News

Security policy and user awareness

• March 29, 2023 29 Mar'23

  New North Korean APT launders crypto to fund spying programmes

  Mandiant has attributed an ongoing campaign of malicious activity to a newly designated APT that is engaged in the acquisition and laundering of cryptocurrency to fund the regime’s espionage activities

• March 29, 2023 29 Mar'23

  How organisations can weaponise data privacy

  Organisations should turn data privacy into a competitive advantage and look beyond regulatory compliance to build a privacy programme that aligns with business targets, says Gartner

• March 29, 2023 29 Mar'23

  Generative AI presents opportunities and challenges to UK schools

  Generative AI and LLMs hold great potential for use in the classroom, but the privacy and security implications of its use must be carefully considered, says the Department for Education

• March 28, 2023 28 Mar'23

  Apple security updates fix 33 iPhone vulnerabilities

  A larger-than-usual update to Apple’s mobile operating system fixes more than 30 distinct vulnerabilities, including two serious issues that may potentially affect device kernels

• March 28, 2023 28 Mar'23

  Europol warns cops to prep for malicious AI abuse

  In a report looking at how large language models can be used by criminals, Europol’s Innovation Lab calls on law enforcement agencies to prepare themselves for wide-ranging impacts on their work

• March 24, 2023 24 Mar'23

  National Crime Agency sting operation infiltrates cyber crime market

  The UK National Crime Agency has tricked thousands of potential cyber criminals into registering with a fake website pretending to offer tools for creating DDoS attacks

• March 22, 2023 22 Mar'23

  Government launches seven-year NHS cyber strategy

  The new Cyber Security Strategy for Health and Adult Social Care lays out a plan for promoting cyber resilience in the sector by 2030 to protect services and patients alike

• March 21, 2023 21 Mar'23

  Nordics move towards common cyber defence strategy

  Nordic countries agree to work together to improve their cyber defences amid increasing threat

• March 21, 2023 21 Mar'23

  How Mimecast thinks differently about email security

  Mimecast CEO Peter Bauer believes the company’s comprehensive approach towards email security has enabled it to remain relevant to customers for two decades

• March 20, 2023 20 Mar'23

  NCSC launches cyber check-up tools for SMEs

  The NCSC has launched two new security services aimed at SMEs that lack the resources to address cyber issues, and may underestimate their vulnerability to attack

• March 20, 2023 20 Mar'23

  BBC cracks down on TikTok after review

  The BBC is asking staff not to install TikTok on corporate-owned devices without a justified business purpose, although its use will still be allowed to share media content with its audiences

• March 17, 2023 17 Mar'23

  UK TikTok ban gives us all cause to consider social media security

  The UK government’s ban on TikTok should give all organisations cause to look into what information social media platforms are collecting on us, and what they are using it for

• March 16, 2023 16 Mar'23

  BEC attacks doubled in 2022, outstripping ransomware

  Massive growth in the volume of Business Email Compromise or BEC attacks was linked to a surge in successful phishing campaigns, according to data from Secureworks

• March 16, 2023 16 Mar'23

  TikTok banned on UK government devices

  The UK government has followed in the footsteps of its US and European counterparts and banned the use of Chinese social media app TikTok on official devices

• March 16, 2023 16 Mar'23

  Rubrik customer, partner data exposed in possible Clop attack

  Rubrik was supposedly compromised by the Clop ransomware gang via a zero-day vulnerability in a managed file transfer software package it uses

• March 16, 2023 16 Mar'23

  Mandiant: Dangerous MS Outlook zero-day widely used against Ukraine

  A zero-day vulnerability in Microsoft Outlook that was fixed in the March Patch Tuesday update has likely been actively exploited by Russian actors for a year or more, and its use will now spread rapidly

• March 15, 2023 15 Mar'23

  Microsoft patches Outlook zero-day for March Patch Tuesday

  A highly dangerous privilege escalation bug in Outlook is among 80 different vulnerabilities patched in Microsoft’s March Patch Tuesday update

• March 14, 2023 14 Mar'23

  NatWest introduces limits on crypto trading to prevent fraud

  UK bank says its retail customers will benefit from daily and monthly limits on the amount they can pay into cryptocurrency exchanges

• March 13, 2023 13 Mar'23

  MI5 to oversee new National Protective Security Authority

  The new National Protective Security Authority will address various national security threats including state-sponsored cyber espionage against UK targets

• March 08, 2023 08 Mar'23

  How ForgeRock is tackling identity management

  ForgeRock CEO Fran Rosch has set the identity and access management software supplier on a path to deliver a frictionless identity experience without compromising security or privacy

• March 07, 2023 07 Mar'23

  Nine in 10 enterprises fell victim to successful phishing in 2022

  Egress annual email security risk report breaks down impacts of email-based phishing attacks and data loss, and the effect these can have on organisations in terms of staff retention and morale

• March 07, 2023 07 Mar'23

  Taking back control: Could a distributed model breed a better AI?

