News

Business continuity planning

• September 23, 2021 23 Sep'21

  Fresh alert over Conti ransomware surge

  Conti ransomware crew appears increasingly active, prompting fresh warnings from the US authorities

• September 23, 2021 23 Sep'21

  Threat actors target VMware vCenter Server users

  Users of VMware vCenter Server are advised to patch a series of vulnerabilities post haste

• September 16, 2021 16 Sep'21

  Dutch education administrators underestimate threat of cyber crime

  Research shows educational establishments in the Netherlands are becoming favoured targets of cyber criminals and administrators are underestimating the risks

• September 15, 2021 15 Sep'21

  Microsoft patches 66 vulnerabilities in September update

  Another lighter-than-usual Patch Tuesday update includes important fixes for recently disclosed vulnerabilities, including a dangerous zero-day, and an update in the PrintNightmare saga

• September 14, 2021 14 Sep'21

  Cost of ransomware attack in financial sector exceeds $2m

  Mid-sized financial services organisations worldwide spend an average of over $2m recovering from ransomware attacks

• September 09, 2021 09 Sep'21

  UK GDPR faces changes under planned reforms

  DCMS is launching a major consultation on proposed changes to the UK’s data protection regime, under which several key elements of the GDPR are likely to change

• September 08, 2021 08 Sep'21

  Covid positive for security market, but still a source of stress

  CIISec’s latest “State of the profession report” highlights both positives and challenges for cyber pros arising from the past two years

• September 03, 2021 03 Sep'21

  Mandiant, Sophos detail dangerous ProxyShell attacks

  Threat researchers and incident responders continue to track threat activity around the dangerous ProxyShell Microsoft Exchange vulnerabilities, including impactful ransomware hits

• September 02, 2021 02 Sep'21

  Finance firms faced up to £760,000 costs per DNS attack during pandemic

  Financial services firms have been the focus of attacks by cyber criminals during the Covid-19 crisis

• September 01, 2021 01 Sep'21

  Remote workers routinely bypassed security tools during pandemic

  New data from Palo Alto Networks reveals that over 25% of UK security leaders saw their employees circumventing or switching off security measures at the height of the pandemic

• August 27, 2021 27 Aug'21

  Are proposed data protection changes a threat to UK citizens’ privacy?

  Though changes are as-yet undefined pending an upcoming consultation, concerns are already being expressed over the government’s plan to liberalise data protection laws in the service of innovation and growth

• August 26, 2021 26 Aug'21

  Tech giants commit to Biden's cyber security action plan

  Some of the world’s most prominent tech giants have made a series of commitments to enhance the US’ national cyber security posture following a high-profile meeting with president Biden

• August 26, 2021 26 Aug'21

  NZ privacy lead John Edwards named new information commissioner

  DCMS has named John Edwards, currently New Zealand privacy commissioner, to succeed Elizabeth Denham as UK information commissioner

• August 19, 2021 19 Aug'21

  Pub apps harvesting swathes of customer data unnecessarily

  Some pub and restaurant chain apps demand data such as gender and marital status, raising eyebrows among privacy campaigners

• August 13, 2021 13 Aug'21

  Cyber Runway programme supports new security businesses

  The Cyber Runway programme is a government-backed scheme to support entrepreneurs, startups and scaleups in launching and growing new security businesses

• August 11, 2021 11 Aug'21

  The Netherlands still lacks digital resilience, says report

  Report by National Coordinator for Counterterrorism and Security says the Netherlands’ digital resilience has improved, but is still insufficient

• August 10, 2021 10 Aug'21

  Dutch lead the way in protecting themselves against internet risks

  Dutch citizens come top in a study on awareness of internet risks in Europe, which showed major differences across the continent

• July 28, 2021 28 Jul'21

  COP26 cyber resource hub launched for Glasgow businesses

  New digital information hub for Glasgow business to help organisations keep secure both physically and online ahead of major climate change summit

• July 25, 2021 25 Jul'21

  Tokyo 2020 hit by data breach

  The user names and passwords of Tokyo 2020 ticket holders and event volunteers were reportedly compromised, but government official claims the data leak was not large

