News

Business continuity planning

• May 07, 2021 07 May'21

  NCSC publishes smart city security guidelines

  Guidance for local authorities, IT and cyber professionals aims to ensure the security of connected, smart city projects

• May 07, 2021 07 May'21

  Reddit enlists HackerOne to run public bug bounty programme

  Online community platform is opening up its HackerOne bug bounty programme to any ethical hacker who cares to have a look under the bonnet

• May 05, 2021 05 May'21

  Dysfunctional cyber, network teams disrupt digital transformation

  Despite shared goals, combative and dysfunctional relationships within specialist tech teams are putting digital transformation projects at risk, according to a report

• May 04, 2021 04 May'21

  Half of organisations breached via a third party in 12 months

  New report highlights the risks of outsourcing key business processes without paying due care and attention to your service provider’s security

• April 28, 2021 28 Apr'21

  Covid-19 security challenges leave bank customers at risk

  Challenges arising from the pandemic have left gaping holes in banking security, putting consumers at risk of fraud

• April 28, 2021 28 Apr'21

  Recruiters can’t afford to hold out for cyber ‘unicorns’

  The perfect security candidate is hard to find, so hiring policy needs to be more pragmatic

• April 28, 2021 28 Apr'21

  Office 365 compromise likely led to Merseyrail ransomware attack

  Compromise of Merseyrail employee data seems to have begun after a key email account was hacked

• April 28, 2021 28 Apr'21

  NHS app to serve as vaccine passport for foreign holidays

  Existing NHS app will have vaccine passport functionality added to it, transport secretary confirms

• April 22, 2021 22 Apr'21

  GCHQ: Cyber investment a guarantor of UK’s global status

  GCHQ director Jeremy Fleming sets out a vision for the UK’s cyber security future

• April 22, 2021 22 Apr'21

  Automation, zero-trust, API-based security priorities for EMEA CISOs

  Report by FireMon sheds light on buyer behaviour across the EMEA region

• April 21, 2021 21 Apr'21

  SonicWall Email Security zero-days need urgent patch

  Users of SonicWall Email Security are advised to patch immediately, but the supplier is being criticised for the pace of its response

• April 20, 2021 20 Apr'21

  Health app myGP adds Covid-19 vaccine passport function

  The new feature is described as the UK’s first NHS-assured Covid-19 certification feature

• April 20, 2021 20 Apr'21

  Codecov supply chain attack has echoes of SolarWinds

  Supply chain attack on code auditing service may have compromised the likes of HPE and IBM

• April 16, 2021 16 Apr'21

  Finnish government strengthens country’s IT network security

  Finland’s government has created a new national organisation to help public and private bodies improve network security

• April 15, 2021 15 Apr'21

  Biden sanctions Russia over SolarWinds cyber attacks

  US president imposes new sanctions on Russia following malicious cyber attacks against the US and allies

• April 15, 2021 15 Apr'21

  University of Hertfordshire is latest academic cyber attack victim

  Multiple systems are offline at the University of Hertfordshire following a cyber attack

• April 14, 2021 14 Apr'21

  NSA unearths more MS Exchange vulnerabilities

  Microsoft patches more critical vulnerabilities in Exchange Server a month after the ProxyLogon incident, after being warned by the US National Security Agency

• April 13, 2021 13 Apr'21

  Millions of devices at risk from NAME:WRECK DNS bugs

  Newly disclosed set of nine DNS vulnerabilities puts over 100 million consumer, enterprise and industrial IoT devices at risk

• April 08, 2021 08 Apr'21

  Nation-state cyber attacks double in three years

  Cyber attacks backed by nation states are becoming more frequent and varied, moving the world closer to a point of ‘advanced cyber-conflict’, according to a University of Surrey research project

• April 07, 2021 07 Apr'21

  Unpatched SAP applications are target-rich ground for hackers

  Report from SAP and cyber threat research company Onapsis warns that hackers are attacking mission-critical SAP business applications that contain unpatched vulnerabilities

• March 31, 2021 31 Mar'21

  NHS is apparently closing security skills gap

  By the end of 2020, there were more than twice as many in-house security professionals at NHS trusts as there were two years before

