Security policy and user awareness
-
Feature
19 Nov 2024
Storage technology explained: Ransomware and storage and backup
We look at ransomware attacks, and the importance of good backup practice as well as immutable snapshots, air-gapping, network segmentation, AI anomaly detection and supplier warranties Continue Reading
-
Opinion
19 Nov 2024
Underfunded, under pressure: We must act to support cyber teams
With almost half of cyber pros experiencing more incidents this year, security leaders say their teams are coming under increasing strain. Businesses must be more proactive approach about building a resilient, future-ready workforce Continue Reading
-
News
15 Jun 2023
Exploitation of Barracuda ESG appliances linked to Chinese spies
Intelligence from Mandiant links exploitation of a flaw in a subset of Barracuda ESG appliances to a previously untracked China-nexus threat actor Continue Reading
-
News
15 Jun 2023
NCSC warns over ‘enduring’ LockBit threat
Although its activity volumes have been lower of late, LockBit is still a highly dangerous ransomware gang and is now the subject of a new international cyber advisory Continue Reading
-
News
15 Jun 2023
Clop begins naming alleged MOVEit victims
Clop uploaded details of 12 new victims to its dark web leak site late on 14 June, many of them likely linked to the ongoing MOVEit cyber attack Continue Reading
-
News
14 Jun 2023
No zero-days for June Patch Tuesday, but plenty to chew over
On the face of it, Microsoft’s monthly round of updates is a lighter-than-usual load for security teams, with no zero-days in evidence, but there are still plenty of issues needing attention Continue Reading
-
News
14 Jun 2023
Clop’s MOVEit ransom deadline expires
A seven-day deadline set by Clop for victims of its latest attack to contact it to arrange payment passes today Continue Reading
-
News
13 Jun 2023
(ISC)² and CIISec set out to make cyber language more inclusive
Newly published guide on appropriate use of language in cyber security aims to help make the profession more inclusive for all Continue Reading
-
News
12 Jun 2023
Ofcom data stolen in MOVEit cyber attack
Communications regulator Ofcom says data on employees and regulated communications companies was stolen by the Clop gang Continue Reading
-
News
12 Jun 2023
Progress Software releases patch for second MOVEit Transfer vulnerability
Progress Software releases a patch for a second MOVEit Transfer issue, which was uncovered by third-party security specialist Huntress Security during post-incident code scanning Continue Reading
-
News
09 Jun 2023
Extreme Networks emerges as victim of Clop MOVEit attack
Network equipment and services supplier Extreme Networks has revealed its instance of Progress Software’s MOVEit tool was compromised in the ongoing Clop cyber attack Continue Reading
-
Definition
09 Jun 2023
logon (or login)
In computing, a logon is a procedure that enables an entity to access a secure system such as an operating system, application, service, website or other resource. Continue Reading
-
News
09 Jun 2023
Barracuda ESG users told to throw away their hardware
Owners of Barracuda Email Security Gateway appliances are being told that they will need to throw out and replace their kit after it emerged that a patch for a recently disclosed vulnerability had not done the job Continue Reading
-
News
09 Jun 2023
UK and US move closer to transatlantic data bridge deal
The British and American governments have committed, in principle, to a new data bridge agreement that will ease the free flow of personal data across the Atlantic Continue Reading
-
News
08 Jun 2023
Vulnerability exploitation volumes up over 50% in 2022
Data from Palo Alto Networks’ Unit 42 threat intel specialists reveals insight into the scale of vulnerability exploitation in the wild Continue Reading
-
News
08 Jun 2023
