News

Regulatory compliance and standard requirements

• November 28, 2023 28 Nov'23

  Scope of British Library data breach widens

  Personal data on British Library users has appeared for sale on the dark web following a Rhysida ransomware attack, as the scope of the still-developing incident widens again

• November 27, 2023 27 Nov'23

  NCSC publishes landmark guidelines on AI cyber security

  The NCSC and its US counterpart CISA have brought together tech companies and governments to countersign a new set of guidelines aimed at promoting a secure-by-design culture in AI development

• November 23, 2023 23 Nov'23

  North Korean APTs go all in on supply chain attacks, warns NCSC

  Threat actors linked to the North Korean regime are becoming more adept at targeting software supply chains in the service of their cyber attacks

• November 23, 2023 23 Nov'23

  Australia ups ante on cyber security

  Australia’s new cyber security strategy will focus on building threat-blocking capabilities, protecting critical infrastructure and improving the cyber workforce, among other priorities

• November 22, 2023 22 Nov'23

  Palantir awarded NHS FDP data contract

  NHS England has awarded a £330m, seven-year contract to US data specialist Palantir, prompting concerns from data privacy practitioners

• November 20, 2023 20 Nov'23

  IT not ready for AI, Pure Storage survey finds

  Storage, compute and networking hardware won’t cope without upgrades, and that often means total IT infrastructure overhaul

• November 17, 2023 17 Nov'23

  Microsoft and Meta quizzed on AI copyright

  Large language models are trained using vast amounts of public data – but do the hyperscalers comply with copyright laws?

• November 16, 2023 16 Nov'23

  Ransomware gang grasses up uncooperative victim to US regulator

  The ALPHV/BlackCat ransomware gang has added a new tactic to its playbook, going to ever more extreme lengths in search of a pay-off

• November 13, 2023 13 Nov'23

  Rogue state-aligned actors are most critical cyber threat to UK

  The prospect of rogue nation-state-aligned attackers bringing down the UK’s critical infrastructure is keeping the NCSC up at night

• November 13, 2023 13 Nov'23

  Victims’ legal action over 2015 Carphone Warehouse breach moves forward

  A class action against Currys Retail over the 2015 data breach of Carphone Warehouse customers has been granted permission to move forward in the courts

• November 13, 2023 13 Nov'23

  ICO alerted after technical ‘issue’ exposed college files to student barristers

  A training college for barristers has reported a data breach that left sensitive data on hundreds of current and former students accessible to other trainees

• November 10, 2023 10 Nov'23

  UN disarmament body calls for global action on autonomous weapons

  UN draft resolution highlighting the dangers of autonomous weapons passes with overwhelming majority

• November 09, 2023 09 Nov'23

  The Security Interviews: Why cyber needs to integrate better

  Cyber security is an intensely technical field, but we shouldn’t ignore the soft skills of communication and collaboration. Wipro’s Tony Buffomante explains why a robust security posture is dependent on a security team engaging with the wider ...

• November 08, 2023 08 Nov'23

  Data-sharing management gap highlights cyber risk, says report

  Organisations are struggling to secure their use of communications tools to share data with third-party partners and suppliers, and in the process are exposing themselves to heightened levels of risk, according to a report

• November 08, 2023 08 Nov'23

  King’s Speech misses the mark on cyber law reform, says campaign

  A group of activists who want to reform the UK’s computer misuse laws to protect bona fide cyber pros from prosecution have been left disappointed by a lack of legislative progress

• November 08, 2023 08 Nov'23

  The Security Interviews: ISC2’s Clar Rosso on cyber diversity and policy

  Computer Weekly catches up with ISC2 CEO Clar Rosso to talk about diversifying the cyber workforce and supporting cyber pros as they keep up with growing compliance and security policy demands

• November 06, 2023 06 Nov'23

  How Trellix’s CISO keeps threat actors at bay

  Trellix’s chief information security officer, Harold Rivas, outlines how the company mitigates security threats through containment and by helping security analysts to respond faster to cyber incidents

