News

Privacy and data protection

• December 01, 2022 01 Dec'22

  MI6 chief’s hacked emails attacked MI5 and betrayed British spy operations in China

  Former UK spy boss Richard Dearlove leaked names of MI6 secret agent recruiters in China to back an aggressive right-wing US campaign against tech company Huawei. His emails were hacked and then leaked – probably by Russian intelligence

• December 01, 2022 01 Dec'22

  LastPass probes new cyber incident related to August attack

  The August 2022 cyber attack on LastPass seems to have begat another incident, according to company CEO Karim Toubba

• November 30, 2022 30 Nov'22

  Microsoft 365 banned in German schools over privacy concerns

  German schools cannot legally use Microsoft Office 365 over lack of clarity about how data is collected, shared and used, as well as the potential for unlawful transfer of European citizens’ personal data to the US

• November 30, 2022 30 Nov'22

  South Staffs Water customer data leaked after ransomware attack

  Personal data of water utility’s direct debit customers exposed on the dark web following a Clop ransomware attack

• November 29, 2022 29 Nov'22

  Cyber criminals exploiting naked TikTok ‘challenge’

  Malware operators lured targets by promising them they would be able to view nude videos of TikTok users

• November 27, 2022 27 Nov'22

  Plexal inducts six into cyber leadership scheme

  Tech innovation hub Plexal is expanding its Cyber Runway programme with a new Ignite strand dedicated to supporting high-potential security leaders

• November 25, 2022 25 Nov'22

  Data management, backup becoming the CISO's responsibility

  More and more CISOs are taking on responsibility for wider data management strategies, and this trend looks set to grow next year

• November 24, 2022 24 Nov'22

  Not-for-profit aims to encourage 1,300 girls into cyber careers

  CyNam, a not-for-profit cyber security initiative, is collaborating with industry, education providers and government to encourage young women into cyber

• November 23, 2022 23 Nov'22

  UK police arrest 120 in largest-ever cyber fraud crackdown

  The administrator and more than 100 users of the iSpoof.cc cyber fraud website have been arrested in a major counter-fraud operation led by the Metropolitan Police

• November 23, 2022 23 Nov'22

  South Korea data adequacy pact brings £15m Brexit bonus

  UK government finalises a data adequacy agreement with South Korea, saying it will unlock a post-Brexit business bonus of just under £15m

• November 23, 2022 23 Nov'22

  Dutch national cyber security strategy aims to protect digital society

  Cabinet sets up national cyber security strategy to make the Netherlands digitally secure

• November 22, 2022 22 Nov'22

  Ducktail spins new tales to hijack Facebook Business accounts

  The increasingly active Ducktail cyber crime operation is refining its operations, seeking new methods to compromise its victims’ Facebook Business accounts

• November 22, 2022 22 Nov'22

  Killnet DDoS hacktivists target Royal Family and others

  Russia-aligned hacktivists targeted multiple UK websites, including those of the Royal Family, in a new campaign of DDoS attacks

• November 21, 2022 21 Nov'22

  Bug Bounty Calculator helps organisations fine-tune their payouts

  Newly launched comparison tool will supposedly help operators of vulnerability disclosure or bug bounty programmes to ensure their payments match market rates and expectations, and attract the right sort of attention

• November 21, 2022 21 Nov'22

  NHS federated data platform must avoid repeating Care.data mistakes, says national data guardian

  UK’s national data guardian agrees with the ambitions of the platform, but warns that the programme must avoid ‘common pitfalls around trust and transparency’

• November 21, 2022 21 Nov'22

  NHS trust that deleted up to 90,000 emails cleared of deliberately concealing evidence

  A tribunal found in a high-profile case brought by whistleblower Chris Day that an NHS trust had not deliberately concealed evidence when a director deleted up to 90,000 emails before he was due to testify

• November 18, 2022 18 Nov'22

  Is Elon Musk’s Twitter safe, and should you stop using it?

