Security policy and user awareness
-
News
19 Dec 2024
LockBit ransomware gang teases February 2025 return
An individual associated with the LockBit ransomware gang has broken cover to tease details of a new phase of the cyber criminal operation's activity, which they claim is set to begin in February 2025 Continue Reading
-
News
19 Dec 2024
Latest attempt to override UK’s outdated hacking law stalls
Amendments to the Data Bill that would have given the UK cyber industry a boost by updating restrictive elements of the Computer Misuse Act have failed to progress beyond a Lords committee Continue Reading
-
Opinion
04 Sep 2024
Cyber firms need to centre their own resilience
The Computer Weekly Security Think Tank panel considers incident response in the wake of the July CrowdStrike incident, sharing their views on what CrowdStrike got wrong, what it did right, and next steps Continue Reading
-
News
29 Aug 2024
Check Point secured for annual Security Serious cyber awards
The annual Security Serious Unsung Heroes awards, recognising the champions of the UK cyber security industry, are back once again, with a new headline sponsor joining the party Continue Reading
-
News
29 Aug 2024
Iranian APT caught acting as access broker for ransomware crews
Members of Iran-backed Pioneer Kitten APT appear to be trying to supplement their pay packets by helping Russian-speaking ransomware gangs to access their victims in exchange for a cut of the profits Continue Reading
-
Opinion
29 Aug 2024
Cyber law reform should be top of Labour's policy list
With Labour returning to 10 Downing Street after 14 years, the Computer Weekly Security Think Tank panellists share advice and wish lists for the new government Continue Reading
-
Opinion
28 Aug 2024
A coherent Labour cyber strategy depends on consistency
With Labour returning to 10 Downing Street after 14 years, the Computer Weekly Security Think Tank panellists share advice and wish lists for the new government Continue Reading
-
News
28 Aug 2024
Iranian APT Peach Sandstorm teases new Tickler malware
Peach Sandstorm, an Iranian state threat actor, has developed a dangerous new malware strain that forms a key element of a rapidly evolving attack sequence Continue Reading
-
News
28 Aug 2024
Global cyber spend to rise 15% in 2025, pushed along by AI
Security spending will increase at pace in 2025, with artificial intelligence, cloud and consultancy services all pushing outlay to new highs, according to Gartner Continue Reading
-
Opinion
27 Aug 2024
Extending zero-trust principles to endpoints
By combining zero-trust principles with other security strategies and continuously monitoring and improving their security posture, organisations can effectively mitigate risks and protect their resources, says Gartner's Nikul Patel Continue Reading
-
Opinion
27 Aug 2024
The US courts may have thrown a wrench into cyber regulation
A recent decision by the US Supreme Court to overrule the longstanding Chevron Deference has serious implications for global cyber security regulation Continue Reading
-
Opinion
27 Aug 2024
Public education on security must be a top priority for Labour
With Labour returning to 10 Downing Street after 14 years, the Computer Weekly Security Think Tank panellists share advice and wish lists for the new government Continue Reading
-
News
22 Aug 2024
New Qilin tactics a ‘bonus multiplier’ for ransomware chaos
Sophos X-Ops caught the Qilin ransomware gang stealing credentials stored by victims' employees in Google Chrome, heralding further cyber attacks and breaches down the line. Continue Reading
-
News
21 Aug 2024
Pakistani national arrested over Southport ‘cyber terrorism’
Authorities in Pakistan have arrested a man on suspicion of cyber terrorism over his role in the spread of online misinformation in the wake of the Southport knife attack Continue Reading
-
Opinion
20 Aug 2024
From manifesto to material: What No. 10 needs to make reality
With Labour returning to 10 Downing Street after 14 years, the Computer Weekly Security Think Tank panellists share advice and wish lists for the new government Continue Reading
-
News
20 Aug 2024
Phishing links becoming bigger threat than email attachments
Phishing techniques are evolving away from malicious email attachments, according to a report Continue Reading
-
News
19 Aug 2024
Challenges of deploying PQC globally
Quantum computers will eventually be powerful and reliable enough to crack strong encryption. PQC is the answer, but it could take years to deploy Continue Reading
-
Opinion
19 Aug 2024
How might the UK's cyber landscape change under Labour?