  AI tools such as ChatGPT are trained on datasets scraped from the web, but you don’t have much say if your data is used. Technologist Bruce Schneier says it’s time to give control of AI training data back to the people

• March 07, 2023 07 Mar'23

  APAC IT leaders bullish on tech spending

  Over half of respondents in this year’s IT Priorities study have bigger IT budgets as they continue to make strategic investments in cyber security, cloud and automation, among other areas

• March 03, 2023 03 Mar'23

  White House unveils National Cybersecurity Strategy

  The strategy will focus on ensuring closer collaboration on cyber security between government and industry, while giving software and other tech companies a bigger role in combatting threats due to their resources and expertise

• March 02, 2023 02 Mar'23

  WH Smith staff data accessed in cyber attack

  The retailer has said that customer data has not been affected by the incident as it is held in different systems, and that investigations into the attack are ongoing

• February 22, 2023 22 Feb'23

  UK forces lead live-fire cyber war exercise

  The seven-day Defence Cyber Marvel 2 exercise put cyber responders from 11 countries through their paces

• February 22, 2023 22 Feb'23

  Half of cyber leaders to switch jobs by 2025, citing stress

  A substantial number of cyber security leaders are plotting their great escape, saying the industry is leaving them too stressed to go on, according to a study

• February 20, 2023 20 Feb'23

  Singapore organisations struggle to operationalise threat intelligence

  Organisations in the city-state were satisfied with the quality of their threat intelligence, but they struggled to operationalise the information due to talent shortages and other challenges

• February 20, 2023 20 Feb'23

  Twitter 2FA changes bring more risks than benefits

  Twitter’s approach to nudging users away from insecure SMS-based 2FA is being questioned over its logic

• February 16, 2023 16 Feb'23

  How to tame the identity sprawl

  Organisations should find a comprehensive way to gain full visibility into their digital identities and leverage automation to tame the identify sprawl

• February 15, 2023 15 Feb'23

  Multi-purpose malwares can use more than 20 MITRE ATT&CK TTPs

  Report warns of the development of increasingly sophisticated, multi-purpose malwares, and calls on defenders to play close attention to the MITRE ATT&CK framework to ward them off

• February 15, 2023 15 Feb'23

  Microsoft fixes three zero-days in February update

  February’s Patch Tuesday update contains fixes for three previously unpublicised zero-days in Microsoft Office, Windows Graphics Component and Windows Common Log File System Driver

• February 14, 2023 14 Feb'23

  Vidar, nJRAT re-emerge as prominent malware threats in January

  Trojans and infostealers once again dominate the list of most commonly observed threats, according to Check Point’s latest telemetry

• February 14, 2023 14 Feb'23

  UK authorities clamp down on illegal crypto ATMs

  The Financial Conduct Authority and West Yorkshire Police have disrupted a number of illegal crypto ATMs

• February 14, 2023 14 Feb'23

  OSC&R framework to stop supply chain attacks in the wild

  The backers of a new MITRE ATT&CK style framework called OSC&R hope to help organisations get to grips with threats to their software supply chains

• February 10, 2023 10 Feb'23

  Social media platform Reddit breached in phishing attack

  An unspecified threat actor obtained access to internal documents, code and business systems at Reddit after stealing employee credentials in a phishing attack

• February 09, 2023 09 Feb'23

  UK imposes sanctions on Conti ransomware gang leaders

  Seven Russian nationals associated with the Conti and Ryuk ransomware operations have been sanctioned by the UK

• February 09, 2023 09 Feb'23

  How Check Point is keeping pace with the cyber security landscape

  Check Point Software CEO Gil Shwed talks up the company’s growth areas, its approach to cloud security and the impact of generative AI on cyber security

• February 08, 2023 08 Feb'23

  Russian hacking group Seaborgium targets SNP MP Stewart McDonald

  Scottish National Party MP Stewart McDonald says his personal emails have been hacked by a group linked to the Russian state in a targeted phishing attack

• February 08, 2023 08 Feb'23

  Campaigners lament lack of movement on Computer Misuse Act reform

  Westminster has opened a new consultation on proposed reforms to the Computer Misuse Act of 1990, but campaigners who want the law changed to protect cyber professionals have been left disappointed

• February 06, 2023 06 Feb'23

  Online banks still riddled with cyber security flaws, report says

  Online bank Virgin Money was found to have the weakest online and application security measures in a Which? study but Nationwide, TSB and The Co-Operative Bank all failed on multiple points, too.

• February 06, 2023 06 Feb'23

  The Security Interviews: How to overcome data protection compliance challenges

  Complying with the vast swathe of data protection legislation around the world is complex, especially for smaller organisations without the necessary expertise. Could the compliance process be simplified, and if so, how?

• February 06, 2023 06 Feb'23

  Ransomware operator turns their fire on two-year-old VMware bug

  A vulnerability in VMware ESXi servers that users should have patched in 2021 is now being exploited to spread ransomware

• February 05, 2023 05 Feb'23

  Australian organisations underinvesting in cyber security

  Over half of Australian organisations failed to invest enough in cyber security over past three years, though awareness is improving in aftermath of high-profile data breaches

• February 02, 2023 02 Feb'23

  North Korea’s Lazarus gang exposes itself in opsec failure

  WithSecure researchers linked a campaign of cyber attacks targeting medical research and energy firms to North Korea’s infamous Lazarus APT after a group member accidentally screwed up

• February 02, 2023 02 Feb'23

  Arnold Clark customer data was stolen in Play ransomware attack

  Arnold Clark confirms data leaked on dark web was stolen from its systems in ransomware attack

• February 01, 2023 01 Feb'23

  Romance fraudsters stole £65m from Brits since 2020

  Online romance fraudsters have scammed Brits out of £65m in the past three years, according to retail bank TSB

• February 01, 2023 01 Feb'23

  Cisco fixes two bugs that could have led to supply chain attacks on users

  Two vulnerabilities uncovered in Cisco hardware could have opened the door to serious supply chain cyber attacks, according to the Trellix researchers who found them

• February 01, 2023 01 Feb'23

  CryptoRom scam abuses Apple and Google app stores to claim victims

  Sophos researchers report on two fake apps used by romance scammers to lure victims into parting with their money, both of which were able to escape the attention of Apple and Google app store safeguards

• February 01, 2023 01 Feb'23

  Malware variant can block contactless payments

  Kaspersky warns that the latest variant of the Prilex malware can block contactless payments to force people to insert cards, enabling criminals to steal money