News

IT governance

• December 01, 2022 01 Dec'22

  MI6 chief’s hacked emails attacked MI5 and betrayed British spy operations in China

  Former UK spy boss Richard Dearlove leaked names of MI6 secret agent recruiters in China to back an aggressive right-wing US campaign against tech company Huawei. His emails were hacked and then leaked – probably by Russian intelligence

• December 01, 2022 01 Dec'22

  LastPass probes new cyber incident related to August attack

  The August 2022 cyber attack on LastPass seems to have begat another incident, according to company CEO Karim Toubba

• November 30, 2022 30 Nov'22

  Microsoft 365 banned in German schools over privacy concerns

  German schools cannot legally use Microsoft Office 365 over lack of clarity about how data is collected, shared and used, as well as the potential for unlawful transfer of European citizens’ personal data to the US

• November 30, 2022 30 Nov'22

  South Staffs Water customer data leaked after ransomware attack

  Personal data of water utility’s direct debit customers exposed on the dark web following a Clop ransomware attack

• November 30, 2022 30 Nov'22

  NIS regulations to be extended to cover MSPs

  The UK government is moving ahead with plans to update the Network and Information Systems regulations to bring outsourcers and MSPs into scope

• November 30, 2022 30 Nov'22

  Parity AI talks about auditing recruitment algorithms for bias

  Algorithmic auditing firm Parity speaks to Computer Weekly about the process of auditing artificial intelligence for bias, following its partnership with AI-powered recruitment platform Beamery

• November 29, 2022 29 Nov'22

  ‘Legal but harmful’ clause dropped from Online Safety Bill

  Online Safety Bill’s ‘legal but harmful’ provision will be dropped by the UK government in favour of public risk assessments, tools to help users control the content they consume, and new criminal offences around self-harm

• November 25, 2022 25 Nov'22

  Data management, backup becoming the CISO's responsibility

  More and more CISOs are taking on responsibility for wider data management strategies, and this trend looks set to grow next year

• November 23, 2022 23 Nov'22

  UK police arrest 120 in largest-ever cyber fraud crackdown

  The administrator and more than 100 users of the iSpoof.cc cyber fraud website have been arrested in a major counter-fraud operation led by the Metropolitan Police

• November 23, 2022 23 Nov'22

  AI accountability held back by ‘audit-washing’ practices

  Algorithmic auditing will be useless in holding artificial intelligence accountable until there are common standards, approaches and goals that scrutinise systems at each stage of development and deployment, says think-tank

• November 23, 2022 23 Nov'22

  South Korea data adequacy pact brings £15m Brexit bonus

  UK government finalises a data adequacy agreement with South Korea, saying it will unlock a post-Brexit business bonus of just under £15m

• November 23, 2022 23 Nov'22

  Red team tool developer slams ‘irresponsible’ disclosure

  UK security firm MDSec defends its Nighthawk command and control penetration testing framework after suggestions were made that it could be appropriated by threat actors

• November 22, 2022 22 Nov'22

  Ducktail spins new tales to hijack Facebook Business accounts

  The increasingly active Ducktail cyber crime operation is refining its operations, seeking new methods to compromise its victims’ Facebook Business accounts

• November 22, 2022 22 Nov'22

  Killnet DDoS hacktivists target Royal Family and others

  Russia-aligned hacktivists targeted multiple UK websites, including those of the Royal Family, in a new campaign of DDoS attacks

• November 21, 2022 21 Nov'22

  Bug Bounty Calculator helps organisations fine-tune their payouts

  Newly launched comparison tool will supposedly help operators of vulnerability disclosure or bug bounty programmes to ensure their payments match market rates and expectations, and attract the right sort of attention

• November 21, 2022 21 Nov'22

  NHS federated data platform must avoid repeating Care.data mistakes, says national data guardian

  UK’s national data guardian agrees with the ambitions of the platform, but warns that the programme must avoid ‘common pitfalls around trust and transparency’

• November 21, 2022 21 Nov'22

  AI adopted without due consideration for workers, MPs told

  MPs have been warned that the rapid roll-out of artificial intelligence in workplaces has changed UK enterprises’ management practices so much that current employment law is no longer fit for purpose

• November 21, 2022 21 Nov'22

  NHS trust that deleted up to 90,000 emails cleared of deliberately concealing evidence

  A tribunal found in a high-profile case brought by whistleblower Chris Day that an NHS trust had not deliberately concealed evidence when a director deleted up to 90,000 emails before he was due to testify

• November 18, 2022 18 Nov'22

  Is Elon Musk’s Twitter safe, and should you stop using it?

