News
Security policy and user awareness
-
September 14, 2022
14
Sep'22
NCSC warns public of potential Queen-related phishing attacks
The National Cyber Security Centre is urging users to be on guard against phishing attacks during the period of national mourning for the Queen
-
September 13, 2022
13
Sep'22
Cloud compromise a doddle for threat actors as victims attest
Two separate studies into the state of public cloud security reveal insight into the ease with which threat actors can compromise vast numbers of targets, and some of the challenges security teams are facing in the cloud
-
September 13, 2022
13
Sep'22
Users warned over Azure Active Directory authentication flaw
Secureworks researchers found what they say is a serious vulnerability in an Azure Active Directory authentication method, but Microsoft says it should not pose a serious risk to users
-
September 13, 2022
13
Sep'22
Blancco works with charity to provide IT for African schools
Blancco is providing data sanitisation and erasure software to The Turing Trust so that old IT equipment can be securely reused by school children in Sub-Saharan Africa, instead of adding to world’s growing e-waste problem
-
September 13, 2022
13
Sep'22
Multi-persona impersonation adds new dimension to phishing
Iranian APT used multiple personas on a single email thread to convince targets of the legitimacy of its phishing lures
-
September 12, 2022
12
Sep'22
CISOs should spend on critical apps, cloud, zero-trust, in 2023
Faced with a global recession next year, security buyers should try to direct investment towards technology that protects customer-facing and revenue-generating workloads, say analysts
-
September 08, 2022
08
Sep'22
NCSC CyberUK event heads to Belfast in 2023
National Cyber Security Centre’s annual CyberUK roadshow is crossing the Irish Sea to Belfast in April 2023
-
September 08, 2022
08
Sep'22
Dutch cyber security organisations to join forces
Cyber security organisations in the Netherlands are going to merge into a single central expertise centre and information hub, which all organisations in the country will soon be able to tap into
-
September 08, 2022
08
Sep'22
India’s wake-up call on health data privacy
Health app developers and industry watchers in India are keeping an eye on data privacy following the reversal of the Roe vs Wade ruling in the US
-
September 07, 2022
07
Sep'22
Albania cuts diplomatic ties with Iran after cyber attack
In a global geopolitical first, the Albanian government has severed diplomatic ties with Iran and expelled its ambassador after it was targeted by an APT backed by Tehran
-
September 07, 2022
07
Sep'22
August ’22 a bumper month for high-impact vulnerabilities
Bugs in products from Apple, Google, Microsoft and VMware dominated the threat landscape in August, says Recorded Future
-
September 07, 2022
07
Sep'22
Prince’s Trust teams with threat management specialist in skills push
Prince’s Trust hopes to address shortfall in cyber professionals and improve diversity in the industry
-
September 07, 2022
07
Sep'22
Digital identity is key to coping with surge in air travel
The International Air Transport Association’s One ID digital identity initiative will pave the way for seamless air travel from curb to gate and help airports cope with growing passenger traffic
-
September 06, 2022
06
Sep'22
Campaigners call on Truss to change UK’s archaic hacking laws
The CyberUp coalition, a campaign to reform the Computer Misuse Act, has called on Liz Truss to push ahead with needed changes to protect cyber pros from potential prosecution
-
September 06, 2022
06
Sep'22
Saudi Arabian organisations choose to outsource to improve cyber security posture
Overwhelmed by rising threats and a growing number of government mandates, many organisations in Saudi Arabia are looking for outside help to take care of cyber security
-
September 05, 2022
05
Sep'22
Russian-speaking cyber criminals feel economic pinch
Russian-speaking cyber criminals are being forced to refine and adapt their techniques as Vladimir Putin’s invasion of Ukraine makes current methods redundant
-
September 05, 2022
05
Sep'22
How Okta is regaining customer trust after a cyber attack
In early 2022, cyber firm Okta was among several tech companies hit by the Lapsus$ gang. Vice-president of customer trust Ben King talks about how he has been working behind the scenes to rebuild confidence after the incident
-
September 01, 2022
01
Sep'22
Space nerds beware: James Webb images used to spread malware
Astronomy and space aficionados are being targeted by cyber criminals exploiting some of the now-famous images captured by Nasa’s James Webb Space Telescope to distribute malware
-
September 01, 2022
01
Sep'22
Swedish Electronics Protection Act coincides with major cyber spend
Swedish cyber security law comes at a time of heavy government investment
-
September 01, 2022
01
Sep'22
New (ISC)² cyber careers schemes go live
(ISC)² has opened up two new global cyber careers schemes to applicants to try to help organisations fill 2.7 million vacant roles worldwide
-
August 31, 2022
31
Aug'22
Google debuts open source bug bounty programme
Google is calling on hackers to take pot-shots at its open source projects for the first time through a new vulnerability research programme
-
August 30, 2022
30
Aug'22
UK government presses on with new cyber rules for telcos
Government has finalised new security rules for telecoms companies and will move to make them binding in the near future
-
August 30, 2022
30
Aug'22
LastPass breach limited in scale and well-managed, say experts
A breach of LastPass’s developer environment does not seem to have affected users of the password management service, but it may still be time for a credential reset
-
August 25, 2022
25
Aug'22
Adaptive RedAlert, Monster ransomwares go cross-platform
Kaspersky researchers have shared new intelligence on two emergent cyber criminal groups that have adapted their ransomwares to target different operating systems at the same time
-
August 25, 2022
25
Aug'22
Millions of Plex users may be at risk in password breach
