News

IT for telecoms and internet organisations

• February 27, 2024 27 Feb'24

  Black Basta and Bl00dy ransomware gangs exploiting ConnectWise vulns

  More ransomware gangs have been observed exploiting two dangerous vulnerabilities in ConnectWise ScreenConnect software, prompting new warnings for users to get patching

• February 27, 2024 27 Feb'24

  VulnCheck bug listing to help track new threats quicker

  Exploit intelligence firm VulnCheck launches a proprietary Known Exploited Vulnerabilities catalogue in hopes of improving end-user access to intel on emerging threats and reaching those that the likes of CISA do not

• February 27, 2024 27 Feb'24

  Majority of UK employees ‘willingly gamble’ with security

  Human-centric threats originating from employees continue to damage organisations both financially and reputationally, according to a report

• February 27, 2024 27 Feb'24

  Cozy Bear and other APTs changing tack as cloud adoption increases

  A change in APT tactics has been observed resulting from greater adoption of cloud-based services, according to the NCSC

• February 23, 2024 23 Feb'24

  ConnectWise users see cyber attacks surge, including ransomware

  ConnectWise ScreenConnect users who have yet to patch against a critical vulnerability are now being targeted by a barrage of cyber attacks, including ransomware

• February 21, 2024 21 Feb'24

  CVE volumes set to increase 25% this year

  The number of reported Common Vulnerabilities and Exposures is likely to grow significantly in 2024, hitting a new high of almost 35,000, according to Coalition, a cyber insurance specialist

• February 14, 2024 14 Feb'24

  Dutch Supreme Court approves use of EncroChat evidence

  Defence lawyers plan appeal to European Court of Human Rights after Supreme Court upholds a conviction based on intercepted messages from the EncroChat encrypted phone network

• February 14, 2024 14 Feb'24

  Microsoft patches two zero-days for Valentine’s Day

  Two security feature bypasses impacting Microsoft SmartScreen are on the February Patch Tuesday docket, among more than 70 issues

• February 14, 2024 14 Feb'24

  Security experts: Investigatory powers plans will delay security updates

  Cyber security experts warn that government proposals to amend the Investigatory Powers Act will limit tech companies’ ability to respond to security threats and could hamper the use of end-to-end encryption

• February 13, 2024 13 Feb'24

  Hunter-killer malware volumes seen surging

  Latest Picus Security report on malware tactics, techniques and procedures reveals an increasing focus on disabling security defences

• February 08, 2024 08 Feb'24

  Executive alleged to be behind EncroChat encrypted phone network arrested

  A businessman allegedly behind EncroChat, an encrypted phone network that was used by organised crime groups, has been extradited from the Dominican Republic to France

• February 07, 2024 07 Feb'24

  NCSC warns CNI operators over ‘living-off-the-land’ attacks

  Malicious, state-backed actors may well be lurking in the UK’s most critical networks right now, and their operators may not even know until it is too late, warn the NCSC and its partners

• February 07, 2024 07 Feb'24

  Dozens of surveillance companies are supplying spyware to governments, says Google

  Google’s Threat Analysis Group has identified 40 companies involved in selling and supplying security exploits and spyware services to governments

• February 06, 2024 06 Feb'24

  UK’s McPartland Cyber Review to probe trust in technology

  The UK government has launched a cyber security review that will investigate how best to give businesses the confidence they need to use new technologies

• January 25, 2024 25 Jan'24

  Bugcrowd sees surge in vulnerability submissions, led by public sector

  Crowdsourced vulnerability disclosure and bug bounty platform Bugcrowd says it saw a 151% uptick in submissions related to government and public sector organisations in 2023

• January 24, 2024 24 Jan'24

  WebKit vulnerability sparks Apple’s first major security update of 2024

  A zero-day in the open source WebKit browser engine that powers Safari has sparked Apple’s first major patch roll-out of the new year

• January 24, 2024 24 Jan'24

  AI will heighten global ransomware threat, says NCSC

  The benefits of artificial intelligence to cyber criminals being well-known, the NCSC now assesses it’s likely AI will soon be widely used to enhance ransomware attacks

