News

IT security

• February 01, 2023 01 Feb'23

  UK Cyber Council and ISACA launch audit, assurance programme

  The UK Cyber Security Council has teamed up with ISACA to partner on a new audit and assurance programme for security pros

• January 31, 2023 31 Jan'23

  Cyber training firm launches £20k data protection scholarship

  Training specialist Freevacy has launched a £20,000 scholarship fund to train data privacy and protection professionals

• January 31, 2023 31 Jan'23

  Russian DDoS hacktivists seen targeting western hospitals

  A swathe of attacks by the Putin-supporting DDoS operation known as Killnet has targeted hospitals and other infrastructure in several Nato countries, with the UK thought to be at risk

• January 31, 2023 31 Jan'23

  GitHub warns Desktop, Atom users after code-signing certificates pinched

  Threat actors stole encrypted code-signing certificates for GitHub’s Desktop and Atom applications in December 2022, prompting warnings for users

• January 31, 2023 31 Jan'23

  MI5 unlawfully collected and held millions of people’s data

  Secretive court finds MI5 knowingly acted unlawfully in use of bulk surveillance warrants, and the Home Office continued granting warrants despite information the agency was operating outside the law

• January 31, 2023 31 Jan'23

  Royal Mail recovers more International Tracked services

  Royal Mail is making further progress in recovering IT systems hit by a ransomware attack, and has re-enabled another tranche of international export services

• January 31, 2023 31 Jan'23

  ATO renews major Macquarie deal

  The contract renewal will enable the Australian Tax Office to tap Macquarie’s security operations centre, among other services, to secure its IT environment and protect sensitive data

• January 30, 2023 30 Jan'23

  Data of 10 million JD Sports customers accessed in cyber attack

  Data on 10 million people who shopped online at JD Sports over a two-year period was accessed and potentially stolen in a cyber attack

• January 27, 2023 27 Jan'23

  Hive ransomware gang taken down after FBI hacks back

  The FBI hacked into Hive’s servers, stole its decryption keys and then took down its servers in a major action that has successfully disrupted a prolific and dangerous ransomware operation

• January 26, 2023 26 Jan'23

  Royal Mail resumes some international parcel services from UK

  Royal Mail has successfully stood up its International Tracked and Signed, and International Signed, services as it continues to recover from a ransomware attack

• January 26, 2023 26 Jan'23

  Zero-trust implementations remain work in progress

  Just one in 10 large enterprises are expected to have mature and measurable zero-trust programmes in place by 2026, study finds

• January 25, 2023 25 Jan'23

  NCSC exposes Iranian, Russian spear-phishing campaign targeting UK

  Spear-phishing campaigns likely linked to Iranian and Russian espionage activity are targeting persons of interest in the UK, warns the NCSC

• January 25, 2023 25 Jan'23

  Arnold Clark cyber attack claimed by Play ransomware gang

  A cyber attack that struck car dealer Arnold Clark prior to Christmas has been claimed as the work of the Play ransomware cartel

• January 25, 2023 25 Jan'23

  Boards struggle to resolve cyber risk in digital supply chains

  Accelerated digitisation of supply chains is introducing more cyber risk for which many organisations seem unprepared, according to the BSI’s annual report on supply chain risk

• January 25, 2023 25 Jan'23

  Japan researchers develop new data encryption method

  Researchers from Tokyo University of Science have combined the best of homomorphic encryption and secret sharing in a new method to handle encrypted data

• January 24, 2023 24 Jan'23

  Chinese IoT suppliers expose UK businesses to espionage and data theft

  Chinese companies supplying network components, known as IoT modules, post a greater long-term threat to UK security than the now banned 5G supplier Huawei, according to a study by a Chinese expert and former diplomat

• January 24, 2023 24 Jan'23

  UK insurers need to up their game on cyber gaps, says PRA

  Gaps and limitations in how insurers respond to cyber risk need to be addressed, according to the Bank of England regulator, the Prudential Regulation Authority

