News

Privacy and data protection

September 12, 2022 12 Sep'22
Mandiant floats off into Google Cloud

As planned, the acquisition of Mandiant will see the threat intel and incident response giant become a part of Google’s Cloud business
September 12, 2022 12 Sep'22
CISOs should spend on critical apps, cloud, zero-trust, in 2023

Faced with a global recession next year, security buyers should try to direct investment towards technology that protects customer-facing and revenue-generating workloads, say analysts
September 08, 2022 08 Sep'22
Chinese APT using PlugX malware on espionage targets

China’s Bronze President APT is once again targeting government officials of interest to its paymasters, this time using forged diplomatic correspondence, according to the Secureworks Counter Threat Unit
September 08, 2022 08 Sep'22
Dutch cyber security organisations to join forces

Cyber security organisations in the Netherlands are going to merge into a single central expertise centre and information hub, which all organisations in the country will soon be able to tap into

September 08, 2022 08 Sep'22
India’s wake-up call on health data privacy

Health app developers and industry watchers in India are keeping an eye on data privacy following the reversal of the Roe vs Wade ruling in the US
September 07, 2022 07 Sep'22
Albania cuts diplomatic ties with Iran after cyber attack

In a global geopolitical first, the Albanian government has severed diplomatic ties with Iran and expelled its ambassador after it was targeted by an APT backed by Tehran
September 07, 2022 07 Sep'22
Hotel group IHG confirms cyber attack after two-day outage

IHG, the operator of hotel chains Crowne Plaza, Holiday Inn, Intercontinental and Kimpton, says it has been targeted by an unknown threat actor
September 07, 2022 07 Sep'22
Digital identity is key to coping with surge in air travel

The International Air Transport Association’s One ID digital identity initiative will pave the way for seamless air travel from curb to gate and help airports cope with growing passenger traffic
September 01, 2022 01 Sep'22
Space nerds beware: James Webb images used to spread malware

Astronomy and space aficionados are being targeted by cyber criminals exploiting some of the now-famous images captured by Nasa’s James Webb Space Telescope to distribute malware
August 31, 2022 31 Aug'22
Four years into GDPR, Norway hopes for safer data transfer to US

Much of the data on the internet ends up on US servers at some point, and that is not always compatible with the General Data Protection Regulation, says Norwegian data protection authority

August 30, 2022 30 Aug'22
UK government presses on with new cyber rules for telcos

Government has finalised new security rules for telecoms companies and will move to make them binding in the near future
August 30, 2022 30 Aug'22
One Login digital identity project makes headway

Government services are lining up to work with the GDS on its One Login digital identity system, according to its director of digital identity, Natalie Jones
August 25, 2022 25 Aug'22
CIOs: Geopolitics impacts your IT strategy

Research from analyst Gartner illustrates how geopolitics is influencing IT strategies
August 25, 2022 25 Aug'22
Criminal 0ktapus spoofed IAM firm in massive phishing attack

Researchers at Group-IB have published research on a major phishing campaign that ensnared victims at the likes of Cloudflare and Twilio
August 25, 2022 25 Aug'22
Millions of Plex users may be at risk in password breach

Up to half of Plex’s 30 million users may have had their personal data stolen by an unknown threat actor
August 24, 2022 24 Aug'22
Alleged Twitter security failings spell trouble ahead

Twitter’s former security head, Peiter Zatko, has alleged a number of serious cyber failures at the social media platform, raising the spectre of investigations and sanctions
August 23, 2022 23 Aug'22
NCSC shares cyber guidance for large infrastructure builds

Balfour Beatty and McAlpine are among the large construction firms to have input into latest NCSC guidance for ensuring the security of major infrastructure projects
August 19, 2022 19 Aug'22
Google employees demand end to collection of abortion data

In the wake of the US Supreme Court rolling back abortion rights, Google employees are calling on the company to stop collecting abortion-related data, so that it can never be shared with police
August 19, 2022 19 Aug'22
Inside Singapore’s national digital identity journey

Singapore’s national digital identity system has evolved from providing single sign-on to e-government services to pandemic-related and digital document capabilities in recent years
August 18, 2022 18 Aug'22
Amazon Ring vulnerability could have been used to spy on users

A now-patched vulnerability in the Amazon Ring mobile app could have been exploited to expose users’ video recordings, but was complex to exploit, according to the researchers who stumbled upon it
August 18, 2022 18 Aug'22
GPS tagging of migrants breaches UK data protection law, says Privacy International complaint

Privacy group files complaints with Information Commissioner’s Office and Forensic Science Regulator over Home Office’s GPS monitoring of migrants
August 16, 2022 16 Aug'22
South Staffs Water is victim of botched Clop attack

South Staffordshire Water moves to reassure customers that their supplies remain safe after its attackers screw up their initial assault
August 15, 2022 15 Aug'22
Lawyers and journalists sue CIA and Mike Pompeo over Assange surveillance claims

CIA and its former director sued over allegations that they authorised unlawful spying on US citizens when they visited WikiLeaks founder Julian Assange at the Ecuadorian Embassy in London
August 12, 2022 12 Aug'22
Cyber criminal forum targets only Russia

The Digital Shadows Photon Research Team has been investigating a pro-Ukraine cyber criminal forum called Dumps, which appears to be one of a kind
August 11, 2022 11 Aug'22
Cisco averts cyber disaster after successful phishing attack