UK gets new rules to regulate crypto sector
The Financial Conduct Authority is introducing new rules to regulate the cryptoasset sector, after being handed a government remit to oversee crypto promotions Continue Reading
-
News
08 Jun 2023
Clop may have been sitting on MOVEit vulnerability for two years
The Clop cyber extortion gang may have been keeping the MOVEit SQL injection vulnerability they used to penetrate the systems of multiple victims secret for two years Continue Reading
-
News
08 Jun 2023
Bishop Fox’s Vinnie Liu talks offensive security skills
There is growing demand for offensive security testing, but it needs a multi-layered skillset that can be hard to quantify. Bishop Fox’s CEO and co-founder explains why and some potential mitigation strategies Continue Reading
-
News
07 Jun 2023
Clop cyber gang claims MOVEit attack and starts harassing victims
The Clop cyber extortion and ransomware operation is demanding organisations pay a ransom to avoid data stolen via an exploited vulnerability in a file transfer product being leaked Continue Reading
-
News
06 Jun 2023
Google launches hacker-backed SME security training scheme
Citing research that shows almost half of SMEs are struggling to recruit cyber security specialists, Google is launching a programme designed to upskill more people to fill thousands of vacant roles Continue Reading
-
News
06 Jun 2023
Victims of MOVEit SQL injection zero-day mount up
The BBC, Boots, and British Airways are among the victims of cyber incidents arising from a recently disclosed vulnerability in the MOVEit file transfer, exploitation of which is spreading fast Continue Reading
-
News
06 Jun 2023
Cyber spotlight falls on boardroom ‘privilege’ as incidents soar
Three quarters of data breaches now involve a significant human element, and the higher up they get in an organisation, the more risks people seem to take, according to Verizon’s annual Data Breach Investigations Report Continue Reading
-
Blog Post
02 Jun 2023
Developing an effective ransomware strategy: protecting big data
This is a guest blogpost by Brian Brockway, Chief Technology Officer at Commvault. The ransomware landscape has evolved significantly in recent years, with cybercriminals employing increasingly ... Continue Reading
-
Opinion
02 Jun 2023
Discovering the Diversity Process Flow in cyber
The UK Cyber Security Council's Simon Hepburn explains the Council's new Diversity Process Flow framework, and outlines its potential implications for ethnic minorities in the cyber sector Continue Reading
-
Opinion
01 Jun 2023
Generative AI – the next biggest cyber security threat?
Following the launch of ChatGPT in November 2022, several reports have emerged that seek to determine the impact of generative AI in cyber security. Undeniably, generative AI in cyber security is a double-edged sword, but will the paradigm shift in favour of opportunity or risk? Continue Reading
-
Opinion
01 Jun 2023
Is cyber training all the same old? Shift your perspective and get stuck in
Getting your cyber smarts only from books or presentations just isn’t going to cut it anymore – the only way we can get ahead of the cyber criminals is to get into their heads, and you can only achieve this by doing and changing your way of thinking. Continue Reading
-
Feature
31 May 2023
Why we need advanced malware detection with AI-powered tools
AI-powered cyber security tools have now developed to a point where they are becoming an effective approach to protecting the organisation. Learn how you can benefit from adopting them Continue Reading
-
Opinion
31 May 2023
Security Think Tank: A brief history of (secure) coding
From controlling who was allowed to work with IBM mainframes to present-day DevSecOps techniques, the concept of secure coding has a longer history than you might think Continue Reading
-
Blog Post
28 May 2023
How do you tackle Data Diarrhoea?