• January 24, 2023 24 Jan'23

  SSRF attacks hit 100,000 businesses globally since November

  There has been a dramatic increase in attacks exploiting the ProxyNotShell/OWASSRF exploit chains to target Microsoft Exchange servers

• January 24, 2023 24 Jan'23

  Fake online contest makes Yahoo! most phished brand of Q4 2022

  Yahoo! was the most frequently phished brand during the last three months of 2022, according to a report

• January 23, 2023 23 Jan'23

  Trellix automates patching for 62,000 vulnerable open source projects

  Since revealing startling statistics about the prevalence of a 15-year-old Python vulnerability, Trellix says it has helped fix almost 62,000 vulnerable projects in the past four months

• January 23, 2023 23 Jan'23

  Royal Society calls on public sector to pilot privacy tech

  The Royal Society says public sector bodies should lead the way in piloting privacy-enhancing technologies to unlock the value of data without compromising privacy and data rights, but lack of standards and incentives mean adoption is slow

• January 23, 2023 23 Jan'23

  NCSC warning over cyber risk to charity sector

  Cash-strapped charities without the resource to tackle their resilience deficit are increasingly at risk from malicious actors, says the NCSC

• January 22, 2023 22 Jan'23

  Royal Mail making limited progress on ransomware recovery

  Royal Mail asks customers to hold back from sending post overseas as some services get back on track, while a report warns that disruptive attacks on critical infrastructure are set to become more common

• January 20, 2023 20 Jan'23

  Veeam survey finds ransomware blocks digital transformation

  Annual report shows secular trend to the cloud and increased use of containers, but prevalence of ransomware attacks means digital transformation is hindered

• January 20, 2023 20 Jan'23

  WhatsApp’s £4.8m fine raises questions for organisations using behavioural advertising

  The Irish Data Protection Commissioner has fined WhatsApp, owned by Meta, in a case that will raise questions for organisations that rely on contracts rather than consent to comply with GDPR when offering behavioural advertising

• January 19, 2023 19 Jan'23

  International post resumes thanks to Royal Mail ‘workarounds’

  Royal Mail has resumed limited international services after putting in place operational workarounds to bypass the impact of a ransomware attack

• January 19, 2023 19 Jan'23

  KFC, Pizza Hut parent shuts UK restaurants after cyber attack

  A ransomware attack on Yum! Brands, the parent organisation of restaurants including KFC and Pizza Hut, was forced to shut approximately 300 outlets in the UK following a ransomware attack by an unspecified group

• January 19, 2023 19 Jan'23

  Fraudsters and cyber criminals stole more than £4bn in the UK through 2022

  The amount of money stolen by fraudsters and cybercriminals in the UK saw a huge increase in 2022

• January 19, 2023 19 Jan'23

  Mailchimp suffers third breach in 12 months

  Email marketing service Mailchimp has suffered its third data breach in a year, but has been praised for being open about its latest attack

• January 19, 2023 19 Jan'23

  Newham Council rejects use of live facial-recognition tech by police

  Live facial-recognition technology should not be used by police in Newham until biometric and anti-discrimination safeguards are in place, according to a motion passed unanimously by the council, but the Met Police and the Home Office have indicated...

• January 19, 2023 19 Jan'23

  Outdated IT infrastructure poses growing risk to UK Security Vetting

  Delays to UKSV’s important work in safeguarding the country’s national security are in part down to a legacy IT estate in dire need of modernisation, says the NAO

• January 18, 2023 18 Jan'23

  Ukraine CERT leaders touch down in London for talks

  The UK’s NCSC has been hosting Ukrainian cyber security leaders for a round of bilateral talks on improving resilience

• January 18, 2023 18 Jan'23

  David Anderson KC to review UK surveillance laws

  Home Office commissions independent review of the Investigatory Powers Act, known as the snoopers’ charter. It will include a review of bulk datasets and government access to internet connection records held by phone and internet companies

