News

IT security

• April 22, 2022 22 Apr'22

  What’s up with Conti and REvil, and should we be worrying?

  New intelligence on some of the world’s most prolific ransomware gangs suggests recent disruption to their activities was like water off a duck’s back

• April 22, 2022 22 Apr'22

  How Adnovum is leveraging its Swiss roots

  Software company Adnovum is leveraging its strengths in identity and access management and its Swiss heritage as it expands into new markets and areas such as zero-trust security

• April 22, 2022 22 Apr'22

  UAE bolsters cyber security

  The United Arab Emirates has successfully improved its security posture amid mounting cyber threats

• April 22, 2022 22 Apr'22

  Finance regulator identifies challenger bank financial crime weaknesses

  Financial Conduct Authority review finds challenger banks need to do more to prevent their platforms being used to commit financial crime, such as money laundering

• April 21, 2022 21 Apr'22

  Zoom adds new round of cyber security enhancements

  Videoconferencing platform Zoom adds multiple third-party security certifications and service enhancements

• April 21, 2022 21 Apr'22

  Five Eyes in new Russia cyber warning

  Latest cross-body alert warns of Russian threat to utilities and other core elements of national infrastructure

• April 21, 2022 21 Apr'22

  Impact of Lapsus$ attack on Okta less than feared

  Okta’s investigation into Lapsus$ breach of its systems via a Sitel workstation has concluded that the impact was significantly less than the maximum potential

• April 20, 2022 20 Apr'22

  One-third of scams that hit TSB are impersonation fraud

  TSB reports an increase in fraudsters impersonating trusted organisations to trick consumers into making payments to them

• April 20, 2022 20 Apr'22

  Home secretary Priti Patel to decide whether to extradite Assange

  Home secretary will decide in four weeks whether to approve Julian Assange’s extradition to the US, where he faces espionage and hacking charges

• April 20, 2022 20 Apr'22

  AWS fixes vulnerabilities in Log4Shell hot patch

  AWS issues fixes for a series of Log4Shell hot patches after they turned out to leave its services vulnerable to further exploitation

• April 20, 2022 20 Apr'22

  NSO Group faces court action after Pegasus spyware used against targets in UK

  Three human rights activists whose phones were targeted by spyware traced to Saudi Arabia and the United Arab Emirates have begun legal action against both countries and Israel’s NSO Group Technologies

• April 19, 2022 19 Apr'22

  Median threat actor ‘dwell time’ dropped during 2021

  Security teams appear to be getting better at detecting attackers within their networks, according to a report

• April 19, 2022 19 Apr'22

  Hammers sign Acronis as backup and security in one

  West Ham United set to replace separate backup from Veeam and a variety of security products with Acronis Cyber Protect to have backup, data protection and file share on a single platform

• April 19, 2022 19 Apr'22

  Windows 7 and XP still more popular than Windows 11

  Lansweeper audit of Windows devices finds more people are running unsupported Windows operating systems than the newest release

• April 14, 2022 14 Apr'22

  Lack of expertise hurting UK government’s cyber preparedness

  UK government bodies and critical infrastructure owners cite a lack of staff resources, and internal and external expertise, as hampering factors when it comes to cyber readiness, according to a report

• April 14, 2022 14 Apr'22

  Kyndryl kindles cyber incident recovery pact with Dell

  IBM spin-out Kyndryl hops into bed with Dell Technologies in a joint cyber resilience proposition

• April 14, 2022 14 Apr'22

  Zhadnost DDoS botnet deployed against Finland

  A coordinated DDoS attack hit two government ministries in Finland at the same time as Ukrainian president Volodymyr Zelensky delivered a virtual address to the Finnish parliament

• April 14, 2022 14 Apr'22

  Incontroller ICS malware has ‘rare, dangerous’ capabilities, says Mandiant

  Mandiant joins a growing chorus of warnings over novel nation state threats to ICS systems

• April 14, 2022 14 Apr'22

  Government agrees bulk surveillance powers fail to protect journalists and sources

  Campaign group Liberty to launch legal appeal that will call for journalists to receive stronger legal protections from state surveillance

• April 13, 2022 13 Apr'22

  WatchGuard firewall users urged to patch Cyclops Blink vulnerability

  The US authorities have seen fit to add the WatchGuard vulnerability used by Sandworm to build the Cyclops Blink botnet to its list of must-patch vulnerabilities

• April 13, 2022 13 Apr'22

  Microsoft patches two zero-days, 10 critical bugs

  Patch Tuesday is here once again. This month, security teams must fix two privilege escalation zero-days in the Windows Common Log File System Driver and the Windows User Profile Service

• April 13, 2022 13 Apr'22

  Criminals researched hacking TTPs post-breach in ‘messy’ cyber attack

  Sophos shares details of a cyber attack that saw attackers hang out in their victim environment for five months while they prepared to sow further mischief

• April 13, 2022 13 Apr'22

  More ANZ organisations warm to DevSecOps

  About four in 10 organisations in Australia and New Zealand are undertaking the transition to development, security and operations, while a further 36% plan to do so in 2022, study finds

• April 12, 2022 12 Apr'22

  Universal IAM policy failings put cloud environments at risk

  Almost all organisations lack appropriate IAM policy controls to effectively secure their data in the cloud, according to a damning study

• April 12, 2022 12 Apr'22

  Multiple arrests made in RaidForums takedown

  A Portuguese national and a 21-year-old man from Croydon are among a number of individuals arrested ahead of the closure of RaidForums by police