• March 31, 2021 31 Mar'21

  Cyber Security Council to champion UK security pros

  A new cyber security professional body has launched with the aim of developing and promoting UK cyber security excellence globally and growing the skills base

• March 30, 2021 30 Mar'21

  Ransomware attack on London schools highlights warnings

  Ransomware attack on Harris Federation comes just days after a fresh NCSC alert for the education sector

• March 30, 2021 30 Mar'21

  The Security Interviews: How to secure an F1 team in a pandemic

  A multi-year digital transformation programme paid off for F1 team Williams Racing when the 2020 season was abruptly postponed thanks to Covid-19. Learn how the team’s CIO has been supporting remote working and protecting data

• March 29, 2021 29 Mar'21

  Cyber attack takes Channel Nine off-air

  The Australian broadcaster was hit by an alleged ransomware attack that disrupted broadcasting operations in its Sydney studio

• March 26, 2021 26 Mar'21

  Retailer FatFace pays $2m ransom to Conti cyber criminals

  Retailer FatFace paid out a $2m ransom to restore its data following a January 2021 cyber attack by the Conti ransomware syndicate

• March 26, 2021 26 Mar'21

  Remote working burn-out a factor in security risk

  After a year of working from the kitchen table, stress and burn-out are increasing, giving rise to more security risks – and Millennials seem to be particularly affected

• March 25, 2021 25 Mar'21

  Cyber security complacency puts UK at risk, says NCSC head

  National Cyber Security Centre CEO Lindy Cameron, in her maiden speech in the role, warns of challenges ahead for the UK and sets out the future agenda for cyber

• March 24, 2021 24 Mar'21

  Apparent drop in cyber incidents highlights underlying problems

  UK organisations report fewer cyber security incidents, but the headline data masks more serious issues, according to a report

• March 24, 2021 24 Mar'21

  UK faces significant cyber talent shortfall

  Cyber security sector is struggling to attract the talented workforce it needs

• March 23, 2021 23 Mar'21

  NCSC beefs up support for education sector after spate of attacks

  Refreshed guidance from the NCSC recommends a defence-in-depth strategy as schools and universities face a renewed wave of cyber attacks

• March 22, 2021 22 Mar'21

  $50m ransomware demand on Acer is highest ever

  Record-breaking double-extortion cyber attack saw REvil gang exfiltrate financial data from Taiwan-based PC manufacturer

• March 17, 2021 17 Mar'21

  Average ransomware cost triples, says report

  The average amount paid out by ransomware victims has grown almost threefold to more than $300,000 per incident, according to a report

• March 17, 2021 17 Mar'21

  Digital Green Certificate proposed for travel in Europe

  Digital Green Certificates will supposedly help re-establish freedom of movement within the European Union

• March 17, 2021 17 Mar'21

  Cyber sector welcomes PM’s defence review

  Security commentators approve of measures to improve the UK’s cyber resilience, strengthen its R&D and skills base, lead on the development of new technology and promote a free, open, peaceful and secure global internet

• March 16, 2021 16 Mar'21

  Microsoft releases one-click ProxyLogon mitigation tool

  Microsoft’s mitigation tool is designed to help customers without dedicated security or IT teams navigate fixing their vulnerable Exchange servers

• March 12, 2021 12 Mar'21

  NCSC issues emergency alert on Microsoft Exchange patch

  UK’s national cyber agency calls on organisations affected by the ProxyLogon vulnerabilities to patch their Microsoft Exchange Servers immediately

• March 12, 2021 12 Mar'21

  Brewer Molson Coors targeted in cyber attack

  Cyber criminals have disrupted beer production at Molson Coors, one of the world’s largest brewers

• March 11, 2021 11 Mar'21

  After Emotet takedown, Trickbot roars up threat charts

  Malicious actors are turning to new tricks as Emotet fades away

• March 10, 2021 10 Mar'21

  Patch Tuesday overshadowed by Microsoft Exchange attacks

  Microsoft’s March Patch Tuesday update drops amid ongoing fall-out from widespread Exchange attacks

