News

Regulatory compliance and standard requirements

• November 30, 2022 30 Nov'22

  Microsoft 365 banned in German schools over privacy concerns

  German schools cannot legally use Microsoft Office 365 over lack of clarity about how data is collected, shared and used, as well as the potential for unlawful transfer of European citizens’ personal data to the US

• November 30, 2022 30 Nov'22

  South Staffs Water customer data leaked after ransomware attack

  Personal data of water utility’s direct debit customers exposed on the dark web following a Clop ransomware attack

• November 30, 2022 30 Nov'22

  NIS regulations to be extended to cover MSPs

  The UK government is moving ahead with plans to update the Network and Information Systems regulations to bring outsourcers and MSPs into scope

• November 28, 2022 28 Nov'22

  Panzura partners with AWS on ransomware counter-measures

  Panzura might have slipped beneath the waves, but it’s come back reinvigorated, and now boasts integration with AWS with ransomware protection and Outposts hardware

• November 25, 2022 25 Nov'22

  Data management, backup becoming the CISO's responsibility

  More and more CISOs are taking on responsibility for wider data management strategies, and this trend looks set to grow next year

• November 24, 2022 24 Nov'22

  Not-for-profit aims to encourage 1,300 girls into cyber careers

  CyNam, a not-for-profit cyber security initiative, is collaborating with industry, education providers and government to encourage young women into cyber

• November 23, 2022 23 Nov'22

  South Korea data adequacy pact brings £15m Brexit bonus

  UK government finalises a data adequacy agreement with South Korea, saying it will unlock a post-Brexit business bonus of just under £15m

• November 23, 2022 23 Nov'22

  Red team tool developer slams ‘irresponsible’ disclosure

  UK security firm MDSec defends its Nighthawk command and control penetration testing framework after suggestions were made that it could be appropriated by threat actors

• November 21, 2022 21 Nov'22

  NHS trust that deleted up to 90,000 emails cleared of deliberately concealing evidence

  A tribunal found in a high-profile case brought by whistleblower Chris Day that an NHS trust had not deliberately concealed evidence when a director deleted up to 90,000 emails before he was due to testify

• November 18, 2022 18 Nov'22

  Is Elon Musk’s Twitter safe, and should you stop using it?

  With a litany of security and compliance issues exposed and in many cases caused by Elon Musk’s takeover of social media platform Twitter, some may be asking if it’s still safe or appropriate to use

• November 18, 2022 18 Nov'22

  New gold standard to protect good faith hackers

  HackerOne’s new Gold Standard Safe Harbour statement will supposedly act as a guarantee for good faith hacking

• November 18, 2022 18 Nov'22

  CyberPeace Institute helps NGOs improve their security resilience

  Adrien Ogée of the CyberPeace Institute talks about his work supporting NGOs and humanitarian organisations, and how the security community at large can help protect the world’s most vulnerable people

• November 17, 2022 17 Nov'22

  Another Log4Shell warning after Iranian attack on US government

  The breach of a US federal body by an Iranian threat actor exploiting the Adobe Log4j Log4Shell vulnerability has prompted a fresh flurry of patching

• November 16, 2022 16 Nov'22

  Global network fragmentation a source of increasing risk

  Risk consultancy’s report says the weaponisation of cyber space and geopolitical clashes herald a breakdown of global networks into distinct regional or national architectures

• November 11, 2022 11 Nov'22

  MoD recruits Immersive Labs to bolster cyber resilience

  UK’s Ministry of Defence will run cyber drills and address its security talent gap with Immersive Labs’ CyberPro, Cyber Crisis Simulator and Application Security products

• November 09, 2022 09 Nov'22

  Optus earmarks A$140m to cover cost of data breach

  Optus sets aside A$140m as an exceptional expense for a customer remediation programme following a massive data breach that affected 10 million customers