With Labour returning to 10 Downing Street after 14 years, the Computer Weekly Security Think Tank panellists share advice and wish lists for the new government Continue Reading
-
News
16 Aug 2024
Thousands of NetSuite customers accidentally exposing their data
Misconfigured permissions across live websites are leaving thousands of NetSuite users open to having their valuable customer data stolen, researchers say Continue Reading
-
Opinion
15 Aug 2024
Google's cookie conundrum: What comes next?
Google's revised approach to third-party cookies shouldn't come as a surprise, and may also be welcome Continue Reading
-
Opinion
15 Aug 2024
With the right tools and strategy, public cloud should be safe to use
Despite the complexity and evolving nature of threats, with the right strategy, tools, and constant vigilance, businesses can safely and securely leverage public cloud services Continue Reading
-
News
14 Aug 2024
August Patch Tuesday proves busy with six zero-days to fix
Microsoft patches six actively exploited zero-days among over 100 issues during its regular monthly update Continue Reading
-
Opinion
13 Aug 2024
Labour's first cyber priority must be the NHS
With Labour returning to 10 Downing Street after 14 years, the Computer Weekly Security Think Tank panellists share advice and wish lists for the new government Continue Reading
-
Blog Post
09 Aug 2024
Cyberfirst needs more than a change of gear
Instead of establishing a new organisation, Cyberfirst should be restructured to work locally and nationally through the Cyber Security Council and existing mainstream on-line safety, safeguarding ... Continue Reading
-
Feature
09 Aug 2024
Deep dive into quantum-resistant cryptography for email security
Quantum computers have the potential to crack many of the encryption methods we currently rely on to keep our digital communications safe. Quantum-resistant cryptography may be the answer Continue Reading
-
News
08 Aug 2024
Royal ransomware crew puts on a BlackSuit in rebrand
The Royal ransomware gang is back, with a new name and refreshed capabilities, including an apparently unique ‘partial encryption’ gambit, according to CISA Continue Reading
-
News
08 Aug 2024
US lawmakers seek to brand ransomware gangs as terrorists
Proposals from legislators in Washington DC could shake up the global ransomware ecosystem and give law enforcement sweeping new powers Continue Reading
-
Opinion
07 Aug 2024
Cyber security adoption is vital to Scotland’s space race
Scotland has a golden opportunity to capitalise on space technology to make itself a global leader, but to maximise its potential in the new space race, more attention must be paid to cyber security risk Continue Reading
-
News
06 Aug 2024
Advanced faces fine over LockBit attack that crippled NHS 111
Advanced Software faces a multimillion pound fine for a series of failings which directly led to a 2022 LockBit ransomware attack that disrupted NHS and social care services across the UK Continue Reading
-
News
06 Aug 2024
2024 seeing more CVEs than ever before, but few are weaponised
The number of disclosed CVEs soared by 30% in the first seven-and-a-half months of the year, but a tiny fraction of these have been exploited by threat actors, a reminder of the importance of focused security strategies Continue Reading
-
News
05 Aug 2024
Chinese cyber attack sparks alert over six-year-old MS vuln
After a proof-of-concept for a six-year-old Microsoft vulnerability emerged in a Chinese APT attack chain, defenders should be on the look-out for exploitation of CVE-2018-0824 Continue Reading
-
News
05 Aug 2024
World’s largest companies at near-universal risk of supply chain breach
Data from SecurityScorecard once again focuses on the interconnected nature of business supply chains and the risk posed to operational resilience by unexpected IT problems and cyber threats Continue Reading
-
News
05 Aug 2024
Russia’s luxury car phish continues to prove effective
Government organisations and other bodies operating in Ukraine continue to be targeted by a relatively unsophisticated phishing campaign that has proven so effective for Russia’s cyber spooks that there are now multiple agencies involved Continue Reading
-
Opinion
05 Aug 2024
Cyber lessons, and priorities for the UK's new government
With Labour returning to 10 Downing Street after 14 years, the Computer Weekly Security Think Tank panellists share advice and wish lists for the new government Continue Reading
-
Opinion
02 Aug 2024
Labour should focus on talent to improve UK's cyber posture
With Labour returning to 10 Downing Street after 14 years, the Computer Weekly Security Think Tank panellists share advice and wish lists for the new government Continue Reading
-
News
01 Aug 2024
Police hunt scammers after takedown of Russian Coms fraud platform
The National Crime Agency has arrested four people after taking down a phone number spoofing platform used by criminals to defraud hundreds of thousands of people in the UK with more arrests to follow Continue Reading
-
Opinion
01 Aug 2024
Is it time to refresh the UK's cyber strategy?
