News
Security policy and user awareness
-
February 09, 2024
09
Feb'24
MoD ethical hacking programme expands after initial success
The Ministry of Defence has expanded the scope of its defensive security partnership with HackerOne
-
February 06, 2024
06
Feb'24
UK’s McPartland Cyber Review to probe trust in technology
The UK government has launched a cyber security review that will investigate how best to give businesses the confidence they need to use new technologies
-
February 06, 2024
06
Feb'24
UK and France push for international agreement on spyware
The UK and France are hosting diplomats, big tech companies and civil society groups, in a two-day conference in London targeting the proliferation of spyware tools and ‘hackers for hire’
-
February 05, 2024
05
Feb'24
US sanctions Iranians behind CNI cyber attacks
US government issues new sanctions against six Iranians suspected of being behind a series of cyber attacks targeting critical national infrastructure, notably water supply systems
-
January 25, 2024
25
Jan'24
Bugcrowd sees surge in vulnerability submissions, led by public sector
Crowdsourced vulnerability disclosure and bug bounty platform Bugcrowd says it saw a 151% uptick in submissions related to government and public sector organisations in 2023
-
January 24, 2024
24
Jan'24
Inside Cisco’s security platform strategy
Raj Chopra, senior vice-president of Cisco’s security business, outlines the company’s security platform strategy and how it brought different products together into a single platform
-
January 24, 2024
24
Jan'24
Critical vulnerability exposes Fortra GoAnywhere users
Fortra GoAnywhere MFT users must take steps to address a newly disclosed zero-day vulnerability without delay
-
January 24, 2024
24
Jan'24
AI will heighten global ransomware threat, says NCSC
The benefits of artificial intelligence to cyber criminals being well-known, the NCSC now assesses it’s likely AI will soon be widely used to enhance ransomware attacks
-
January 24, 2024
24
Jan'24
Salesforce’s bug bounty programme paid out $3m in 2023
Ethical hackers disclosed more than 4,000 vulnerabilities to Salesforce last year through its bug bounty programme, and received over $3m in rewards
-
January 23, 2024
23
Jan'24
Treat cyber risk like financial or legal issue, says UK government
UK government and NCSC launch proposed code of practice on cyber security governance to help directors and business leaders toughen their defences
-
January 23, 2024
23
Jan'24
Leak of 26 billion records may prove to be ‘mother of all breaches’
The discovery of a dataset comprising 26 billion stolen records may prove to be record-breaking in both its size and the danger it poses to ordinary people
-
January 22, 2024
22
Jan'24
Chat control: Tech companies warn ministers over EU encryption plans
Tech companies have written to EU ministers to urge them to back the European Parliament, rather than the European Commission, over proposed regulations to police child abuse
-
January 19, 2024
19
Jan'24
Neighbouring Kent councils hit by simultaneous cyber attacks
Canterbury, Dover and Thanet Councils in Kent have all been struck by simultaneous cyber attacks knocking systems offline, with indications of a link between all three
-
January 18, 2024
18
Jan'24
Cyber non-profit enlists ex-NCSC head as technical chair
Founding NCSC chief exec Ciaran Martin is to join the newly launched Cyber Monitoring Centre non-profit as chair of its technical committee
-
January 17, 2024
17
Jan'24
NCSC invites security pros to join the big leagues
The NCSC is inviting security pros from across the UK to sign up to work with its experts on an intelligence-sharing initiative
-
January 17, 2024
17
Jan'24
The Security Interviews: Rebecca Taylor, SecureWorks Counter Threat Unit