• November 09, 2022 09 Nov'22

  UK’s National Cyber Advisory Board convenes for first time

  Government convenes National Cyber Advisory Board to further its goals of making the UK one of the safest places to live and work online

• November 09, 2022 09 Nov'22

  Microsoft serves smorgasbord of six zero-days

  November’s Patch Tuesday fixes significantly fewer vulnerabilities of late, but includes six actively-exploited zero-days, three of them of critical severity

• November 07, 2022 07 Nov'22

  Public sector IT projects need ethical data practices from start

  Data ethics needs to be integrated into public sector IT projects from the very start, and considered throughout every stage of the process, to be effective

• November 07, 2022 07 Nov'22

  Department for Education escapes £10m fine over data misuse

  Department entrusted data on 28 million children to a company called Trustopia, which turned out to be anything but trustworthy, but has escaped a £10m fine under new rules

• November 03, 2022 03 Nov'22

  Global coalition reaffirms commitment to fight ransomware

  Representatives of 36 countries, as well as the EU, attended the second International Counter Ransomware Initiative Summit in Washington DC

• November 01, 2022 01 Nov'22

  NCSC looks back on year of ‘profound change’ for cyber

  The NCSC ramped up its support for UK plc in the past 12 months, but it was events beyond the UK’s borders that proved the most impactful

• October 31, 2022 31 Oct'22

  Cyber crime officer says French legal challenges to EncroChat are ‘hype’

  Matthieu Audibert, officer of the French Gendarmerie’s cyber space command, gets into a spat with defence lawyers on Twitter over the lawfulness of evidence from the hacked phone network EncroChat

• October 27, 2022 27 Oct'22

  NCSC’s Levy steps down after 20-year intelligence career

  NCSC technical director Ian Levy bids farewell, telling his successor: ‘Don’t panic’

• October 27, 2022 27 Oct'22

  NHS to get new national CISO

  The Department for Health and Social Care is seeking a new national CISO, who will be tasked with providing strategic cyber leadership, direction and expertise across DHSC and the wider NHS

• October 27, 2022 27 Oct'22

  Medibank breach casts spotlight on data security

  Health insurer Medibank Private recently suffered a major data breach involving the personal and health information of millions of customers, once again casting the spotlight on data security in Australia

• October 27, 2022 27 Oct'22

  Santander calls for cooperation to tackle APP fraud

  New report puts forward key recommendations that the banking sector, government and other industries could take to tackle authorised push payment fraud

• October 25, 2022 25 Oct'22

  US authorities charge two Chinese spies over telco security probe

  Two Chinese nationals have been charged with attempting to obstruct the criminal prosecution of a prominent Chinese telecoms firm

• October 25, 2022 25 Oct'22

  Germany: European Court of Justice asked to rule on legality of hacked EncroChat phone evidence

  Berlin’s Regional Court has asked the European Court of Justice to answer questions about whether the use of hacked EncroChat phone evidence complies with European law

• October 25, 2022 25 Oct'22

  Global digital trust market to double by 2027

  The global market for digital trust technology is expected to double to $537bn by 2027, up from $270bn today as demand for cyber security and other capabilities continues to grow

• October 25, 2022 25 Oct'22

  Digital-first businesses more willing to accept some fraud

  Companies founded in the past 20 years appear more willing to accept higher levels of fraudulent activity during the customer onboarding process, according to a report

• October 24, 2022 24 Oct'22

  Complacency biggest cyber risk to UK plc, says ICO

  Information commissioner John Edwards warns against complacency as his office issues a multimillion-pound fine to a building company that failed to prevent a ransomware attack

• October 20, 2022 20 Oct'22

  NatWest data breach whistleblower demands bank pay data controller fee to ICO

  Whistleblower calls for NatWest to pay the Information Commissioner’s Office annual data controller fee, as the personal details of 1,600 current and former NatWest customers remain under her bed