• January 18, 2023 18 Jan'23

  Oracle and CBI: companies cautious, selective in 2023 IT, business investment

  Oracle and the CBI are seeing much the same picture of cautious technology investment of UK businesses in 2023, in the context of long Covid and the energy price inflation crisis

• January 18, 2023 18 Jan'23

  Ukraine cyber teams responded to more than 2,000 attacks in 2022

  The Ukrainian authorities responded to more than 2,000 major cyber incidents during 2022, and are blocking thousands more potential attacks every day

• January 17, 2023 17 Jan'23

  Cloudflare urged to clamp down on pirates, counterfeiters

  A whitepaper produced by brand protection specialist Corsearch calls on Cloudflare to do more to stop online content piracy and sales of counterfeit goods

• January 17, 2023 17 Jan'23

  Crest throws support behind CyberUp CMA reform campaign

  Cyber accreditation association Crest International has lent its support to the CyberUp campaign for reform to the Computer Misuse Act of 1990

• January 17, 2023 17 Jan'23

  Royal Mail promises ‘workarounds’ to restore services after ransomware attack

  Royal Mail CEO Simon Thompson apologises to customers whose businesses are being disrupted by a ransomware attack and promises a ‘workaround’ will be in place in the near future

• January 16, 2023 16 Jan'23

  The Security Interviews: Protecting your digital self

  Our digital self – the virtual presence of who we are online – has a pervasive influence in the real world. People make judgements based on these digital depictions, so what can be done to ensure positive representation?

• January 15, 2023 15 Jan'23

  Thai enterprises spend more on software amid growing digitalisation

  The majority of software spending in Thailand during the first half of 2022 went into applications followed by infrastructure software and development tools, according to IDC

• January 14, 2023 14 Jan'23

  Experts concerned over silence around government obligation to review UK surveillance laws

  The government is required to review the UK’s surveillance law, the Investigatory Powers Act, but experts say they are in the dark about its plans. The National Crime Agency’s operation Venetic has highlighted the need for urgent reforms

• January 13, 2023 13 Jan'23

  Cabinet Office looks to expand public data sharing for digital ID

  Cabinet Office seeks feedback on proposed legislation to enhance data sharing across the public sector, in support of the UK government’s ambition to have a single sign-on identity-check system for all public services

• January 13, 2023 13 Jan'23

  LockBit cartel suspected of Royal Mail cyber attack

  The still-developing cyber incident at Royal Mail may be the work of the infamous LockBit ransomware operation

• January 12, 2023 12 Jan'23

  Companies warned to step up cyber security to become ‘insurable’

  Investing in better IT security to protect against cyber crime will make businesses more resilient against other risks 

• January 12, 2023 12 Jan'23

  UK government completes trials of age estimation technology

  Government-led trials of age estimation and verification technologies for the sale of alcohol in nightlife venues and supermarkets have been completed, with both government and retail lobbyists pushing for legislation that would allow retailers to ...

• January 12, 2023 12 Jan'23

  Chrome vulnerability could have led to widespread data theft

  A dangerous vulnerability in Google Chrome and Chromium-based browsers could have put billions of users’ files at risk of being stolen

• January 12, 2023 12 Jan'23

  Cloudflare completes SASE offer with Magic WAN Connector

  Software-defined wide-area network functionality released by online application acceleration and infrastructure provider Cloudflare to complete single-supplier secure access service edge offering

• January 12, 2023 12 Jan'23

  Guardian confirms Christmas 2022 cyber attack was ransomware

  Guardian Media Group bosses confirm the 20 December cyber attack that left staff locked out of its London office and disrupted several key systems was an untargeted ransomware attack

• January 11, 2023 11 Jan'23

  Royal Mail services hit by major cyber attack

  UK postal service Royal Mail is asking customers not to send any overseas letters or parcels while it deals with the impact of an ongoing cyber attack

• January 11, 2023 11 Jan'23

  Should we be worried about malicious use of AI language models?

  WithSecure research into GPT-3 language models, used by the likes of ChatGPT, surfaces concerning findings about how easy it is to use large language models for malicious purposes. Should security teams be concerned?