News

IT governance

• November 06, 2023 06 Nov'23

  Shadow IT use at Okta behind series of damaging breaches

  Okta now believes the initial access vector in a series of damaging breaches was one of its own employees who used a corporate device to sign into their personal Google account

• November 02, 2023 02 Nov'23

  Admins told to take action over F5 Big-IP platform flaws

  Two vulnerabilities in the widely used F5 Networks Big-IP platform are now being exploited in the wild

• November 02, 2023 02 Nov'23

  UK workers exhibit poor security behaviours, report reveals

  Report by KnowBe4 has found that four in five UK workers do not make security-conscious choices, whether in-office, remote or hybrid working

• November 02, 2023 02 Nov'23

  EU digital ID reforms should be ‘actively resisted’, say experts

  Over 300 cyber security experts have called for the EU to rethink its proposals for eIDAS digital identity reforms, saying some of the provisions risk damaging user privacy and security

• November 01, 2023 01 Nov'23

  AI Summit: 28 governments and EU agree to safe AI development

  In a joint communique at the UK government’s AI Safety Summit, all participating governments agreed to deepen their cooperation around the risks associated with artificial intelligence

• November 01, 2023 01 Nov'23

  Darktrace CEO Poppy Gustafsson on her AI Safety Summit goals

  As the AI Safety Summit at Bletchley Park takes place, Computer Weekly caught up with Darktrace CEO Poppy Gustafsson to find out what one of the UK’s most prominent AI advocates wants from proceedings

• October 31, 2023 31 Oct'23

  British Library falls victim to cyber attack

  The British Library is experiencing a major IT outage following a cyber incident of an undisclosed nature

• October 31, 2023 31 Oct'23

  Biden’s AI plans focus on US workers’ protection

  The US president has issued an Executive Order that sets out his administration’s strategy for AI safety and security

• October 31, 2023 31 Oct'23

  SEC sues SolarWinds, alleging serious security failures

  SolarWinds and its CISO have been charged with fraud and internal control failures by the US authorities amid allegations of a series of cyber security failings leading up to the 2020 Sunburst attacks

• October 30, 2023 30 Oct'23

  UK government AI Summit already branded ‘missed opportunity’

  The dominance of big tech firms, a focus on speculative risks over real-world harms, and the exclusion of affected workers, mean the AI Safety Summit is a wasted opportunity, say civil society groups

• October 30, 2023 30 Oct'23

  Frontier AI Taskforce starts recruitment drive

  The second progress report from the Frontier AI Taskforce reveals new hires plus vacancy posts for software and research engineers

• October 27, 2023 27 Oct'23

  Tech firms cite risk to end-to-end encryption as Online Safety Bill gets royal assent

  Tech firms continue to be concerned that the Online Safety Bill could undermine end-to-end encryption despite government reassurances

• October 27, 2023 27 Oct'23

  Domestic abuse charities surface fresh worries over NHS data sharing

  With new NHS data access options coming into effect at the end of October, a group of campaigners including womens' charities and the BMA have warned that the revived GP-patient data sharing scheme risks putting vulnerable people at risk

• October 27, 2023 27 Oct'23

  ‘Egregious’ to link passport data with facial recognition systems

  The Scottish biometrics watchdog has spoken out against the UK policing minister’s plans to integrate passport data with police facial recognition systems

• October 27, 2023 27 Oct'23

  UK regulators confident they are ready for AI safety governance

  MPs at a recent artificial intelligence governance meeting were keen to hear how Ofcom, the FCA and the ICO are preparing for UK AI legislation

• October 26, 2023 26 Oct'23

  ChatGPT, Bard, lack effective defences against fraudsters, Which? warns

  Consumer advocacy Which? warns that popular generative AI tools are vulnerable to loopholes that render existing protections against malicious usage easily bypassed

• October 26, 2023 26 Oct'23

  Sunak sets scene for upcoming AI Safety Summit

  Prime minister Rishi Sunak has outlined how the UK will approach making AI safe, but experts say there is still too big a focus on catastrophic but speculative risks over real harms the technology is already causing

