Security policy and user awareness
-
News
19 Dec 2024
LockBit ransomware gang teases February 2025 return
An individual associated with the LockBit ransomware gang has broken cover to tease details of a new phase of the cyber criminal operation's activity, which they claim is set to begin in February 2025 Continue Reading
-
News
19 Dec 2024
Latest attempt to override UK’s outdated hacking law stalls
Amendments to the Data Bill that would have given the UK cyber industry a boost by updating restrictive elements of the Computer Misuse Act have failed to progress beyond a Lords committee Continue Reading
-
Opinion
26 Jul 2023
NATO countries must coordinate their cyber forces to combat the Russian threat
The top item on the agenda at the Vilnius NATO Summit this month was the revamping the alliance’s defences. Continue Reading
-
News
26 Jul 2023
UK organisations lack confidence to carry out basic cyber tasks
Amid a shortfall of more than 10,000 cyber pros, UK businesses are still finding it difficult to fill their cyber security skills gaps, with even those in charge of security saying they lack confidence in themselves Continue Reading
-
News
25 Jul 2023
Cisco, BT and others launch network security coalition
Network Resilience Coalition focuses on bringing together global expertise to improve data and network security Continue Reading
-
News
25 Jul 2023
Tetra radio users’ comms may have been exposed for years
A number of flaws in the encryption algorithms used in the secure Tetra radio communications standard have potentially left users exposed to snooping Continue Reading
-
News
24 Jul 2023
Citrix NetScaler users told to patch new zero-day urgently
A vulnerability disclosed and patched last week by Citrix appears to be being exploited by China-backed threat actors as a zero-day, prompting warnings from government cyber bodies Continue Reading
-
News
24 Jul 2023
Security AI and automation may reduce cost of data breaches
Organisations that go all in on security AI and automation tend to incur lower financial costs when they experience a data breach incident, according to an IBM report Continue Reading
-
News
24 Jul 2023
Why cyber security should be part of your ESG strategy
The impact of data breaches and cyber threats on businesses, societies and the environment makes cyber security a key consideration in an environment, social and governance strategy Continue Reading
-
Opinion
21 Jul 2023
Future Cyber Threats: The four ‘horsemen of the apocalypse’
How to deal with emerging security threats from deep fake humans to the end of secure encryption Continue Reading
-
Feature
21 Jul 2023
Handbook helps Dutch organisations migrate to quantum-safe communication
Organisations must start implementing new cryptography standards – as migration is a lengthy process Continue Reading
-
Feature
21 Jul 2023
What the Product Security and Telecommunications Infrastructure Act means for UK industry
For years, many network-connected devices have lacked adequate security, putting their users and others at risk of cyber attacks. The UK’s PSTI Act aims to prevent this by mandating minimum security requirements, but what impact will this have on industry? Continue Reading
-
News
20 Jul 2023
Renowned hacker and social engineer Kevin Mitnick dead at 59
Famed hacker and social engineer Kevin Mitnick, who was at one time one of the most wanted cyber criminals in the world, has died peacefully at the age of 59 from complications arising from pancreatic cancer, following a 14-month illness Continue Reading
-
News
20 Jul 2023
How the DSMA balances security and privacy with press freedom
In a world of information sharing and 24-hour news cycles, the Defence and Security Media Advisory committee have to balance national security and data privacy with freedom of the press Continue Reading
-
News
20 Jul 2023
Attention-seeking KillNet hacktivists becoming more dangerous
The KillNet DDoS gang seems to be becoming more dangerous, but its primary goal remains to create a lot of noise and draw media attention, according to latest analysis Continue Reading
-
Opinion
19 Jul 2023
At the gates – How to survive the era of cyber insecurity
Businesses face more legal risks, a mine field of regulation, and individual liability for failures. Getting the basis right is more important than ever. Continue Reading
-
News
19 Jul 2023
Half of cyber pros engage in risky behaviour at work, report claims
Approximately 55% of security professionals say they have engaged in behaviours they would more usually advise against in the workplace, according to a report Continue Reading
-
News
19 Jul 2023
Cyber criminal AI tool WormGPT produces ‘unsettling’ results
A newly discovered generative AI tool dubbed WormGPT is being sold to the cyber criminal underground via the dark web, and poses a significant danger, researchers warn Continue Reading
-
Blog Post
17 Jul 2023
Improving the Cyber Resilience of London