  With a litany of security and compliance issues exposed and in many cases caused by Elon Musk’s takeover of social media platform Twitter, some may be asking if it’s still safe or appropriate to use

• November 18, 2022 18 Nov'22

  New gold standard to protect good faith hackers

  HackerOne’s new Gold Standard Safe Harbour statement will supposedly act as a guarantee for good faith hacking

• November 18, 2022 18 Nov'22

  Post Office scandal inquiry’s expert IT witness ‘troubled’ by his findings

  Controversial Post Office Horizon system lacked the integrity required to trust accounting data and contained ‘joke’ coding akin to an ‘overly engineered mousetrap’, inquiry told

• November 18, 2022 18 Nov'22

  CyberPeace Institute helps NGOs improve their security resilience

  Adrien Ogée of the CyberPeace Institute talks about his work supporting NGOs and humanitarian organisations, and how the security community at large can help protect the world’s most vulnerable people

• November 17, 2022 17 Nov'22

  Brexit deregulation will make UK next Silicon Valley, vows Hunt

  Chancellor vows to revolutionise how the IT industry is regulated to spur competition, investment and innovation in a technological ‘Big Bang’

• November 17, 2022 17 Nov'22

  Another Log4Shell warning after Iranian attack on US government

  The breach of a US federal body by an Iranian threat actor exploiting the Adobe Log4j Log4Shell vulnerability has prompted a fresh flurry of patching

• November 17, 2022 17 Nov'22

  NHS Digital confirms final settlement of £3.95m with HMRC following conclusion of IR35 investigation

  The health service’s digital arm has paid HMRC £3.95m in unpaid tax to cover the cost of its IR35 compliance errors

• November 16, 2022 16 Nov'22

  Global network fragmentation a source of increasing risk

  Risk consultancy’s report says the weaponisation of cyber space and geopolitical clashes herald a breakdown of global networks into distinct regional or national architectures

• November 15, 2022 15 Nov'22

  APP fraud volumes expected to double by 2026, says report

  Losses to authorised push payment fraud in the UK are expected to climb to over $1.5bn in the next four years. Meanwhile, the NAO accuses the Home Office of lagging on progress to tackle the issue

• November 15, 2022 15 Nov'22

  Met Police removes nearly two-thirds of people from gangs matrix

  Legal action by human rights group Liberty forces Met Police to overhaul its gangs violence matrix database

• November 14, 2022 14 Nov'22

  Sadiq Khan launches Data for London Advisory Board

  Board will look at how to join up and share data between public and private London organisations in an effort to build a stronger data economy and improve public services

• November 11, 2022 11 Nov'22

  Volume of self-reported breaches to ICO jumps 30%

  The number of self-reported breaches to the UK’s Information Commissioner’s Office soared by nearly 30% in the 12 months to 30 June 2022

• November 11, 2022 11 Nov'22

  MoD recruits Immersive Labs to bolster cyber resilience

  UK’s Ministry of Defence will run cyber drills and address its security talent gap with Immersive Labs’ CyberPro, Cyber Crisis Simulator and Application Security products

• November 10, 2022 10 Nov'22

  Scrutinising AI requires holistic, end-to-end system audits

  Understanding the full impacts of artificial intelligence requires organisations to conduct end-to-end social and technical audits of their systems, but the process comes with a number of challenges

• November 10, 2022 10 Nov'22

  Cyber criminals have World Cup Qatar 2022 in their sights

  Volumes of malicious cyber activity around the upcoming FIFA World Cup are already starting to tick upwards and are likely to continue to do so