We now face the most lethal of situations - secure (if properly used) technologies in the hands of insecure people. Continue Reading
-
News
26 May 2023
Cisco joins growing Manchester cyber security hub
Networking kingpin signs up to Greater Manchester Digital Security Hub to support centre’s work on security resilience and skills Continue Reading
-
Opinion
26 May 2023
Five key steps where there is a risk of fraud investigation
When fraud investigators come knocking, there are some important ways in which management and senior IT professionals can make sure their company is best protected. Continue Reading
-
Opinion
26 May 2023
Security Think Tank: Why “secure coding” is neither
Ensuring the security of code is just one element of a complex software lifecycle and risk management process that people need to think about more holistically, says Ed Moyle Continue Reading
-
News
25 May 2023
Cabinet Office publishes response to data sharing for digital ID consultation
The majority of respondents to government’s consultation on data sharing for digital identity are critical to the plans and concerned about data privacy, but Whitehall’s response says many of the responses ‘were driven by anti-digital commentaries’ Continue Reading
-
News
25 May 2023
Alert over Chinese cyber campaign targeting critical networks
A Chinese threat actor known as Volt Typhoon has been observed infiltrating CNI networks in a cyber espionage campaign, according to intelligence Continue Reading
-
News
24 May 2023
Kuwait bank introduces biometric payments card
Middle East bank launches payment cards with fingerprint sensor technology embedded Continue Reading
-
News
24 May 2023
Two-thirds of all 2022 breaches resulted from spear phishing
Research by Barracuda Networks has found that, despite the low volume of spear-phishing attempts, the attacks are highly successful and have major consequences Continue Reading
-
E-Zine
23 May 2023
How to secure your software supply chain
In this week’s Computer Weekly, our latest buyer’s guide looks at secure coding, and kicks off by examining the challenges of securing your software supply chain. Cyber law enforcement leaders are calling on firms to end the secrecy around ransomware attacks. And we find out how facial recognition technology is being adopted by retailers. Read the issue now. Continue Reading
-
Opinion
15 May 2023
Security Think Tank: To secure code effectively, verify at every step
Verification at every step is an important part of ensuring your code is secure, writes Petra Wenham Continue Reading
-
News
15 May 2023
MS macro-blocking has forced cyber criminals to innovate
One year after Microsoft started blocking VBA and XL4 macros by default, the cyber criminal ecosystem has all but stopped exploiting macros in their attacks. They’re instead innovating at an unprecedented rate Continue Reading
-
News
12 May 2023
Let’s put an end to secrecy and cover-ups in ransomware attacks
The NCSC and the ICO are calling for organisations to bite the bullet and be more open about cyber security and ransomware incidents, and the community is firmly behind them Continue Reading
-
Opinion
12 May 2023
What secure coding practices mean to modern cyber security
Joseph Foote of PA Consulting explores how we know the services we use most are protected, what we mean when we say 'secure coding practices', and what happens when secure coding practices are not followed? Continue Reading
-
News
11 May 2023
Australia to shore up cyber and digital capabilities in Budget 2023
Australia is spending more than A$2bn to strengthen cyber resilience, improve digital government services and fuel AI adoption, among other areas, in its latest budget Continue Reading
-
E-Zine
11 May 2023
CW EMEA: The future of work
In this month’s CW EMEA, we look at the future of work in Europe after the pandemic forced a change in entrenched human behaviour. For years, people talked about flexible working being the way forward, but scepticism within the management of large companies held it back. This all changed when Covid-19 began to spread out of control and governments and businesses quickly told people to work from home where possible. We also look at the increasing problem of IT failures in Dutch hospitals and how they are affecting patient care, highlighting the need to improve IT security in hospitals. Read the issue now. Continue Reading
-
News
10 May 2023
Secure Boot vulnerability causes Patch Tuesday headache for admins
Applying the fix for a security bypass zero-day affecting the Windows Secure Boot feature will be a long process that will drag into 2024, but for good reason, says Microsoft Continue Reading
-
News
10 May 2023
How datacentre operators can fend off cyber attacks
Applying zero-trust principles in the form of strong authentication controls and network segmentation can help datacentre operators to mitigate cyber threats Continue Reading
-
News
