News

Business continuity planning

• September 20, 2022 20 Sep'22

  Thousands of customers affected in Revolut data breach

  Digital challenger bank has warned its customers to be vigilant after their data was exposed in a cyber attack

• September 16, 2022 16 Sep'22

  Six new vulnerabilities added to CISA catalogue

  CISA adds six new vulnerabilities to its most-wanted list, including one that dates back to 2010

• September 15, 2022 15 Sep'22

  Nominations closing soon for annual cyber awards

  Nominations for the annual Security Serious Unsung Heroes Awards closes 16 September

• September 15, 2022 15 Sep'22

  New player pioneers ‘active cyber insurance’ for UK market

  Arrival of US-based insurer Coalition in London will supposedly offer SMEs more options when it comes to cyber security insurance

• September 15, 2022 15 Sep'22

  Organisations failing to account for digital trust

  The vast majority of businesses are well aware of the importance of digital trust, yet very few have a dedicated staff role responsible for it, report finds

• September 14, 2022 14 Sep'22

  FormBook knocks Emotet off top of malware chart

  FormBook emerged as the most widely seen malware in August, according to Check Point’s latest data

• September 14, 2022 14 Sep'22

  Ex-CISA head Krebs: Disrupt ransomware support networks to win the war

  Speaking at an event hosted by data protection specialist Rubrik, former CISA director Chris Krebs calls for the security community to work collectively to kick out the supports from under ransomware gangs

• September 13, 2022 13 Sep'22

  Cloud compromise a doddle for threat actors as victims attest

  Two separate studies into the state of public cloud security reveal insight into the ease with which threat actors can compromise vast numbers of targets, and some of the challenges security teams are facing in the cloud

• September 12, 2022 12 Sep'22

  Mandiant floats off into Google Cloud

  As planned, the acquisition of Mandiant will see the threat intel and incident response giant become a part of Google’s Cloud business

• September 12, 2022 12 Sep'22

  CISOs should spend on critical apps, cloud, zero-trust, in 2023

  Faced with a global recession next year, security buyers should try to direct investment towards technology that protects customer-facing and revenue-generating workloads, say analysts

• September 08, 2022 08 Sep'22

  NCSC CyberUK event heads to Belfast in 2023

  National Cyber Security Centre’s annual CyberUK roadshow is crossing the Irish Sea to Belfast in April 2023

• September 08, 2022 08 Sep'22

  Dutch cyber security organisations to join forces

  Cyber security organisations in the Netherlands are going to merge into a single central expertise centre and information hub, which all organisations in the country will soon be able to tap into

• September 07, 2022 07 Sep'22

  Prince’s Trust teams with threat management specialist in skills push

  Prince’s Trust hopes to address shortfall in cyber professionals and improve diversity in the industry

• September 07, 2022 07 Sep'22

  Cyber threats to Europe’s grid: Utilities rethink strategy

  The separation of operational and information technology at utilities across Europe is opening doors for cyber criminals

• September 06, 2022 06 Sep'22

  Saudi Arabian organisations choose to outsource to improve cyber security posture

  Overwhelmed by rising threats and a growing number of government mandates, many organisations in Saudi Arabia are looking for outside help to take care of cyber security

• September 01, 2022 01 Sep'22

  Local authorities experience 10,000 attempted cyber attacks every day

  Local authorities across the UK face a daily deluge of cyber incidents, with phishing and DDoS attacks the most prevalent, according to an insurance broker

• August 31, 2022 31 Aug'22

  NHS staff fall further behind amid ransomware attack

  While some NHS bodies are now recovering their services after the ransomware attack on a crucial software supplier, others are still being forced to rely on pen and paper, and some will be waiting months to recover

• August 30, 2022 30 Aug'22

  UK government presses on with new cyber rules for telcos

  Government has finalised new security rules for telecoms companies and will move to make them binding in the near future

• August 23, 2022 23 Aug'22

  NCSC shares cyber guidance for large infrastructure builds

  Balfour Beatty and McAlpine are among the large construction firms to have input into latest NCSC guidance for ensuring the security of major infrastructure projects

• August 22, 2022 22 Aug'22

  Lloyd’s to end insurance coverage for state cyber attacks

  Lloyd’s of London has instructed its members to exclude nation state cyber attacks from insurance policies beginning in 2023, saying they pose unacceptable levels of risk

• August 18, 2022 18 Aug'22

  It takes a breach to force boards to take notice of cyber, says UK government

  Too often, it takes a major incident for business leadership to pay attention to cyber issues, according to a government-commissioned study of victims

• August 16, 2022 16 Aug'22

  South Staffs Water is victim of botched Clop attack

  South Staffordshire Water moves to reassure customers that their supplies remain safe after its attackers screw up their initial assault

• August 16, 2022 16 Aug'22

  Why organisations need to harmonise their CIO and CISO roles

  Unless properly managed, conflicting responsibilities between the chief information officer and the chief information security officer can cause project delays and budget overruns, says Netskope’s Mike Anderson

• August 12, 2022 12 Aug'22

  Microsoft doles out $13.7m in bug bounties

  Microsoft’s Bug Bounty programme has paid a total of $13.7m to more than 300 researchers in almost 50 countries

• August 12, 2022 12 Aug'22

  How critical infrastructure operators can secure OT data

  Cohesity’s CISO discusses the challenges of securing data in operational technology systems and what can be done to mitigate security threats

• August 11, 2022 11 Aug'22

  NHS may take a month to recover from supply chain attack

  Ransomware attack victim Advanced warns its NHS customers they could be waiting until early September to fully recover their operations

• August 10, 2022 10 Aug'22

  Microsoft fixes two-year-old MSDT vulnerability in August update

  August’s Patch Tuesday drop fixes more than 120 CVEs, including another MSDT RCE zero-day that is being actively exploited.

