Security policy and user awareness
-
News
19 Dec 2024
LockBit ransomware gang teases February 2025 return
An individual associated with the LockBit ransomware gang has broken cover to tease details of a new phase of the cyber criminal operation's activity, which they claim is set to begin in February 2025 Continue Reading
-
News
19 Dec 2024
Latest attempt to override UK’s outdated hacking law stalls
Amendments to the Data Bill that would have given the UK cyber industry a boost by updating restrictive elements of the Computer Misuse Act have failed to progress beyond a Lords committee Continue Reading
-
News
20 Apr 2023
UK Emergency Alert Test sparks cyber fraud warning
Fraudsters and scammers are likely to use the upcoming test of the UK's new mobile Emergency Alert system as bait in their attacks, while misinformation and conspiracy theories spread Continue Reading
-
News
20 Apr 2023
Good Friday Agreement key to growth of Northern Ireland cyber hub
Now 25 years since the historic Good Friday Agreement ended the Troubles, Northern Ireland has become a flourishing centre of cyber security excellence and has ambitions to grow further Continue Reading
-
News
20 Apr 2023
New GovAssure cyber regime launches across UK government
An enhanced cyber security regime is being put in place to better protect UK government IT systems from growing threats Continue Reading
-
News
19 Apr 2023
CyberUK 23: Ukraine offers masterclass in withstanding cyber war
Russian cyber activity has seen an unprecedented evolution in scale and pace over the past year, but Ukraine’s resilience has enabled it to mount a masterful response, says the NCSC Continue Reading
-
News
19 Apr 2023
CyberUK 23: Irresponsible use of commercial hacking tools a rising threat
Commercial cyber tools and hackers-for-hire pose a growing threat to organisations and individuals worldwide, according to an NCSC report Continue Reading
-
News
19 Apr 2023
UK plc sees fewer cyber breaches and attacks, but lacks resilience
Latest government figures reveal UK businesses and charities reported lower volumes of cyber breaches and attacks over the past 12 months, but the statistics mask widespread underreporting and the true state of cyber readiness and resilience appears poor Continue Reading
-
News
19 Apr 2023
CyberUK 23: NCSC launches Cyber Advisor service for SMEs
The UK’s NCSC has launched an industry assurance scheme designed to address the needs of SMEs, and is calling for potential advisors to step up and help out Continue Reading
-
News
19 Apr 2023
CyberUK 23: NCSC CEO calls for collaboration and warns against complacency
NCSC boss Lindy Cameron kicked off the annual CyberUK conference in Belfast with a plea for collaboration and a warning against complacency Continue Reading
-
News
19 Apr 2023
Global finance firms take part in NATO cyber attack simulation
Global financial services organisations take part in NATO annual event which simulates cyber attacks on critical infrastructure Continue Reading
-
News
19 Apr 2023
Cisco urges users to keep its network hardware up-to-date
In the wake of a campaign of threat activity targeting a six-year-old Cisco router vulnerability, the networking giant has warned users to be on high alert and update their hardware Continue Reading
-
News
19 Apr 2023
CyberUK 23: Alert over mercenary Russian threat to CNI
Russian hacktivists supportive of their government’s war on Ukraine are turning their attention to disruptive or destructive attacks on critical infrastructure in the UK, the NCSC has warned Continue Reading
-
News
19 Apr 2023
How organisations can succeed with zero trust
By starting small, taking a long-term view and prioritising the most critical assets in their zero-trust implementations, organisations will be able to reap returns from their investments in the security paradigm Continue Reading
-
News
18 Apr 2023
CyberUK 23: NCSC conference centres cyber collaboration
The NCSC’s annual CyberUK conference gets underway in Belfast this week, with collaboration and cooperation high on the agenda Continue Reading
-
News
18 Apr 2023
Focus on these three risky behaviours to boost cloud security
Some 80% of cloud security alerts are triggered by just 5% of security rules. Security teams can substantially improve their resilience by zeroing in on a small set of risky behaviours, according to a report Continue Reading
-
Feature
18 Apr 2023
Why IAM systems are crucial for securing multicloud architecture
As business tools evolve into cloud-based services, organisations are finding themselves becoming ever more reliant on the cloud, but how can data be secured across so many different platforms? Continue Reading