05 May 2023
Capita pension clients told data may have leaked
Capita has told trustees of some of the pension funds for which it provides outsourced services that their customer data may have been stolen by the Black Basta ransomware operation Continue Reading
-
Opinion
05 May 2023
Security Think Tank: Thinking beyond IAM in the cloud
Looking beyond IAM, there are other aspects of securing public cloud environments that admins can reasonably expect to control Continue Reading
-
News
04 May 2023
Google debuts passwordless login options for users
Launch of Google’s passkey service hailed as a great leap forward for passwordless technology Continue Reading
-
News
03 May 2023
Cyber Action Plan for Wales launched
The devolved Welsh government has set out four priorities in an action plan designed to foster cyber resilience, talent and innovation across the country Continue Reading
-
News
03 May 2023
Government anti-fraud strategy targets the tech behind the scams
The UK government’s anti-fraud strategy proposes to make it much harder for criminals to target their victims by cracking down on the exploitation of technology Continue Reading
-
News
03 May 2023
Mystery Apple security update sparks speculation
Apple releases its first Rapid Security Response update for iPhone, iPad and Mac devices, but users are in the dark about what security problems they have fixed Continue Reading
-
Opinion
02 May 2023
Want to get cloud IAM right? Master the fundamentals
By getting the basics right, you’re setting yourself up for success to then can build more advanced and complex functionalities on top Continue Reading
-
News
02 May 2023
UK Cyber Security Council launches certification mapping tool
Cyber careers body aims to offer clarity for professionals seeking to advance through security certification Continue Reading
-
News
02 May 2023
Researchers see surge in scam websites linked to coronation
Scammers and fraudsters continue to take advantage of large public events, with the coronation of King Charles III no exception Continue Reading
-
News
27 Apr 2023
Tenable opens playground for generative AI cyber tools
A set of generative AI cyber tools designed to help security researchers in reverse engineering, debugging and other areas of work have been made available for the community to experiment with Continue Reading
-
News
26 Apr 2023
Researchers deal blow to Gootloader gang that supported REvil
Thousands of compromised WordPress blogs have been spreading the Gootloader malware for years, but eSentire’s security research team are turning the tables on the gang that played a key role in REvil ransomware attacks Continue Reading
-
News
25 Apr 2023
CISOs under-supported, under pressure, Trellix finds
The vast majority of CISOs say they are finding it difficult to get sign-off on the resources they need to do their job Continue Reading
-
Podcast
25 Apr 2023
Podcast: Ransomware, data protection and compliance
Ransomware is a huge and ever-present threat, but there are ways to avoid it and to mitigate its effects. We get key practical steps from Mathieu Gorge, CEO of Vigitrust Continue Reading
-
News
25 Apr 2023
Almost three-quarters of cyber attacks involve ransomware
Data from Sophos’s annual Active Adversary Report reveals that almost three-quarters of the cyber security incidents it responded to in 2022 involved ransomware Continue Reading
-
Opinion
24 Apr 2023
Could your employees’ use of ChatGPT put you in breach of GDPR?
Following Italy's run-in with OpenAI’s ChatGPT, legal expert Richard Forrest emphasises the necessity for additional scrutiny while using AI tools in a work environment, and practical guidance on doing so safely Continue Reading
-
Opinion
24 Apr 2023
Security Think Tank: Going beyond IAM for cloud security
Managing access and privilege across complex and powerful cloud tooling is not a straightforward task; but there are some key considerations that can help security teams stay on top of identities in the cloud Continue Reading
-
News
21 Apr 2023
CyberUK 23: New advice on smart city security issued
The NCSC and key allies have drawn up new guidance to help communities balance the cyber security risks involved with creating smart cities Continue Reading
-
News
20 Apr 2023
Bumblebee malware flies on the wings of Zoom and ChatGPT
Bumblebee malware, often used as a stepping stone to ransomware, is now spreading via trojanised installers for popular software applications Continue Reading
-
News
20 Apr 2023
UK Emergency Alert Test sparks cyber fraud warning
Fraudsters and scammers are likely to use the upcoming test of the UK's new mobile Emergency Alert system as bait in their attacks, while misinformation and conspiracy theories spread Continue Reading
-
News
20 Apr 2023
Good Friday Agreement key to growth of Northern Ireland cyber hub
Now 25 years since the historic Good Friday Agreement ended the Troubles, Northern Ireland has become a flourishing centre of cyber security excellence and has ambitions to grow further Continue Reading
