Security policy and user awareness
-
News
19 Dec 2024
LockBit ransomware gang teases February 2025 return
An individual associated with the LockBit ransomware gang has broken cover to tease details of a new phase of the cyber criminal operation's activity, which they claim is set to begin in February 2025 Continue Reading
-
News
19 Dec 2024
Latest attempt to override UK’s outdated hacking law stalls
Amendments to the Data Bill that would have given the UK cyber industry a boost by updating restrictive elements of the Computer Misuse Act have failed to progress beyond a Lords committee Continue Reading
-
News
17 Jan 2024
NCSC invites security pros to join the big leagues
The NCSC is inviting security pros from across the UK to sign up to work with its experts on an intelligence-sharing initiative Continue Reading
-
Feature
17 Jan 2024
Biometric revolution in IAM: The future of authentication
The IAM landscape is experiencing profound change thanks to the advent of biometrics. Learn about the latest advantages and key benefits of biometrics in identity Continue Reading
-
News
17 Jan 2024
The Security Interviews: Rebecca Taylor, SecureWorks Counter Threat Unit
In October 2023, Rebecca Taylor of the SecureWorks Counter Threat Unit was recognised at the annual Security Serious Unsung Heroes Awards for her work. Computer Weekly caught up with her to talk mentoring, cyber career development and diversity Continue Reading
-
News
17 Jan 2024
Victims of 2023 Capita data breaches head to High Court
More than 5,000 people impacted by data breaches arising from two cyber incidents affecting outsourcer Capita have joined a group action lawsuit Continue Reading
-
News
17 Jan 2024
Singapore proposes governance framework for generative AI
AI Verify Foundation and Infocomm Media Development Authority have proposed a governance framework for generative AI to address the risks and concerns about the emerging technology Continue Reading
-
News
16 Jan 2024
Kaspersky shares Pegasus spyware-hunting tool
Kaspersky has developed a way of easily exposing the presence of Pegasus spyware on iOS devices and believes its methodology may also help users identify other such surveillance malware Continue Reading
-
Opinion
16 Jan 2024
The human toll of ransomware: how IT pros suffer during incidents
Any ransomware attack causes significant challenges for a business or organisation going through such incident. But ransomware attacks also have tremendous impact on the staff – especially IT teams – working on mitigating the attack’s effect Continue Reading
-
Feature
15 Jan 2024
British Library cyber attack explained: What you need to know
In this essential guide, Computer Weekly investigates the cyber attack on the British Library that has rendered IT systems inoperable and caused service disruption to thousands of users Continue Reading
-
News
15 Jan 2024
Russia hacked ex-MI6 chief’s emails – what they reveal is more Dad’s Army than deep state
A Russian hacking group that published emails of ex-MI6 chief Richard Dearlove claimed to have uncovered a conspiracy, but it was more Dad’s Army than the ‘deep state’, Computer Weekly and Byline Times reveal Continue Reading
-
News
15 Jan 2024
NCA director sacked after WhatsApp and email security breaches
Nikki Holland, former director of investigations at the NCA, was sacked for “misconduct” after sending sensitive NCA information over personal email and WhatsApp Continue Reading
-
News
10 Jan 2024
Windows Kerberos, Hyper-V vulns among January Patch Tuesday bugs
Microsoft starts 2024 right with another slimline Patch Tuesday drop, but there are some critical vulns to be alert to, including a number of man-in-the-middle attack vectors Continue Reading
-
News
10 Jan 2024
SEC social media hack highlights value of MFA
The US SEC briefly appeared to approve new bitcoin trading rules after a social media account was targeted by troublemakers, proving the value of MFA once again Continue Reading
-
News
09 Jan 2024
Study reveals cyber risks to US elections
With the 2024 US presidential election cycle beginning, a study produced by Arctic Wolf has highlighted big gaps in preparedness and resourcing at government bodies across the US Continue Reading
-
News
08 Jan 2024
British Library ransomware attack could cost up to £7m
The cost of recovering the British Library’s ransomware-stricken IT systems could be up to £7m, it has emerged Continue Reading
-
News
03 Jan 2024
Dutch working to promote cooperation in Europe to keep internet safe
A Dutch cooperative approach offers national and international cooperation opportunities for ISPs to guard against DDoS attacks, lawful interception and detect abuse in networks Continue Reading
-
News
02 Jan 2024
China’s UNC4841 pivots to new Barracuda ESG zero-day
The Chinese state threat actor behind a series of cyber attacks on Barracuda Networks customers embarked on a campaign targeting the supplier’s email security products in the run-up to Christmas Continue Reading
-
Blog Post
29 Dec 2023
2024: Putting Cyber Resilience into Social, Political, Business and Budget context.