The London Cyber Resilience Centre is an umbrella for partnerships to deliver support and services for micro-businesses and sole traders at scale and help address the on-line safety, safeguarding, ... Continue Reading
-
Opinion
17 Jul 2023
The essential role of PETs in unlocking the trillion dollar SaaS market
Ahead of the Eyes-Off Data Summit in Dublin, Jack Fitzsimons of Oblivious AI explains why so-called Privacy Enhancing Technologies or PETs may hold the key to unlocking the full potential of SaaS in the enterprise Continue Reading
-
News
17 Jul 2023
Police Scotland use cloud for biometric data despite clear risks
Police Scotland confirms it has stored significant volumes of biometric data on a cloud-based digital evidence sharing system despite major ongoing data protection concerns, bringing into question the effectiveness of the current regulatory approach and the overall legality of using hyperscale public cloud technologies in a policing context Continue Reading
-
News
13 Jul 2023
Microsoft issues new warning over Chinese cyber espionage
A newly uncovered Chinese espionage campaign exploited forged authentication tokens to access its victims’ email accounts, says Microsoft Continue Reading
-
News
13 Jul 2023
One month after MOVEit: New vulnerabilities found as more victims are named
Five weeks after the mass MOVEit breach, new vulnerabilities in the file transfer tool are coming to light as the Clop cyber crime group continues to terrorise victims. But has the gang bitten off more than it can chew? Continue Reading
-
E-Zine
13 Jul 2023
CW EMEA: Can we trust AI?
Artificial intelligence and the opportunities and dangers it introduces into society has been a hotly debated subject in tech circles for many years, but today with the increased use of platforms such as ChatGPT, these debates include a wider section of the public. The fact that schoolchildren are even asking ChatGPT for help with their homework brings home the importance of these debates and the responses to them by national policy-makers. Continue Reading
-
News
12 Jul 2023
Cozy Bear lures victims with used BMW 5 Series
A recent Cozy Bear campaign saw the Russian APT group pivot to exploiting an advert for a used car as it targeted diplomatic missions in Kyiv Continue Reading
-
News
12 Jul 2023
Microsoft users on high alert over dangerous RCE zero-day
A serious RCE vulnerability in Microsoft Office and Windows is among several zero-days disclosed in Redmond’s July Patch Tuesday update, but this one does not have a patch yet Continue Reading
-
News
11 Jul 2023
EU formally grants data adequacy to US
The European Commission has formally granted the US data adequacy, allowing companies and organisations to freely transfer personal data across the Atlantic via the EU-US Data Privacy Framework. But privacy activist Max Schrems has already committed to legally challenging the decision Continue Reading
-
News
11 Jul 2023
Malicious URL volumes soar as cyber criminals pull on Threads
Malicious actors have been quick to exploit the buzz around Meta’s newly launched Threads platform, with thousands of new suspicious domains registered exploiting its branding Continue Reading
-
News
11 Jul 2023
Apple pushes Rapid Response patch to fix WebKit zero-day
Apple deployed an emergency patch under its Rapid Security Response update programme, but had to temporarily suspend delivery after it caused problems for users of the Safari browser Continue Reading
-
News
07 Jul 2023
Suspicious email reported every five seconds in UK
National Cyber Security Centre report reveals a suspicious email was reported by UK citizens and organisations every five seconds last year Continue Reading
-
News
06 Jul 2023
Meta’s Threads hits app stores, but no EU launch in sight
Meta’s Twitter competitor makes its debut and signs up millions of users in just 12 hours, but concerns over compliance with the EU’s Digital Markets Act have sunk a pan-European launch for now Continue Reading
-
Opinion
30 Jun 2023
The time to implement an internal AI usage policy is now
As with any emerging technology, AI’s growth in popularity establishes a new attack surface for malicious actors to exploit, thereby introducing new risks and vulnerabilities to an increasingly complex computing landscape. Continue Reading
-
Opinion
29 Jun 2023
Navigating cyber security under ChatGPT
Balancing the risk and reward of ChatGPT – as a large language model (LLM) and an example of generative AI – begins by performing a risk assessment of the potential of such a powerful tool to cause harm Continue Reading
-
News
27 Jun 2023
3,600 potential cyber security experts apply to government scheme
The UK government’s Upskill in Cyber programme is reporting great success just a month after launch, with almost half of applicants women Continue Reading
-
Feature
26 Jun 2023
Could social media revolutionise war crimes trials?