-
News
20 Apr 2023
New GovAssure cyber regime launches across UK government
An enhanced cyber security regime is being put in place to better protect UK government IT systems from growing threats Continue Reading
-
News
19 Apr 2023
CyberUK 23: Ukraine offers masterclass in withstanding cyber war
Russian cyber activity has seen an unprecedented evolution in scale and pace over the past year, but Ukraine’s resilience has enabled it to mount a masterful response, says the NCSC Continue Reading
-
News
19 Apr 2023
CyberUK 23: Irresponsible use of commercial hacking tools a rising threat
Commercial cyber tools and hackers-for-hire pose a growing threat to organisations and individuals worldwide, according to an NCSC report Continue Reading
-
News
19 Apr 2023
UK plc sees fewer cyber breaches and attacks, but lacks resilience
Latest government figures reveal UK businesses and charities reported lower volumes of cyber breaches and attacks over the past 12 months, but the statistics mask widespread underreporting and the true state of cyber readiness and resilience appears poor Continue Reading
-
News
19 Apr 2023
CyberUK 23: NCSC launches Cyber Advisor service for SMEs
The UK’s NCSC has launched an industry assurance scheme designed to address the needs of SMEs, and is calling for potential advisors to step up and help out Continue Reading
-
News
19 Apr 2023
CyberUK 23: NCSC CEO calls for collaboration and warns against complacency
NCSC boss Lindy Cameron kicked off the annual CyberUK conference in Belfast with a plea for collaboration and a warning against complacency Continue Reading
-
News
19 Apr 2023
Global finance firms take part in NATO cyber attack simulation
Global financial services organisations take part in NATO annual event which simulates cyber attacks on critical infrastructure Continue Reading
-
News
19 Apr 2023
Cisco urges users to keep its network hardware up-to-date
In the wake of a campaign of threat activity targeting a six-year-old Cisco router vulnerability, the networking giant has warned users to be on high alert and update their hardware Continue Reading
-
News
19 Apr 2023
CyberUK 23: Alert over mercenary Russian threat to CNI
Russian hacktivists supportive of their government’s war on Ukraine are turning their attention to disruptive or destructive attacks on critical infrastructure in the UK, the NCSC has warned Continue Reading
-
News
19 Apr 2023
How organisations can succeed with zero trust
By starting small, taking a long-term view and prioritising the most critical assets in their zero-trust implementations, organisations will be able to reap returns from their investments in the security paradigm Continue Reading
-
News
18 Apr 2023
CyberUK 23: NCSC conference centres cyber collaboration
The NCSC’s annual CyberUK conference gets underway in Belfast this week, with collaboration and cooperation high on the agenda Continue Reading
-
News
18 Apr 2023
Focus on these three risky behaviours to boost cloud security
Some 80% of cloud security alerts are triggered by just 5% of security rules. Security teams can substantially improve their resilience by zeroing in on a small set of risky behaviours, according to a report Continue Reading
-
Feature
18 Apr 2023
Why IAM systems are crucial for securing multicloud architecture
As business tools evolve into cloud-based services, organisations are finding themselves becoming ever more reliant on the cloud, but how can data be secured across so many different platforms? Continue Reading
-
News
18 Apr 2023
UK presses on with post-Brexit data protection reform
The revised version of the Data Protection and Digital Information Bill has had its second reading in Parliament as the government presses on with post-Brexit changes, but critics remain sceptical that the EU will be convinced to maintain the UK's data adequacy agreement Continue Reading
-
News
17 Apr 2023
Charity data stolen in ransomware attack on supplier
A number of charities in Ireland and the UK have had their data compromised following a ransomware attack on an IT supplier Continue Reading
-
Feature
14 Apr 2023
Securing your software supply chain
Organisations need to have a thorough understanding of software components and build security controls into development lifecycles to shore up the security of their software supply chains Continue Reading
-
News
13 Apr 2023
Thousands at risk from critical RCE bug in legacy MS service
Thousands of organisations worldwide are at risk from three vulnerabilities – one critical – in a legacy Microsoft service that they may not be aware they are running Continue Reading
-
News
13 Apr 2023
UK joins key allies to launch secure-by-design guidelines
The UK has joined international partners in sharing new advice to help technology companies embed security into the product design and development process Continue Reading