• July 23, 2021 23 Jul'21

  Kaseya obtains universal ransomware decryptor

  Kaseya says it obtained a ransomware decryptor key from a trusted third party, but there is no word on whether a ransom was paid

• July 22, 2021 22 Jul'21

  Beeinfotech PH opens telco-neutral datacentre in the Philippines

  Datacentre startup is touting carrier neutrality, bespoke services and cyber security capabilities to meet the growing demand for co-location services in the Philippines

• July 14, 2021 14 Jul'21

  REvil ransomware crew drops offline, reasons murky

  The REvil ransomware operation appears to have gone dark, but claims about its demise are almost certainly exaggerated

• July 13, 2021 13 Jul'21

  Secureworks sets up in EU datacentre for XDR services

  New datacentre location helps Secureworks’ customers meet EU data residency requirements

• July 13, 2021 13 Jul'21

  UK Cyber Security Council calls for new push on training

  Too many companies have cut back on security training and development during the pandemic, says UK Cyber Security Council

• July 12, 2021 12 Jul'21

  NSW department of education hit by cyber attack

  Australia’s New South Wales department of education takes some systems offline as a precautionary measure in response to a cyber attack last Thursday

• July 11, 2021 11 Jul'21

  Ransomware and botnets among top cyber threats in Singapore

  The city-state saw more ransomware threats and command-and-control servers hosted out of its highly connected network infrastructure last year, as threat actors capitalised on the pandemic

• July 08, 2021 08 Jul'21

  Kaseya apologises for extended downtime after ransom attack

  CEO of Kaseya apologises after pushing back the restoration of the firm’s VSA service following a REvil ransomware attack

• July 07, 2021 07 Jul'21

  How the UK Cyber Security Council plans to professionalise security

  As chair of the new UK Cyber Security Council, Claudia Natanson is in a superb position to develop professional standards in IT security and she intends to fundamentally reimagine what a security job actually is

• July 07, 2021 07 Jul'21

  Opportunists seen targeting Kaseya REvil victims

  Malwarebytes researchers highlight new spam campaign targeting businesses impacted by the ongoing Kaseya REvil ransomware incident

• July 06, 2021 06 Jul'21

  About 60 Kaseya customers hit by REvil

  Kaseya has revised upward the number of managed service providers compromised by the REvil ransomware gang in a supply chain attack at the weekend

• July 06, 2021 06 Jul'21

  Cyber insurance costs up by a third

  The frequency and severity of ransomware attacks is a leading factor behind a substantial increase in the cost of obtaining cyber security insurance

• July 05, 2021 05 Jul'21

  REvil crew wants $70m in Kaseya ransomware heist

  Two days after one of the largest ransomware attacks in history by the REvil/Sodinokibi gang, the security community is assessing its next moves, while over 1,000 victims remain in limbo

• July 02, 2021 02 Jul'21

  Should I be worried about PrintNightmare?

  The accidental publication of proof of concept code for a Windows vulnerability, and the reclassification of said bug from low to critical severity, has the cyber community concerned. Is it right to be?

• July 01, 2021 01 Jul'21

  NCSC joins US authorities to expose Russian brute force campaign

  A joint attribution by the British and American authorities accuses Russia’s GRU intelligence services of conducting a campaign of brute force attacks on enterprise and cloud environments

• July 01, 2021 01 Jul'21

  US Cybersecurity and Infrastructure Security Agency launches ransomware assessment tool

  Newly launched service will help US organisations understand how prepared they are to deal with a ransomware attack

• July 01, 2021 01 Jul'21

  Nominations open for 2021 Security Serious Unsung Heroes Awards

  Nominations are now open for this year’s edition of the Unsung Heroes Awards for cyber professionals and educators

• June 29, 2021 29 Jun'21

  New Nobelium attacks a reminder to attend to cyber basics

  A new campaign from the same threat group that broke into SolarWinds serves as a reminder that cyber crime gangs will try to exploit any avenue they can, even if technically unsophisticated

• June 29, 2021 29 Jun'21

  UK Cyber Security Council launches inaugural initiatives

  Security association seeks to determine terms of reference for committees to oversee standards and ethics, and qualifications and careers in the cyber sector

• June 28, 2021 28 Jun'21

  Insurers unprepared for challenges of underwriting ransomware

  RUSI think tank calls for an industry-wide reset amid intense challenges for providers of cyber security insurance