• January 24, 2024 24 Jan'24

  Salesforce’s bug bounty programme paid out $3m in 2023

  Ethical hackers disclosed more than 4,000 vulnerabilities to Salesforce last year through its bug bounty programme, and received over $3m in rewards

• January 23, 2024 23 Jan'24

  Treat cyber risk like financial or legal issue, says UK government

  UK government and NCSC launch proposed code of practice on cyber security governance to help directors and business leaders toughen their defences

• January 23, 2024 23 Jan'24

  Leak of 26 billion records may prove to be ‘mother of all breaches’

  The discovery of a dataset comprising 26 billion stolen records may prove to be record-breaking in both its size and the danger it poses to ordinary people

• January 22, 2024 22 Jan'24

  Chat control: Tech companies warn ministers over EU encryption plans

  Tech companies have written to EU ministers to urge them to back the European Parliament, rather than the European Commission, over proposed regulations to police child abuse

• January 18, 2024 18 Jan'24

  Tech firms: Investigatory Powers review will undermine privacy of UK citizens

  Trade group TechUK argues in a briefing sent to the Home Office that proposed amendments to the Investigatory Powers Bill could have a far-reaching impact on privacy and security

• January 11, 2024 11 Jan'24

  Cisco fixes high-impact flaw in unified comms platform

  Cisco unified comms customers are urged to patch a critical vulnerability in Unity Connection, a messaging and voicemail product

• January 10, 2024 10 Jan'24

  Windows Kerberos, Hyper-V vulns among January Patch Tuesday bugs

  Microsoft starts 2024 right with another slimline Patch Tuesday drop, but there are some critical vulns to be alert to, including a number of man-in-the-middle attack vectors

• January 09, 2024 09 Jan'24

  Babuk Tortilla ransomware decryptor made available

  A joint effort between Cisco Talos, Avast and the Dutch police will bring relief to many victims of a variant of the Babuk ransomware known as Tortilla

• January 03, 2024 03 Jan'24

  Artificial intelligence to the front in Sweden’s National Technology Strategy

  Sweden focuses in on artificial intelligence in its latest far-reaching national IT strategy

• January 02, 2024 02 Jan'24

  China’s UNC4841 pivots to new Barracuda ESG zero-day

  The Chinese state threat actor behind a series of cyber attacks on Barracuda Networks customers embarked on a campaign targeting the supplier’s email security products in the run-up to Christmas

• December 21, 2023 21 Dec'23

  Top 10 cyber crime stories of 2023

  Ransomware gangs dominated the cyber criminal underworld in 2023, a year that will prove notable for significant evolutionary trends in their tactics

• December 20, 2023 20 Dec'23

  ALPHV/BlackCat operation down, but maybe not out

  Multinational law enforcement has targeted the operations of the notorious ALPHV/BlackCat cyber extortion gang, but the group’s members appear to remain defiant

• December 13, 2023 13 Dec'23

  Microsoft’s Christmas present for cyber teams: no zero-days

  Barely 30 vulnerabilities, and no zero-days, have been fixed in the final Patch Tuesday drop of 2023

• December 13, 2023 13 Dec'23

  Critical UK infrastructure a ‘hostage of fortune’ to ransomware

  A lack of ransomware planning and preparedness at the highest levels of government is leaving UK operators or critical national infrastructure dangerously exposed, according to a Joint Committee report

• December 01, 2023 01 Dec'23

  The Security Interviews: Mark McClain, SailPoint Technologies

  SailPoint founder and CEO Mark McClain reflects on how the concept of identity has evolved over the past 20 years, and points to rapid evolution still to come

• November 30, 2023 30 Nov'23

  Government’s Online Fraud Charter welcomed

  The government has corralled 11 of the largest tech platforms in the world to commit to its Online Fraud Charter, designed to tackle online scams, fake adverts, and more

• November 27, 2023 27 Nov'23

  India's Hexaware creates hundreds of jobs in UK

  Hexaware opens IT services operation in Birmingham, with a plan to recruit 250 people in the region by 2025