Computer Weekly speaks with open source investigators about how they use social media to gather evidence of war crimes, and the trouble with using such evidence in legal proceedings Continue Reading
-
Opinion
26 Jun 2023
ChatGPT’s phishing ‘problem’ may not be overstated
Some data now suggests that threat actors are indeed using ChatGPT to craft malicious phishing emails, but the industry is doing its best to get out in front of this trend, according to the threat intelligence team at Egress Continue Reading
-
News
23 Jun 2023
ICO under fire for taking limited action over serious data breaches
The ICO has come under fire from lawyers and data protection specialists for just issuing written warnings to two public bodies over serious data breaches that placed people’s lives at risk Continue Reading
-
News
23 Jun 2023
Phishing and ransomware dominate Singapore’s cyber threat landscape
Phishing and ransomware attacks continued apace in Singapore last year amid signs of improving cyber hygiene Continue Reading
-
News
22 Jun 2023
Lancaster University launches trailblazing cyber MBA
MBA programme at Lancaster University designed to deliver security leadership education to business leaders has received NCSC backing Continue Reading
-
News
21 Jun 2023
Nearly quarter of a million malicious websites reported and removed through NCSC service
A suspicious email and text message reporting service in the UK has directly led to a quarter of a million malicious websites being removed Continue Reading
-
Feature
20 Jun 2023
ChatGPT is creating a legal and compliance headache for business
ChatGPT’s increased use in the workplace has led many to question its legal and compliance implications for businesses. Experts warn that the software poses major security and copyright risks Continue Reading
-
News
15 Jun 2023
Exploitation of Barracuda ESG appliances linked to Chinese spies
Intelligence from Mandiant links exploitation of a flaw in a subset of Barracuda ESG appliances to a previously untracked China-nexus threat actor Continue Reading
-
News
15 Jun 2023
NCSC warns over ‘enduring’ LockBit threat
Although its activity volumes have been lower of late, LockBit is still a highly dangerous ransomware gang and is now the subject of a new international cyber advisory Continue Reading
-
News
15 Jun 2023
Clop begins naming alleged MOVEit victims
Clop uploaded details of 12 new victims to its dark web leak site late on 14 June, many of them likely linked to the ongoing MOVEit cyber attack Continue Reading
-
News
14 Jun 2023
No zero-days for June Patch Tuesday, but plenty to chew over
On the face of it, Microsoft’s monthly round of updates is a lighter-than-usual load for security teams, with no zero-days in evidence, but there are still plenty of issues needing attention Continue Reading
-
News
14 Jun 2023
Clop’s MOVEit ransom deadline expires
A seven-day deadline set by Clop for victims of its latest attack to contact it to arrange payment passes today Continue Reading
-
News
13 Jun 2023
(ISC)² and CIISec set out to make cyber language more inclusive
Newly published guide on appropriate use of language in cyber security aims to help make the profession more inclusive for all Continue Reading
-
News
12 Jun 2023
Ofcom data stolen in MOVEit cyber attack
Communications regulator Ofcom says data on employees and regulated communications companies was stolen by the Clop gang Continue Reading
-
News
12 Jun 2023
Progress Software releases patch for second MOVEit Transfer vulnerability
Progress Software releases a patch for a second MOVEit Transfer issue, which was uncovered by third-party security specialist Huntress Security during post-incident code scanning Continue Reading
-
News
09 Jun 2023
Extreme Networks emerges as victim of Clop MOVEit attack
Network equipment and services supplier Extreme Networks has revealed its instance of Progress Software’s MOVEit tool was compromised in the ongoing Clop cyber attack Continue Reading
-
Definition
09 Jun 2023
logon (or login)
In computing, a logon is a procedure that enables an entity to access a secure system such as an operating system, application, service, website or other resource. Continue Reading
-
News
09 Jun 2023
Barracuda ESG users told to throw away their hardware
Owners of Barracuda Email Security Gateway appliances are being told that they will need to throw out and replace their kit after it emerged that a patch for a recently disclosed vulnerability had not done the job Continue Reading