• March 04, 2021 04 Mar'21

  Okta picks up Auth0 for $6.5bn

  Multibillion-dollar acquisition a vote of confidence in future of identity and access management services

• March 04, 2021 04 Mar'21

  Microsoft Exchange CVEs more widely exploited than thought

  US CISA issues emergency guidance as impact of four newly disclosed Microsoft Exchange vulnerabilities becomes clearer

• March 04, 2021 04 Mar'21

  Qualys caught up in Accellion FTA breach

  Security services supplier confirms that some of its data was stolen via vulnerabilities in Accellion’s file transfer product

• March 04, 2021 04 Mar'21

  Veritas looks beyond NetBackup for growth in ASEAN

  Veritas has seen increased demand for its availability tools as it looks to address backup and recovery requirements from cloud, database and VMware workloads

• March 03, 2021 03 Mar'21

  Emergency patch addresses MS Exchange Server zero-days

  Microsoft releases an emergency patch to address multiple zero-day exploits directed at on-premise installations of Exchange Server

• March 02, 2021 02 Mar'21

  EU seeking pan-European Covid-19 passport solution

  The European Union’s proposal could see the creation of a Covid-19 vaccine passport to enable travel across the EU

• February 25, 2021 25 Feb'21

  NCSC Cyber Action Plan emphasises SME security

  NCSC self-assessment tool launched to help sole traders and micro-businesses tackle their cyber security challenges

• February 24, 2021 24 Feb'21

  Vaccine passports prove an ethical minefield

  Privacy campaigners warn that vaccine passports may turn out to be discriminatory and invasive, while technologists agree careful consideration must be given to their design

• February 24, 2021 24 Feb'21

  Babuk ransomware unsophisticated, but highly dangerous

  Intelligence gathered through McAfee’s Mvision service reveals more insight into the emerging Babuk ransomware

• February 23, 2021 23 Feb'21

  XDR makes cyber a Stroll in the park for Aston Martin F1

  Aston Martin Cognizant Formula One team will run SentinelOne’s Singularity XDR platform under the bonnet

• February 23, 2021 23 Feb'21

  CyberScotland offers centralised security resource hub

  Newly launched partnership brings together security resources for individuals and organisations across Scotland

• February 22, 2021 22 Feb'21

  Microphones, smartphones, laptops among items stolen from BBC

  A total of 105 devices have been stolen from the BBC in the past two years, some of which may have been spirited away by remote workers

• February 18, 2021 18 Feb'21

  2020 a record year for cyber, thanks to Covid

  The UK’s cyber industry now employs close to 50,000 people and contributes billions to the economy

• February 17, 2021 17 Feb'21

  Security pros agree: We need to take a break

  As many as 85% of security staff engage in leisure activities during working hours, but they have excellent reasons for doing so

• February 17, 2021 17 Feb'21

  Emotional intelligence, empathy increasingly valued in CISOs

  The pandemic has highlighted the value of soft skills, rather than technical ones, in security

• February 11, 2021 11 Feb'21

  Hacked Finnish therapy business collapses

  Vastaamo, the Finnish psychotherapy centre whose patients were blackmailed by a cyber criminal gang, has filed for bankruptcy

• February 11, 2021 11 Feb'21

  Low-complexity CVEs a growing concern

  Analysis of thousands of CVEs logged with NIST in 2020 reveals some unwelcome developments

• February 11, 2021 11 Feb'21

  Singtel falls prey to supply chain attack

  The Singapore telco reveals that its Accellion file sharing system was illegally hacked in a supply chain attack

• February 10, 2021 10 Feb'21

  HelloKitty almost certainly behind CD Projekt ransomware attack

  Theories that the cyber attack on a high-profile gaming studio was orchestrated by players who are disappointed in a videogame are likely wide of the mark, according to analysis

• February 10, 2021 10 Feb'21

  Windows 10, Server 2019 users must patch serious zero-day

  Another dangerous zero-day exploit is among 56 vulnerabilities patched by Microsoft in February’s Patch Tuesday update

• February 09, 2021 09 Feb'21

  Cyberpunk 2077 developer refuses to pay up after ransomware attack

  Polish video game developer CD Projekt has released details of a ransomware attack on its systems