• November 02, 2023 02 Nov'23

  EU digital ID reforms should be ‘actively resisted’, say experts

  Over 300 cyber security experts have called for the EU to rethink its proposals for eIDAS digital identity reforms, saying some of the provisions risk damaging user privacy and security

• November 01, 2023 01 Nov'23

  Darktrace CEO Poppy Gustafsson on her AI Safety Summit goals

  As the AI Safety Summit at Bletchley Park takes place, Computer Weekly caught up with Darktrace CEO Poppy Gustafsson to find out what one of the UK’s most prominent AI advocates wants from proceedings

• October 31, 2023 31 Oct'23

  British Library falls victim to cyber attack

  The British Library is experiencing a major IT outage following a cyber incident of an undisclosed nature

• October 31, 2023 31 Oct'23

  SEC sues SolarWinds, alleging serious security failures

  SolarWinds and its CISO have been charged with fraud and internal control failures by the US authorities amid allegations of a series of cyber security failings leading up to the 2020 Sunburst attacks

• October 27, 2023 27 Oct'23

  Domestic abuse charities surface fresh worries over NHS data sharing

  With new NHS data access options coming into effect at the end of October, a group of campaigners including womens' charities and the BMA have warned that the revived GP-patient data sharing scheme risks putting vulnerable people at risk

• October 27, 2023 27 Oct'23

  Germany: European Court opinion kicks questions over EncroChat back to national courts

  Germany lawfully obtained data on German EncroChat users from France, but whether the evidence is legally admissible is a matter for national courts

• October 26, 2023 26 Oct'23

  Sunak sets scene for upcoming AI Safety Summit

  Prime minister Rishi Sunak has outlined how the UK will approach making AI safe, but experts say there is still too big a focus on catastrophic but speculative risks over real harms the technology is already causing

• October 25, 2023 25 Oct'23

  UK Finance paints mixed picture of fraud as losses top £500m

  UK losses to fraud in the first six months of the year topped £500m, but a slight decline in overall crime rates was observed, according to UK Finance’s latest data

• October 24, 2023 24 Oct'23

  Research team tricks AI chatbots into writing usable malicious code

  Researchers at the University of Sheffield have demonstrated that so-called Text-to-SQL systems can be tricked into writing malicious code for use in cyber attacks

• October 19, 2023 19 Oct'23

  Nuclear regulator raps EDF over cyber compliance

  The Office for Nuclear Regulation says EDF has come up short on needed measures to improve cyber security standards at several critical UK nuclear facilities

• October 19, 2023 19 Oct'23

  Sellafield local authority unsure if data was stolen six years on from North Korea ransomware attack

  Senior managers at an ‘Achilles heel’ local authority for Europe’s biggest nuclear site ‘still don’t know what was lost’ in a 2017 cyber attack, according to a council source

• October 12, 2023 12 Oct'23

  Scottish biometrics watchdog outlines police cloud concerns

  Police Scotland’s response to the biometrics commissioner’s formal information notice ‘did not ameliorate’ his concerns about the sovereignty and security of the sensitive biometric information being uploaded to cloud infrastructure that is subject ...

• October 10, 2023 10 Oct'23

  MGM faces £100m loss from cyber attack on its casinos

  MGM Resorts has provided further details on the fallout of the hack targeting its casinos in early September, confirming that a range of personal information has been stolen and that it will likely cost the firm around $100m

• October 05, 2023 05 Oct'23

  Policing minister wants to use UK passport data in facial recognition

  The policing minister’s plans to integrate the UK’s passport database with police facial-recognition systems have been met with criticism from campaigners, academics, and the biometrics commissioner for England and Wales

• October 04, 2023 04 Oct'23

  Lloyds Bank launches digital identity app

  Lloyds Bank has launched a digital identity app with tech startup Yoti, after it invested £10m in the firm

• October 03, 2023 03 Oct'23

  Cyber experts urge EU to rethink vulnerability disclosure plans

  The European Union’s proposed cyber security vulnerability disclosure measures are well-intentioned but ultimately counterproductive, as making unmitigated vulnerabilities public knowledge increases the risk of their exploitation by various actors, ...

