News

Privacy and data protection

• October 25, 2022 25 Oct'22

  Dutch lawyers raise human rights concerns over hacked cryptophone data

  Dutch defence lawyers say in an open letter that there is a risk of unfair trials unless they are allowed to test the reliability and legitimacy of hacked cryptophone evidence

• October 25, 2022 25 Oct'22

  Germany: European Court of Justice asked to rule on legality of hacked EncroChat phone evidence

  Berlin’s Regional Court has asked the European Court of Justice to answer questions about whether the use of hacked EncroChat phone evidence complies with European law

• October 25, 2022 25 Oct'22

  Global digital trust market to double by 2027

  The global market for digital trust technology is expected to double to $537bn by 2027, up from $270bn today as demand for cyber security and other capabilities continues to grow

• October 25, 2022 25 Oct'22

  Digital-first businesses more willing to accept some fraud

  Companies founded in the past 20 years appear more willing to accept higher levels of fraudulent activity during the customer onboarding process, according to a report

• October 24, 2022 24 Oct'22

  Complacency biggest cyber risk to UK plc, says ICO

  Information commissioner John Edwards warns against complacency as his office issues a multimillion-pound fine to a building company that failed to prevent a ransomware attack

• October 21, 2022 21 Oct'22

  Microsoft slams external researchers over its own data leak

  Microsoft inadvertently leaked customer data after misconfiguring an Azure Blob, but has hit out at the organisation that discovered its error, claiming it is exaggerating the scope of the issue

• October 20, 2022 20 Oct'22

  The Security Interviews: Why now for ZTNA 2.0?

  With organisations facing escalating online threats, security teams need to improve their defences using zero-trust network access to preserve the integrity of their systems. Palo Alto Networks’ Simon Crocker shares his views on zero-trust network ...

• October 20, 2022 20 Oct'22

  NatWest data breach whistleblower demands bank pay data controller fee to ICO

  Whistleblower calls for NatWest to pay the Information Commissioner’s Office annual data controller fee, as the personal details of 1,600 current and former NatWest customers remain under her bed

• October 20, 2022 20 Oct'22

  Singapore extends cyber security labelling scheme to medical devices

  The Cyber Security Agency of Singapore is extending its cyber security labelling scheme to medical devices to encourage medical device manufacturers to adopt a security-by-design approach to product development

• October 14, 2022 14 Oct'22

  Office 365 email encryption flaw could pose risk to user privacy

  A vulnerability in Microsoft Office 365 Message Encryption could leave the contents of emails dangerously exposed, but with no fix coming it’s up to users to decide how at risk they are

• October 14, 2022 14 Oct'22

  Advanced: Healthcare data was stolen in LockBit 3.0 attack

  Advanced has revealed a total of 16 of its health and social care sector customers had their data exfiltrated in a recent ransomware attack

• October 14, 2022 14 Oct'22

  Protecting children by scanning encrypted messages is ‘magical thinking’, says Cambridge professor

  Ross Anderson argues in a rebuttal to GCHQ experts that using artificial intelligence to scan encrypted messaging services is the wrong approach to protecting children and preventing terrorism

• October 14, 2022 14 Oct'22

  Australia becoming hotbed for cyber attacks

  Research by Imperva shows an 81% increase in cyber security incidents in Australia between July 2021 and June 2022, including automated attacks that doubled in frequency

• October 12, 2022 12 Oct'22

  French Supreme Court rejects EncroChat verdict after lawyers question secrecy over hacking operation

  France’s Supreme Court has sent a case back to the court of appeal after police failed to disclose technical details of EncroChat hacking operation

• October 12, 2022 12 Oct'22

  ICO selectively discloses reprimands for data protection breaches

  Data protection experts question ICO’s selective approach to publishing formal reprimands for contravening the law, after FoI request reveals the Cabinet Office was among the organisations reprimanded

• October 10, 2022 10 Oct'22

  How Cloudflare is staying ahead of the curve

  Cloudflare co-founder and CEO Matthew Prince talks up what has changed since the company’s first business plan was written in 2009 and how it keeps pace with the fast-moving network security landscape