-
News
09 Jun 2023
UK and US move closer to transatlantic data bridge deal
The British and American governments have committed, in principle, to a new data bridge agreement that will ease the free flow of personal data across the Atlantic Continue Reading
-
News
08 Jun 2023
Vulnerability exploitation volumes up over 50% in 2022
Data from Palo Alto Networks’ Unit 42 threat intel specialists reveals insight into the scale of vulnerability exploitation in the wild Continue Reading
-
News
08 Jun 2023
UK gets new rules to regulate crypto sector
The Financial Conduct Authority is introducing new rules to regulate the cryptoasset sector, after being handed a government remit to oversee crypto promotions Continue Reading
-
News
08 Jun 2023
Clop may have been sitting on MOVEit vulnerability for two years
The Clop cyber extortion gang may have been keeping the MOVEit SQL injection vulnerability they used to penetrate the systems of multiple victims secret for two years Continue Reading
-
News
08 Jun 2023
Bishop Fox’s Vinnie Liu talks offensive security skills
There is growing demand for offensive security testing, but it needs a multi-layered skillset that can be hard to quantify. Bishop Fox’s CEO and co-founder explains why and some potential mitigation strategies Continue Reading
-
News
07 Jun 2023
Clop cyber gang claims MOVEit attack and starts harassing victims
The Clop cyber extortion and ransomware operation is demanding organisations pay a ransom to avoid data stolen via an exploited vulnerability in a file transfer product being leaked Continue Reading
-
News
06 Jun 2023
Google launches hacker-backed SME security training scheme
Citing research that shows almost half of SMEs are struggling to recruit cyber security specialists, Google is launching a programme designed to upskill more people to fill thousands of vacant roles Continue Reading
-
News
06 Jun 2023
Victims of MOVEit SQL injection zero-day mount up
The BBC, Boots, and British Airways are among the victims of cyber incidents arising from a recently disclosed vulnerability in the MOVEit file transfer, exploitation of which is spreading fast Continue Reading
-
News
06 Jun 2023
Cyber spotlight falls on boardroom ‘privilege’ as incidents soar
Three quarters of data breaches now involve a significant human element, and the higher up they get in an organisation, the more risks people seem to take, according to Verizon’s annual Data Breach Investigations Report Continue Reading
-
Blog Post
02 Jun 2023
Developing an effective ransomware strategy: protecting big data
This is a guest blogpost by Brian Brockway, Chief Technology Officer at Commvault. The ransomware landscape has evolved significantly in recent years, with cybercriminals employing increasingly ... Continue Reading
-
Opinion
02 Jun 2023
Discovering the Diversity Process Flow in cyber
The UK Cyber Security Council's Simon Hepburn explains the Council's new Diversity Process Flow framework, and outlines its potential implications for ethnic minorities in the cyber sector Continue Reading
-
Opinion
01 Jun 2023
Generative AI – the next biggest cyber security threat?
Following the launch of ChatGPT in November 2022, several reports have emerged that seek to determine the impact of generative AI in cyber security. Undeniably, generative AI in cyber security is a double-edged sword, but will the paradigm shift in favour of opportunity or risk? Continue Reading
-
Opinion
01 Jun 2023
Is cyber training all the same old? Shift your perspective and get stuck in
Getting your cyber smarts only from books or presentations just isn’t going to cut it anymore – the only way we can get ahead of the cyber criminals is to get into their heads, and you can only achieve this by doing and changing your way of thinking. Continue Reading
-
Feature
31 May 2023
Why we need advanced malware detection with AI-powered tools
AI-powered cyber security tools have now developed to a point where they are becoming an effective approach to protecting the organisation. Learn how you can benefit from adopting them Continue Reading
-
Opinion
31 May 2023
Security Think Tank: A brief history of (secure) coding
From controlling who was allowed to work with IBM mainframes to present-day DevSecOps techniques, the concept of secure coding has a longer history than you might think Continue Reading
-
Blog Post
28 May 2023
How do you tackle Data Diarrhoea?