-
News
18 Apr 2023
UK presses on with post-Brexit data protection reform
The revised version of the Data Protection and Digital Information Bill has had its second reading in Parliament as the government presses on with post-Brexit changes, but critics remain sceptical that the EU will be convinced to maintain the UK's data adequacy agreement Continue Reading
-
News
17 Apr 2023
Charity data stolen in ransomware attack on supplier
A number of charities in Ireland and the UK have had their data compromised following a ransomware attack on an IT supplier Continue Reading
-
Feature
14 Apr 2023
Securing your software supply chain
Organisations need to have a thorough understanding of software components and build security controls into development lifecycles to shore up the security of their software supply chains Continue Reading
-
News
13 Apr 2023
Thousands at risk from critical RCE bug in legacy MS service
Thousands of organisations worldwide are at risk from three vulnerabilities – one critical – in a legacy Microsoft service that they may not be aware they are running Continue Reading
-
News
13 Apr 2023
UK joins key allies to launch secure-by-design guidelines
The UK has joined international partners in sharing new advice to help technology companies embed security into the product design and development process Continue Reading
-
News
13 Apr 2023
Three charged over banking fraud for hire website
UK authorities have charged three men in connection with the operation of a website that sold social engineering tools to cyber fraudsters Continue Reading
-
News
13 Apr 2023
Italy to lift ChatGPT ban subject to new data protection controls
Italian regulator will lift its ban on OpenAI’s ChatGPT subject to a strict new data protection regime Continue Reading
-
Opinion
13 Apr 2023
With cyber attacks on the rise, businesses should prepare for quantum hacks now
Advances in quantum computing have brought the world is on the cusp of a technological revolution, but it is not without risk. Find out why you should start to prepare for post-quantum cryotography today. Continue Reading
-
News
12 Apr 2023
April Patch Tuesday fixes zero-day used to deliver ransomware
A zero-day in the Microsoft Common Log File System that has been abused by the operator of the Nokoyawa ransomware is among 97 vulnerabilities fixed in April’s Patch Tuesday update Continue Reading
-
News
12 Apr 2023
Gartner: Rebalance cyber investment towards human-centric elements
Security decision-makers need to reprioritise their investment outlooks towards people, rather than technology, according to the latest market forecast from Gartner Continue Reading
-
News
12 Apr 2023
Okta integrates with Singapore’s national digital ID system
The integration with Singpass will let Okta customers authenticate consumers using Singapore’s national digital ID system and is expected to expand the company’s reach in regulated industries Continue Reading
-
News
11 Apr 2023
Anne Keast-Butler named as new director of GCHQ
The government has appointed current MI5 deputy director general Anne Keast-Butler to head signals and cyber agency GCHQ Continue Reading
-
Opinion
11 Apr 2023
Security Think Tank: Adopt a coherent framework for ID first security
With IAM central to enabling appropriate access to cloud-based services, identity first security is becoming a key trend for IAM in the cloud. Continue Reading
-
News
06 Apr 2023
Prioritise automated hardening over traditional cyber controls, says report
A report from strategic risk specialist Marsh McLennan advises security buyers to funnel their budgets towards automated cyber security hardening techniques, saying they have a much better chance of reducing risk in a meaningful way Continue Reading
-
News
06 Apr 2023
Clop ransomware booms in March as Fortra zero-day pays off for gang
Backed by the threat actor tracked variously as Gold Tahoe and TA505, the Clop ransomware operation hit new ‘heights’ of activity last month, according to researchers Continue Reading
-
News
05 Apr 2023
Quick-acting Rorschach ransomware appears out of nowhere
Emergent Rorschach ransomware strain is highly advanced and quite unusual in its capabilities, warn researchers, who say they have been unable to link it to any other known strains Continue Reading
-
News
05 Apr 2023
Cops bust Genesis cyber crime marketplace
Multinational Operation Cookie Monster takes down Genesis Market, a crucial source of compromised data used by criminals for fraud and other cyber attacks Continue Reading
-
News
05 Apr 2023
Italy’s ChatGPT ban: Sober precaution or chilling overreaction?