• November 09, 2022 09 Nov'22

  UK’s National Cyber Advisory Board convenes for first time

  Government convenes National Cyber Advisory Board to further its goals of making the UK one of the safest places to live and work online

• November 09, 2022 09 Nov'22

  Microsoft serves smorgasbord of six zero-days

  November’s Patch Tuesday fixes significantly fewer vulnerabilities of late, but includes six actively-exploited zero-days, three of them of critical severity

• November 09, 2022 09 Nov'22

  Fujitsu expert witness in subpostmaster trial ‘manoeuvred’ into role, public inquiry told

  A former Fujitsu technology expert who defended the Horizon system’s robustness in court was unhappy after being ‘manoeuvred’ into acting as an expert witness, public inquiry hears

• November 08, 2022 08 Nov'22

  Six subpostmaster convictions referred for appeal in Scotland

  Six former subpostmasters in Scotland will have appeals against criminal convictions heard after being referred by Scotland’s Criminal Cases Review Commission

• November 07, 2022 07 Nov'22

  Public sector IT projects need ethical data practices from start

  Data ethics needs to be integrated into public sector IT projects from the very start, and considered throughout every stage of the process, to be effective

• November 07, 2022 07 Nov'22

  Department for Education escapes £10m fine over data misuse

  Department entrusted data on 28 million children to a company called Trustopia, which turned out to be anything but trustworthy, but has escaped a £10m fine under new rules

• November 04, 2022 04 Nov'22

  Microsoft: Nation-state cyber attacks became increasingly destructive in 2022

  The willingness of nation-state actors to conduct destructive cyber attacks is a source of grave concern, as Microsoft’s latest annual Digital Defence Report lays bare

• November 03, 2022 03 Nov'22

  Confirmation bias led Post Office to prosecute subpostmasters without investigation, inquiry told

  Former Post Office tech leader tells public inquiry that confirmation bias led to hundreds of subpostmasters being prosecuted for financial crimes without proper investigation

• November 03, 2022 03 Nov'22

  Automated threats biggest source of cyber risk for retailers

  Threat actors targeting retailers during the coming holiday season are increasingly turning to automated forms of cyber attack, according to a report

• November 03, 2022 03 Nov'22

  Global coalition reaffirms commitment to fight ransomware

  Representatives of 36 countries, as well as the EU, attended the second International Counter Ransomware Initiative Summit in Washington DC

• November 02, 2022 02 Nov'22

  Shadow digital secretary outlines Labour’s tech priorities

  Labour’s digital and technology plans focus on reining in the power of the tech giants, boosting connectivity across the UK, and improving online safety

• November 02, 2022 02 Nov'22

  Dropbox code compromised in phishing attack

  Cloud storage service says malicious actors successfully accessed some of its code within GitHub, but insists customer data is secure

• November 02, 2022 02 Nov'22

  UK spent £6.4m on secret cyber package for Ukraine

  Westminster has revealed for the first time the existence of a previously top-secret security programme that has been helping Ukraine fend off Russian cyber attacks

• November 01, 2022 01 Nov'22

  A third of UK cyber leaders want to quit, report says

  Nearly a third of UK security leaders are considering leaving their current role, and more than half are struggling to keep on top of their workload

• November 01, 2022 01 Nov'22

  NCSC looks back on year of ‘profound change’ for cyber

  The NCSC ramped up its support for UK plc in the past 12 months, but it was events beyond the UK’s borders that proved the most impactful

• October 31, 2022 31 Oct'22

  Prepare today for potentially high-impact OpenSSL bug

  OpenSSL trailed a critical vulnerability patch last week, which will be only the second such flaw ever found in the open source encryption project. Unfortunately, the first was Heartbleed

• October 28, 2022 28 Oct'22

  Post Office warned of Horizon software-induced ‘tragedy’ in 1999

  Problems experienced during live trials of the Post Office Horizon system predicted the ‘tragedy’ that unfolded