  With a litany of security and compliance issues exposed and in many cases caused by Elon Musk’s takeover of social media platform Twitter, some may be asking if it’s still safe or appropriate to use

• November 18, 2022 18 Nov'22

  New gold standard to protect good faith hackers

  HackerOne’s new Gold Standard Safe Harbour statement will supposedly act as a guarantee for good faith hacking

• November 17, 2022 17 Nov'22

  Scottish government to pilot digital identity platform in early 2023

  Pilot of Scotland’s digital identity platform will be run in partnership with Disclosure Scotland, using secure sign-on and identity verification

• November 16, 2022 16 Nov'22

  Global network fragmentation a source of increasing risk

  Risk consultancy’s report says the weaponisation of cyber space and geopolitical clashes herald a breakdown of global networks into distinct regional or national architectures

• November 15, 2022 15 Nov'22

  APP fraud volumes expected to double by 2026, says report

  Losses to authorised push payment fraud in the UK are expected to climb to over $1.5bn in the next four years. Meanwhile, the NAO accuses the Home Office of lagging on progress to tackle the issue

• November 14, 2022 14 Nov'22

  How Google and Mandiant are forging synergies in cyber security

  Google’s AI smarts and Mandiant’s intelligence on new and emerging threats could lay the foundation of proactive security

• November 13, 2022 13 Nov'22

  Online scam victims lose an average of £1,000 each

  New data from the National Fraud Intelligence Bureau shows victims of online fraud lose an average of £1,000 per person

• November 11, 2022 11 Nov'22

  Volume of self-reported breaches to ICO jumps 30%

  The number of self-reported breaches to the UK’s Information Commissioner’s Office soared by nearly 30% in the 12 months to 30 June 2022

• November 11, 2022 11 Nov'22

  MoD recruits Immersive Labs to bolster cyber resilience

  UK’s Ministry of Defence will run cyber drills and address its security talent gap with Immersive Labs’ CyberPro, Cyber Crisis Simulator and Application Security products

• November 10, 2022 10 Nov'22

  Cyber criminals have World Cup Qatar 2022 in their sights

  Volumes of malicious cyber activity around the upcoming FIFA World Cup are already starting to tick upwards and are likely to continue to do so

• November 09, 2022 09 Nov'22

  Optus earmarks A$140m to cover cost of data breach

  Optus sets aside A$140m as an exceptional expense for a customer remediation programme following a massive data breach that affected 10 million customers

• November 09, 2022 09 Nov'22

  UK’s National Cyber Advisory Board convenes for first time

  Government convenes National Cyber Advisory Board to further its goals of making the UK one of the safest places to live and work online

• November 08, 2022 08 Nov'22

  NortonLifeLock, Avast debut new ‘Gen’ identity

  The combined NortonLifeLock and Avast consumer cyber business, Gen, says it will serve over 500 million customers worldwide

• November 07, 2022 07 Nov'22

  Public sector IT projects need ethical data practices from start

  Data ethics needs to be integrated into public sector IT projects from the very start, and considered throughout every stage of the process, to be effective

• November 07, 2022 07 Nov'22

  Department for Education escapes £10m fine over data misuse

  Department entrusted data on 28 million children to a company called Trustopia, which turned out to be anything but trustworthy, but has escaped a £10m fine under new rules

• November 04, 2022 04 Nov'22

  Microsoft: Nation-state cyber attacks became increasingly destructive in 2022

  The willingness of nation-state actors to conduct destructive cyber attacks is a source of grave concern, as Microsoft’s latest annual Digital Defence Report lays bare

• November 03, 2022 03 Nov'22

  Automated threats biggest source of cyber risk for retailers

  Threat actors targeting retailers during the coming holiday season are increasingly turning to automated forms of cyber attack, according to a report

• November 01, 2022 01 Nov'22

  NCSC looks back on year of ‘profound change’ for cyber

  The NCSC ramped up its support for UK plc in the past 12 months, but it was events beyond the UK’s borders that proved the most impactful