• June 25, 2021 25 Jun'21

  NCSC CEO: UK-Ireland collaboration crucial to stop cyber threats

  Speaking at a conference in Dublin, NCSC Lindy Cameron is highlighting the importance of continued collaboration between the UK and Ireland to protect shared interests and counter security threats

• June 24, 2021 24 Jun'21

  Google hands third-party cookies a stay of execution

  Google’s proposed Privacy Sandbox initiative – which will see third-party cookies phased out in the Chrome web browser – has been pushed back to 2023

• June 24, 2021 24 Jun'21

  (ISC)² makes ransomware education course free through 31 July

  Cyber security association is making its Professional Development Institute course on ransomware free to the general public until the end of July

• June 24, 2021 24 Jun'21

  Make ransomware payments illegal, say 79% of cyber pros

  Report produced for MSSP Talion claims overwhelming support for the criminalisation of ransomware payments

• June 23, 2021 23 Jun'21

  European Union to set up new cyber response unit

  Proposed Joint Cyber Unit will tackle a rising number of serious incidents impacting public services, businesses and citizens of the EU

• June 23, 2021 23 Jun'21

  Time to patch increases significantly during pandemic

  New data from US-based endpoint management specialist Automox reveals some of the challenges security teams face in keeping up with endpoint security

• June 23, 2021 23 Jun'21

  UK councils reported over 700 data breaches to ICO in 2020

  Data disclosed under the Freedom of Information Act reveals an estimated 700 data breaches were reported to the Information Commissioner’s Office by local councils last year

• June 22, 2021 22 Jun'21

  UK SMEs lack capacity to fend off cyber attacks

  Three-quarters of UK SME leaders would not have sufficient capacity or expertise to deal with a cyber attack, according to a report

• June 18, 2021 18 Jun'21

  Lorca Ignite programme targets breakout cyber talent

  Six of the most successful companies to have come through Lorca’s existing accelerators are being inducted into an intensive programme

• June 17, 2021 17 Jun'21

  UnitingCare Queensland restores IT systems after cyber attack

  Australian healthcare service provider has restored key corporate systems and integrations between applications following a cyber attack earlier this year

• June 17, 2021 17 Jun'21

  Biden tackles Putin on ransomware at Geneva summit

  Discussions between Joe Biden and Vladimir Putin on cyber crime appear to have been somewhat positive, but the path ahead remains unclear

• June 16, 2021 16 Jun'21

  Organisations cannot rely on cyber insurance to cover losses

  Ransomware attacks have become a big driver of cyber insurance claims, but insurance must not be relied upon as a failsafe, says a report

• June 15, 2021 15 Jun'21

  NHS Test and Trace picks Risk Ledger to secure supply chain

  Risk Ledger’s technology promises ‘unparalleled’ visibility into NHS Test and Trace’s supply chain

• June 15, 2021 15 Jun'21

  Privacy pro salaries rise throughout pandemic, but at a cost

  Data from the IAPP’s latest salary survey reveals some insight into how the pandemic impacted the privacy profession

• June 15, 2021 15 Jun'21

  Ransomware most insidious cyber threat facing UK

  NCSC CEO urges organisations to do more to prepare for ransomware attacks

• June 15, 2021 15 Jun'21

  The Security Interviews: How to build a government model to ‘hack for good’

  Kyle Hanslovan started Huntress to give back after a career in the intelligence sector. After US authorities took action to help people hit by the Microsoft Exchange attacks, we discussed how governments can ‘hack for good’

• June 11, 2021 11 Jun'21

  UK promises tougher line on cyber crime

  Speaking ahead of the G7 Summit, foreign secretary Dominic Raab says the UK is ready to take on cyber criminals and other malicious actors wherever they may be

• June 10, 2021 10 Jun'21

  Risk data shows UK energy sector most vulnerable to cyber attack

  New report compiled by insurance firm Hiscox reveals the state of cyber preparedness in the UK and beyond

• June 09, 2021 09 Jun'21

  Unit 42 warns of emergent Prometheus ransomware

  Palo Alto’s Unit 42 shares intel on the emergent Prometheus ransomware gang, with apparent links to the Thanos crew

