News
Business continuity planning
-
June 19, 2023
19
Jun'23
UK to contribute up to £25m to Ukraine cyber defences
Prime minister Rishi Sunak announces an expansion to the Ukraine Cyber Programme, with a cash boost of up to £25m over the next two years
-
June 15, 2023
15
Jun'23
Exploitation of Barracuda ESG appliances linked to Chinese spies
Intelligence from Mandiant links exploitation of a flaw in a subset of Barracuda ESG appliances to a previously untracked China-nexus threat actor
-
June 15, 2023
15
Jun'23
NCSC warns over ‘enduring’ LockBit threat
Although its activity volumes have been lower of late, LockBit is still a highly dangerous ransomware gang and is now the subject of a new international cyber advisory
-
June 15, 2023
15
Jun'23
Clop begins naming alleged MOVEit victims
Clop uploaded details of 12 new victims to its dark web leak site late on 14 June, many of them likely linked to the ongoing MOVEit cyber attack
-
June 14, 2023
14
Jun'23
No zero-days for June Patch Tuesday, but plenty to chew over
On the face of it, Microsoft’s monthly round of updates is a lighter-than-usual load for security teams, with no zero-days in evidence, but there are still plenty of issues needing attention
-
June 08, 2023
08
Jun'23
Vulnerability exploitation volumes up over 50% in 2022
Data from Palo Alto Networks’ Unit 42 threat intel specialists reveals insight into the scale of vulnerability exploitation in the wild
-
June 08, 2023
08
Jun'23
Bishop Fox’s Vinnie Liu talks offensive security skills
There is growing demand for offensive security testing, but it needs a multi-layered skillset that can be hard to quantify. Bishop Fox’s CEO and co-founder explains why and some potential mitigation strategies
-
June 06, 2023
06
Jun'23
Google launches hacker-backed SME security training scheme
Citing research that shows almost half of SMEs are struggling to recruit cyber security specialists, Google is launching a programme designed to upskill more people to fill thousands of vacant roles
-
June 06, 2023
06
Jun'23
Victims of MOVEit SQL injection zero-day mount up
The BBC, Boots, and British Airways are among the victims of cyber incidents arising from a recently disclosed vulnerability in the MOVEit file transfer, exploitation of which is spreading fast
-
June 06, 2023
06
Jun'23
Cyber spotlight falls on boardroom ‘privilege’ as incidents soar
Three quarters of data breaches now involve a significant human element, and the higher up they get in an organisation, the more risks people seem to take, according to Verizon’s annual Data Breach Investigations Report
-
May 30, 2023
30
May'23
Downstream breaches of Capita customers spreading
As many as 90 organisations that used Capita services have now reported data breaches arising from various security incidents at the outsourcer
-
May 26, 2023
26
May'23
Cisco joins growing Manchester cyber security hub
Networking kingpin signs up to Greater Manchester Digital Security Hub to support centre’s work on security resilience and skills
-
May 25, 2023
25
May'23
Alert over Chinese cyber campaign targeting critical networks
A Chinese threat actor known as Volt Typhoon has been observed infiltrating CNI networks in a cyber espionage campaign, according to intelligence
-
May 12, 2023
12
May'23
Let’s put an end to secrecy and cover-ups in ransomware attacks
The NCSC and the ICO are calling for organisations to bite the bullet and be more open about cyber security and ransomware incidents, and the community is firmly behind them
-
May 10, 2023
10
May'23
Secure Boot vulnerability causes Patch Tuesday headache for admins
Applying the fix for a security bypass zero-day affecting the Windows Secure Boot feature will be a long process that will drag into 2024, but for good reason, says Microsoft
-
May 03, 2023
03
May'23
Cyber Action Plan for Wales launched