Italy’s data protection authority issued a temporary ban on ChatGPT citing data protection concerns and alleged breaches of the GDPR. Is this a reasonable precaution, or a chilling restriction on personal freedoms? Continue Reading
-
News
04 Apr 2023
TikTok fined in UK over unlawful use of children’s data
The ICO has fined TikTok £12.7m for breaches of data protection law, including unlawfully collecting data on children under 13 Continue Reading
-
News
04 Apr 2023
Threat researchers dissect anatomy of a Royal ransomware attack
Trellix researchers share the inside track on a Royal ransomware attack that hit one of its customers in late 2022 Continue Reading
-
News
04 Apr 2023
Over 90% of organisations find threat hunting a challenge
Understaffed security teams and high levels of background noise are making basic security operations tasks a chore for defenders, according to a report Continue Reading
-
News
03 Apr 2023
Australia’s media and telecoms sector saw most data breaches in 2022
The media and telecoms industry accounted for the bulk of stolen credentials in Australia in 2022, underscoring the need to shore up the country’s cyber security posture Continue Reading
-
News
31 Mar 2023
Mounting Russian disinformation campaign targeting Arab world
Researchers have found evidence of a broad Russian disinformation campaign targeting Arabic-speakers in the Middle East and North Africa Continue Reading
-
News
31 Mar 2023
Ukrainians bust cyber criminals who stole over £3m across Europe
Ukrainian police have arrested members of a cyber crime gang who stole and embezzled millions of pounds from victims across Europe Continue Reading
-
News
30 Mar 2023
OSC&R supply chain security framework goes live on Github
The OSC&R framework for understanding and evaluating threats to supply chain security has made its debut on Github to allow anybody to contribute to the framework Continue Reading
-
News
30 Mar 2023
NCSC issues revised security Board Toolkit for business leaders
National Cyber Security Centre calls on CEOs and senior business leaders to take a more hands-on approach to cyber resilience with the launch of revised board-level tools Continue Reading
-
News
30 Mar 2023
NHS Highland rapped over data breach affecting HIV patients
NHS Highland inadvertently exposed the personal data of individuals likely to be accessing HIV services in a lapse of email hygiene Continue Reading
-
Opinion
30 Mar 2023
Preventing artificial deception in the age of AI
The proposals contained in Westminster’s AI whitepaper are a good start, but more creative thinking and investment will be required to achieve a truly pro-innovation regulatory environment Continue Reading
-
News
29 Mar 2023
New North Korean APT launders crypto to fund spying programmes
Mandiant has attributed an ongoing campaign of malicious activity to a newly designated APT that is engaged in the acquisition and laundering of cryptocurrency to fund the regime’s espionage activities Continue Reading
-
News
29 Mar 2023
How organisations can weaponise data privacy
Organisations should turn data privacy into a competitive advantage and look beyond regulatory compliance to build a privacy programme that aligns with business targets, says Gartner Continue Reading
-
News
29 Mar 2023
Generative AI presents opportunities and challenges to UK schools
Generative AI and LLMs hold great potential for use in the classroom, but the privacy and security implications of its use must be carefully considered, says the Department for Education Continue Reading
-
News
28 Mar 2023
Apple security updates fix 33 iPhone vulnerabilities
A larger-than-usual update to Apple’s mobile operating system fixes more than 30 distinct vulnerabilities, including two serious issues that may potentially affect device kernels Continue Reading
-
News
28 Mar 2023
Europol warns cops to prep for malicious AI abuse
In a report looking at how large language models can be used by criminals, Europol’s Innovation Lab calls on law enforcement agencies to prepare themselves for wide-ranging impacts on their work Continue Reading
-
28 Mar 2023
Taking back control of AI training data
AI tools such as ChatGPT are trained on datasets scraped from the web, but you don’t have much say if your data is used. Technologist Bruce Schneier explains why it’s time to give control of AI training data back to the people. Continue Reading
-
Blog Post
24 Mar 2023
Acquiring the skills necessary to implement the UK Cybersecurity Strategy
The skills plan for meeting the needs of the world greatest Financial Services and Fin Tech Hub outside North America is therefore at heart of the work of the advisory group. Continue Reading
-
News
24 Mar 2023