• June 09, 2021 09 Jun'21

  Microsoft fixes seven zero-days on its Patch Tuesday rounds

  Fixes for six actively-exploited – and one yet-to-be-exploited – zero-day bugs are released in the June 2021 Patch Tuesday update

• June 04, 2021 04 Jun'21

  Government action on ransomware epidemic gathers pace

  The US government steps up action against ransomware operators, while the UK’s NCSC publishes guidance on preparing to deal with a ransomware attack

• June 03, 2021 03 Jun'21

  Norway’s auditor general lifts lid on energy industry’s cyber security risks

  Auditor General’s Office questions the security posture of Norway’s energy industry

• June 03, 2021 03 Jun'21

  Pandemic a ‘once-in-a-lifetime’ chance to reshape security

  The volume of remote working has made it hard to paint an accurate picture of the true state of enterprise cyber security, but it presents an opportunity to change things up

• June 02, 2021 02 Jun'21

  Scottish businesses missing out on Cyber Essentials benefits

  More than a third of Scottish businesses do not believe they are adequately prepared to deal with a cyber security incident

• May 27, 2021 27 May'21

  Security ops teams struggle to switch off at home

  Spiralling stress levels among SOC and IT security teams can be attributed mainly to alert overload, says Trend Micro

• May 26, 2021 26 May'21

  More data stolen in January 2021 than in all of 2017, says report

  The volume of data being stolen through breaches is growing steadily and shows no sign of slowing, according to a report from Imperva

• May 25, 2021 25 May'21

  Industry reflects on three years of GDPR

  Looking back on 12 tumultuous months, we assess how GDPR has weathered the effects of the Covid-19 pandemic and Brexit, and consider what the coming year may hold for data protection

• May 24, 2021 24 May'21

  Dutch researchers build security software to mimic human immune system

  Software could help IT systems develop immunity to some cyber attacks in a similar way to how the body fights infection

• May 20, 2021 20 May'21

  Pandemic tech use heightens consumer privacy fears

  Report on consumer attitudes to privacy finds evidence of a “heightened sense of fear” as digital footprints expand inexorably

• May 17, 2021 17 May'21

  Conti ransomware syndicate behind attack on Irish health service

  More details continue to emerge of the significant ransomware attack on Ireland’s HSE

• May 17, 2021 17 May'21

  Government seeks input on supply chain security

  Amid concerns that too few companies are addressing vulnerabilities in their supply chain, DCMS is opening a consultation on new measures to enhance security

• May 14, 2021 14 May'21

  Irish health service hit by major ransomware attack

  IT systems in hospitals across Ireland have been switched off following a significant ransomware attack

• May 13, 2021 13 May'21

  Biden beefs up public-private security cooperation

  Joe Biden has signed a new Executive Order to harden US cyber security and government networks, with an emphasis on information sharing

• May 13, 2021 13 May'21

  CISOs weathered the pandemic well, but at personal cost

  Over 80% of CISOs think their existing security capabilities stayed strong during the worst of the Covid-19 pandemic, but now face stress and burnout on an unheard-of scale

• May 13, 2021 13 May'21

  Verizon DBIR underscores year of unprecedented cyber challenge

  Verizon 2021 Data Breach Investigations Report draws predictable conclusions as the impact of the Covid-19 pandemic continues to be felt

• May 12, 2021 12 May'21

  Inside DarkSide: Researchers share intel on break-out cyber gang

  Security researchers swap information on the newly famous DarkSide ransomware gang, the group that doesn’t appear to understand what ‘being a criminal’ actually means

• May 12, 2021 12 May'21

  CyberUK 2021: NCSC encourages startups to invest in cyber

  National Cyber Security Centre is launching bespoke cyber security guidance aimed at the UK’s valuable startup community

• May 12, 2021 12 May'21

  UK to fund national cyber teams in Global South

  Government will commit millions of pounds to supporting vulnerable countries in establishing cyber capacity

• May 11, 2021 11 May'21

  UK Plc invited to sign up for Early Warning of cyber incidents

  The launch of the Early Warning incident notification service is among the enhancements being made by the NCSC to its service packages