On-line Safety, Safeguarding, Security, Counter-fraud and Resilience matter to voters and business. Cyber does not ... until they become victims ... Online crime is, however, now the world’s third ... Continue Reading
-
Feature
28 Dec 2023
Decoding zero trust in endpoint security: A practical guide for CISOs
The exponential increase in endpoints has vastly expanded the average organisation’s attack surface – address this by applying zero-trust best practice to endpoints Continue Reading
-
Definition
21 Dec 2023
What is the CIA triad (confidentiality, integrity and availability)?
The CIA triad refers to confidentiality, integrity and availability, describing a model designed to guide policies for information security within an organization. Continue Reading
-
News
21 Dec 2023
Top 10 cyber crime stories of 2023
Ransomware gangs dominated the cyber criminal underworld in 2023, a year that will prove notable for significant evolutionary trends in their tactics Continue Reading
-
Opinion
20 Dec 2023
Beyond the office walls: Safeguarding remote workers from attack
Remote working has enabled people to work from almost anywhere but has piled pressure on cyber pros. Three years after Covid, how are best practices evolving and what can we expect going forward? Continue Reading
-
Opinion
20 Dec 2023
Zero-trust principles: Your gateway to securing remote workers
Remote working has enabled people to work from almost anywhere but has piled pressure on cyber pros. Three years after Covid, how are best practices evolving and what can we expect going forward? Continue Reading
-
Opinion
20 Dec 2023
What we learned in cyber in 2023, and what to look out for
PA Consulting's Rasika Somasiri looks back at a busy 12 months in the cyber security world, and highlights some key learnings from 2023 Continue Reading
-
Opinion
20 Dec 2023
Evolving best practice: What next for securing remote work?
Remote working has enabled people to work from almost anywhere but has piled pressure on cyber pros. Three years after Covid, how are best practices evolving and what can we expect going forward? Continue Reading
-
Opinion
19 Dec 2023
Security Think Tank: Testing to improve remote worker security
Remote working has enabled people to work from almost anywhere but has piled pressure on cyber pros. Three years after Covid, how are best practices evolving and what can we expect going forward? Continue Reading
-
News
19 Dec 2023
Top 10 cyber security stories of 2023
The past 12 months have seen the security agenda dominated by the usual round of vulnerabilities, concerns over supply chain security and more besides, but it was the chaotic state of global geopolitics that really made an impact Continue Reading
-
Opinion
19 Dec 2023
Security Think Tank: Anytime, anywhere access is achievable
Remote working has enabled people to work from almost anywhere but has piled pressure on cyber pros. Three years after Covid, how are best practices evolving and what can we expect going forward? Continue Reading
-
News
14 Dec 2023
The Security Interviews: Talking identity with Microsoft’s Joy Chik
Microsoft’s president of identity and network access, Joy Chik, joins Computer Weekly to discuss the evolving threat landscape in identity security, using innovations in artificial intelligence to stay ahead, and advocating for the coming passwordless future Continue Reading
-
News
14 Dec 2023
NCSC CEO Lindy Cameron to step down in 2024
NCSC chief exec Lindy Cameron, who helped lead and elevate the national dialogue on cyber security through major events such as Covid-19, SolarWinds Sunburst and Colonial Pipeline, is to step down in the New Year Continue Reading
-
News
13 Dec 2023
Microsoft’s Christmas present for cyber teams: no zero-days
Barely 30 vulnerabilities, and no zero-days, have been fixed in the final Patch Tuesday drop of 2023 Continue Reading
-
News
13 Dec 2023
Critical UK infrastructure a ‘hostage of fortune’ to ransomware
A lack of ransomware planning and preparedness at the highest levels of government is leaving UK operators or critical national infrastructure dangerously exposed, according to a Joint Committee report Continue Reading
-
News
12 Dec 2023
MoD fined after breach of Afghan staffers’ data put lives at risk