• October 26, 2023 26 Oct'23

  Boardrooms losing control in generative AI takeover, says Kaspersky

  C-suite executives are increasingly fretful about what they perceive as a ‘silent infiltration’ of generative AI tools across their organisations

• October 25, 2023 25 Oct'23

  UK Finance paints mixed picture of fraud as losses top £500m

  UK losses to fraud in the first six months of the year topped £500m, but a slight decline in overall crime rates was observed, according to UK Finance’s latest data

• October 25, 2023 25 Oct'23

  1Password caught up in Okta support breach

  After breaches at BeyondTrust and Cloudflare, 1Password, a third customer of Okta operating in the same space, has revealed that it too was impacted in a breach of the IAM house’s support systems

• October 24, 2023 24 Oct'23

  Michelle Donelan reaffirms UK's commitment to AI safety

  In a keynote speech, the secretary of state for science, innovation and technology discussed the UK's pro-innovation approach to AI safety

• October 24, 2023 24 Oct'23

  Research team tricks AI chatbots into writing usable malicious code

  Researchers at the University of Sheffield have demonstrated that so-called Text-to-SQL systems can be tricked into writing malicious code for use in cyber attacks

• October 24, 2023 24 Oct'23

  Kaspersky opens up over spyware campaign targeting its staffers

  Kaspersky has shared more details of the TriangleDB spyware that was used against its own workforce by an unknown APT group

• October 24, 2023 24 Oct'23

  Customers speak out over Okta’s response to latest breach

  Customers of identity specialist Okta have been attacked via a compromise of its systems, and are claiming Okta’s response leaves something to be desired

• October 24, 2023 24 Oct'23

  Suzy Lamplugh Trust treads path to improved cyber resilience

  Personal safety charity enlists the support of the London Cyber Resilience Centre to improve staff awareness and strengthen its overall cyber resilience

• October 23, 2023 23 Oct'23

  Taxpayers to fund a further £150m for Post Office IT scandal

  Total bill for the scandal goes well over £1bn, as subpostmaster campaign leader considers private prosecutions of Post Office executives

• October 20, 2023 20 Oct'23

  Computer Weekly contributor named Godfather of UK Security

  Advent IM founder Mike Gillespie was among those honoured at the eighth annual Security Serious Unsung Heroes Awards

• October 20, 2023 20 Oct'23

  CDO interview: Carter Cousineau, vice-president of data and model governance, Thomson Reuters

  The news and information provider places a premium on responsible and ethical use of artificial intelligence, and central to that is the governance of data and the models surrounding it

• October 19, 2023 19 Oct'23

  Nuclear regulator raps EDF over cyber compliance

  The Office for Nuclear Regulation says EDF has come up short on needed measures to improve cyber security standards at several critical UK nuclear facilities

• October 19, 2023 19 Oct'23

  Sellafield local authority unsure if data was stolen six years on from North Korea ransomware attack

  Senior managers at an ‘Achilles heel’ local authority for Europe’s biggest nuclear site ‘still don’t know what was lost’ in a 2017 cyber attack, according to a council source

• October 19, 2023 19 Oct'23

  Post Office auditors presumed subpostmasters were ‘on the fiddle’ or ‘in a muddle’

  Public inquiry into Post Office scandal hears how head office staff routinely made negative assumptions about subpostmasters in small branches

• October 18, 2023 18 Oct'23

  What are the cyber risks from the latest Middle Eastern conflict?

  The outbreak of war between Hamas and Israel in October 2023 has seen a wide variety of accompanying cyber attacks from hacktivists and other groups. We look at the risks to organisations

• October 17, 2023 17 Oct'23

  Five Eyes issues five tips on thwarting nation state threats

  Intelligence chiefs from the UK, Australia, Canada, New Zealand and the US have published guidance on building resilience against nation state cyber threats

• October 17, 2023 17 Oct'23

  Alert sounded over dangerous Cisco IOS XE zero-day

  Cisco warns customers using its IOS XE software of a newly discovered vulnerability that could enable a threat actor to take over their systems

• October 12, 2023 12 Oct'23

  Scottish biometrics watchdog outlines police cloud concerns

  Police Scotland’s response to the biometrics commissioner’s formal information notice ‘did not ameliorate’ his concerns about the sovereignty and security of the sensitive biometric information being uploaded to cloud infrastructure that is subject ...