• October 03, 2023 03 Oct'23

  CIISec scores DSIT funding to expand successful CyberEPQ scheme

  DSIT has committed to enhanced funding to expand CIISec’s CyberEPQ education programme after recording excellent results to date

• September 28, 2023 28 Sep'23

  Strasbourg court condemns Turkey for jailing teacher for using ByLock encrypted messaging app

  The case is expected to have implications for the use of digital evidence in prosecutions against users of other encrypted phone apps

• September 28, 2023 28 Sep'23

  Yahoo picks Intigriti to run crowdsourced bug bounty programme

  Digital media brand Yahoo is setting up a crowdsourced bug bounty programme with ethical hacking specialist Intigriti, and is reaching out to the Capture the Flag community to participate

• September 26, 2023 26 Sep'23

  Cover-ups still the norm in the wake of a cyber incident

  Almost half of organisations that have experienced a cyber incident did not report it to the appropriate authorities, according to a report

• September 22, 2023 22 Sep'23

  UK-US data bridge to open to traffic on 12 October

  Government forges ahead with the implementation of the UK-US data bridge, which will come into effect for real just under three weeks from now

• September 21, 2023 21 Sep'23

  Poor digital experience a blocker for cyber resilience

  Organisations that neglect the digital employee experience are not only vulnerable to employee attrition, but putting themselves at increased cyber risk, an Ivanti report finds

• September 20, 2023 20 Sep'23

  Parliament passes sweeping Online Safety Bill but tech companies still concerned over encryption

  Ofcom will consult on standards to enforce new powers, but tech companies remain concerned about the impact of the bill’s ‘spy clause’, which could require them to scan encrypted messages

• September 19, 2023 19 Sep'23

  Braverman puts pressure on Meta to pause end-to-end encryption plans

  The home secretary is calling on Meta to halt its plans to introduce encrypted messaging services on Facebook and Instagram until the company puts measures in place to detect abuse

• September 19, 2023 19 Sep'23

  New revelations from the Snowden archive surface

  A decade after Snowden exposed NSA’s mass surveillance in cooperation with the British GCHQ, only about 1% of the documents have been published – but three major facts can finally be revealed thanks to a doctoral thesis in applied cryptography by ...

• September 19, 2023 19 Sep'23

  Nominet and European counterparts link up on intelligence sharing

  The new European TLD ISAC, a collaborative project between top-level domain providers across Europe, aims to enhance their collective security posture to better protect internet users

• September 15, 2023 15 Sep'23

  TikTok fined €345m under GDPR for failing to protect children’s privacy

  Data protection regulators warn social media companies to take all necessary measures to protect children’s privacy

• September 15, 2023 15 Sep'23

  Las Vegas mainstay Caesars Palace likely paid off ransomware crew

  Caesars Entertainment, owner of the lavish Roman Empire-themed Caesars Palace casino in Las Vegas, has revealed it also suffered a ransomware attack, and appears to have paid off its hackers

• September 15, 2023 15 Sep'23

  Manchester police data breach a classic supply chain incident

  The developing data breach at Greater Manchester Police follows a cyber attack on the systems of a key supplier of ID services to the force

• September 14, 2023 14 Sep'23

  Google, Microsoft and Mozilla push browser updates to foil zero-day

  A zero-day in Google’s Chrome browser was first reported by surveillance researchers at The Citizen Lab and Apple, but also affects other browsers

• September 14, 2023 14 Sep'23

  As vehicle safety regulations loom, carmakers fret over cyber risks

  Global, UN-backed car safety and security regulations come into force next year, and automotive bosses say they are not only unprepared, but “swamped” by a tide of compliance and security risks

• September 13, 2023 13 Sep'23

  GCHQ breached privacy rights of IT professional and security researcher, human rights court rules

  The European Court of Human Rights in Strasbourg finds UK intelligence services breached the privacy rights of two overseas nationals – an IT professional and a security researcher

• September 13, 2023 13 Sep'23

  NCSC and ICO sign MoU to forge deeper collaborative links

  The scope of the MoU signed by the NCSC and the ICO includes collaboration on new cyber regulations and guidance, and how to support cyber attack victims appropriately and minimise regulatory penalties