• October 07, 2022 07 Oct'22

  Australia to amend telecoms regulations following Optus breach

  Amendments to Australia’s telecoms regulations are in the works to temporarily allow sharing of individuals’ identifier information between telcos and financial institutions

• October 06, 2022 06 Oct'22

  Proposals for scanning encrypted messages should be cut from Online Safety Bill, say researchers

  Automatic scanning of messaging services for illegal content could lead to one billion false alarms each day in Europe

• October 05, 2022 05 Oct'22

  Inside Dell Technologies’ zero-trust approach

  Dell Technologies’ zero-trust reference model starts with defining business controls and having a central control plane that manages all the security aspects of an organisation’s infrastructure

• October 04, 2022 04 Oct'22

  Tories to replace GDPR

  IT industry reacts to the government’s plan to replace the pan-European data protection regulation

• October 04, 2022 04 Oct'22

  France extradites Spanish EncroChat cryptophone distributors for complicity with organised crime

  Three phone sellers have been extradited from Spain to France to face charges that they were complicit in the activities of criminal EncroChat phone users  

• October 03, 2022 03 Oct'22

  Security regulation cuts online payment fraud at 73% of retailers

  New online payments security standard, Strong Customer Authentication (SCA), sees immediate fall in fraudulent payments to retailers

• October 03, 2022 03 Oct'22

  CIO interview: James Fleming, Francis Crick Institute

  Francis Crick Institute CIO discusses how Europe’s largest biomedical research institute has co-developed a framework for data sharing

• September 30, 2022 30 Sep'22

  Surveillance tech firms complicit in MENA human rights abuses

  Research finds companies are profiting from surveillance technologies that facilitate human rights abuses against migrants, asylum seekers and refugees in the Middle East and North Africa, with little to no oversight

• September 29, 2022 29 Sep'22

  Optus breach casts spotlight on cyber resilience

  The massive data breach that affected more than 10 million Optus customers has cast the spotlight on API security and other factors that contribute to the cyber resilience of organisations in Australia

• September 28, 2022 28 Sep'22

  UK suffers third highest number of ransomware attacks globally

  Based on an analysis of around 5,000 ransomware incidents, NordLocker has found that UK businesses, and small businesses in particular, are a priority target for ransomware gangs

• September 28, 2022 28 Sep'22

  Data protection in Finland, four years after GDPR came into force

  Data privacy has always been a big concern in Finland, so the country naturally has a lot to say about the General Data Protection Regulation four years on

• September 28, 2022 28 Sep'22

  Most hackers exfiltrate data within five hours of gaining access

  Insights from more than 300 sanctioned adversaries, otherwise known as ‘ethical’ hackers, reveal that around two-thirds are able to collect and exfiltrate data within just five hours of gaining access

• September 27, 2022 27 Sep'22

  Fraudsters adapt phishing scams to exploit cost-of-living crisis

  Around 80,000 Brits a month are falling victim to phishing attacks as fraudsters switch up tactics to take advantage of cost-of-living crisis and behavioural changes prompted by pandemic

• September 26, 2022 26 Sep'22

  How Russian intelligence hacked the encrypted emails of former MI6 boss Richard Dearlove

  Hack by Russian-linked ColdRiver group exposed former MI6 chief Richard Dearlove’s contacts and email communications with government, military, intelligence and political officials

• September 26, 2022 26 Sep'22

  More than 30 startups to join Plexal’s Cyber Runway accelerator

  Now in its second year, the Cyber Runway accelerator has been designed to support firms at various stages of growth, as well as help the cyber security sector to improve on its diversity, inclusion and regional representation

• September 23, 2022 23 Sep'22

  Threat actors abused lack of MFA, OAuth in spam campaign

  Microsoft threat researchers have reported on a series of cyber attacks in which enterprises with lax IAM policies had their systems hijacked to conduct spam email campaigns