• August 10, 2022 10 Aug'22

  ‘Coopetition’ a growing trend among ransomware gangs

  Sophos shares data from its new X-Ops unit at Black Hat in Las Vegas, revealing a growing number of ransomware victims being attacked by multiple gangs at the same time

• August 09, 2022 09 Aug'22

  Cyber insurance getting harder to obtain

  Organisations looking to shore up their security postures face more and more barriers to obtaining cyber insurance

• August 08, 2022 08 Aug'22

  NHS recovering key services after attack on supplier

  Incident at software provider Advanced took out multiple NHS services before the weekend, including the 111 advice service

• August 05, 2022 05 Aug'22

  Reliance on PSN may have exacerbated cyber attack impact

  As it seeks a new supplier to reinvigorate the migration away from the Public Services Network, the Cabinet Office says relying on the legacy network may be putting public sector bodies at heightened risk in cyber attacks

• August 04, 2022 04 Aug'22

  SBRC to administer NCSC training across Scotland

  The Scottish Business Resilience Centre has been awarded a £500,000 contract to extend cyber resilience training across more than 250 at-risk organisations

• August 03, 2022 03 Aug'22

  DrayTek patches SOHO router bug that left thousands exposed

  Network hardware supplier has fixed an unauthenticated RCE vulnerability in multiple routers in its Vigor line, after being alerted by Trellix researchers

• July 28, 2022 28 Jul'22

  H0lyGh0st ransomware gang faces challenges, but still a threat

  Digital Shadows reports on the recently identified H0lyGh0st ransomware outfit, a new threat actor operating out of North Korea that faces some clear challenges, but is nevertheless still a live threat

• July 28, 2022 28 Jul'22

  NCSC startups scheme turns focus to operational technology, SME security

  NCSC for Startups initiative turns its focus to supporting innovation around securing operational technology and addressing the challenges facing small businesses

• July 27, 2022 27 Jul'22

  Consumers left out of pocket as security costs soar

  As the average cost of a security incident reaches an all-time high of nearly $4.5m, an IBM Security study reveals how these costs are being passed on to ordinary people

• July 27, 2022 27 Jul'22

  Cyber security training ‘boring’ and largely ignored

  Two-thirds of employees don’t bother to pay attention to cyber security training – and the fault does not lie with them

• July 26, 2022 26 Jul'22

  No More Ransom initiative helps 1.5 million people in six years

  One and a half million people have now taken advantage of free ransomware decryption tools offered by a joint European project

• July 25, 2022 25 Jul'22

  NCSC seeks community input for Cyber Advisor service

  The NCSC is proposing to establish a new Cyber Advisor service to train up experts in security guidance, and is inviting interested parties to come forward

• July 25, 2022 25 Jul'22

  The Security Interviews: Why you need to protect abandoned digital assets

  The war in Ukraine and subsequent boycott of Russia resulted in a swathe of digital infrastructure being abandoned, becoming a potential vulnerability for many organisations, says Cyberpion’s Ran Nahmias

• July 21, 2022 21 Jul'22

  Russia-linked APTs targeted fleeing Ukrainian civilians

  Mandiant and the US authorities have shared details of a phishing campaign that spoofed humanitarian information on evacuation procedures to target Ukrainians fleeing Russian bombardment

• July 20, 2022 20 Jul'22

  (ISC)² expands entry-level cyber programme after UK success

  Flush with success from a UK certification programme, reaching 100k in the UK, (ISC)² now wants to provide free security certification to a million people worldwide

• July 15, 2022 15 Jul'22

  Log4Shell on its way to becoming ‘endemic’

  US government report concludes that, like Covid, Log4Shell will be with us for a long time to come

• July 14, 2022 14 Jul'22

  Videogame maker Bandai Namco confirms cyber attack

  Bandai Namco, developer of videogames including Pac-Man, Tekken and Dark Souls, has broken days of silence to confirm it has been hit by a cyber attack

• July 13, 2022 13 Jul'22

  July Patch Tuesday brings more than 80 fixes, one zero-day

  While some admins can put their feet up and let Windows Autopatch do the hard work of updating their Microsoft estates, for the rest of us, the Patch Tuesday bandwagon keeps on keeping on

• July 12, 2022 12 Jul'22

  Microsoft Windows Autopatch now generally available

  Microsoft customers with Windows Enterprise E3 and E5 licences can now take full advantage of its new automated patching service

• July 11, 2022 11 Jul'22

  SMEs lagging on multifactor authentication

  Only 46% of small business owners say they have implemented multifactor authentication, and just 13% mandate its use, according to a report

• July 08, 2022 08 Jul'22

  Stop telling clients to pay ransomware gangs, solicitors told

  The NCSC and the ICO are calling on solicitors to help tackle the rising number of ransomware payments being made, and to stop giving erroneous advice to victims

• July 07, 2022 07 Jul'22

  Latest Marriott data breach not as serious as others

  Questions are again being raised over Marriott’s cyber security practices following yet another incident, but fortunately it seems limited in its scope, and the company is responding appropriately

• July 06, 2022 06 Jul'22

  Plexal seeks new scaleups for next phase of Cyber Runway

  Established security startups looking to grow and scale their operations are being invited to join the next phase of Plexal’s Cyber Runway programme