The MoD has been fined £350,000 by the ICO after an email blunder exposed data on Afghan nationals who had worked with British forces and were at risk of Taliban reprisals Continue Reading
-
News
12 Dec 2023
Outdated data protection practice key factor in PSNI data breach
The August 2023 data breach at the Police Service of Northern Ireland arose chiefly from an outdated approach to data protection and compliance at the force, according to an independent review Continue Reading
-
News
08 Dec 2023
Fancy Bear targets Nato entities via critical Outlook flaw
A vulnerability patched in March has likely been exploited by the Russian state actor Fancy Bear, for over two years, according to the latest intelligence Continue Reading
-
News
07 Dec 2023
UK names Russian FSB agents behind political hacking campaign
Russian hacking group, Star Blizzard, was part of a Russian intelligence operation aimed at interfering with UK politics and the democratic process, says government. Continue Reading
-
News
07 Dec 2023
2023 may have seen highest ransomware ‘body count’ yet
Ransomware, or cyber extortion as it is increasingly being termed, remained the most prominent security threat in 2023 – and thanks to large-scale supply chain attacks, the past 12 months may have seen the most victims ever Continue Reading
-
Opinion
07 Dec 2023
Considerations for the security of evolving workspaces
Remote working has enabled people to work from almost anywhere but has piled pressure on cyber pros. Three years after Covid, how are best practices evolving and what can we expect going forward? Continue Reading
-
News
06 Dec 2023
Government launches UK-wide Cyber Explorers Cup
Schoolkids across the UK are being called on to team up and defeat Herbert the Hacker in a new government-backed competition Continue Reading
-
Feature
05 Dec 2023
How to recover systems in the event of a cyber attack
Recovering compromised systems after a cyber attack isn’t easy, but understanding industry best practice offers a template for the key processes to follow Continue Reading
-
News
05 Dec 2023
Operator of Sellafield nuclear facility denies hacking claims
The operator of the Sellafield nuclear site has denied allegations that senior managers covered up a series of cyber security lapses that enabled Chinese and Russian threat actors to compromise its networks Continue Reading
-
Opinion
04 Dec 2023
Cyber and remote working: How Covid moved the cursor
Remote working has enabled people to work from almost anywhere but has piled pressure on cyber pros. Three years after Covid, how are best practices evolving and what can we expect going forward? Continue Reading
-
01 Dec 2023
National Cyber Security Centre publishes landmark guidelines on AI cyber security
The NCSC and its US counterpart CISA have brought together tech companies and governments to agree new guidelines to promote a secure-by-design culture in artificial intelligence development. Continue Reading
-
News
01 Dec 2023
Report reveals sorry state of cyber security at UK football clubs
Football clubs up and down the country are putting staff, players and fans alike at risk through outdated attitudes to cyber security, according to a report Continue Reading
-
Opinion
01 Dec 2023
Security Think Tank: Four steps to secure remote workers
Remote working has enabled people to work from almost anywhere but has piled pressure on cyber pros. Three years after Covid, how are best practices evolving and what can we expect going forward? Continue Reading
-
Opinion
30 Nov 2023
Prepare for your worst day: How to create a cyber incident response plan
What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading
-
News
30 Nov 2023
Government’s Online Fraud Charter welcomed
The government has corralled 11 of the largest tech platforms in the world to commit to its Online Fraud Charter, designed to tackle online scams, fake adverts, and more Continue Reading
-
News
29 Nov 2023
Scope of Okta helpdesk breach widens to impact all users
Okta has widened the scope of the October breach of its systems to include every customer that has used its helpdesk service, after new information came to light Continue Reading
-
News
28 Nov 2023
Volume of unique malware samples threatens to overwhelm defenders
A massive increase in malware volumes could cause problems for security teams tasked with adapting their defences against them Continue Reading
-
