News
Security policy and user awareness
-
November 21, 2023
21
Nov'23
Internal documents leaked as Rhysida claims responsibility for British Library ransomware attack
Ransomware group Rhysida threatens to sell documents stolen from the British Library to the highest bidder
-
November 20, 2023
20
Nov'23
Cubbit DS3 Composer brings DIY cloud to object storage pool
Cubbit customers can now build and configure S3-compatible clouds from unused capacity and offer MSP-grade services with high levels of resilience, security and data sovereignty
-
November 16, 2023
16
Nov'23
Ransomware gang grasses up uncooperative victim to US regulator
The ALPHV/BlackCat ransomware gang has added a new tactic to its playbook, going to ever more extreme lengths in search of a pay-off
-
November 15, 2023
15
Nov'23
BlackCat affiliate seen using malvertising to spread ransomware
Researchers at eSentire identified a wave activity from an ALPHV/BlackCat ransomware affiliate which has adopted a somewhat unusual approach to delivering its locker
-
November 09, 2023
09
Nov'23
Revealed: How Russia’s Sandworm ramped up attacks on Ukraine’s critical infrastructure
New Mandiant intelligence reveals how the APT known as Sandworm has been evolving its playbook, twisting legitimate executables known as LoLBins into malicious tools as it seeks to disrupt daily life in Ukraine
-
November 09, 2023
09
Nov'23
NCSC makes annual Black Friday plea to consumers
Ahead of the annual festival of retail avarice, the NCSC is once again asking consumers to do the bare minimum to avoid falling victim to scams
-
November 09, 2023
09
Nov'23
The Security Interviews: Why cyber needs to integrate better
Cyber security is an intensely technical field, but we shouldn’t ignore the soft skills of communication and collaboration. Wipro’s Tony Buffomante explains why a robust security posture is dependent on a security team engaging with the wider ...
-
November 08, 2023
08
Nov'23
The Security Interviews: ISC2’s Clar Rosso on cyber diversity and policy
Computer Weekly catches up with ISC2 CEO Clar Rosso to talk about diversifying the cyber workforce and supporting cyber pros as they keep up with growing compliance and security policy demands
-
November 07, 2023
07
Nov'23
Researchers ‘break’ rule designed to guard against Barracuda vulnerability
Vectra AI researchers found that a Suricata rule designed to detect exploitation of a dangerous Barracuda Email Security Gateway flaw was not entirely effective
-
November 07, 2023
07
Nov'23
Unesco unveils seven-point anti-disinformation plan
United Nations body outlines seven proposals for civil society, governments, regulators and tech platforms to adopt to combat the source of disinformation
-
November 02, 2023
02
Nov'23
Admins told to take action over F5 Big-IP platform flaws
Two vulnerabilities in the widely used F5 Networks Big-IP platform are now being exploited in the wild
-
November 02, 2023
02
Nov'23
UK workers exhibit poor security behaviours, report reveals
Report by KnowBe4 has found that four in five UK workers do not make security-conscious choices, whether in-office, remote or hybrid working
-
November 02, 2023
02
Nov'23
How the UK crime agency repurposed Amazon cloud platform to analyse EncroChat cryptophone data
UK crime agency repurposed AWS-based analytics platform to triage EncroChat data and identify threats to life in messages sent on encrypted phone network
-
November 02, 2023
02
Nov'23
EU digital ID reforms should be ‘actively resisted’, say experts
Over 300 cyber security experts have called for the EU to rethink its proposals for eIDAS digital identity reforms, saying some of the provisions risk damaging user privacy and security
-
November 01, 2023
01
Nov'23
Darktrace CEO Poppy Gustafsson on her AI Safety Summit goals
As the AI Safety Summit at Bletchley Park takes place, Computer Weekly caught up with Darktrace CEO Poppy Gustafsson to find out what one of the UK’s most prominent AI advocates wants from proceedings
-
October 27, 2023
27
Oct'23
Tech firms cite risk to end-to-end encryption as Online Safety Bill gets royal assent