• February 09, 2021 09 Feb'21

  ‘Batman Begins’ cyber attack is a warning to CNI providers

  A thwarted cyber attack in a Florida town that could have resulted in the poisoning of the water supply is a timely reminder of the vulnerability of critical services

• February 05, 2021 05 Feb'21

  Security firm Stormshield loses source code in cyber attack

  Source code from two products developed by French cyber security firm was compromised in a December 2020 incident

• February 04, 2021 04 Feb'21

  Woodland Trust hit by cyber attack in December

  Conservation charity is investigating what it describes as a ‘sophisticated’ cyber attack but has waited nearly two months to inform its members

• February 04, 2021 04 Feb'21

  SolarWinds chases multiple leads in breach investigation

  Investigators at SolarWinds are exploring multiple theories as to how the company’s systems were compromised

• February 03, 2021 03 Feb'21

  Crypto malware targets Kubernetes clusters, say researchers

  Newly identified Hildegaard malware targets Kubernetes clusters and seems to herald a new campaign from the TeamTNT gang

• February 03, 2021 03 Feb'21

  Foxtons rejects claims of slow reaction to data leak

  Investigators have unearthed 16,000 data records that seem to have been stolen in an attack on property firm Foxtons last year, but the organisation says it acted by the book in dealing with the incident

• February 03, 2021 03 Feb'21

  ‘Classic’ Cerber ransomware targets health sector in high volumes

  Cerber ransomware-as-a-service seems to have re-emerged as one of the most critical cyber threats facing healthcare organisations, reports VMware Carbon Black

• February 03, 2021 03 Feb'21

  SolarWinds patches two critical CVEs in Orion platform

  New vulnerabilities disclosed as SolarWinds reels from December 2020 Solorigate/Sunburst attack – but do not appear to have been exploited yet

• February 01, 2021 01 Feb'21

  Serco confirms Babuk ransomware attack

  Outsourcing firm was hit by the ransomware last week but insists most of its operations are running as normal

• February 01, 2021 01 Feb'21

  CISOs invisible to their organisations, says BT report

  Ignorance of cyber issues is leading to misplaced confidence in security in many organisations, as CISOs struggle to make themselves seen and heard

• February 01, 2021 01 Feb'21

  SBRC picks Check Point to support cyber helpline

  The Scottish Business Resilience Centre has enlisted Check Point as the first security supplier to join its incident response partnership programme

• January 29, 2021 29 Jan'21

  Manufacturing particularly at risk of Solorigate-linked breaches

  Every fifth victim of the SolarWinds Solorigate/Sunburst attack was a manufacturing organisation, say researchers

• January 28, 2021 28 Jan'21

  Apprenticeships may be a solution to cyber skills shortage, say insiders

  Cyber security professionals are open to new approaches to finding sorely needed talent, according to a poll

• January 28, 2021 28 Jan'21

  End of Emotet: A blow to cyber crime, but don’t drop your guard

  The takedown of Emotet is a huge event with repercussions that will reverberate across the cyber criminal world, but unfortunately that’s not to say there will be much of a long-term impact

• January 27, 2021 27 Jan'21

  Pandemic response has improved privacy posture, says Cisco

  Data privacy seems to be ‘coming of age’ to some extent and organisational responses to Covid-19 may be partly responsible, according to a report

• January 27, 2021 27 Jan'21

  Mimecast breach was work of SolarWinds attackers

  Mimecast’s investigation into a January 2021 breach of its systems turns up evidence that the culprit was the same group that targeted SolarWinds in December

• January 27, 2021 27 Jan'21

  Emotet botnet goes offline as cops seize servers

  The Emotet botnet has been disrupted and knocked offline after a major international effort by law enforcement

• January 26, 2021 26 Jan'21

  ICO extends commissioner Denham’s term of office

  Extension of Elizabeth Denham’s tenure as information commissioner will give the government more time to appoint her successor

• January 26, 2021 26 Jan'21

  Cyber fraud a national security issue, says Rusi report

  A report from the Rusi think tank calls for fresh approaches to how we think about fighting fraud