With Labour returning to 10 Downing Street after 14 years, the Computer Weekly Security Think Tank panellists share advice and wish lists for the new government Continue Reading
-
News
01 Aug 2024
Banks, telcos call for more data sharing to fight fraud
A Which?-led coalition of banks and telecoms operators is calling on the UK's new government to take the lead on enabling data sharing to help fight digital fraud Continue Reading
-
Opinion
31 Jul 2024
When critical cyber response becomes second nature
When alerts and headlines blare out warnings of critical vulnerabilities in widely-used software, the cyber security community needs to adopt a more decisive and clear-cut approach, says Huntress' Chris Henderson Continue Reading
-
News
31 Jul 2024
Campaigners call for evidence to reform UK cyber laws
The CyberUp Campaign for reform of the 1990 Computer Misuse Act launches an industry survey inviting cyber experts to share their views on how the outdated law hinders legitimate work Continue Reading
-
Definition
31 Jul 2024
What is cyber attribution?
Cyber attribution is the process of tracking and identifying the perpetrator of a cyberattack or other cyber operation. Continue Reading
-
Feature
30 Jul 2024
CISO mentoring – who to turn to when the worst happens
Those who get the role of a CISO may have overcome some professional hurdles, but are they ready to face what comes as part of the job? And who do they ask for advice? We look at the mentoring dilemma Continue Reading
-
News
29 Jul 2024
Scam CrowdStrike domains growing in volume
Hundreds of malicious domains exploiting CrowdStrike’s branding are appearing all over the web in the wake of the 19 July outage. Experts from Akamai share some noteworthy examples, along with guidance on how to avoid getting caught out Continue Reading
-
News
29 Jul 2024
CrowdStrike says most Falcon sensors now up and running
The vast majority of CrowdStrike Falcon sensors affected by a coding error have now been recovered, with a final resolution expected this week Continue Reading
-
Opinion
26 Jul 2024
Mastering data privacy in the age of AI
AI continues to revolutionise how organisations operate, using vast amounts of personal data to make smart, informed decisions. However, this incredible potential comes with concerns about data privacy. DQM GRC's Mark James explores the issues. Continue Reading
-
Opinion
26 Jul 2024
Cyber crisis? How good PR can save your brand
Cyber attacks and data breaches can happen to anybody and often bring reputational damage and a loss of customer trust. How organisations publicly respond to such incidents can make or break them, and the importance of a good PR strategy cannot be underestimated Continue Reading
-
Opinion
26 Jul 2024
Cloud security challenges not just technological
The Computer Weekly Security Think Tank considers how CISOs and security practitioners should ensure that the business can make use of public cloud services safely and securely and avoid accidental or deliberate data leakage. Continue Reading
-
News
25 Jul 2024
North Korean cyber APT targeting nuclear secrets
Mandiant has upgraded the North Korean threat actor known as Andariel to APT status and warned of coordinated efforts to steal western military IP, including nuclear secrets Continue Reading
-
News
24 Jul 2024
Mimecast to buy insider threat specialist Code42
Mimecast is to buy fellow human-centred risk experts Code42 for an undisclosed sum to take advantage of its insider threat and data loss protection specialisms Continue Reading
-
News
23 Jul 2024
Innovations to power secure-by-design development
Secure Code Warrior unveils technology designed to help CISOs and AppSec teams ensure their projects remain safe and free of coding errors and vulnerabilities – a big issue following the CrowdStrike incident Continue Reading
-
News
23 Jul 2024
Chrome cookies reprieved amid Google Privacy Sandbox changes
Google abruptly changes tack on third-party cookies in its Chrome web browser, cancelling plans to deprecate them in favour of an unspecified ‘new experience’ for users Continue Reading
-
News
22 Jul 2024
NCA cracks digitalstress DDoS-for-hire operation
The UK authorities have taken down a major component of the multinational DDoS cyber attack-for-hire ecosystem, hacking into the digitalstress.su service and exfiltrating data on its users, who now face arrest Continue Reading
-
News
22 Jul 2024
NCSC: Beware of criminal CrowdStrike opportunists
Financially motivated cyber criminals are already conducting opportunistic attacks on organisations that leverage the CrowdStrike incident, and more targeted attacks are sure to follow Continue Reading
-
Definition
18 Jul 2024
What is employee monitoring?