In October 2023, Rebecca Taylor of the SecureWorks Counter Threat Unit was recognised at the annual Security Serious Unsung Heroes Awards for her work. Computer Weekly caught up with her to talk mentoring, cyber career development and diversity
-
January 17, 2024
17
Jan'24
Victims of 2023 Capita data breaches head to High Court
More than 5,000 people impacted by data breaches arising from two cyber incidents affecting outsourcer Capita have joined a group action lawsuit
-
January 17, 2024
17
Jan'24
Singapore proposes governance framework for generative AI
AI Verify Foundation and Infocomm Media Development Authority have proposed a governance framework for generative AI to address the risks and concerns about the emerging technology
-
January 16, 2024
16
Jan'24
Kaspersky shares Pegasus spyware-hunting tool
Kaspersky has developed a way of easily exposing the presence of Pegasus spyware on iOS devices and believes its methodology may also help users identify other such surveillance malware
-
January 15, 2024
15
Jan'24
Russia hacked ex-MI6 chief’s emails – what they reveal is more Dad’s Army than deep state
A Russian hacking group that published emails of ex-MI6 chief Richard Dearlove claimed to have uncovered a conspiracy, but it was more Dad’s Army than the ‘deep state’, Computer Weekly and Byline Times reveal
-
January 15, 2024
15
Jan'24
NCA director sacked after WhatsApp and email security breaches
Nikki Holland, former director of investigations at the NCA, was sacked for “misconduct” after sending sensitive NCA information over personal email and WhatsApp
-
January 10, 2024
10
Jan'24
Windows Kerberos, Hyper-V vulns among January Patch Tuesday bugs
Microsoft starts 2024 right with another slimline Patch Tuesday drop, but there are some critical vulns to be alert to, including a number of man-in-the-middle attack vectors
-
January 10, 2024
10
Jan'24
SEC social media hack highlights value of MFA
The US SEC briefly appeared to approve new bitcoin trading rules after a social media account was targeted by troublemakers, proving the value of MFA once again
-
January 09, 2024
09
Jan'24
Study reveals cyber risks to US elections
With the 2024 US presidential election cycle beginning, a study produced by Arctic Wolf has highlighted big gaps in preparedness and resourcing at government bodies across the US
-
January 08, 2024
08
Jan'24
British Library ransomware attack could cost up to £7m
The cost of recovering the British Library’s ransomware-stricken IT systems could be up to £7m, it has emerged
-
January 03, 2024
03
Jan'24
Dutch working to promote cooperation in Europe to keep internet safe
A Dutch cooperative approach offers national and international cooperation opportunities for ISPs to guard against DDoS attacks, lawful interception and detect abuse in networks
-
January 02, 2024
02
Jan'24
China’s UNC4841 pivots to new Barracuda ESG zero-day
The Chinese state threat actor behind a series of cyber attacks on Barracuda Networks customers embarked on a campaign targeting the supplier’s email security products in the run-up to Christmas
-
December 21, 2023
21
Dec'23
Top 10 cyber crime stories of 2023
Ransomware gangs dominated the cyber criminal underworld in 2023, a year that will prove notable for significant evolutionary trends in their tactics
-
December 19, 2023
19
Dec'23
Top 10 cyber security stories of 2023
The past 12 months have seen the security agenda dominated by the usual round of vulnerabilities, concerns over supply chain security and more besides, but it was the chaotic state of global geopolitics that really made an impact
-
December 14, 2023
14
Dec'23
The Security Interviews: Talking identity with Microsoft’s Joy Chik
Microsoft’s president of identity and network access, Joy Chik, joins Computer Weekly to discuss the evolving threat landscape in identity security, using innovations in artificial intelligence to stay ahead, and advocating for the coming ...