A potentially serious cyber attack on Cisco’s systems that began after a threat actor successfully exploited an employee’s carelessly secured credentials was thwarted without major damage
August 11, 2022 11 Aug'22
NHS may take a month to recover from supply chain attack

Ransomware attack victim Advanced warns its NHS customers they could be waiting until early September to fully recover their operations
August 10, 2022 10 Aug'22
UK to surveil convicted migrants with facial recognition

A Home Office scheme to biometrically scan the faces of convicted migrants who have already carried out punishments has come under fire from privacy and human rights groups for being discriminatory
August 09, 2022 09 Aug'22
Cyber insurance getting harder to obtain

Organisations looking to shore up their security postures face more and more barriers to obtaining cyber insurance
July 29, 2022 29 Jul'22
Austrian data firm accused of selling malware, conducting cyber attacks

Microsoft has accused DSIRF, an Austrian data services firm, of involvement in a string of cyber attacks
July 28, 2022 28 Jul'22
NCSC startups scheme turns focus to operational technology, SME security

NCSC for Startups initiative turns its focus to supporting innovation around securing operational technology and addressing the challenges facing small businesses
July 28, 2022 28 Jul'22
Cyber criminals pivot away from macros as Microsoft changes bite

As Microsoft resumes blocking macros by default in its Office application suite, reversing a temporary reversal, analysis from Proofpoint suggests the action has had a remarkable effect
July 27, 2022 27 Jul'22
Retail software firm PrestaShop warns users about SQL injection attacks

Open source e-commerce platform PrestaShop warns thousands of small retailers that their customers’ credit card details may be at risk of compromise
July 27, 2022 27 Jul'22
Cyber security training ‘boring’ and largely ignored

Two-thirds of employees don’t bother to pay attention to cyber security training – and the fault does not lie with them
July 26, 2022 26 Jul'22
Secret court asked to quash a decade of MI5 surveillance warrants following ‘systemic breaches’

The culture at MI5 was to ‘prioritise’ missions ‘over everything else’, including compliance with safeguards designed to protect the public, the UK’s most secret court heard yesterday
July 26, 2022 26 Jul'22
No More Ransom initiative helps 1.5 million people in six years

One and a half million people have now taken advantage of free ransomware decryption tools offered by a joint European project
July 26, 2022 26 Jul'22
Ducktail infostealer targets Facebook Business users

Newly uncovered Ducktail operation targets individuals with access to Facebook Business service and tries to steal their accounts
July 25, 2022 25 Jul'22
Home Office ‘unlawfully’ approved MI5 bulk surveillance warrants

MI5 provided ‘false information’ to the Home Office to secure bulk surveillance warrants, the Investigatory Powers Tribunal heard
July 25, 2022 25 Jul'22
Latest Atlassian Confluence vulnerability raises concerns

CVE-2022-26138 is the second major vulnerability disclosure made for Atlassian’s Confluence collaboration platform in recent months
July 22, 2022 22 Jul'22
LinkedIn most impersonated brand in phishing attacks

Social network LinkedIn, along with Microsoft and DHL, are just some of the brands that are most frequently imitated by cyber criminals conducting phishing attacks
July 21, 2022 21 Jul'22
GCHQ experts back scanning of encrypted phone messages to fight child abuse

Ian Levy, technical director of the NCSC, and Crispin Robinson, technical director of GCHQ, back client-side scanning software on mobile phones to detect child abuse
July 21, 2022 21 Jul'22
Russia-linked APTs targeted fleeing Ukrainian civilians

Mandiant and the US authorities have shared details of a phishing campaign that spoofed humanitarian information on evacuation procedures to target Ukrainians fleeing Russian bombardment
July 21, 2022 21 Jul'22
UK government introduces data reforms legislation to Parliament

Proposed changes to UK’s data protection regime include new grounds for data processing, significant powers for the secretary of state to direct the regime’s application, and fewer restrictions on law enforcement’s use of data
July 20, 2022 20 Jul'22
(ISC)² expands entry-level cyber programme after UK success

Flush with success from a UK certification programme, reaching 100k in the UK, (ISC)² now wants to provide free security certification to a million people worldwide
July 20, 2022 20 Jul'22
Transatlantic PET contest open for entries

A joint UK-US innovation prize challenge for developers of privacy-enhancing technologies has opened for entries
July 20, 2022 20 Jul'22
Russia’s Cozy Bear abusing Dropbox, Google Drive to target victims

Russian APT known as Cozy Bear has become adept at quickly incorporating popular cloud storage services into its attack chain to avoid detection
July 14, 2022 14 Jul'22
How hostile government APTs target journalists for cyber intrusions

Proofpoint shares data on multiple campaigns of cyber intrusions against journalists originating from threat actors aligned to the governments of China, Iran, North Korea and Turkey
July 14, 2022 14 Jul'22
Government pauses Online Safety Bill’s progress

The government has paused the Online Safety Bill’s journey towards becoming law, amid timetable pressure
July 14, 2022 14 Jul'22
ICO wants to ‘empower people through information’

Information Commissioner’s Office sets out commitment to safeguard the information rights of the most vulnerable people in UK society
July 13, 2022 13 Jul'22
Slippery phish wriggles around MFA protections, says Microsoft

Microsoft’s threat researchers share details of a phishing campaign that hit 10,000 organisations, against which standard multifactor authentication provides little defence
July 13, 2022 13 Jul'22
Digital break-up kit to help women get out of bad relationships safely

Domestic abuse charity Refuge teams up with Avast to equip women with the knowledge to effectively and safely end a relationship digitally