Royal Mail ransomware attack result of putting profit before security | Computer Weekly
The January 2023 ransomware attack on Royal Mail has further exposed the parlous state of the company's infrastructure, all while it battles for survival in an ultra-competitive marketplace.Ever since the loss of its 350-year monopoly in 2006, the once imperious courier has been beset by strife, with reported losses of £1m a day and a restive workforce staging strikes in a long-running, bitter standoff with management.
Ransomware group LockBit apologizes saying 'partner' was behind SickKids attack | CBC News
A global ransomware operator has issued an apology after it claims one of its 'partners' was behind a cyberattack on Canada's largest pediatric medical centre, The Hospital for Sick Children (SickKids Hospital).(Michael Wilson/CBC) A global ransomware operator has issued a rare apology after it claims one of its "partners" was behind a cyberattack on Canada's largest pediatric medical centre.
Top 10 cyber crime stories of 2022 | Computer Weekly
Getty Images
By High-profile cyber attacks elevated cyber security and cyber crime to dinner table conversation in 2021, and although there was no repeat of the Colonial Pipeline incident in 2022, awareness of cyber issues among the general public has never been higher.And cyber criminals showed no sign of slowing down in 2022, even though ransomware attack volumes appeared to drop off for a time, in a trend likely linked to the war in Ukraine.
70% of CISOs worry their org is at risk of a material attack
Chief information security officers are increasingly concerned about the risk of cyber attacks, with many feeling unprepared, especially regarding ransomware. [ more ]
Breach at US Transportation Department exposes 240,000 employee records
A data breach at the US Department of Transportation (USDOT) has exposed the data of 237,000 former and current federal employees.The breach was found to have affected USDOT's TRANServe system for employee commuting reimbursement, which contains personal data pertaining to government workers.USDOT stressed that no wider transport systems are linked to TRANServe, and no criminal use of the data has been detected at present.
Nearly half of EMEA data breaches were due to internal blunders in 2023
Almost half of EMEA data breaches are internal. Human error is a significant factor. Zero-day vulnerabilities are increasing, with ransomware exploiting them. [ more ]
This is why you want to apply for a position in cyber security - Amazic
Are you looking for an exciting and challenging career that is in high demand?Look no further than cyber security.With the increasing frequency of cyber attacks and data breaches, companies and organizations are in desperate need of skilled cyber security professionals to protect their networks and data.
T-Mobile: 37 million US customers' data breached DW 01/20/2023
TechnologyUnited States of America 01/20/2023January 20, 2023 Less than a year after settling a data leak lawsuit was settled for $350 million, T-Mobile has reported that details of 37 million customers were hacked.The Telecom company T-Mobile revealed on Thursday that the data of 37 million customers was hacked in November 2022.
UK authority calls for integral data protection in AI amid increasing breaches
The UK's ICO received over 3,000 cyber breach reports in 2023, emphasizing the urgent need for robust data protection measures, especially in AI development. [ more ]
Don't let your network become a security blind spot
Cyber security is a crucial priority for businesses to protect their digital assets and avoid significant costs and consequences associated with cyber attacks. [ more ]
UK Cyber Security Council launches certification mapping tool | Computer Weekly
The UK Cyber Security Council has launched the first phase of a certification mapping tool designed to help developing cyber professionals map all available security certifications onto 16 previously identified specialisms - which are collectively based on the Knowledge Areas contained in the Cyber Body of Knowledge (CyBOK).
Podcast: 2023 compliance and storage outlook | Computer Weekly
In this podcast, we look at the global landscape for data storage compliance in 2023 with Vigitrust CEO Mathieu Gorge.We talk about the big picture of geopolitical instability that characterises the legal and regulatory landscape.Also, Gorge talks about the likely rise of increased privacy regulation, the extent to which the UK and the EU will diverge from each other in General Data Protection Regulation (GDPR) and other regulations, and the effects of instability on data held in particular countries.
Zscaler's response to a security breach was commended in the cyber sector as an example of transparent disclosure amidst increased attack frequency. [ more ]
Threat actors look to stolen credentials | Computer Weekly
Cyber criminals are increasingly using valid accounts to breach corporate networks, necessitating a focus on distinguishing between legitimate and malicious user activity. [ more ]
AI will heighten global ransomware threat, says NCSC | Computer Weekly
The UK's National Cyber Security Centre (NCSC) has warned that AI will be used to increase the volume and impact of cyber attacks involving ransomware.