Up to half of Plex’s 30 million users may have had their personal data stolen by an unknown threat actor
-
August 25, 2022
25
Aug'22
Security pros fret about stress and promotion over cyber attacks
CIISec’s annual report on the state of the security profession reveals some home truths for security leaders
-
August 24, 2022
24
Aug'22
Most CISOs think they’ve been attacked by a nation state
Most organisations have made changes to their cyber strategies and policies following Russia’s invasion, and almost two-thirds suspect they have been directly targeted or impacted by a nation-state cyber attack
-
August 24, 2022
24
Aug'22
Alleged Twitter security failings spell trouble ahead
Twitter’s former security head, Peiter Zatko, has alleged a number of serious cyber failures at the social media platform, raising the spectre of investigations and sanctions
-
August 23, 2022
23
Aug'22
NCSC shares cyber guidance for large infrastructure builds
Balfour Beatty and McAlpine are among the large construction firms to have input into latest NCSC guidance for ensuring the security of major infrastructure projects
-
August 22, 2022
22
Aug'22
Kaspersky threat data added to Microsoft Sentinel service
Microsoft and Kaspersky have agreed a collaboration to integrate Kaspersky’s threat data feeds into Microsoft’s cloud-native SIEM/SOAR service
-
August 22, 2022
22
Aug'22
Lloyd’s to end insurance coverage for state cyber attacks
Lloyd’s of London has instructed its members to exclude nation state cyber attacks from insurance policies beginning in 2023, saying they pose unacceptable levels of risk
-
August 19, 2022
19
Aug'22
Cozy Bear targets MS 365 environments with new tactics
Cozy Bear, or APT29, is trying out new tricks as it seeks access to its targets’ Microsoft 365 environments
-
August 19, 2022
19
Aug'22
Apple patches two zero-days in macOs, iOS
Mac users should urgently apply new patches addressing vulnerabilities in its desktop and mobile operating systems
-
August 19, 2022
19
Aug'22
Inside Singapore’s national digital identity journey
Singapore’s national digital identity system has evolved from providing single sign-on to e-government services to pandemic-related and digital document capabilities in recent years
-
August 18, 2022
18
Aug'22
Growing MFA use spurs ‘pass-the-cookie’ attacks
The exploitation of stolen session cookies by cyber criminals is once again back on the agenda, thanks to the growing popularity of multifactor authentication tools
-
August 18, 2022
18
Aug'22
Amazon Ring vulnerability could have been used to spy on users
A now-patched vulnerability in the Amazon Ring mobile app could have been exploited to expose users’ video recordings, but was complex to exploit, according to the researchers who stumbled upon it
-
August 18, 2022
18
Aug'22
It takes a breach to force boards to take notice of cyber, says UK government
Too often, it takes a major incident for business leadership to pay attention to cyber issues, according to a government-commissioned study of victims
-
August 16, 2022
16
Aug'22
Why organisations need to harmonise their CIO and CISO roles
Unless properly managed, conflicting responsibilities between the chief information officer and the chief information security officer can cause project delays and budget overruns, says Netskope’s Mike Anderson
-
August 15, 2022
15
Aug'22
Report reveals consensus around Computer Misuse Act reform
A study produced by the CyberUp campaign reveals broad alignment among security professionals on questions around the Computer Misuse Act, which it hopes will give confidence to policymakers as they explore its reform
-
August 12, 2022
12
Aug'22
Cyber criminal forum targets only Russia
The Digital Shadows Photon Research Team has been investigating a pro-Ukraine cyber criminal forum called Dumps, which appears to be one of a kind
-
August 12, 2022
12
Aug'22
Microsoft doles out $13.7m in bug bounties
Microsoft’s Bug Bounty programme has paid a total of $13.7m to more than 300 researchers in almost 50 countries
-
August 12, 2022
12
Aug'22
How critical infrastructure operators can secure OT data
Cohesity’s CISO discusses the challenges of securing data in operational technology systems and what can be done to mitigate security threats
-
August 11, 2022
11
Aug'22
Researcher finds 10 vulnerabilities in Cisco firewalls
At Black Hat USA, Rapid7 researchers report on 10 security issues in popular Cisco firewall products, many of which do not yet have patches
-
August 11, 2022
11
Aug'22
Cisco averts cyber disaster after successful phishing attack
A potentially serious cyber attack on Cisco’s systems that began after a threat actor successfully exploited an employee’s carelessly secured credentials was thwarted without major damage
-
August 10, 2022
10
Aug'22
Microsoft fixes two-year-old MSDT vulnerability in August update
August’s Patch Tuesday drop fixes more than 120 CVEs, including another MSDT RCE zero-day that is being actively exploited.
-
August 09, 2022
09
Aug'22
Cyber insurance getting harder to obtain
Organisations looking to shore up their security postures face more and more barriers to obtaining cyber insurance
-
August 08, 2022
08
Aug'22
NHS recovering key services after attack on supplier
Incident at software provider Advanced took out multiple NHS services before the weekend, including the 111 advice service
-
August 05, 2022
05
Aug'22
Reliance on PSN may have exacerbated cyber attack impact
As it seeks a new supplier to reinvigorate the migration away from the Public Services Network, the Cabinet Office says relying on the legacy network may be putting public sector bodies at heightened risk in cyber attacks
-
August 04, 2022
04
Aug'22
SBRC to administer NCSC training across Scotland
The Scottish Business Resilience Centre has been awarded a £500,000 contract to extend cyber resilience training across more than 250 at-risk organisations
-
August 04, 2022
04
Aug'22
Spyware activity particularly impactful in July
After a quiet June, vulnerability exploitation ramped up in July, with intrusions linked to spyware seeing unusually high volumes of activity, according to a report