We now face the most lethal of situations - secure (if properly used) technologies in the hands of insecure people. Continue Reading
-
News
26 May 2023
Cisco joins growing Manchester cyber security hub
Networking kingpin signs up to Greater Manchester Digital Security Hub to support centre’s work on security resilience and skills Continue Reading
-
Opinion
26 May 2023
Five key steps where there is a risk of fraud investigation
When fraud investigators come knocking, there are some important ways in which management and senior IT professionals can make sure their company is best protected. Continue Reading
-
Opinion
26 May 2023
Security Think Tank: Why “secure coding” is neither
Ensuring the security of code is just one element of a complex software lifecycle and risk management process that people need to think about more holistically, says Ed Moyle Continue Reading
-
News
25 May 2023
Cabinet Office publishes response to data sharing for digital ID consultation
The majority of respondents to government’s consultation on data sharing for digital identity are critical to the plans and concerned about data privacy, but Whitehall’s response says many of the responses ‘were driven by anti-digital commentaries’ Continue Reading
-
News
25 May 2023
Alert over Chinese cyber campaign targeting critical networks
A Chinese threat actor known as Volt Typhoon has been observed infiltrating CNI networks in a cyber espionage campaign, according to intelligence Continue Reading
-
News
24 May 2023
Kuwait bank introduces biometric payments card
Middle East bank launches payment cards with fingerprint sensor technology embedded Continue Reading
-
News
24 May 2023
Two-thirds of all 2022 breaches resulted from spear phishing
Research by Barracuda Networks has found that, despite the low volume of spear-phishing attempts, the attacks are highly successful and have major consequences Continue Reading
-
E-Zine
23 May 2023
How to secure your software supply chain
In this week’s Computer Weekly, our latest buyer’s guide looks at secure coding, and kicks off by examining the challenges of securing your software supply chain. Cyber law enforcement leaders are calling on firms to end the secrecy around ransomware attacks. And we find out how facial recognition technology is being adopted by retailers. Read the issue now. Continue Reading
-
Opinion
15 May 2023
Security Think Tank: To secure code effectively, verify at every step
Verification at every step is an important part of ensuring your code is secure, writes Petra Wenham Continue Reading
-
News
15 May 2023
MS macro-blocking has forced cyber criminals to innovate
One year after Microsoft started blocking VBA and XL4 macros by default, the cyber criminal ecosystem has all but stopped exploiting macros in their attacks. They’re instead innovating at an unprecedented rate Continue Reading
-
News
12 May 2023
Let’s put an end to secrecy and cover-ups in ransomware attacks
The NCSC and the ICO are calling for organisations to bite the bullet and be more open about cyber security and ransomware incidents, and the community is firmly behind them Continue Reading
-
Opinion
12 May 2023
What secure coding practices mean to modern cyber security
Joseph Foote of PA Consulting explores how we know the services we use most are protected, what we mean when we say 'secure coding practices', and what happens when secure coding practices are not followed? Continue Reading
-
News
11 May 2023
Australia to shore up cyber and digital capabilities in Budget 2023
Australia is spending more than A$2bn to strengthen cyber resilience, improve digital government services and fuel AI adoption, among other areas, in its latest budget Continue Reading
-
E-Zine
11 May 2023
CW EMEA: The future of work
In this month’s CW EMEA, we look at the future of work in Europe after the pandemic forced a change in entrenched human behaviour. For years, people talked about flexible working being the way forward, but scepticism within the management of large companies held it back. This all changed when Covid-19 began to spread out of control and governments and businesses quickly told people to work from home where possible. We also look at the increasing problem of IT failures in Dutch hospitals and how they are affecting patient care, highlighting the need to improve IT security in hospitals. Read the issue now. Continue Reading
-
News
10 May 2023
Secure Boot vulnerability causes Patch Tuesday headache for admins
Applying the fix for a security bypass zero-day affecting the Windows Secure Boot feature will be a long process that will drag into 2024, but for good reason, says Microsoft Continue Reading
-
News
10 May 2023