• April 12, 2022 12 Apr'22

  Sandworm rolls out Industroyer2 malware against Ukraine

  A second generation of the Sandworm-linked Industroyer malware has been identified by ESET researchers and Ukraine’s national CERT

• April 12, 2022 12 Apr'22

  AI researcher says police tech suppliers are hostile to transparency

  Expert witness in Lords police tech inquiry welcomes committee’s findings but questions whether its recommendations on how to end the ‘Wild West’ of police artificial intelligence and algorithmic technologies in the UK would be implemented

• April 11, 2022 11 Apr'22

  Singapore to start licensing cyber security service providers

  Those providing penetration testing and SOC services will need to apply for a licence under a new licensing regime that is expected to safeguard consumer interests and improve service standards

• April 11, 2022 11 Apr'22

  Border IT system fixed after 10-day outage

  Post-Brexit border IT system failure fixed after going down at the start of April, allowing traders to once again file customs documents electronically rather than by hand

• April 11, 2022 11 Apr'22

  Open source CMS platform Directus patches XSS bug

  A stored cross-site scripting vulnerability in the Directus platform could have enabled malicious actors to gain access to valuable data

• April 11, 2022 11 Apr'22

  Raspberry Pi Foundation ditches default username policy

  Raspberry Pi owners will no longer be able to use the default ‘pi’ username, as the Raspberry Pi Foundation clamps down on insecure practices

• April 11, 2022 11 Apr'22

  Nordic countries discuss joint cyber defence capability

  Nordic countries are in talks to increase their cyber defences in the face of the threat from Russia

• April 08, 2022 08 Apr'22

  EncroChat: France says ‘defence secrecy’ in police surveillance operations is constitutional

  Constitutional court finds that invoking ‘defence secrecy’ to withhold information about the state hacking of EncroChat cryptophones is constitutional. Defence lawyers now head for the supreme court

• April 08, 2022 08 Apr'22

  Ukrainian cyber criminal gets five years in jail

  A US court has sentenced Denys Iarmak, who worked as a penetration tester for the FIN7 cyber crime group, to a five-year prison sentence

• April 08, 2022 08 Apr'22

  Was Spring4Shell a lot of hot air? No, but...

  Find out why Spring4Shell was apparently not as impactful a security problem as many had at first feared, and why it’s on the cyber community as a whole to do better

• April 07, 2022 07 Apr'22

  US shuts down Russia’s Cyclops Blink botnet operation

  Operation by US authorities has taken the Russia-attributed Cyclops Blink botnet ‘off the board’

• April 07, 2022 07 Apr'22

  MPs and editors sound alarm over threat to Freedom of Information

  Government secrecy and trend for departments to block Freedom of Information requests pose a long-term risk to accountability

• April 06, 2022 06 Apr'22

  Apple criticised over unpatched CVEs in Catalina, Big Sur

  Apple patched two zero-days in macOS Monterey last week, but did not address the same issue in Catalina or Big Sur, raising questions

• April 06, 2022 06 Apr'22

  Denonia malware may be first to target AWS Lambda

  The newly discovered Denonia malware appears to be custom designed to target AWS Lambda environments, and may be the first of its kind

• April 06, 2022 06 Apr'22

  Hydra takedown merely shifts cyber criminal problem elsewhere

  The seizure of the Hydra dark web marketplace is a positive development in the fight against cyber crime, but will only be a temporary setback for determined criminals

• April 05, 2022 05 Apr'22

  Secrecy over police EncroChat hacking is unconstitutional, defence lawyers tell top French court

  France’s constitutional court, the Conseil Constitutionnel, has heard arguments that the use of ‘defence secrecy’ to withhold information about police surveillance operations breaches the French constitution

• April 05, 2022 05 Apr'22

  Discount retailer The Works hit by cyber attack

  A small number of The Works’ bricks-and-mortar stores were forced to close amid a cyber attack of an undisclosed nature

• April 05, 2022 05 Apr'22

  Triple-threat Borat malware no joke for victims

  Unlike its namesake, the newly discovered Borat malware won’t raise a smile for IT security pros

• April 05, 2022 05 Apr'22

  IBM z16 tackles financial fraud and quantum hacks

  New addition to Z series mainframe family uses IBM Telum processor to accelerate AI for real-time credit card fraud detection

• April 04, 2022 04 Apr'22

  How remote browser isolation can mitigate cyber threats

  Remote browser isolation can help to mitigate browser-based attacks by separating a user’s browsing activity from the device

• April 01, 2022 01 Apr'22

  Two teenagers charged with Lapsus$ cyber attacks

  City of London Police have charged two teenagers in connection with the Lapsus$ cyber crime spree

• April 01, 2022 01 Apr'22

  Four moves to ‘checkmate’ critical assets thanks to lax cloud security

  Malicious actors can compromise 94% of critical assets within four steps of the initial breach point, according to a report

• April 01, 2022 01 Apr'22

  Apple drops emergency patches for two zero-days

  Apple has fixed two zero-day vulnerabilities that appear to have been actively exploited in the wild

• April 01, 2022 01 Apr'22

  TechUK calls on government to seize post-Brexit data opportunities

  Ahead of the government’s reply to its late 2021 consultation about proposed post-Brexit reforms to the data protection regime, TechUK has published a paper declaring six data governance principles

• March 31, 2022 31 Mar'22

  Global upheaval shows cyber security isn’t good enough, says GCHQ director

  Generational global upheaval has laid bare significant gaps in national cyber strategies, GCHQ chief Jeremy Fleming has said in a speech