Adam Parlett

On January 17TH, 2025, the EU’s Digital Operational Resilience Act (DORA) came into effect. However, a recent survey of 200 UK CISOs from Censuswide found that 43% of the UK financial services industry will miss this compliance deadline despite facing the possibility of fines of up to 1% of global daily turnover for up to six months. Make it Make Sense A key question to answer first is, if the UK is no longer a member of the EU, why does DORA even apply to UK businesses? Well, although DORA isn’t directly applicable in the UK, it is still relevant…

The Federal Trade Commission (FTC) has filed a complaint that GoDaddy has violated Section 5 of the FTC Act pertaining to “unfair methods of competition” through “unfair or deceptive acts or practices.” The complaint details how GoDaddy’s failure to implement standard security tools and practices for protecting the environment where it hosts customers’ websites and data, coupled with the insufficient monitoring of said environment for security threats, contradicted their promotional claim to be a secure option for hosting. The FTC Won’t Let Me Be The FTC asserts that “GoDaddy’s data security program was unreasonable for a company of its size…

Code Intelligence has started 2025 with a bang and captured the interest of the cybersecurity community by announcing ‘Spark,’ their new AI Test Agent, ahead of a launch party later this month. Influential AI-automated software testing company Code Intelligence has identified Spark as the first AI test agent to autonomously identify bugs and vulnerabilities in unknown code without human interaction. It becomes the first AI Agent able to locate real-world vulnerabilities by automatically generating and running a test for widely used open-source software. Information Security Fuzz The proof that Spark could perform such a feat was discovered during the Fuzz…

Earlier this week, UK Prime Minister Keir Starmer released a statement and made a subsequent speech unveiling and endorsing his government’s AI Opportunities Action Plan (AOAP). He declared Artificial intelligence (AI) to be “the defining opportunity of our generation” foreshadowing that in the years to come there will be “barely an aspect of our society that will remain untouched by this force of change.” By increasing 20-fold the amount of AI computing power under public control by 2030, coupled with the mass deployment of AI and dedicated AI growth zones, he is seeking to “turbocharge growth.” Three Key Pillars The…

The U.S. Department of Health and Human Services (HSS) Office for Civil Rights (OCR) has published a Notice of Proposed Rulemaking (NPRM) proposing substantial cybersecurity requirements for all regulated entities and their business associates to be added to the HIPAA Security Rule. Comments are due on or before March 7, 2025, with a final ruling due to take effect 60 days after publication and a compliance date 180 days after that. Following these dates, the NPRM also proposes a transition period beyond the 180-day compliance period to allow regulated entities to modify their business associate agreements in response to the…

Whilst the four-time Superbowl Champions, The Green Bay Packers, have rightly been drawing praise this season for their on-field defensive performances, the Organization’s online defense has been called into question following the disclosure of a significant data breach affecting thousands of their loyal supporters. Contrasting Fortunes The last week of 2024 saw the storied franchise triumph 34-0 against the New Orleans Saints to record the first defensive shutout of the current NFL season. In his post-match comments, Packers head coach Matt LaFleur gushed, “Obviously, it’s hard to shutout an opponent in this league. From what I was told, it was…

Have you heard the story about the RAT that pretended to be a RAT? If not, you’d better sit down for this one. There’s a RAT in my kitchen Last month, a malicious package, ethereumvulncontracthandler, was identified on the npm registry. It disguised itself as a Remote Access Tool (RAT), posing as a library for detecting vulnerabilities in Ethereum smart contracts. Instead of detecting said vulnerabilities, it dropped an open-source remote access trojan called Quasar Remote Access Trojan (RAT) onto developer systems. To delve a little deeper into this process, following installation, the program works through retrieving and executing a…

SlashNext has released its 2024 Phishing Intelligence Report, a comprehensive study identifying and analyzing the vectors most exploited by cybercriminals in the past year. The findings and how the data is trending form recommendations for organizations on the best areas to strengthen their security defenses against attacks in 2025. Their message to organizations for 2025 is clear: Phishing isn’t an email-only problem anymore; instead, it is a multi-faceted message security problem that necessitates a change in how organizations tackle threat detection and prevention. Key Findings from the 2024 Report Without wishing to sound hyperbolic, the findings revealed huge increases across…

The US government is imploring water and wastewater organizations to secure internet-exposed human-machine interfaces (HMIs) that provide access to industrial machines against cyberattacks. Unauthorized access to these HMIs can allow malicious actors to view sensitive information and disrupt operations. HMIs are systems or devices that enable interaction between humans and machines, allowing users to control and monitor the performance of machinery, systems, or devices. The move to urge these critical industries to act comes from observing threat actors demonstrating the capability to find and exploit internet-exposed HMIs with cybersecurity deficiencies. A recently jointly released statement from the Environmental Protection Agency…

Almost three-quarters (71%) of UK consumers believe that nefariously named ‘Grinch bots’ are ruining Christmas by acquiring all the best presents. This was one of the findings of new research from Imperva, a Thales company. Grinch bots are automated programs set up to monitor trending retail items and quickly purchase all available stock when such in-demand products are listed online. The purchases are then re-sold on the secondary market for profit, Imperva’s projections indicate that the price of the country’s most popular gifts is inflated by up to as much as 105% on resale sites—a process that leaves genuine shoppers…