How datacentre operators can fend off cyber attacks
Applying zero-trust principles in the form of strong authentication controls and network segmentation can help datacentre operators to mitigate cyber threats Continue Reading
-
News
05 May 2023
Capita pension clients told data may have leaked
Capita has told trustees of some of the pension funds for which it provides outsourced services that their customer data may have been stolen by the Black Basta ransomware operation Continue Reading
-
Opinion
05 May 2023
Security Think Tank: Thinking beyond IAM in the cloud
Looking beyond IAM, there are other aspects of securing public cloud environments that admins can reasonably expect to control Continue Reading
-
News
04 May 2023
Google debuts passwordless login options for users
Launch of Google’s passkey service hailed as a great leap forward for passwordless technology Continue Reading
-
News
03 May 2023
Cyber Action Plan for Wales launched
The devolved Welsh government has set out four priorities in an action plan designed to foster cyber resilience, talent and innovation across the country Continue Reading
-
News
03 May 2023
Government anti-fraud strategy targets the tech behind the scams
The UK government’s anti-fraud strategy proposes to make it much harder for criminals to target their victims by cracking down on the exploitation of technology Continue Reading
-
News
03 May 2023
Mystery Apple security update sparks speculation
Apple releases its first Rapid Security Response update for iPhone, iPad and Mac devices, but users are in the dark about what security problems they have fixed Continue Reading
-
Opinion
02 May 2023
Want to get cloud IAM right? Master the fundamentals
By getting the basics right, you’re setting yourself up for success to then can build more advanced and complex functionalities on top Continue Reading
-
News
02 May 2023
UK Cyber Security Council launches certification mapping tool
Cyber careers body aims to offer clarity for professionals seeking to advance through security certification Continue Reading
-
News
02 May 2023
Researchers see surge in scam websites linked to coronation
Scammers and fraudsters continue to take advantage of large public events, with the coronation of King Charles III no exception Continue Reading
-
News
27 Apr 2023
Tenable opens playground for generative AI cyber tools
A set of generative AI cyber tools designed to help security researchers in reverse engineering, debugging and other areas of work have been made available for the community to experiment with Continue Reading
-
News
26 Apr 2023
Researchers deal blow to Gootloader gang that supported REvil
Thousands of compromised WordPress blogs have been spreading the Gootloader malware for years, but eSentire’s security research team are turning the tables on the gang that played a key role in REvil ransomware attacks Continue Reading
-
News
25 Apr 2023
CISOs under-supported, under pressure, Trellix finds
The vast majority of CISOs say they are finding it difficult to get sign-off on the resources they need to do their job Continue Reading
-
Podcast
25 Apr 2023
Podcast: Ransomware, data protection and compliance
Ransomware is a huge and ever-present threat, but there are ways to avoid it and to mitigate its effects. We get key practical steps from Mathieu Gorge, CEO of Vigitrust Continue Reading
-
News
25 Apr 2023
Almost three-quarters of cyber attacks involve ransomware
Data from Sophos’s annual Active Adversary Report reveals that almost three-quarters of the cyber security incidents it responded to in 2022 involved ransomware Continue Reading
-
Opinion
24 Apr 2023
Could your employees’ use of ChatGPT put you in breach of GDPR?
Following Italy's run-in with OpenAI’s ChatGPT, legal expert Richard Forrest emphasises the necessity for additional scrutiny while using AI tools in a work environment, and practical guidance on doing so safely Continue Reading
-
Opinion
24 Apr 2023
Security Think Tank: Going beyond IAM for cloud security
Managing access and privilege across complex and powerful cloud tooling is not a straightforward task; but there are some key considerations that can help security teams stay on top of identities in the cloud Continue Reading
-
News
21 Apr 2023
CyberUK 23: New advice on smart city security issued
The NCSC and key allies have drawn up new guidance to help communities balance the cyber security risks involved with creating smart cities Continue Reading
-
News
20 Apr 2023
Bumblebee malware flies on the wings of Zoom and ChatGPT
Bumblebee malware, often used as a stepping stone to ransomware, is now spreading via trojanised installers for popular software applications Continue Reading