National Crime Agency sting operation infiltrates cyber crime market
The UK National Crime Agency has tricked thousands of potential cyber criminals into registering with a fake website pretending to offer tools for creating DDoS attacks Continue Reading
-
Blog Post
23 Mar 2023
Trust: easy to lose, hard to recover
Here are just a few of the topics that my fellow Freeformers and I have enjoyed researching and writing about in recent years: network security, SD-WAN, digital identity, smart wallets, digital ... Continue Reading
-
News
22 Mar 2023
Government launches seven-year NHS cyber strategy
The new Cyber Security Strategy for Health and Adult Social Care lays out a plan for promoting cyber resilience in the sector by 2030 to protect services and patients alike Continue Reading
-
News
21 Mar 2023
Nordics move towards common cyber defence strategy
Nordic countries agree to work together to improve their cyber defences amid increasing threat Continue Reading
-
News
21 Mar 2023
How Mimecast thinks differently about email security
Mimecast CEO Peter Bauer believes the company’s comprehensive approach towards email security has enabled it to remain relevant to customers for two decades Continue Reading
-
News
20 Mar 2023
NCSC launches cyber check-up tools for SMEs
The NCSC has launched two new security services aimed at SMEs that lack the resources to address cyber issues, and may underestimate their vulnerability to attack Continue Reading
-
Blog Post
20 Mar 2023
Preventing Crime not meeting Political Targets - A review of the MPS Turnaround Plan
Respond by the end of March if you live or work in London and believe that the primary objective of policing is the prevention of time not the meeting of targets as proxies for delivering political ... Continue Reading
-
News
20 Mar 2023
BBC cracks down on TikTok after review
The BBC is asking staff not to install TikTok on corporate-owned devices without a justified business purpose, although its use will still be allowed to share media content with its audiences Continue Reading
-
News
17 Mar 2023
UK TikTok ban gives us all cause to consider social media security
The UK government’s ban on TikTok should give all organisations cause to look into what information social media platforms are collecting on us, and what they are using it for Continue Reading
-
News
16 Mar 2023
BEC attacks doubled in 2022, outstripping ransomware
Massive growth in the volume of Business Email Compromise or BEC attacks was linked to a surge in successful phishing campaigns, according to data from Secureworks Continue Reading
-
News
16 Mar 2023
TikTok banned on UK government devices
The UK government has followed in the footsteps of its US and European counterparts and banned the use of Chinese social media app TikTok on official devices Continue Reading
-
News
16 Mar 2023
Rubrik customer, partner data exposed in possible Clop attack
Rubrik was supposedly compromised by the Clop ransomware gang via a zero-day vulnerability in a managed file transfer software package it uses Continue Reading
-
News
16 Mar 2023
Mandiant: Dangerous MS Outlook zero-day widely used against Ukraine
A zero-day vulnerability in Microsoft Outlook that was fixed in the March Patch Tuesday update has likely been actively exploited by Russian actors for a year or more, and its use will now spread rapidly Continue Reading
-
News
15 Mar 2023
Microsoft patches Outlook zero-day for March Patch Tuesday
A highly dangerous privilege escalation bug in Outlook is among 80 different vulnerabilities patched in Microsoft’s March Patch Tuesday update Continue Reading
-
News
14 Mar 2023
NatWest introduces limits on crypto trading to prevent fraud
UK bank says its retail customers will benefit from daily and monthly limits on the amount they can pay into cryptocurrency exchanges Continue Reading
-
News
13 Mar 2023
MI5 to oversee new National Protective Security Authority
The new National Protective Security Authority will address various national security threats including state-sponsored cyber espionage against UK targets Continue Reading
-
News
08 Mar 2023
How ForgeRock is tackling identity management
ForgeRock CEO Fran Rosch has set the identity and access management software supplier on a path to deliver a frictionless identity experience without compromising security or privacy Continue Reading
-
News
07 Mar 2023
Nine in 10 enterprises fell victim to successful phishing in 2022
Egress annual email security risk report breaks down impacts of email-based phishing attacks and data loss, and the effect these can have on organisations in terms of staff retention and morale Continue Reading
-
Feature
07 Mar 2023
What can security teams learn from a year of cyber warfare?