News
27 Nov 2023
NCSC publishes landmark guidelines on AI cyber security
The NCSC and its US counterpart CISA have brought together tech companies and governments to countersign a new set of guidelines aimed at promoting a secure-by-design culture in AI development Continue Reading
-
News
23 Nov 2023
MOVEit incident spurred UK decision makers to spend big on cyber
The MOVEit cyber attacks that unfolded in the spring and summer of 2023 seem to have driven an increase in both ransomware awareness and spend, according to a report Continue Reading
-
News
23 Nov 2023
Australia ups ante on cyber security
Australia’s new cyber security strategy will focus on building threat-blocking capabilities, protecting critical infrastructure and improving the cyber workforce, among other priorities Continue Reading
-
News
22 Nov 2023
An inside look at a Scattered Spider cyber attack
Threat researchers at ReliaQuest share the inside track on a Scattered Spider cyber attack they investigated Continue Reading
-
News
22 Nov 2023
CISA reveals how LockBit hacked Boeing via Citrix Bleed
As alarm grows around the world about the impact of the so-called Citrix Bleed vulnerability, Boeing has shared details of its experience at the hands of the LockBit ransomware crew Continue Reading
-
News
21 Nov 2023
Over half of SME cyber incidents now ‘malware-free’
The age of malware-driven cyber attacks may have peaked, at least when it comes to incidents affecting small and medium sized enterprises Continue Reading
-
Opinion
21 Nov 2023
Why transparency and accountability are important in cyber security
If we accept that the humans who build technology and systems are naturally fallible and mistakes inevitable, and then deal with that with good grace, we could do much to improve cyber standards, writes Bugcrowd's Casey Ellis Continue Reading
-
News
21 Nov 2023
Internal documents leaked as Rhysida claims responsibility for British Library ransomware attack
Ransomware group Rhysida threatens to sell documents stolen from the British Library to the highest bidder Continue Reading
-
E-Zine
21 Nov 2023
Can AI take education to a new level?
In this week’s Computer Weekly, we examine how large language models are being used to teach, support and assess students, enhancing education rather than impairing it. We look at how the AI revolution is impacting the semiconductor sector as the big tech companies put off server upgrades. And we find out how generative AI is changing the way enterprise software works. Read the issue now. Continue Reading
-
News
20 Nov 2023
Cubbit DS3 Composer brings DIY cloud to object storage pool
Cubbit customers can now build and configure S3-compatible clouds from unused capacity and offer MSP-grade services with high levels of resilience, security and data sovereignty Continue Reading
-
Opinion
20 Nov 2023
Security incident response teams are human, too
What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading
-
Blog Post
16 Nov 2023
Custom chatbots and model gardens: putting Private AI to work
Part 2: More to think about It’s essential to decide where to run your Private AI - or who you will get to run it for you, in some cases - but that is just the start. Assuming that you also want ... Continue Reading
-
News
16 Nov 2023
Ransomware gang grasses up uncooperative victim to US regulator
The ALPHV/BlackCat ransomware gang has added a new tactic to its playbook, going to ever more extreme lengths in search of a pay-off Continue Reading
-
News
15 Nov 2023
BlackCat affiliate seen using malvertising to spread ransomware
Researchers at eSentire identified a wave activity from an ALPHV/BlackCat ransomware affiliate which has adopted a somewhat unusual approach to delivering its locker Continue Reading
-
Opinion
10 Nov 2023
Breached? Don't panic… if you created a robust IR plan
What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading
-
News
09 Nov 2023
Revealed: How Russia’s Sandworm ramped up attacks on Ukraine’s critical infrastructure
New Mandiant intelligence reveals how the APT known as Sandworm has been evolving its playbook, twisting legitimate executables known as LoLBins into malicious tools as it seeks to disrupt daily life in Ukraine Continue Reading
-
Opinion
09 Nov 2023
The best IR plans are well-revised and deeply familiar