• September 22, 2022 22 Sep'22

  Nordic private equity firms pursue cyber security acquisitions

  Increasing interest in the security sector from Nordic private equity firms is a reflection of growing threats and increasing enterprise security budgets

• September 22, 2022 22 Sep'22

  Privacy Pledge signatories dream of alternative internet

  A group of privacy-focused organisations have come together to establish a set of principles for taking the internet back from big tech and surveillance capitalism

• September 22, 2022 22 Sep'22

  Dr Martens goes feetfirst into cloud-to-cloud backup

  Iconic bootmaker laces up for a strategy to move all applications to the cloud, beginning with cloud-to-cloud backup for Microsoft 365 apps plus on-site VMware operations

• September 21, 2022 21 Sep'22

  NCSC publishes cyber guidance for retailers

  The NCSC has published tailored advice to support online retailers, hospitality providers and utility services in protecting themselves and their customers from cyber crime

• September 21, 2022 21 Sep'22

  ANZ organisations using antiquated backup and recovery systems

  Nearly half of ANZ organisations are still using backup and recovery systems from over a decade ago, hampering their ability to protect their data assets and recover from ransomware attacks

• September 20, 2022 20 Sep'22

  IHG attackers phished employee to deploy destructive wiper

  A couple from Vietnam who claim to be behind a destructive wiper cyber attack on hotel operator IHG told the BBC how they orchestrated their operation

• September 20, 2022 20 Sep'22

  Reports Uber and Rockstar incidents work of same attacker

  Rockstar Games was hit over the weekend by an attacker who claimed to have accessed its Slack channel to steal data on an upcoming release, and may be the same person who compromised Uber

• September 16, 2022 16 Sep'22

  Uber suffers major cyber attack

  Details are trickling out of an apparent ‘near total’ compromise of ride-sharing service Uber by an alleged teenage hacktivist

• September 15, 2022 15 Sep'22

  EU Cyber Resilience Act sets global standard for connected products

  European Commission lays out proposed security regulations on device and software security to better protect consumers and drive global standards

• September 15, 2022 15 Sep'22

  Organisations failing to account for digital trust

  The vast majority of businesses are well aware of the importance of digital trust, yet very few have a dedicated staff role responsible for it, report finds

• September 14, 2022 14 Sep'22

  FormBook knocks Emotet off top of malware chart

  FormBook emerged as the most widely seen malware in August, according to Check Point’s latest data

• September 14, 2022 14 Sep'22

  NCSC warns public of potential Queen-related phishing attacks

  The National Cyber Security Centre is urging users to be on guard against phishing attacks during the period of national mourning for the Queen

• September 13, 2022 13 Sep'22

  Cisco confirms leaked data was stolen in Yanluowang ransomware hit

  Cisco has confirmed that data leaked last week by the Yanluowang ransomware gang was that stolen during a May 2022 cyber attack

• September 13, 2022 13 Sep'22

  Blancco works with charity to provide IT for African schools

  Blancco is providing data sanitisation and erasure software to The Turing Trust so that old IT equipment can be securely reused by school children in Sub-Saharan Africa, instead of adding to world’s growing e-waste problem

• September 13, 2022 13 Sep'22

  Multi-persona impersonation adds new dimension to phishing

  Iranian APT used multiple personas on a single email thread to convince targets of the legitimacy of its phishing lures

• September 12, 2022 12 Sep'22

  Mandiant floats off into Google Cloud

  As planned, the acquisition of Mandiant will see the threat intel and incident response giant become a part of Google’s Cloud business

• September 12, 2022 12 Sep'22

  CISOs should spend on critical apps, cloud, zero-trust, in 2023

  Faced with a global recession next year, security buyers should try to direct investment towards technology that protects customer-facing and revenue-generating workloads, say analysts

• September 08, 2022 08 Sep'22

  Chinese APT using PlugX malware on espionage targets

  China’s Bronze President APT is once again targeting government officials of interest to its paymasters, this time using forged diplomatic correspondence, according to the Secureworks Counter Threat Unit