-
News
13 Apr 2023
Three charged over banking fraud for hire website
UK authorities have charged three men in connection with the operation of a website that sold social engineering tools to cyber fraudsters Continue Reading
-
News
13 Apr 2023
Italy to lift ChatGPT ban subject to new data protection controls
Italian regulator will lift its ban on OpenAI’s ChatGPT subject to a strict new data protection regime Continue Reading
-
Opinion
13 Apr 2023
With cyber attacks on the rise, businesses should prepare for quantum hacks now
Advances in quantum computing have brought the world is on the cusp of a technological revolution, but it is not without risk. Find out why you should start to prepare for post-quantum cryotography today. Continue Reading
-
News
12 Apr 2023
April Patch Tuesday fixes zero-day used to deliver ransomware
A zero-day in the Microsoft Common Log File System that has been abused by the operator of the Nokoyawa ransomware is among 97 vulnerabilities fixed in April’s Patch Tuesday update Continue Reading
-
News
12 Apr 2023
Gartner: Rebalance cyber investment towards human-centric elements
Security decision-makers need to reprioritise their investment outlooks towards people, rather than technology, according to the latest market forecast from Gartner Continue Reading
-
News
12 Apr 2023
Okta integrates with Singapore’s national digital ID system
The integration with Singpass will let Okta customers authenticate consumers using Singapore’s national digital ID system and is expected to expand the company’s reach in regulated industries Continue Reading
-
News
11 Apr 2023
Anne Keast-Butler named as new director of GCHQ
The government has appointed current MI5 deputy director general Anne Keast-Butler to head signals and cyber agency GCHQ Continue Reading
-
Opinion
11 Apr 2023
Security Think Tank: Adopt a coherent framework for ID first security
With IAM central to enabling appropriate access to cloud-based services, identity first security is becoming a key trend for IAM in the cloud. Continue Reading
-
News
06 Apr 2023
Prioritise automated hardening over traditional cyber controls, says report
A report from strategic risk specialist Marsh McLennan advises security buyers to funnel their budgets towards automated cyber security hardening techniques, saying they have a much better chance of reducing risk in a meaningful way Continue Reading
-
News
06 Apr 2023
Clop ransomware booms in March as Fortra zero-day pays off for gang
Backed by the threat actor tracked variously as Gold Tahoe and TA505, the Clop ransomware operation hit new ‘heights’ of activity last month, according to researchers Continue Reading
-
News
05 Apr 2023
Quick-acting Rorschach ransomware appears out of nowhere
Emergent Rorschach ransomware strain is highly advanced and quite unusual in its capabilities, warn researchers, who say they have been unable to link it to any other known strains Continue Reading
-
News
05 Apr 2023
Cops bust Genesis cyber crime marketplace
Multinational Operation Cookie Monster takes down Genesis Market, a crucial source of compromised data used by criminals for fraud and other cyber attacks Continue Reading
-
News
05 Apr 2023
Italy’s ChatGPT ban: Sober precaution or chilling overreaction?
Italy’s data protection authority issued a temporary ban on ChatGPT citing data protection concerns and alleged breaches of the GDPR. Is this a reasonable precaution, or a chilling restriction on personal freedoms? Continue Reading
-
News
04 Apr 2023
TikTok fined in UK over unlawful use of children’s data
The ICO has fined TikTok £12.7m for breaches of data protection law, including unlawfully collecting data on children under 13 Continue Reading
-
News
04 Apr 2023
Threat researchers dissect anatomy of a Royal ransomware attack
Trellix researchers share the inside track on a Royal ransomware attack that hit one of its customers in late 2022 Continue Reading
-
News
04 Apr 2023
Over 90% of organisations find threat hunting a challenge
Understaffed security teams and high levels of background noise are making basic security operations tasks a chore for defenders, according to a report Continue Reading
-
News
03 Apr 2023
Australia’s media and telecoms sector saw most data breaches in 2022
The media and telecoms industry accounted for the bulk of stolen credentials in Australia in 2022, underscoring the need to shore up the country’s cyber security posture Continue Reading
-
News
31 Mar 2023
Mounting Russian disinformation campaign targeting Arab world
Researchers have found evidence of a broad Russian disinformation campaign targeting Arabic-speakers in the Middle East and North Africa Continue Reading
-
News
31 Mar 2023
Ukrainians bust cyber criminals who stole over £3m across Europe
Ukrainian police have arrested members of a cyber crime gang who stole and embezzled millions of pounds from victims across Europe Continue Reading