What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading
-
News
09 Nov 2023
NCSC makes annual Black Friday plea to consumers
Ahead of the annual festival of retail avarice, the NCSC is once again asking consumers to do the bare minimum to avoid falling victim to scams Continue Reading
-
News
09 Nov 2023
The Security Interviews: Why cyber needs to integrate better
Cyber security is an intensely technical field, but we shouldn’t ignore the soft skills of communication and collaboration. Wipro’s Tony Buffomante explains why a robust security posture is dependent on a security team engaging with the wider organisation Continue Reading
-
Opinion
08 Nov 2023
The plan for the inevitable cyber attack: Get the gist of NIST
What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading
-
News
08 Nov 2023
The Security Interviews: ISC2’s Clar Rosso on cyber diversity and policy
Computer Weekly catches up with ISC2 CEO Clar Rosso to talk about diversifying the cyber workforce and supporting cyber pros as they keep up with growing compliance and security policy demands Continue Reading
-
News
07 Nov 2023
Researchers ‘break’ rule designed to guard against Barracuda vulnerability
Vectra AI researchers found that a Suricata rule designed to detect exploitation of a dangerous Barracuda Email Security Gateway flaw was not entirely effective Continue Reading
-
Opinion
07 Nov 2023
Enhancing security: The crucial role of incident response plans
What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading
-
News
07 Nov 2023
Unesco unveils seven-point anti-disinformation plan
United Nations body outlines seven proposals for civil society, governments, regulators and tech platforms to adopt to combat the source of disinformation Continue Reading
-
Opinion
06 Nov 2023
IR plans: The difference between disaster and recovery
What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading
-
Opinion
03 Nov 2023
Incident response planning requires constant testing
What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading
-
News
02 Nov 2023
Admins told to take action over F5 Big-IP platform flaws
Two vulnerabilities in the widely used F5 Networks Big-IP platform are now being exploited in the wild Continue Reading
-
News
02 Nov 2023
UK workers exhibit poor security behaviours, report reveals
Report by KnowBe4 has found that four in five UK workers do not make security-conscious choices, whether in-office, remote or hybrid working Continue Reading
-
Opinion
02 Nov 2023
Use existing structures to build your incident response plan
What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading
-
News
02 Nov 2023
How the UK crime agency repurposed Amazon cloud platform to analyse EncroChat cryptophone data
UK crime agency repurposed AWS-based analytics platform to triage EncroChat data and identify threats to life in messages sent on encrypted phone network Continue Reading
-
News
02 Nov 2023
EU digital ID reforms should be ‘actively resisted’, say experts
Over 300 cyber security experts have called for the EU to rethink its proposals for eIDAS digital identity reforms, saying some of the provisions risk damaging user privacy and security Continue Reading
-
Opinion
01 Nov 2023
Incident response planning is vulnerable to legacy thinking
What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading
-
News
01 Nov 2023
Darktrace CEO Poppy Gustafsson on her AI Safety Summit goals
As the AI Safety Summit at Bletchley Park takes place, Computer Weekly caught up with Darktrace CEO Poppy Gustafsson to find out what one of the UK’s most prominent AI advocates wants from proceedings Continue Reading
-
Opinion
30 Oct 2023
Reported major cyberattacks are falling – but watch out for the massive threats posed by gen AI
The number of reported major cyberattacks is falling. Are we just getting used to them? Continue Reading
-
News
27 Oct 2023
Tech firms cite risk to end-to-end encryption as Online Safety Bill gets royal assent
Tech firms continue to be concerned that the Online Safety Bill could undermine end-to-end encryption despite government reassurances Continue Reading
-
News
27 Oct 2023
Microsoft warns over growing threat from Octo Tempest gang
The English-speaking Octo Tempest extortion gang – which became an ALPHV/BlackCat affiliate recently – presents one of the most significant and rapidly growing threats to large organisations at this time, says Microsoft Continue Reading