• May 11, 2021 11 May'21

  Collaboration key to success of UK’s Cyber Security Council

  The founders of the UK’s Cyber Security Council have been setting out their plans to professionalise the cyber sector at the NCSC’s CyberUK 2021 event

• May 11, 2021 11 May'21

  NCSC cyber guidance targets cloud and home working

  The NCSC’s refreshed cyber security guidance for larger organisations places particular emphasis on cloud, home working and ransomware

• May 11, 2021 11 May'21

  SolarWinds CEO calls for collective action against state attacks

  SolarWinds CEO tells NCSC’s CyberUK conference he is exploring the possibility of collaborating with other companies on collective cyber action against attacks backed by nation states

• May 11, 2021 11 May'21

  Colonial Pipeline ransomware attack has grave consequences

  The ramifications of a major ransomware attack against a US fuel pipeline operator could spread far and wide

• May 10, 2021 10 May'21

  NCSC Active Cyber Defence blocks surge of pandemic scams

  The NCSC responded to a surge in online scams last year as it moved to protect both the general public and critical national services during the pandemic

• May 07, 2021 07 May'21

  NCSC publishes smart city security guidelines

  Guidance for local authorities, IT and cyber professionals aims to ensure the security of connected, smart city projects

• May 07, 2021 07 May'21

  Reddit enlists HackerOne to run public bug bounty programme

  Online community platform is opening up its HackerOne bug bounty programme to any ethical hacker who cares to have a look under the bonnet

• May 05, 2021 05 May'21

  Dysfunctional cyber, network teams disrupt digital transformation

  Despite shared goals, combative and dysfunctional relationships within specialist tech teams are putting digital transformation projects at risk, according to a report

• May 04, 2021 04 May'21

  Half of organisations breached via a third party in 12 months

  New report highlights the risks of outsourcing key business processes without paying due care and attention to your service provider’s security

• April 28, 2021 28 Apr'21

  Covid-19 security challenges leave bank customers at risk

  Challenges arising from the pandemic have left gaping holes in banking security, putting consumers at risk of fraud

• April 28, 2021 28 Apr'21

  Recruiters can’t afford to hold out for cyber ‘unicorns’

  The perfect security candidate is hard to find, so hiring policy needs to be more pragmatic

• April 28, 2021 28 Apr'21

  Office 365 compromise likely led to Merseyrail ransomware attack

  Compromise of Merseyrail employee data seems to have begun after a key email account was hacked

• April 28, 2021 28 Apr'21

  NHS App to serve as vaccine passport for foreign holidays

  Existing NHS App will have vaccine passport functionality added to it, transport secretary confirms

• April 22, 2021 22 Apr'21

  GCHQ: Cyber investment a guarantor of UK’s global status

  GCHQ director Jeremy Fleming sets out a vision for the UK’s cyber security future

• April 22, 2021 22 Apr'21

  Automation, zero-trust, API-based security priorities for EMEA CISOs

  Report by FireMon sheds light on buyer behaviour across the EMEA region

• April 21, 2021 21 Apr'21

  SonicWall Email Security zero-days need urgent patch

  Users of SonicWall Email Security are advised to patch immediately, but the supplier is being criticised for the pace of its response

• April 20, 2021 20 Apr'21

  Health app myGP adds Covid-19 vaccine passport function

  The new feature is described as the UK’s first NHS-assured Covid-19 certification feature

• April 20, 2021 20 Apr'21

  Codecov supply chain attack has echoes of SolarWinds

  Supply chain attack on code auditing service may have compromised the likes of HPE and IBM

• April 16, 2021 16 Apr'21

  Finnish government strengthens country’s IT network security

  Finland’s government has created a new national organisation to help public and private bodies improve network security

• April 15, 2021 15 Apr'21

  Biden sanctions Russia over SolarWinds cyber attacks

  US president imposes new sanctions on Russia following malicious cyber attacks against the US and allies

• April 15, 2021 15 Apr'21

  University of Hertfordshire is latest academic cyber attack victim

  Multiple systems are offline at the University of Hertfordshire following a cyber attack

• April 14, 2021 14 Apr'21

  NSA unearths more MS Exchange vulnerabilities

  Microsoft patches more critical vulnerabilities in Exchange Server a month after the ProxyLogon incident, after being warned by the US National Security Agency