Employee monitoring is when businesses monitor employees to improve productivity and protect corporate resources. Continue Reading
-
News
18 Jul 2024
Growth in nude image sharing heightens cyber abuse risk
The normalisation of sharing self-created intimate content with others is putting great numbers of people at risk of online abuse, says Kaspersky Continue Reading
-
News
17 Jul 2024
UK Cyber Bill teases mandatory ransomware reporting
In the Cyber Security and Resilience Bill introduced in the King's Speech, the UK's new government pledges to give regulators more teeth to ensure compliance with security best practice and to mandate incident reporting Continue Reading
-
News
17 Jul 2024
Hackney Council reprimanded over 2020 ransomware attack
The London Borough of Hackney has been reprimanded by the ICO over a series of failures that led to a devastating cyber attack, but at the same time, the regulator praised the local authority for its response and commitment to making improvements Continue Reading
-
News
16 Jul 2024
Strategic Defence Review must emphasise cyber security, says industry
Cyber security leaders say the new government's Strategic Defence Review needs to put digital security front and centre Continue Reading
-
News
12 Jul 2024
AT&T loses ‘nearly all’ phone records in Snowflake breach
Hackers have stolen records of virtually every call made by AT&T's customers during a six-month period in 2022, after compromising the US telco's Snowflake data environment Continue Reading
-
News
12 Jul 2024
Public awareness of ID security grows, but big obstacles remain
Consumers are improving their awareness of the issues around digital identity security, but there are still some big issues preventing many from doing better, according to an Okta report Continue Reading
-
News
11 Jul 2024
Dutch research firm TNO pictures the SOC of the future
In only a few years, security operations centres will have a different design and layout, and far fewer will remain Continue Reading
-
News
11 Jul 2024
Inside Israel’s cyber security operations
An emergency phone line allows cyber security analysts at the Israel Computer Emergency Response Team to map threats against national infrastructure Continue Reading
-
News
09 Jul 2024
Hyper-V zero-day stands out on a busy Patch Tuesday
Microsoft has fixed almost 140 vulnerabilities in its latest monthly update, with a Hyper-V zero-day singled out for urgent attention Continue Reading
-
News
09 Jul 2024
Chinese spies target vulnerable home office kit to run cyber attacks
China’s APT40 is ramping up targeting of victims using vulnerable small and home office networking kit as command and control infrastructure, according to an international alert Continue Reading
-
News
09 Jul 2024
Lessons from war: How Israel is fighting Iranian state-backed hacking
The general director of the Israel National Cyber Directorate talks about the rise in cyber attacks and what lessons the country has gleaned to defend against hacking from foreign parties Continue Reading
-
News
08 Jul 2024
Synnovis attack highlights degraded, outdated state of NHS IT
More cyber attacks against the health service are likely, and will succeed if something isn’t done to address the increasingly elderly NHS IT estate, experts are warning Continue Reading
-
Opinion
04 Jul 2024
Safeguarding democracy from cyber threat peril
There has been an increase in disturbing activity emerging on the dark web involving the sale of public sector assets, including election data Continue Reading
-
News
03 Jul 2024
NCA’s Operation Morpheus targets illicit Cobalt Strike use
International law enforcement operation targets cyber criminals using the Cobalt Strike penetration testing framework for dodgy purposes Continue Reading
-
Opinion
03 Jul 2024
Cyber Essentials at 10: Success or failure?