• January 22, 2021 22 Jan'21

  Sepa data leaks as agency resists ransom demands

  The Scottish Environment Protection Agency is resisting extortion demands from a ransomware gang, but has suffered a data leak in retaliation

• January 21, 2021 21 Jan'21

  Hackney Council tenders for cyber security upgrade

  Suppliers are being invited to tender for enhanced cyber security capabilities at ransomware victim Hackney Council

• January 21, 2021 21 Jan'21

  Two-thirds of CISOs say they’ll be cyber attack victims this year

  Security professionals are ever alert to the threats they face, but some still seem to think it is unlikely they will be attacked

• January 19, 2021 19 Jan'21

  Value of GDPR fines shows dramatic increase in 2020

  European regulators imposed almost €160m worth of fines during the past 12 months, a substantial rise

• January 18, 2021 18 Jan'21

  MoD reports 18% rise in data loss incidents

  The Ministry of Defence reported more than five hundred data security incidents in 2019-20, with seven serious enough to warrant disclosure to the ICO

• January 15, 2021 15 Jan'21

  US cyber security agencies get $9bn in Biden plan

  New funding proposals come as US government reels from the impact of the December 2020 SolarWinds attack

• January 15, 2021 15 Jan'21

  Coalition proposes secure standard model for Covid-19 passports

  Vaccination Credential Initiative is working to ensure that people vaccinated against Covid-19 can access their records in a secure, verifiable and privacy-preserving way

• January 14, 2021 14 Jan'21

  Old, on-premise systems targeted in Hackney ransomware attack

  Council reveals some more insight into how the Pysa ransomware gang infiltrated its systems by exploiting legacy technology

• January 13, 2021 13 Jan'21

  Critical zero-day features in first Patch Tuesday of 2021

  Microsoft releases fixes for 84 bugs on the first Patch Tuesday of 2021, including a critical zero-day vulnerability in Microsoft Defender

• January 12, 2021 12 Jan'21

  Mimecast latest security firm to be compromised

  Users of a specific Mimecast certificate used to authenticate services to Microsoft Office 365 may be at risk of compromise in an attack that may relate to the ongoing SolarWinds incident

• January 12, 2021 12 Jan'21

  Early stage UK security startups face funding crisis

  Overall cyber security funding since the advent of the pandemic is well up, but investment is dominated by safe, later-stage firms while those raising capital for the first time fall away

• January 11, 2021 11 Jan'21

  New SolarWinds CEO sets out rescue plan

  Customers can expect to see more regular and thorough checks on SolarWinds products, alongside greater engagement with the security community

• January 11, 2021 11 Jan'21

  Kaspersky claims link between Solorigate and Kazuar backdoors

  Researchers say they have found specific code similarities between the Solorigate/Sunburst malware and the Kazuar backdoor, suggesting some relationship

• January 07, 2021 07 Jan'21

  Biden picks cyber veteran to reinvigorate security response

  Appointment of career intelligence operative Anne Neuberger signals refreshed security approach for the US government under Joe Biden's administration

• January 07, 2021 07 Jan'21

  Hackney Council data leaked by Pysa ransomware gang

  Council data stolen in October is leaked online in a double extortion attack

• January 06, 2021 06 Jan'21

  SolarWinds attack almost certainly work of Russian spooks

  Investigations into the far-reaching SolarWinds Solorigate attack did not let up during the holidays

• December 24, 2020 24 Dec'20

  Top 10 cyber crime stories of 2020

  Here are Computer Weekly’s top 10 cyber crime stories of 2020

• December 23, 2020 23 Dec'20

  Top 10 cyber security stories of 2020

  Here are Computer Weekly’s 10 top cyber security stories of 2020

• December 17, 2020 17 Dec'20

  EU security strategy a ‘step up’ on cyber leadership, says Brussels

  The EU’s new cyber security strategy forms a key component of Shaping Europe’s Digital Future, the Recovery Plan for Europe, and the EU Security Union Strategy

• December 17, 2020 17 Dec'20

  NHS Scotland taps Check Point to secure Covid-19 data

  NHS National Services Scotland is working with security firm Check Point to safeguard its sensitive data in the cloud and support its work on the coronavirus