GDP will increase when its ageing payments infrastructure is replaced with the latest technology to enable real-time payments
September 05, 2022 05 Sep'22
How Okta is regaining customer trust after a cyber attack

In early 2022, cyber firm Okta was among several tech companies hit by the Lapsus$ gang. Vice-president of customer trust Ben King talks about how he has been working behind the scenes to rebuild confidence after the incident
September 02, 2022 02 Sep'22
Dutch government finally allowed to use public cloud

Public cloud is finally within reach for Dutch public services. Previously, the Dutch government was only allowed to use private clouds due to risks concerning privacy and security
September 01, 2022 01 Sep'22
Police interview Horizon scandal victim in investigation into potential perjury by Fujitsu staff

The Met Police have interviewed a former subpostmaster as part of an investigation into potential perjury by former Fujitsu staff
September 01, 2022 01 Sep'22
Space nerds beware: James Webb images used to spread malware

Astronomy and space aficionados are being targeted by cyber criminals exploiting some of the now-famous images captured by Nasa’s James Webb Space Telescope to distribute malware
September 01, 2022 01 Sep'22
Local authorities experience 10,000 attempted cyber attacks every day

Local authorities across the UK face a daily deluge of cyber incidents, with phishing and DDoS attacks the most prevalent, according to an insurance broker
September 01, 2022 01 Sep'22
Swedish Electronics Protection Act coincides with major cyber spend

Swedish cyber security law comes at a time of heavy government investment
September 01, 2022 01 Sep'22
New (ISC)² cyber careers schemes go live

(ISC)² has opened up two new global cyber careers schemes to applicants to try to help organisations fill 2.7 million vacant roles worldwide
August 31, 2022 31 Aug'22
Google debuts open source bug bounty programme

Google is calling on hackers to take pot-shots at its open source projects for the first time through a new vulnerability research programme
August 31, 2022 31 Aug'22
NHS staff fall further behind amid ransomware attack

While some NHS bodies are now recovering their services after the ransomware attack on a crucial software supplier, others are still being forced to rely on pen and paper, and some will be waiting months to recover
August 31, 2022 31 Aug'22
VMware CEO: Broadcom acquisition is on track

Raghu Raghuram claims VMware customers are getting more comfortable with the Broadcom acquisition while employees are ‘more or less focused’ on the job at hand
August 30, 2022 30 Aug'22
IAM house Okta confirms 0ktapus/Scatter Swine attack

Following last week’s disclosureby Group-IB researchers of a major phishing campaign, Okta has warned its customers to be on their guard
August 30, 2022 30 Aug'22
UK government presses on with new cyber rules for telcos

Government has finalised new security rules for telecoms companies and will move to make them binding in the near future
August 30, 2022 30 Aug'22
Growing importance of the data strategist in South Holland

Much has been written about the work of data scientists, but the lesser-known role of data strategist is just as essential – as is being demonstrated in the Netherlands
August 30, 2022 30 Aug'22
LastPass breach limited in scale and well-managed, say experts

A breach of LastPass’s developer environment does not seem to have affected users of the password management service, but it may still be time for a credential reset
August 30, 2022 30 Aug'22
Confronting the unique challenges of hiring IT professionals in Saudi Arabia

As Saudi Arabia undergoes an economic transformation, new mandates are being implemented to help Saudi nationals keep up with global talent requirements
August 25, 2022 25 Aug'22
Criminal 0ktapus spoofed IAM firm in massive phishing attack

Researchers at Group-IB have published research on a major phishing campaign that ensnared victims at the likes of Cloudflare and Twilio
August 25, 2022 25 Aug'22
Adaptive RedAlert, Monster ransomwares go cross-platform

Kaspersky researchers have shared new intelligence on two emergent cyber criminal groups that have adapted their ransomwares to target different operating systems at the same time
August 25, 2022 25 Aug'22
Millions of Plex users may be at risk in password breach

Up to half of Plex’s 30 million users may have had their personal data stolen by an unknown threat actor
August 25, 2022 25 Aug'22
LockBit 3.0 cements dominance of ransomware ecosystem

Ransomware attacks were up 47% in July compared with the previous month, according to the latest threat data from NCC Group, with the LockBit family largely to blame
August 24, 2022 24 Aug'22
Most CISOs think they’ve been attacked by a nation state

Most organisations have made changes to their cyber strategies and policies following Russia’s invasion, and almost two-thirds suspect they have been directly targeted or impacted by a nation-state cyber attack
August 24, 2022 24 Aug'22
Alleged Twitter security failings spell trouble ahead

Twitter’s former security head, Peiter Zatko, has alleged a number of serious cyber failures at the social media platform, raising the spectre of investigations and sanctions
August 23, 2022 23 Aug'22
Home Office announces Scale-up visa for fast-growth firms

Scale-up visa launched to help high-growth businesses employ talent from overseas, but sponsorship requirements could undermine effectiveness
August 23, 2022 23 Aug'22
NCSC shares cyber guidance for large infrastructure builds

Balfour Beatty and McAlpine are among the large construction firms to have input into latest NCSC guidance for ensuring the security of major infrastructure projects
August 22, 2022 22 Aug'22
Contracting market weighs in on Liz Truss pledge to review IR35 rules if she becomes prime minister

As Liz Truss continues her Conservative Party leadership campaign, she tells the national press of her plans to review the IR35 rules should she succeed Boris Johnson as prime minister
August 22, 2022 22 Aug'22
Kaspersky threat data added to Microsoft Sentinel service

Microsoft and Kaspersky have agreed a collaboration to integrate Kaspersky’s threat data feeds into Microsoft’s cloud-native SIEM/SOAR service
August 22, 2022 22 Aug'22
Lloyd’s to end insurance coverage for state cyber attacks

Lloyd’s of London has instructed its members to exclude nation state cyber attacks from insurance policies beginning in 2023, saying they pose unacceptable levels of risk
August 19, 2022 19 Aug'22
Google employees demand end to collection of abortion data

In the wake of the US Supreme Court rolling back abortion rights, Google employees are calling on the company to stop collecting abortion-related data, so that it can never be shared with police
August 19, 2022 19 Aug'22
Cozy Bear targets MS 365 environments with new tactics

Cozy Bear, or APT29, is trying out new tricks as it seeks access to its targets’ Microsoft 365 environments
August 19, 2022 19 Aug'22
Apple patches two zero-days in macOs, iOS

Mac users should urgently apply new patches addressing vulnerabilities in its desktop and mobile operating systems
August 18, 2022 18 Aug'22
Growing MFA use spurs ‘pass-the-cookie’ attacks

The exploitation of stolen session cookies by cyber criminals is once again back on the agenda, thanks to the growing popularity of multifactor authentication tools
August 18, 2022 18 Aug'22
It takes a breach to force boards to take notice of cyber, says UK government

Too often, it takes a major incident for business leadership to pay attention to cyber issues, according to a government-commissioned study of victims