• October 20, 2022 20 Oct'22

  Singapore extends cyber security labelling scheme to medical devices

  The Cyber Security Agency of Singapore is extending its cyber security labelling scheme to medical devices to encourage medical device manufacturers to adopt a security-by-design approach to product development

• October 19, 2022 19 Oct'22

  Treat cyber crime as a ‘strategic threat’, UK businesses told

  The government’s new National Cyber Advisory Board aims to help elevate cyber discussion and spur action in the business community

• October 14, 2022 14 Oct'22

  Annual costs of Hackney ransomware attack exceed £12m

  Hackney Council reveals new insight into the ongoing cost of a ransomware attack that devastated its systems two years ago

• October 14, 2022 14 Oct'22

  Protecting children by scanning encrypted messages is ‘magical thinking’, says Cambridge professor

  Ross Anderson argues in a rebuttal to GCHQ experts that using artificial intelligence to scan encrypted messaging services is the wrong approach to protecting children and preventing terrorism

• October 13, 2022 13 Oct'22

  Dutch influence standards for post-quantum cryptography

  Cryptology group at Dutch research institute is involved in the two primary algorithms of the next NIST portfolio comprising four new standards

• October 12, 2022 12 Oct'22

  French Supreme Court rejects EncroChat verdict after lawyers question secrecy over hacking operation

  France’s Supreme Court has sent a case back to the court of appeal after police failed to disclose technical details of EncroChat hacking operation

• October 12, 2022 12 Oct'22

  ICO selectively discloses reprimands for data protection breaches

  Data protection experts question ICO’s selective approach to publishing formal reprimands for contravening the law, after FoI request reveals the Cabinet Office was among the organisations reprimanded

• October 10, 2022 10 Oct'22

  Ukraine and EU explore deeper cyber collaboration

  A Ukrainian delegation has met with officials from the EU’s ENISA cyber agency to explore deeper cooperation on cyber security issues

• October 07, 2022 07 Oct'22

  Australia to amend telecoms regulations following Optus breach

  Amendments to Australia’s telecoms regulations are in the works to temporarily allow sharing of individuals’ identifier information between telcos and financial institutions

• October 06, 2022 06 Oct'22

  EU rolling out measures for online safety and AI liability

  The European Council has approved the passage of the Digital Services Act to protect people’s rights online, while the European Commission has announced proposals to help those negatively affected by artificial intelligence to claim compensation

• October 06, 2022 06 Oct'22

  Proposals for scanning encrypted messages should be cut from Online Safety Bill, say researchers

  Automatic scanning of messaging services for illegal content could lead to one billion false alarms each day in Europe

• October 05, 2022 05 Oct'22

  Italian Supreme Court calls for prosecutors to disclose information on Sky ECC hacking operation

  Italy’s Supreme Court says Italian prosecutors and police should disclose information on how they obtained intercepted messages from the Sky ECC cryptophone network

• October 05, 2022 05 Oct'22

  Inside Dell Technologies’ zero-trust approach

  Dell Technologies’ zero-trust reference model starts with defining business controls and having a central control plane that manages all the security aspects of an organisation’s infrastructure

• October 04, 2022 04 Oct'22

  Tories to replace GDPR

  IT industry reacts to the government’s plan to replace the pan-European data protection regulation

• October 04, 2022 04 Oct'22

  France extradites Spanish EncroChat cryptophone distributors for complicity with organised crime

  Three phone sellers have been extradited from Spain to France to face charges that they were complicit in the activities of criminal EncroChat phone users  

• October 03, 2022 03 Oct'22

  Security regulation cuts online payment fraud at 73% of retailers

  New online payments security standard, Strong Customer Authentication (SCA), sees immediate fall in fraudulent payments to retailers

• October 03, 2022 03 Oct'22

  CIO interview: James Fleming, Francis Crick Institute

  Francis Crick Institute CIO discusses how Europe’s largest biomedical research institute has co-developed a framework for data sharing