-
News
27 Oct 2023
How Elastic manages cyber security threats
Mandy Andress, CISO at Elastic, highlights the company’s approach to tackling evolving cyber threats through the use of AI tools and enhanced security measures while strengthening the capabilities of its security offerings Continue Reading
-
News
26 Oct 2023
ChatGPT, Bard, lack effective defences against fraudsters, Which? warns
Consumer advocacy Which? warns that popular generative AI tools are vulnerable to loopholes that render existing protections against malicious usage easily bypassed Continue Reading
-
News
26 Oct 2023
Boardrooms losing control in generative AI takeover, says Kaspersky
C-suite executives are increasingly fretful about what they perceive as a ‘silent infiltration’ of generative AI tools across their organisations Continue Reading
-
News
25 Oct 2023
Demystifying the top five OT security myths
Goh Eng Choon, president of ST Engineering’s cyber business, outlines the common myths around OT security in a bid to raise awareness of the security challenges confronting OT systems Continue Reading
-
News
24 Oct 2023
Cisco hackers likely taking steps to avoid identification
Cisco confirms that a drop in detections of devices compromised by two zero-days was likely the result of reactive measures taken by the threat actors to avoid discovery Continue Reading
-
News
24 Oct 2023
Research team tricks AI chatbots into writing usable malicious code
Researchers at the University of Sheffield have demonstrated that so-called Text-to-SQL systems can be tricked into writing malicious code for use in cyber attacks Continue Reading
-
Opinion
24 Oct 2023
The new data landscape: how will the new UK-US data bridge affect businesses?
With the UK-US data bridge coming into effect on 12 October 2023, find out what steps your organisation can take to take advantage of, and remain compliant with, the new framework Continue Reading
-
News
24 Oct 2023
Kaspersky opens up over spyware campaign targeting its staffers
Kaspersky has shared more details of the TriangleDB spyware that was used against its own workforce by an unknown APT group Continue Reading
-
News
24 Oct 2023
Customers speak out over Okta’s response to latest breach
Customers of identity specialist Okta have been attacked via a compromise of its systems, and are claiming Okta’s response leaves something to be desired Continue Reading
-
News
24 Oct 2023
Suzy Lamplugh Trust treads path to improved cyber resilience
Personal safety charity enlists the support of the London Cyber Resilience Centre to improve staff awareness and strengthen its overall cyber resilience Continue Reading
-
News
23 Oct 2023
Cisco pushes update to stop exploitation of two IOS XE zero-days
Cisco releases updates to thwart exploitation of two flaws affecting users of its IOS XE software Continue Reading
-
News
23 Oct 2023
How Ensign is leading the charge in cyber security
Lee Fook Sun, chairman of Ensign InfoSecurity, traces the company’s journey and how it is leading the charge in cyber security by doing things differently, investing in R&D and engaging with the wider ecosystem Continue Reading
-
News
20 Oct 2023
Computer Weekly contributor named Godfather of UK Security
Advent IM founder Mike Gillespie was among those honoured at the eighth annual Security Serious Unsung Heroes Awards Continue Reading
-
E-Zine
20 Oct 2023
CW APAC: Buyer’s guide to IAM
Identity access management tools are proving pivotal in the race to outwit cyber criminals. In this handbook, focused on IAM in the Asia-Pacific region, Computer Weekly takes a closer look at their capabilities, CyberArk’s growth, the uses of automation and how ForgeRock enhances user experience. Continue Reading
-
News
20 Oct 2023
RagnarLocker cyber gang that pioneered double extortion busted
Europol and the FBI have taken down the RagnarLocker ransomware crew, a long-standing gang that helped pioneer some now common tactics, taking its dark web negotiation and data leak sites offline Continue Reading
-
News
19 Oct 2023
Nuclear regulator raps EDF over cyber compliance
The Office for Nuclear Regulation says EDF has come up short on needed measures to improve cyber security standards at several critical UK nuclear facilities Continue Reading