The devolved Welsh government has set out four priorities in an action plan designed to foster cyber resilience, talent and innovation across the country
-
May 02, 2023
02
May'23
UK Cyber Security Council launches certification mapping tool
Cyber careers body aims to offer clarity for professionals seeking to advance through security certification
-
April 27, 2023
27
Apr'23
Tenable opens playground for generative AI cyber tools
A set of generative AI cyber tools designed to help security researchers in reverse engineering, debugging and other areas of work have been made available for the community to experiment with
-
April 27, 2023
27
Apr'23
Google Cloud seals bug that could have led to data breaches
The Asset Key Thief vulnerability gave rise to multiple potential attack scenarios that could have impacted thousands of Google Cloud users, but has now been safely fixed
-
April 25, 2023
25
Apr'23
CISOs under-supported, under pressure, Trellix finds
The vast majority of CISOs say they are finding it difficult to get sign-off on the resources they need to do their job
-
April 25, 2023
25
Apr'23
Almost three-quarters of cyber attacks involve ransomware
Data from Sophos’s annual Active Adversary Report reveals that almost three-quarters of the cyber security incidents it responded to in 2022 involved ransomware
-
April 21, 2023
21
Apr'23
CyberUK 23: New advice on smart city security issued
The NCSC and key allies have drawn up new guidance to help communities balance the cyber security risks involved with creating smart cities
-
April 20, 2023
20
Apr'23
Good Friday Agreement key to growth of Northern Ireland cyber hub
Now 25 years since the historic Good Friday Agreement ended the Troubles, Northern Ireland has become a flourishing centre of cyber security excellence and has ambitions to grow further
-
April 20, 2023
20
Apr'23
New GovAssure cyber regime launches across UK government
An enhanced cyber security regime is being put in place to better protect UK government IT systems from growing threats
-
April 19, 2023
19
Apr'23
UK plc sees fewer cyber breaches and attacks, but lacks resilience
Latest government figures reveal UK businesses and charities reported lower volumes of cyber breaches and attacks over the past 12 months, but the statistics mask widespread underreporting and the true state of cyber readiness and resilience appears...
-
April 19, 2023
19
Apr'23
CyberUK 23: NCSC CEO calls for collaboration and warns against complacency
NCSC boss Lindy Cameron kicked off the annual CyberUK conference in Belfast with a plea for collaboration and a warning against complacency
-
April 19, 2023
19
Apr'23
Global finance firms take part in NATO cyber attack simulation
Global financial services organisations take part in NATO annual event which simulates cyber attacks on critical infrastructure
-
April 19, 2023
19
Apr'23
CyberUK 23: Alert over mercenary Russian threat to CNI
Russian hacktivists supportive of their government’s war on Ukraine are turning their attention to disruptive or destructive attacks on critical infrastructure in the UK, the NCSC has warned
-
April 18, 2023
18
Apr'23
CyberUK 23: NCSC conference centres cyber collaboration
The NCSC’s annual CyberUK conference gets underway in Belfast this week, with collaboration and cooperation high on the agenda
-
April 18, 2023
18
Apr'23
Focus on these three risky behaviours to boost cloud security
Some 80% of cloud security alerts are triggered by just 5% of security rules. Security teams can substantially improve their resilience by zeroing in on a small set of risky behaviours, according to a report
-
April 18, 2023
18
Apr'23
UK presses on with post-Brexit data protection reform
The revised version of the Data Protection and Digital Information Bill has had its second reading in Parliament as the government presses on with post-Brexit changes, but critics remain sceptical that the EU will be convinced to maintain the UK's ...