With the passing of the first anniversary of Russia’s invasion of Ukraine, we reflect on the ongoing cyber war, and ask what security leaders can learn from the past 12 months Continue Reading
-
News
07 Mar 2023
Taking back control: Could a distributed model breed a better AI?
AI tools such as ChatGPT are trained on datasets scraped from the web, but you don’t have much say if your data is used. Technologist Bruce Schneier says it’s time to give control of AI training data back to the people Continue Reading
-
News
07 Mar 2023
APAC IT leaders bullish on tech spending
Over half of respondents in this year’s IT Priorities study have bigger IT budgets as they continue to make strategic investments in cyber security, cloud and automation, among other areas Continue Reading
-
News
03 Mar 2023
White House unveils National Cybersecurity Strategy
The strategy will focus on ensuring closer collaboration on cyber security between government and industry, while giving software and other tech companies a bigger role in combatting threats due to their resources and expertise Continue Reading
-
Blog Post
03 Mar 2023
UK and US Strategies for Public Private co-operation on Cyber
Given support from a critical mass of those employers who are serious about addressing their own skills needs, plus those of their supply chain and customer base, we should be able to use the LSIP ... Continue Reading
-
News
02 Mar 2023
WH Smith staff data accessed in cyber attack
The retailer has said that customer data has not been affected by the incident as it is held in different systems, and that investigations into the attack are ongoing Continue Reading
-
Opinion
28 Feb 2023
Security Think Tank: Training can no longer be a compliance exercise
Historically, security training has tended to take a compliance-based focus, a ‘tick-box’ exercise using generic, off-the-shelf courses. This needs to change, says Hayley Watson of Turnkey Consulting. Continue Reading
-
Opinion
27 Feb 2023
Cyber training in 2023 needs to drive measurable change
2023 will see more focus on security training programmes that not only provide employees with an understanding of the risks they face but more importantly drive measurable behavioural change, says PA Consulting’s Richard Allen Continue Reading
-
News
22 Feb 2023
UK forces lead live-fire cyber war exercise
The seven-day Defence Cyber Marvel 2 exercise put cyber responders from 11 countries through their paces Continue Reading
-
News
22 Feb 2023
Half of cyber leaders to switch jobs by 2025, citing stress
A substantial number of cyber security leaders are plotting their great escape, saying the industry is leaving them too stressed to go on, according to a study Continue Reading
-
E-Zine
22 Feb 2023
Innovation not infestation – digitising pest control
In this week’s Computer Weekly, we find out how Rentokil Initial is using the latest in digital innovation to improve the age-old task of pest control. The leading experts offer a 15-point plan to improve diversity and inclusion in IT. And with all the excitement around ChatGPT, we ask whether business is ready to use the AI chatbot. Read the issue now. Continue Reading
-
Opinion
21 Feb 2023
Cyber security training: Insights for future professionals
Future cyber security professionals need soft skills as well as technical ones, says security educator Sudeep Subramanian Continue Reading
-
News
20 Feb 2023
Singapore organisations struggle to operationalise threat intelligence
Organisations in the city-state were satisfied with the quality of their threat intelligence, but they struggled to operationalise the information due to talent shortages and other challenges Continue Reading
-
News
20 Feb 2023
Twitter 2FA changes bring more risks than benefits
Twitter’s approach to nudging users away from insecure SMS-based 2FA is being questioned over its logic Continue Reading
-
Opinion
16 Feb 2023
Security Think Tank: New trends and drivers in cyber security training
Self-paced, interactive, bite-sized learning is becoming the optimum path for cyber security training in the workplace, says John Tolbert of KuppingerCole Continue Reading
-
News
16 Feb 2023
How to tame the identity sprawl
Organisations should find a comprehensive way to gain full visibility into their digital identities and leverage automation to tame the identify sprawl Continue Reading