AI is already being used in malicious activity, reducing the barrier of entry for cyber criminals.
The NCSC is urging organizations and individuals to follow their advice to strengthen their defenses against cyber attacks. [ more ]
Security leaders report pressure from boards to downplay cyber risks
Cyber security leaders feel pressure to downplay cyber risks to the board, facing a 'credibility gap' and struggles to secure funds for cyber resilience. [ more ]
U.K. and U.S. Warn of Pro-Russia Hacktivist Attacks on Operational Technology Systems
Pro-Russia hacktivists are targeting providers of operational technology like smart water meters and dam monitoring systems in North America and Europe. [ more ]
Sunak urges allies on Baltic trip to stand firm in support for Ukraine
Rishi Sunak told fellow leaders there can be no peace talks with Russia until it has withdrawn from conquered regions of Ukraine, as he urged them to ramp up their supply of air defence systems to the war-torn nation.The Prime Minister said it was an incredibly important time for the Joint Expeditionary Force (JEF) to reaffirm their continued support for Kyiv, as Russian President Vladimir Putin escalates the conflict with appalling consequences for Ukraine.
Dell Technologies World 2023: AI and storage to take center stage
Dell's second in-person conference since the COVID-19 pandemic sees the industry mainstay ditch the riverboat faÄades of Las Vegas' Venetian for the tropical, South Seas-themed Mandalay Bay.Far from just being superficial, the move to a larger venue is fullling anticipation that Dell Technologies World 2023 will be its biggest yet, both in terms of size and the scale of the company's strategic ambitions.
G20 Finance Chiefs Widely Recognize Crypto Poses Major Financial Stability Risks, Says Indian Central Bank Governor Regulation Bitcoin News
The G20 finance ministers and central bank governors recognize that cryptocurrencies pose major risks to financial stability, monetary systems, and cyber security, India's central bank governor reportedly said.Crypto regulation was among the key topics discussed during the G20 meeting over the weekend.
Cyber Security- Protecting your Digital World | Jonathan Pires, Sutton Grammar School
Cybersecurity (Image: Wikipedia Commons) With the increasing use of technology, cyber threats have become a major concern for individuals and businesses.Cyber attacks can compromise your personal and sensitive information, cause financial losses, and disrupt your digital life.Protecting yourself and your devices from cyber threats is essential.
Gartner: Three top trends in cyber security for 2024 | Computer Weekly
Preparation and pragmatic execution are crucial to address disruptions in cyber security programs.
Investing in effective risk management of third-party services, enhanced security for the identity fabric, and continuous monitoring of hybrid digital environments can strengthen an organization's resilience. [ more ]
Too many organisations are taking a reactive approach to procuring cyber security services and solutions, reaching for the phone only after a problem has arisen, and thus hindering the ability of security pros to demonstrate value and properly align with business outcomes, according to a study published today by WithSecure.
Chat control: Tech companies warn ministers over EU encryption plans | Computer Weekly
EU tech companies are urging ministers across the EU not to support a proposed regulation on child sexual abuse that could undermine the security of internet services that rely on end-to-end encryption.
The companies warn that the proposals by the European Commission (EC) would negatively impact children's privacy and security and could have dramatic unforeseen consequences for cyber security. [ more ]
Six million patients' data feared stolen from PharMerica
PharMerica, one of the largest pharmacy service providers in the US, has revealed its IT systems were breached last month - and it's feared the intruders stole personal and healthcare data belonging to more than 5.8 million past customers The cyber heist happened around March 12, when "an unknown third party" gained access to computer systems and may well have grabbed patients' info including names, dates of birth, Social Security numbers, medication lists and health insurance information, according to a notice on PharMerica's website.
Study reveals cyber risks to US elections | Computer Weekly
State and local IT and cyber security teams in the US are underprepared and under-resourced for cyber threats during the upcoming presidential election.
Government security teams are facing personnel constraints and limited budgets, making it challenging to allocate time and expertise to election security. [ more ]
The European Union has reached an agreement on the Cyber Resilience Act (CRA), which imposes mandatory cyber security requirements for hardware and software products
The CRA includes a 24-hour disclosure period for newly-discovered security flaws, five years of security patch support, and thorough documentation of security features [ more ]
UK government denies China/Russia nuke plant hack claim
The UK government has denied the report that the Sellafield nuclear complex has been compromised by malware for years.