-
April 17, 2023
17
Apr'23
Charity data stolen in ransomware attack on supplier
A number of charities in Ireland and the UK have had their data compromised following a ransomware attack on an IT supplier
-
April 12, 2023
12
Apr'23
April Patch Tuesday fixes zero-day used to deliver ransomware
A zero-day in the Microsoft Common Log File System that has been abused by the operator of the Nokoyawa ransomware is among 97 vulnerabilities fixed in April’s Patch Tuesday update
-
April 12, 2023
12
Apr'23
Gartner: Rebalance cyber investment towards human-centric elements
Security decision-makers need to reprioritise their investment outlooks towards people, rather than technology, according to the latest market forecast from Gartner
-
April 11, 2023
11
Apr'23
Anne Keast-Butler named as new director of GCHQ
The government has appointed current MI5 deputy director general Anne Keast-Butler to head signals and cyber agency GCHQ
-
April 11, 2023
11
Apr'23
KFC, Pizza Hut data stolen in January ransomware attack
Yum!, the parent organisation behind KFC and Pizza Hut in the UK, has disclosed that employee data was accessed and exfiltrated in a January 2023 ransomware attack
-
April 06, 2023
06
Apr'23
IBM's Nataraj Nagaratnam on the cyber challenges facing cloud services
Governments are introducing increasingly prescriptive data protection policies, but with organisations becoming ever more reliant on multiple cloud service platforms for essential business needs, how can they ensure they meet regulatory requirements?
-
April 06, 2023
06
Apr'23
Prioritise automated hardening over traditional cyber controls, says report
A report from strategic risk specialist Marsh McLennan advises security buyers to funnel their budgets towards automated cyber security hardening techniques, saying they have a much better chance of reducing risk in a meaningful way
-
April 06, 2023
06
Apr'23
Clop ransomware booms in March as Fortra zero-day pays off for gang
Backed by the threat actor tracked variously as Gold Tahoe and TA505, the Clop ransomware operation hit new ‘heights’ of activity last month, according to researchers
-
April 05, 2023
05
Apr'23
Quick-acting Rorschach ransomware appears out of nowhere
Emergent Rorschach ransomware strain is highly advanced and quite unusual in its capabilities, warn researchers, who say they have been unable to link it to any other known strains
-
April 05, 2023
05
Apr'23
Italy’s ChatGPT ban: Sober precaution or chilling overreaction?
Italy’s data protection authority issued a temporary ban on ChatGPT citing data protection concerns and alleged breaches of the GDPR. Is this a reasonable precaution, or a chilling restriction on personal freedoms?
-
April 04, 2023
04
Apr'23
Threat researchers dissect anatomy of a Royal ransomware attack
Trellix researchers share the inside track on a Royal ransomware attack that hit one of its customers in late 2022
-
April 04, 2023
04
Apr'23
Over 90% of organisations find threat hunting a challenge
Understaffed security teams and high levels of background noise are making basic security operations tasks a chore for defenders, according to a report
-
March 30, 2023
30
Mar'23
OSC&R supply chain security framework goes live on Github
The OSC&R framework for understanding and evaluating threats to supply chain security has made its debut on Github to allow anybody to contribute to the framework
-
March 30, 2023
30
Mar'23
NCSC issues revised security Board Toolkit for business leaders
National Cyber Security Centre calls on CEOs and senior business leaders to take a more hands-on approach to cyber resilience with the launch of revised board-level tools
-
March 30, 2023
30
Mar'23
Reactive approach to cyber procurement risks damaging businesses
Too many organisations are following a reactive approach to cyber security, which WithSecure believes is stifling security teams ability to demonstrate value and align with business outcomes
-
March 28, 2023
28
Mar'23
Microsoft expands AI Copilot project into security realm
New Microsoft service, Security Copilot, will supposedly expand the reach, speed and effectiveness of cyber teams
-
March 28, 2023
28
Mar'23
Apple security updates fix 33 iPhone vulnerabilities
A larger-than-usual update to Apple’s mobile operating system fixes more than 30 distinct vulnerabilities, including two serious issues that may potentially affect device kernels
-
March 28, 2023
28
Mar'23
Inside Group-IB’s cyber security playbook
A focus on threat intelligence, fraud protection and its work with Interpol has enabled Group-IB to compete against bigger rivals in the market
-
March 28, 2023
28
Mar'23
Europol warns cops to prep for malicious AI abuse
In a report looking at how large language models can be used by criminals, Europol’s Innovation Lab calls on law enforcement agencies to prepare themselves for wide-ranging impacts on their work