-
December 14, 2023
14
Dec'23
NCSC CEO Lindy Cameron to step down in 2024
NCSC chief exec Lindy Cameron, who helped lead and elevate the national dialogue on cyber security through major events such as Covid-19, SolarWinds Sunburst and Colonial Pipeline, is to step down in the New Year
-
December 13, 2023
13
Dec'23
Microsoft’s Christmas present for cyber teams: no zero-days
Barely 30 vulnerabilities, and no zero-days, have been fixed in the final Patch Tuesday drop of 2023
-
December 13, 2023
13
Dec'23
Critical UK infrastructure a ‘hostage of fortune’ to ransomware
A lack of ransomware planning and preparedness at the highest levels of government is leaving UK operators or critical national infrastructure dangerously exposed, according to a Joint Committee report
-
December 12, 2023
12
Dec'23
MoD fined after breach of Afghan staffers’ data put lives at risk
The MoD has been fined £350,000 by the ICO after an email blunder exposed data on Afghan nationals who had worked with British forces and were at risk of Taliban reprisals
-
December 12, 2023
12
Dec'23
Outdated data protection practice key factor in PSNI data breach
The August 2023 data breach at the Police Service of Northern Ireland arose chiefly from an outdated approach to data protection and compliance at the force, according to an independent review
-
December 08, 2023
08
Dec'23
Fancy Bear targets Nato entities via critical Outlook flaw
A vulnerability patched in March has likely been exploited by the Russian state actor Fancy Bear, for over two years, according to the latest intelligence
-
December 07, 2023
07
Dec'23
UK names Russian FSB agents behind political hacking campaign
Russian hacking group, Star Blizzard, was part of a Russian intelligence operation aimed at interfering with UK politics and the democratic process, says government.
-
December 07, 2023
07
Dec'23
2023 may have seen highest ransomware ‘body count’ yet
Ransomware, or cyber extortion as it is increasingly being termed, remained the most prominent security threat in 2023 – and thanks to large-scale supply chain attacks, the past 12 months may have seen the most victims ever
-
December 06, 2023
06
Dec'23
Government launches UK-wide Cyber Explorers Cup
Schoolkids across the UK are being called on to team up and defeat Herbert the Hacker in a new government-backed competition
-
December 05, 2023
05
Dec'23
Operator of Sellafield nuclear facility denies hacking claims
The operator of the Sellafield nuclear site has denied allegations that senior managers covered up a series of cyber security lapses that enabled Chinese and Russian threat actors to compromise its networks
-
December 01, 2023
01
Dec'23
Report reveals sorry state of cyber security at UK football clubs
Football clubs up and down the country are putting staff, players and fans alike at risk through outdated attitudes to cyber security, according to a report
-
November 30, 2023
30
Nov'23
Government’s Online Fraud Charter welcomed
The government has corralled 11 of the largest tech platforms in the world to commit to its Online Fraud Charter, designed to tackle online scams, fake adverts, and more
-
November 29, 2023
29
Nov'23
Scope of Okta helpdesk breach widens to impact all users
Okta has widened the scope of the October breach of its systems to include every customer that has used its helpdesk service, after new information came to light
-
November 28, 2023
28
Nov'23
Volume of unique malware samples threatens to overwhelm defenders
A massive increase in malware volumes could cause problems for security teams tasked with adapting their defences against them
-
November 27, 2023
27
Nov'23
NCSC publishes landmark guidelines on AI cyber security
The NCSC and its US counterpart CISA have brought together tech companies and governments to countersign a new set of guidelines aimed at promoting a secure-by-design culture in AI development
-
November 23, 2023
23
Nov'23
MOVEit incident spurred UK decision makers to spend big on cyber
The MOVEit cyber attacks that unfolded in the spring and summer of 2023 seem to have driven an increase in both ransomware awareness and spend, according to a report
-
November 23, 2023
23
Nov'23
Australia ups ante on cyber security
Australia’s new cyber security strategy will focus on building threat-blocking capabilities, protecting critical infrastructure and improving the cyber workforce, among other priorities
-
November 22, 2023
22
Nov'23
An inside look at a Scattered Spider cyber attack
Threat researchers at ReliaQuest share the inside track on a Scattered Spider cyber attack they investigated
-
November 22, 2023
22
Nov'23
CISA reveals how LockBit hacked Boeing via Citrix Bleed
As alarm grows around the world about the impact of the so-called Citrix Bleed vulnerability, Boeing has shared details of its experience at the hands of the LockBit ransomware crew
-
November 21, 2023
21
Nov'23
Over half of SME cyber incidents now ‘malware-free’
The age of malware-driven cyber attacks may have peaked, at least when it comes to incidents affecting small and medium sized enterprises