Tech firms continue to be concerned that the Online Safety Bill could undermine end-to-end encryption despite government reassurances
-
October 27, 2023
27
Oct'23
Microsoft warns over growing threat from Octo Tempest gang
The English-speaking Octo Tempest extortion gang – which became an ALPHV/BlackCat affiliate recently – presents one of the most significant and rapidly growing threats to large organisations at this time, says Microsoft
-
October 27, 2023
27
Oct'23
How Elastic manages cyber security threats
Mandy Andress, CISO at Elastic, highlights the company’s approach to tackling evolving cyber threats through the use of AI tools and enhanced security measures while strengthening the capabilities of its security offerings
-
October 26, 2023
26
Oct'23
ChatGPT, Bard, lack effective defences against fraudsters, Which? warns
Consumer advocacy Which? warns that popular generative AI tools are vulnerable to loopholes that render existing protections against malicious usage easily bypassed
-
October 26, 2023
26
Oct'23
Boardrooms losing control in generative AI takeover, says Kaspersky
C-suite executives are increasingly fretful about what they perceive as a ‘silent infiltration’ of generative AI tools across their organisations
-
October 25, 2023
25
Oct'23
Demystifying the top five OT security myths
Goh Eng Choon, president of ST Engineering’s cyber business, outlines the common myths around OT security in a bid to raise awareness of the security challenges confronting OT systems
-
October 24, 2023
24
Oct'23
Cisco hackers likely taking steps to avoid identification
Cisco confirms that a drop in detections of devices compromised by two zero-days was likely the result of reactive measures taken by the threat actors to avoid discovery
-
October 24, 2023
24
Oct'23
Research team tricks AI chatbots into writing usable malicious code
Researchers at the University of Sheffield have demonstrated that so-called Text-to-SQL systems can be tricked into writing malicious code for use in cyber attacks
-
October 24, 2023
24
Oct'23
Kaspersky opens up over spyware campaign targeting its staffers
Kaspersky has shared more details of the TriangleDB spyware that was used against its own workforce by an unknown APT group
-
October 24, 2023
24
Oct'23
Customers speak out over Okta’s response to latest breach
Customers of identity specialist Okta have been attacked via a compromise of its systems, and are claiming Okta’s response leaves something to be desired
-
October 24, 2023
24
Oct'23
Suzy Lamplugh Trust treads path to improved cyber resilience
Personal safety charity enlists the support of the London Cyber Resilience Centre to improve staff awareness and strengthen its overall cyber resilience
-
October 23, 2023
23
Oct'23
Cisco pushes update to stop exploitation of two IOS XE zero-days
Cisco releases updates to thwart exploitation of two flaws affecting users of its IOS XE software
-
October 23, 2023
23
Oct'23
How Ensign is leading the charge in cyber security
Lee Fook Sun, chairman of Ensign InfoSecurity, traces the company’s journey and how it is leading the charge in cyber security by doing things differently, investing in R&D and engaging with the wider ecosystem
-
October 20, 2023
20
Oct'23
Computer Weekly contributor named Godfather of UK Security
Advent IM founder Mike Gillespie was among those honoured at the eighth annual Security Serious Unsung Heroes Awards
-
October 20, 2023
20
Oct'23
RagnarLocker cyber gang that pioneered double extortion busted
Europol and the FBI have taken down the RagnarLocker ransomware crew, a long-standing gang that helped pioneer some now common tactics, taking its dark web negotiation and data leak sites offline
-
October 19, 2023
19
Oct'23
Nuclear regulator raps EDF over cyber compliance
The Office for Nuclear Regulation says EDF has come up short on needed measures to improve cyber security standards at several critical UK nuclear facilities
-
October 18, 2023
18
Oct'23
What are the cyber risks from the latest Middle Eastern conflict?