The Cyber Essentials scheme passed its 10th anniversary in June 2024. CyberSmart's Adam Pilton reflects on progress and argues that more needs to be done to raise security awareness among Britain's small business community Continue Reading
-
Opinion
02 Jul 2024
Security Think Tank: Securing today's ubiquitous cloud environment
The Computer Weekly Security Think Tank considers how CISOs and security practitioners should ensure that the business can make use of public cloud services safely and securely and avoid accidental or deliberate data leakage Continue Reading
-
News
28 Jun 2024
How Recorded Future is operationalising threat intelligence
Recorded Future is investing in APIs to enable automated security workflows, among other measures, to help organisations overcome the hurdles of operationalising threat intelligence Continue Reading
-
News
21 Jun 2024
Sellafield whistleblower ordered to pay costs after email tampering claims
A former consultant at Sellafield has been ordered to pay costs for having ‘acted unreasonably’ in claiming the nuclear facility tampered with metadata in letters used against her in court Continue Reading
-
News
21 Jun 2024
Qilin ransomware gang publishes stolen NHS data online
The ransomware gang behind a major cyber attack on NHS supplier Synnovis has published a 400GB trove of private healthcare data online Continue Reading
-
Blog Post
19 Jun 2024
An industry-wide agreement is needed to identify AI-generated content
With the UK general election coming on July 4th, there is very real concern that this election and others around the world are being influenced by artificial intelligence-powered (AI) content ... Continue Reading
-
Opinion
17 Jun 2024
Cloud security: Finding the right provider to protect your data
This month, the Computer Weekly Security Think Tank considers how CISOs and security practitioners should ensure that the business can make use of public cloud services safely and securely and avoid accidental or deliberate data leakage. Continue Reading
-
News
13 Jun 2024
Black Basta ransomware crew may be exploiting Microsoft zero-day
A Microsoft vulnerability that was addressed without fanfare in March may in fact have been exploited as a zero-day by the notorious Black Basta ransomware gang, threat hunters warn Continue Reading
-
Opinion
13 Jun 2024
Data leakage in the cloud – can data truly be safe in the cloud?
This month, the Computer Weekly Security Think Tank considers how CISOs and security practitioners should ensure that the business can make use of public cloud services safely and securely and avoid accidental or deliberate data leakage. Continue Reading
-
Opinion
12 Jun 2024
How to ensure public cloud services are used safely and securely
This month, the Computer Weekly Security Think Tank considers how CISOs and security practitioners should ensure that the business can make use of public cloud services safely and securely and avoid accidental or deliberate data leakage. Continue Reading
-
News
12 Jun 2024
RCE flaw and DNS zero-day top list of Patch Tuesday bugs
An RCE vulnerability in a Microsoft messaging feature and a third-party flaw in a DNS authentication protocol are the most pressing issues to address in Microsoft’s latest Patch Tuesday Continue Reading
-
Opinion
11 Jun 2024
True cloud security requires in-depth understanding
This month, the Computer Weekly Security Think Tank considers how CISOs and security practitioners should ensure that the business can make use of public cloud services safely and securely and avoid accidental or deliberate data leakage. Continue Reading
-
News
11 Jun 2024
Pure Storage hit by Snowflake credential hackers
Pure Storage emerges as the latest victim of a fast-spreading breach of Snowflake customers targeting users with lax credential security measures in place Continue Reading
-
News
11 Jun 2024
More than 160 Snowflake customers hit in targeted data theft spree
Mandiant reports that more than 160 Snowflake customers have been hit in a broad data theft and extortion campaign targeting organisations that have failed to pay proper attention to securing valuable credentials Continue Reading
-
News
07 Jun 2024
DDoS gang threatens to disrupt European elections
Russian hacktivists are threatening to disrupt the European Parliament elections, while the BBC reports on new deepfake threats to the UK’s electoral process Continue Reading
-
News
07 Jun 2024
Sophos uncovers Chinese state-sponsored campaign in Southeast Asia
Sophos found three distinct clusters of activity targeted at a high-level government organisation that appeared to be tied to Chinese interests in the South China Sea Continue Reading
-
News
06 Jun 2024
FBI finds 7,000 LockBit decryption keys in blow to criminal gang
The US authorities say they now have more than 7,000 LockBit decryption keys in their possession and are urging victims of the prolific ransomware gang to come forward Continue Reading