• November 13, 2023 13 Nov'23

  Rogue state-aligned actors are most critical cyber threat to UK

  The prospect of rogue nation-state-aligned attackers bringing down the UK’s critical infrastructure is keeping the NCSC up at night

• November 07, 2023 07 Nov'23

  Unesco unveils seven-point anti-disinformation plan

  United Nations body outlines seven proposals for civil society, governments, regulators and tech platforms to adopt to combat the source of disinformation

• November 06, 2023 06 Nov'23

  Netherlands starts building its own AI language model

  Dutch government allocates €13.5m to develop an open artificial intelligence language model according to national values and guidelines.

• November 01, 2023 01 Nov'23

  Darktrace CEO Poppy Gustafsson on her AI Safety Summit goals

  As the AI Safety Summit at Bletchley Park takes place, Computer Weekly caught up with Darktrace CEO Poppy Gustafsson to find out what one of the UK’s most prominent AI advocates wants from proceedings

• October 27, 2023 27 Oct'23

  Tech firms cite risk to end-to-end encryption as Online Safety Bill gets royal assent

  Tech firms continue to be concerned that the Online Safety Bill could undermine end-to-end encryption despite government reassurances

• October 27, 2023 27 Oct'23

  Germany: European Court opinion kicks questions over EncroChat back to national courts

  Germany lawfully obtained data on German EncroChat users from France, but whether the evidence is legally admissible is a matter for national courts

• October 26, 2023 26 Oct'23

  ChatGPT, Bard, lack effective defences against fraudsters, Which? warns

  Consumer advocacy Which? warns that popular generative AI tools are vulnerable to loopholes that render existing protections against malicious usage easily bypassed

• October 25, 2023 25 Oct'23

  UK Finance paints mixed picture of fraud as losses top £500m

  UK losses to fraud in the first six months of the year topped £500m, but a slight decline in overall crime rates was observed, according to UK Finance’s latest data

• October 25, 2023 25 Oct'23

  1Password caught up in Okta support breach

  After breaches at BeyondTrust and Cloudflare, 1Password, a third customer of Okta operating in the same space, has revealed that it too was impacted in a breach of the IAM house’s support systems

• October 24, 2023 24 Oct'23

  Kaspersky opens up over spyware campaign targeting its staffers

  Kaspersky has shared more details of the TriangleDB spyware that was used against its own workforce by an unknown APT group

• October 24, 2023 24 Oct'23

  Customers speak out over Okta’s response to latest breach

  Customers of identity specialist Okta have been attacked via a compromise of its systems, and are claiming Okta’s response leaves something to be desired

• October 20, 2023 20 Oct'23

  Collaboration paramount in KPN’s successful business transformation

  KPN tells Oracle CloudWorld 2023 how it transformed when its legacy systems became obstacles to supporting its customers on their digital journeys

• October 03, 2023 03 Oct'23

  Top science journal faced secret attacks from Covid conspiracy theory group

  A conspiratorial group of extreme Brexit lobbyists mounted an extraordinary campaign against one of the world’s most prestigious science journals – part of a series of joint investigations between Byline Times and Computer Weekly

• September 27, 2023 27 Sep'23

  Researchers offer free threat briefings on Vegas casino hackers

  Permiso, a cloud detection and response startup, is making its threat intel team available to speak on Scattered Spider, the group behind recent cyber attacks on MGM Resorts and Caesars Entertainment

• September 20, 2023 20 Sep'23

  Parliament passes sweeping Online Safety Bill but tech companies still concerned over encryption

  Ofcom will consult on standards to enforce new powers, but tech companies remain concerned about the impact of the bill’s ‘spy clause’, which could require them to scan encrypted messages

• September 19, 2023 19 Sep'23

  Braverman puts pressure on Meta to pause end-to-end encryption plans

  The home secretary is calling on Meta to halt its plans to introduce encrypted messaging services on Facebook and Instagram until the company puts measures in place to detect abuse