The outbreak of war between Hamas and Israel in October 2023 has seen a wide variety of accompanying cyber attacks from hacktivists and other groups. We look at the risks to organisations
-
October 17, 2023
17
Oct'23
Alert sounded over dangerous Cisco IOS XE zero-day
Cisco warns customers using its IOS XE software of a newly discovered vulnerability that could enable a threat actor to take over their systems
-
October 17, 2023
17
Oct'23
What it takes to succeed in DevSecOps
Providing engineering leadership and balancing between speed and security are some areas that organisations will need to focus on in their DevSecOps journey
-
October 10, 2023
10
Oct'23
MGM faces £100m loss from cyber attack on its casinos
MGM Resorts has provided further details on the fallout of the hack targeting its casinos in early September, confirming that a range of personal information has been stolen and that it will likely cost the firm around $100m
-
October 05, 2023
05
Oct'23
Ransomware dwell times now measured in hours, says Secureworks
Ransomware payloads are now being deployed and executed within 24 hours in more than 50% of cases, according to Secureworks’ annual report
-
October 03, 2023
03
Oct'23
Cyber experts urge EU to rethink vulnerability disclosure plans
The European Union’s proposed cyber security vulnerability disclosure measures are well-intentioned but ultimately counterproductive, as making unmitigated vulnerabilities public knowledge increases the risk of their exploitation by various actors, ...
-
October 03, 2023
03
Oct'23
CIISec scores DSIT funding to expand successful CyberEPQ scheme
DSIT has committed to enhanced funding to expand CIISec’s CyberEPQ education programme after recording excellent results to date
-
October 03, 2023
03
Oct'23
Top science journal faced secret attacks from Covid conspiracy theory group
A conspiratorial group of extreme Brexit lobbyists mounted an extraordinary campaign against one of the world’s most prestigious science journals – part of a series of joint investigations between Byline Times and Computer Weekly
-
September 28, 2023
28
Sep'23
Yahoo picks Intigriti to run crowdsourced bug bounty programme
Digital media brand Yahoo is setting up a crowdsourced bug bounty programme with ethical hacking specialist Intigriti, and is reaching out to the Capture the Flag community to participate
-
September 27, 2023
27
Sep'23
Researchers offer free threat briefings on Vegas casino hackers
Permiso, a cloud detection and response startup, is making its threat intel team available to speak on Scattered Spider, the group behind recent cyber attacks on MGM Resorts and Caesars Entertainment
-
September 27, 2023
27
Sep'23
City of Las Vegas masters cyber incident response with Darktrace
The high-rolling city of Las Vegas experiences unique cyber security challenges rarely seen elsewhere. CIO Mike Sherwood reveals how he turned to Darktrace to help address incidents quicker and with confidence
-
September 26, 2023
26
Sep'23
Cover-ups still the norm in the wake of a cyber incident
Almost half of organisations that have experienced a cyber incident did not report it to the appropriate authorities, according to a report
-
September 26, 2023
26
Sep'23
Crest and IASME to deliver upcoming NCSC Cyber Exercise programme
Crest and IASME have been tasked with assuring that security services providers signing up to a soon-to-launch NCSC Cyber Incident Exercising scheme are up to the job
-
September 25, 2023
25
Sep'23
Apple fixes three vulnerabilities found by spyware researchers
Apple has patched three more vulnerabilities uncovered by spyware and surveillance researchers at The Citizen Lab
-
September 22, 2023
22
Sep'23
Annual Security Serious Awards nominations announced
Annual Security Serious Awards will recognise the professionals and organisations doing the most to safeguard and advance cyber security, as well as those committed to diversity and mental health in the industry
-
September 22, 2023
22
Sep'23
UK-US data bridge to open to traffic on 12 October
Government forges ahead with the implementation of the UK-US data bridge, which will come into effect for real just under three weeks from now
-
September 21, 2023
21
Sep'23
‘Top’ ransomware gangs favour smaller businesses
Despite high-profile attacks on prominent organisations, the world’s most prolific ransomware operations tend to target smaller businesses
-
September 21, 2023
21
Sep'23
Poor digital experience a blocker for cyber resilience
Organisations that neglect the digital employee experience are not only vulnerable to employee attrition, but putting themselves at increased cyber risk, an Ivanti report finds
-
September 20, 2023
20
Sep'23
Parliament passes sweeping Online Safety Bill but tech companies still concerned over encryption
Ofcom will consult on standards to enforce new powers, but tech companies remain concerned about the impact of the bill’s ‘spy clause’, which could require them to scan encrypted messages