-
News
04 Jun 2024
OAIC files civil penalty action against Medibank
The OAIC alleges that Medibank failed to take reasonable steps to protect the personal information of 9.7 million Australians in the October 2022 data breach Continue Reading
-
Opinion
04 Jun 2024
Security Think Tank: The cloud just got more complicated
This month, the Computer Weekly Security Think Tank considers how CISOs and security practitioners should ensure that the business can make use of public cloud services safely and securely and avoid accidental or deliberate data leakage. Continue Reading
-
Opinion
04 Jun 2024
Building a more secure, and sustainable, open source ecosystem
In April 2024, the discovery of an intentionally-placed backdoor in the open source XZ Utils data compression caused concern. Sentry's Chad Whitacre says a more thoughtful approach is needed to balance the individual freedom and creativity of open source, with more rigorous security practice. Continue Reading
-
News
04 Jun 2024
Russia used fake AI Tom Cruise in Olympic disinformation campaign
Microsoft threat researchers report a surge in Russian disinformation campaigns targeting the 2024 Summer Olympics, including AI-enhanced propaganda Continue Reading
-
News
03 Jun 2024
97 FTSE 100 firms exposed to supply chain breaches
Between March 2023 and March 2024, 97 out of 100 companies on the UK’s FTSE 100 list were put at risk of compromise following supply chain breaches at third-party suppliers Continue Reading
-
News
29 May 2024
Proofpoint exposes AFF scammers’ piano gambit
Ransomware and nation state actors dominate the headlines, but fraud and scams still net career cyber criminals thousands from unsuspecting members of the public. Proofpoint reports on a campaign targeting victims of a musical inclination Continue Reading
-
News
29 May 2024
Organisations value digital trust, but aren’t working at it
Three quarters of organisations believe digital trust is relevant to their businesses, yet clear gaps in strategies still seem to persist Continue Reading
-
Opinion
29 May 2024
How to avoid joining the Dead Java Code Society
Unused or dead Java code is bogging down software engineers and developers, causing weird dependencies and security risks. Eric Costlow of Azul shares some advice on how to avoid becoming a member of a rather unpleasant club Continue Reading
-
News
28 May 2024
Executive Interview: Why Dell wants to be your one-stop AI shop
At Dell Technologies World in Las Vegas, artificial intelligence was the talk of the town as Dell staked out an all-encompassing strategy ahead of an anticipated goldrush. Dell’s Nick Brackney explains why the tech giant believes it's onto a winner Continue Reading
-
News
23 May 2024
Northern Ireland police face £750,000 fine after data protection blunder put lives at risks
Information commissioner John Edwards uses discretion to reduce proposed fine from £5.6m to £750,000 Continue Reading
-
News
22 May 2024
Rockwell urges users to disconnect ICS equipment
ICS systems maker Rockwell Automation calls on users to take steps to secure their equipment, and reminds them there is no reason to ever have its hardware connected to the public internet, as it tracks an increase in global threat activity Continue Reading
-
News
21 May 2024
Parliamentary committee criticises big tech response to election threats
Parliamentary committee says tech companies ‘regurgitated publicly available content’ and failed to address questions raised by MPs and peers Continue Reading
-
News
21 May 2024
The Security Interviews: What is the real cyber threat from China?
Former NCSC boss Ciaran Martin talks about nation-state attacks, why the UK has become so exercised about cyber espionage, and how our leaders are in danger of misunderstanding their adversaries Continue Reading
-
News
17 May 2024
Why the UK needs to fix its broken IT security market
Ollie Whitehouse, CTO of GCHQ’s National Cyber Security Centre, says the market for secure software is broken. Are new laws required to make software companies liable for poor security? Continue Reading
-
News
15 May 2024
GCHQ to protect politicians and election candidates from cyber attacks
The National Cyber Security Centre, part of GCHQ, to protect election candidates from hostile state cyber attacks Continue Reading
-
News
15 May 2024
Cyber Safety Force wants to change conversation around risk
A consortium to help cyber pros better manage risk has launched, with ambitious goals to change the nature of the conversation from cyber security to cyber safety Continue Reading
-
News
15 May 2024
Critical SharePoint, Qakbot-linked flaws focus of May Patch Tuesday
A critical SharePoint vulnerability warrants attention this month, but it is another flaw that seems to be linked to the infamous Qakbot malware that is drawing attention Continue Reading