The government claims that there is no evidence to suggest that Sellafield's networks have been attacked by state-actors as described in the Guardian report. [ more ]
NCSC publishes landmark guidelines on AI cyber security | Computer Weekly
The UK's National Cyber Security Centre has published guidelines for secure AI system development, the first of their kind in the world.
The guidelines were developed with input from tech sector partners, the US' Cybersecurity and Infrastructure Security Agency (CISA), and other G7 nations.
The goal is to create a global understanding of cyber risks and mitigation strategies for AI to ensure security is a core requirement throughout development. [ more ]
For the title industry, new tech means new opportunities for fraudsters
The title insurance industry is on the front lines in a never-ending war with the fraudsters.As the industry has gotten better at combatting wire fraud and even the more recent seller impersonation fraud, criminals looking for larger paydays have turned to mortgage payoffs.The numbers are going up, Sejal Lakhani-Bhatt, the CEO of Techwerxe, told National Settlement Services Summit (NS3) attendees Wednesday afternoon.
Cloudflare expands zero trust controls to protect against generative AI data leaks
Cloudflare has unveiled its new Cloudflare One for AI suite of zero trust security controls, designed to help businesses leverage the latest generative AI tools without endangering intellectual property or customer data.The provider said the additions aim to provide organizations with a "simple, fast, and secure way" to use the latest generative AI technologies without compromising security or performance.
Bolstering cyber security with the right channel partnerships
The security landscape is continuously evolving and many organizations are struggling to keep up with the rapid pace of emerging threats.As protecting data, finances, and reputations from increasingly sophisticated threat actors moves up the priority list, organizations are now leaning heavily on channel partners for vital support.
Protect your business by developing valuable cybersecurity skills for just $40
There is a shortage of cybersecurity professionals, but you or one of your employees can quickly build on your skills for crucial protection.TL;DR: You can transform basic IT experience into powerful cybersecurity skills with The Ultimate White Hat Hacker Certification Bundle, on sale right now for just $40.
OSC&R supply chain security framework goes live on Github | Computer Weekly
The backers of the Open Software Supply Chain Attack Reference (OSC&R) framework for supply chain security has gone live on Github, enabling anybody to contribute to the model.The MITRE ATT&CK-like framework was launched in February with the stated goal of helping security teams improve their understanding of software supply chain threats, evaluate them and get to grips with them.
What charities should know about ransomware and reputational threats | Computer Weekly
Sikov - stock.adobe.comLast March, the email and phone systems at the Scottish Association for Mental Health suddenly stopped working.A possible sign of a cyber attack, confirmed when the cyber criminal gang RansomEXX uploaded sensitive data belonging to donors and volunteers to the dark web including: names, home addresses, emails, and passport scans.
Living in digital times means we're often faced with evolving malicious scenarios that try to trick us, catch us out, or locate the vulnerabilities in our online platforms.After all, we're only trying to live our online lives to the fullest.By contrast, the online security market can feel like an intimidating space, conjuring images of jargon-filled and tech-heavy software.
Zero Day Initiative - Pwn2Own Automotive: Bringing Researchers and Auto Manufacturers Together
Today at the Automotive World conference in Tokyo, Japan, I presented a talk in the Cyber Security from the Perspectives of Hackers and Automakers track.During this presentation, I announced the ZDI will host a new Pwn2Own contest focused on automotive systems - Pwn2Own Automotive.This contest will be held at next year's Automotive World in January 2024.
Microsoft fixes two zero-days in final Patch Tuesday of 2022 | TechTarget
Microsoft has rounded off 2022 with a typically light Patch Tuesday for December, with a total of 52 patches addressing six critical vulnerabilities and two zero-days of lesser severity.The two zero-day bugs are tracked as CVE-2022-44698, a security feature bypass vulnerability in Windows SmartScreen, which carries a CVSS score of 5.4 and is rated of moderate severity; and CVE-2022-44710, an elevation of privilege (EoP) vulnerability in the DirectX Graphics Kernel, which carries a CVSS score of 7.8 and is rated of important severity.