• October 11, 2023 11 Oct'23

  Public sector buyers of AI tech must interrogate its suitability

  The Ada Lovelace Institute has published a review on public sector use of artificial intelligence foundation models, looking at the risks and opportunities associated with the technology, and how these can be dealt with from the early stages of ...

• October 10, 2023 10 Oct'23

  MGM faces £100m loss from cyber attack on its casinos

  MGM Resorts has provided further details on the fallout of the hack targeting its casinos in early September, confirming that a range of personal information has been stolen and that it will likely cost the firm around $100m

• October 06, 2023 06 Oct'23

  Data-sharing strategy needs business buy-in

  A Forrester Consulting survey for Capital One Software has found that data experts and businesspeople have differing views on success

• October 05, 2023 05 Oct'23

  Red Cross issues rules of engagement for hackers in conflicts

  The digital rules of engagement are the first time cyber activity has been looked at by the conflict watchdog, but a number of hacker groups have already come out and said they will not be following them

• October 05, 2023 05 Oct'23

  Policing minister wants to use UK passport data in facial recognition

  The policing minister’s plans to integrate the UK’s passport database with police facial-recognition systems have been met with criticism from campaigners, academics, and the biometrics commissioner for England and Wales

• October 05, 2023 05 Oct'23

  Ransomware dwell times now measured in hours, says Secureworks

  Ransomware payloads are now being deployed and executed within 24 hours in more than 50% of cases, according to Secureworks’ annual report

• October 04, 2023 04 Oct'23

  IR35: HMRC completes first phase of CEST upgrades with Ocelot platform migration

  HMRC has confirmed that its online IR35 status checker tool has completed its migration to a new platform, as the government tax collection agency’s revamp of the service continues apace

• October 04, 2023 04 Oct'23

  ICO issues guidance on workplace surveillance

  Guidance on employee monitoring covers how employers can conduct their digital surveillance lawfully, transparently and fairly, and warns against businesses intruding on their workers’ private lives

• October 03, 2023 03 Oct'23

  Cyber experts urge EU to rethink vulnerability disclosure plans

  The European Union’s proposed cyber security vulnerability disclosure measures are well-intentioned but ultimately counterproductive, as making unmitigated vulnerabilities public knowledge increases the risk of their exploitation by various actors, ...

• October 03, 2023 03 Oct'23

  IT decision-makers confident they can handle tech disruptions

  The majority of IT decision-makers polled in a recent survey have admitted their organisations has been adversely affected by IT failures

• October 03, 2023 03 Oct'23

  RSA and other crypto systems vulnerable to side-channel attack

  A researcher has found that a flaw in RSA is still vulnerable – a quarter of a century after it was first discovered

• October 03, 2023 03 Oct'23

  Public sector needs systemic reform of capacity to innovate

  Improving the public sector’s capacity to innovate requires a culture of innovation underpinned by people, skills and new ways of working with the private sector

• October 03, 2023 03 Oct'23

  Top science journal faced secret attacks from Covid conspiracy theory group

  A conspiratorial group of extreme Brexit lobbyists mounted an extraordinary campaign against one of the world’s most prestigious science journals – part of a series of joint investigations between Byline Times and Computer Weekly

• September 29, 2023 29 Sep'23

  First subpostmaster Horizon conviction overturned in Scotland

  Scotland has seen its first Post Office Horizon conviction overturned, taking the UK total to 92

• September 29, 2023 29 Sep'23

  Government ‘breached privacy’ of Horizon victims with compensation offer, says lawyer

  The government breached the privacy of victims of the Post Office Horizon scandal through making a compensation offer public