-
News
15 Feb 2023
Multi-purpose malwares can use more than 20 MITRE ATT&CK TTPs
Report warns of the development of increasingly sophisticated, multi-purpose malwares, and calls on defenders to play close attention to the MITRE ATT&CK framework to ward them off Continue Reading
-
Opinion
15 Feb 2023
What charities should know about ransomware and reputational threats
The NCSC recently called for charities to elevate their cyber security practice. Find out why charities are a soft target for cyber criminals, and what they can do to fight back Continue Reading
-
News
15 Feb 2023
Microsoft fixes three zero-days in February update
February’s Patch Tuesday update contains fixes for three previously unpublicised zero-days in Microsoft Office, Windows Graphics Component and Windows Common Log File System Driver Continue Reading
-
News
14 Feb 2023
Vidar, nJRAT re-emerge as prominent malware threats in January
Trojans and infostealers once again dominate the list of most commonly observed threats, according to Check Point’s latest telemetry Continue Reading
-
News
14 Feb 2023
UK authorities clamp down on illegal crypto ATMs
The Financial Conduct Authority and West Yorkshire Police have disrupted a number of illegal crypto ATMs Continue Reading
-
News
14 Feb 2023
OSC&R framework to stop supply chain attacks in the wild
The backers of a new MITRE ATT&CK style framework called OSC&R hope to help organisations get to grips with threats to their software supply chains Continue Reading
-
News
10 Feb 2023
Social media platform Reddit breached in phishing attack
An unspecified threat actor obtained access to internal documents, code and business systems at Reddit after stealing employee credentials in a phishing attack Continue Reading
-
News
09 Feb 2023
UK imposes sanctions on Conti ransomware gang leaders
Seven Russian nationals associated with the Conti and Ryuk ransomware operations have been sanctioned by the UK Continue Reading
-
News
09 Feb 2023
How Check Point is keeping pace with the cyber security landscape
Check Point Software CEO Gil Shwed talks up the company’s growth areas, its approach to cloud security and the impact of generative AI on cyber security Continue Reading
-
Opinion
08 Feb 2023
Security Think Tank: Poor training is worse than no training at all
Bad security training is a betrayal of users, a security risk, and ultimately a waste of money, but there are some reasons to be optimistic about the future, say Mike Gillespie and Ellie Hurst of Advent IM Continue Reading
-
News
08 Feb 2023
Russian hacking group Seaborgium targets SNP MP Stewart McDonald
Scottish National Party MP Stewart McDonald says his personal emails have been hacked by a group linked to the Russian state in a targeted phishing attack Continue Reading
-
News
08 Feb 2023
Campaigners lament lack of movement on Computer Misuse Act reform
Westminster has opened a new consultation on proposed reforms to the Computer Misuse Act of 1990, but campaigners who want the law changed to protect cyber professionals have been left disappointed Continue Reading
-
News
06 Feb 2023
Online banks still riddled with cyber security flaws, report says
Online bank Virgin Money was found to have the weakest online and application security measures in a Which? study but Nationwide, TSB and The Co-Operative Bank all failed on multiple points, too. Continue Reading
-
06 Feb 2023
How gamifying cyber training can improve your defences
With ever-escalating threats, it’s now more important than ever for security training to be an engaging experience. Continue Reading
-
E-Zine
06 Feb 2023
Making IT security training stick
In this week’s Computer Weekly, our latest buyer’s guide looks at IT security training, and asks whether gamification could be the secret to making it stick. We examine how the metaverse might change the way we work in real life. And we find out how job cuts across the tech sector affect employment opportunities for IT contractors in 2023. Read the issue now. Continue Reading
-
News
06 Feb 2023
The Security Interviews: How to overcome data protection compliance challenges
Complying with the vast swathe of data protection legislation around the world is complex, especially for smaller organisations without the necessary expertise. Could the compliance process be simplified, and if so, how? Continue Reading