US-South Korea talks: Biden, Yoon unveil new nuclear deterrence plan
The United States on Wednesday pledged to give South Korea more insight into its nuclear planning over any conflict with North Korea amid anxiety over Pyongyang's growing arsenal of missiles and bombs.The announcement, which included a renewed pledge by Seoul not to pursue a nuclear bomb of its own, emerged from White House talks between US President Joe Biden and South Korean leader Yoon Suk Yeol that covered issues including North Korea, semiconductor chips and trade, and the Ukraine war.
White House chief of staff office adds new senior communications aide
The White House is elevating a key spokesperson from the National Security Council to serve in a senior communications role for the office of the chief of staff, CNN has learned.Saloni Sharma, previously a deputy spokesperson for the National Security Council and experienced Capitol Hill and presidential campaign aide, is now serving as a special assistant to the president and senior adviser for communications in the office of the chief of staff.
Security Think Tank: New trends and drivers in cyber security training | Computer Weekly
Maksim Kabakou - Fotolia
By Cyber security training is a vital security strategy for many enterprises across the world.Such training has been established at large companies and government organisations for many years now.Small to medium size businesses have increasingly seen the value in contracting in training to help users avoid common security issues.
Number of women taking computing degrees grows | Computer Weekly
The number of women choosing to take computing degrees has risen over the past three years, according to research from BCS, The Chartered Institute for IT.When looking at figures from UCAS, JCQ and SQA, BCS found the number of female students being accepted onto computing degree courses had grown by 23% since 2019 - a higher percentage increase than any other degree subject.
Learn the basics of cybersecurity with this $60 web-based training package
The Premium Ethical Hacking Certification Bundle features eight courses that introduce students to the fundamentals and prepare them to earn important credentials from CompTIA.The threat of a cyber attack is always looming, so experts advise companies to bolster their IT security budgets on the regular.
NI economy transformed' since Belfast Agreement analysis reveals
For free real time breaking news alerts sent straight to your inbox sign up to our breaking news emails Sign up to our free breaking news emails Northern Ireland's economy has been transformed since the Belfast/Good Friday peace agreement, analysis has concluded.Since the accord was signed in 1998, outside investment, trade, tourism and investment in infrastructure have increased prosperity, life expectancy and attracted new residents to Northern Ireland Tourism is the sector to have benefited most, with the number of overseas visitors having more than doubled from 1.3m to 3m, scheduled air routes to the region more than tripled, handling 8.8m passengers (up from 4.4m in 1998), while the number of annual cruise visitors has leapt from just over 1,000 to 280,000 in 2019.
LastPass attack saw employee's home computer hacked | Computer Weekly
The threat actor behind a series of compromises of credential management specialist LastPass attacked a DevOps engineer's home computer to gain access to the organisation's decryption keys, it has emerged.The first attack took place in August 2022, and saw LastPass praised for its swift response to the incident, which saw the attacker access some source code and proprietary technical information.
Danish defense ministry bans TikTok on employee work phones
The logo of TikTok is seen at Gamescom in Cologne, Germany, in August 2022.DPA via Europa Press (DPA via Europa Press) Copenhagen - 06 Mar 2023 - 16:41 UTC NATO-member Denmark's Defense Ministry on Monday banned its employees from having video-sharing app TikTok on their work phones as a cybersecurity measure.
3 Business Automation Solutions You Should Consider for 2023
Companies have yet to tap the full potential of automation.In 2023, you need to start automating a significant part of your business processes and tasks.It will enable you to improve both customer and employee satisfaction.The adoption of business automation solutions, such as SAP automation, also makes processes more effective and helps reduce operating expenses.
Rishi Sunak to urge allies to stand firm behind Ukraine in Baltic trip
The prime minister will use a trip to the Baltic region to urge fellow leaders to stand firm in their support for Ukraine as he pledges a new stream of defensive aid to guard against Russian aggression.First jetting off to a meeting of northern European allies in Latvia, Rishi Sunak will call on his counterparts to sustain or boost their current offers.
GCHQ sets festive puzzle for young James Bond wannabes
James Bond wannabes have been set a festive brainteaser by the UK's spy agency GCHQ.The puzzle, which features on the Christmas card sent by the director of Cheltenham-based GCHQ Sir Jeremy Fleming to his contacts around the world, is aimed at testing not only schoolchildren's knowledge of key subjects but also their ability to work as a team.