• October 31, 2022 31 Oct'22

  Cyber crime officer says French legal challenges to EncroChat are ‘hype’

  Matthieu Audibert, officer of the French Gendarmerie’s cyber space command, gets into a spat with defence lawyers on Twitter over the lawfulness of evidence from the hacked phone network EncroChat

• October 27, 2022 27 Oct'22

  Government ups cyber support for elderly, vulnerable web users

  DCMS announces a funding boost to help the elderly, disabled and other vulnerable groups stay safe online and avoid being misled by disinformation

• October 27, 2022 27 Oct'22

  NCSC’s Levy steps down after 20-year intelligence career

  NCSC technical director Ian Levy bids farewell, telling his successor: ‘Don’t panic’

• October 27, 2022 27 Oct'22

  NHS to get new national CISO

  The Department for Health and Social Care is seeking a new national CISO, who will be tasked with providing strategic cyber leadership, direction and expertise across DHSC and the wider NHS

• October 27, 2022 27 Oct'22

  LinkedIn adds new features to safeguard user privacy, security

  Social media platform is adding a number of features and systems designed to protect legitimate users from inauthentic profiles and activity

• October 27, 2022 27 Oct'22

  Medibank breach casts spotlight on data security

  Health insurer Medibank Private recently suffered a major data breach involving the personal and health information of millions of customers, once again casting the spotlight on data security in Australia

• October 27, 2022 27 Oct'22

  Santander calls for cooperation to tackle APP fraud

  New report puts forward key recommendations that the banking sector, government and other industries could take to tackle authorised push payment fraud

• October 26, 2022 26 Oct'22

  ICO warns against using biometrics for ‘emotional analysis’

  ICO warning highlights risk of ‘systemic bias’ and discrimination associated with organisations using biometric data and technologies for emotion analysis

• October 25, 2022 25 Oct'22

  Dutch lawyers raise human rights concerns over hacked cryptophone data

  Dutch defence lawyers say in an open letter that there is a risk of unfair trials unless they are allowed to test the reliability and legitimacy of hacked cryptophone evidence

• October 25, 2022 25 Oct'22

  Germany: European Court of Justice asked to rule on legality of hacked EncroChat phone evidence

  Berlin’s Regional Court has asked the European Court of Justice to answer questions about whether the use of hacked EncroChat phone evidence complies with European law

• October 25, 2022 25 Oct'22

  Global digital trust market to double by 2027

  The global market for digital trust technology is expected to double to $537bn by 2027, up from $270bn today as demand for cyber security and other capabilities continues to grow

• October 25, 2022 25 Oct'22

  Digital-first businesses more willing to accept some fraud

  Companies founded in the past 20 years appear more willing to accept higher levels of fraudulent activity during the customer onboarding process, according to a report

• October 24, 2022 24 Oct'22

  Complacency biggest cyber risk to UK plc, says ICO

  Information commissioner John Edwards warns against complacency as his office issues a multimillion-pound fine to a building company that failed to prevent a ransomware attack

• October 21, 2022 21 Oct'22

  Microsoft slams external researchers over its own data leak

  Microsoft inadvertently leaked customer data after misconfiguring an Azure Blob, but has hit out at the organisation that discovered its error, claiming it is exaggerating the scope of the issue

• October 20, 2022 20 Oct'22

  The Security Interviews: Why now for ZTNA 2.0?

  With organisations facing escalating online threats, security teams need to improve their defences using zero-trust network access to preserve the integrity of their systems. Palo Alto Networks’ Simon Crocker shares his views on zero-trust network ...

• October 20, 2022 20 Oct'22

  NatWest data breach whistleblower demands bank pay data controller fee to ICO

  Whistleblower calls for NatWest to pay the Information Commissioner’s Office annual data controller fee, as the personal details of 1,600 current and former NatWest customers remain under her bed