News

Business continuity planning

July 05, 2022 05 Jul'22
Prepare for long-term cyber threat from Ukraine war, says NCSC

The NCSC has published refreshed guidance on cyber preparedness as the war on Ukraine continues, urging organisations to pay attention to the state of their security teams
July 05, 2022 05 Jul'22
NCSC CEO: Why we should run towards crises to elevate cyber security

National Cyber Security Centre CEO Lindy Cameron, the 2022 Computer Weekly UKtech50 Most Influential Person in UK IT, reflects on a career immersed in crisis management, and how she is using this to elevate cyber security standards across the country
June 30, 2022 30 Jun'22
ICO to cut back on fines for public sector data breaches

Information commissioner John Edwards sets out a revised approach to how the ICO handles data breaches in the public sector, saying fining victims risks punishing the public twice over
June 28, 2022 28 Jun'22
Russia-aligned hacktivists behind Lithuania DDoS attack

Killnet hacktivist collective targeted Lithuania with distributed denial of service attacks after its government angered the Kremlin

June 27, 2022 27 Jun'22
Brexit a net negative for UK cyber, say CISOs

Six years on from the UK’s Brexit vote, the majority of security professionals say leaving the EU has raised concerns over their ability to keep their organisations safe
June 24, 2022 24 Jun'22
Black Basta ransomware crew aiming for ‘big leagues’

Emergent Black Basta ransomware gang has hit more than 50 countries since bursting onto the scene earlier this year, says Cybereason
June 23, 2022 23 Jun'22
Ukraine cyber agency enlists Radware to protect government networks

Ukraine’s State Service of Special Communications and Information Protection is using Radware cloud DDoS protection and web application firewall services to protect the government from persistent Russian attacks
June 21, 2022 21 Jun'22
Government won’t regulate on professional cyber standards

The government has elected not to proceed with regulatory intervention to embed standards and pathways across the cyber profession
June 21, 2022 21 Jun'22
CNI leaders’ attitude to ransomware lackadaisical at best

A survey of security decision-makers in sectors regarded as critical national infrastructure reveals a disappointing attitude to ransomware threats
June 20, 2022 20 Jun'22
Complex Russian cyber threat requires we go back to basics

The situation in Russia is anything but simple, but it is the fundamentals of cyber security hygiene that pose the best defence against the country’s digital threat, as Mandiant’s Jamie Collier explains

June 15, 2022 15 Jun'22
Patch Tuesday dogged by concerns over Microsoft vulnerability response

The last Patch Tuesday in its current form is overshadowed by persistent concerns about how Microsoft deals with vulnerability disclosure
June 13, 2022 13 Jun'22
UK, US prepare to launch PET project

A transatlantic prize challenge to accelerate development of privacy-enhancing technologies is set to begin
June 13, 2022 13 Jun'22
Government recommits to UK’s cyber future in Digital Strategy

New strategy leans heavily on cyber security but stops short of announcing any initiatives that have not already been launched or heavily trailed
June 13, 2022 13 Jun'22
Qatar bolsters cyber security in preparation for World Cup

With hackers honing their cyber weapons to target the upcoming football World Cup, Qatar is busy developing countermeasures and raising awareness
June 09, 2022 09 Jun'22
SolarWinds CEO offers to commit staffers to government cyber agencies

A new proposal from SolarWinds’ outspoken CEO, Sudhakar Ramakrishna, could see software companies commit key staff to work with government cyber agencies to improve cooperation and incident response
June 09, 2022 09 Jun'22
Cyber researchers step in to fill Patch Tuesday’s shoes

Afraid you’ll miss Patch Tuesday when it’s gone? You’re not alone, but security analysts at Recorded Future are taking action to help the community come to terms with its loss
June 08, 2022 08 Jun'22
ProxyLogon, ProxyShell may have driven increase in dwell times

The median network intruder dwell time was up 36% to 15 days last year, thanks to massive exploitation of the ProxyLogon and ProxyShell vulnerabilities by IABs, according to new Sophos data
May 26, 2022 26 May'22
Consultation launched on datacentre, cloud security

The government is seeking views on how to boost the security and resilience of the UK’s datacentres and online cloud platforms
May 26, 2022 26 May'22
Most CFOs being left out of ransomware conversations

Barely a tenth of CFOs are actively involved in planning for cyber attacks, according to a report
May 24, 2022 24 May'22
Ransomware volumes grew faster than ever in 2021

Verizon’s annual DBIR assessment of the security landscape highlights an unprecedented boom in ransomware volumes, to the surprise of nobody
May 23, 2022 23 May'22
Did the Conti ransomware crew orchestrate its own demise?

Analysts examining the shutdown of the Conti ransomware syndicate suggest the cyber crime collective orchestrated its own demise
May 20, 2022 20 May'22
Applying international law to cyber will be a tall order

Many in the security community have voiced their support for the UK government’s ambitions to work towards agreement with other countries on the application of international law to cyber space, but not without some reservations
May 20, 2022 20 May'22
Microsoft drops emergency patch after Patch Tuesday screw up

Microsoft fixed a certificate mapping issue that caused server authentication failures on domain controllers for users that had installed the most recent Patch Tuesday updates
May 19, 2022 19 May'22
Nature of cyber war evolving in real time, says Microsoft president

The past three months have seen the rapid evolution of the very nature warfare to incorporate cyber attacks, Microsoft’s Brad Smith tells the audience at its Envision conference in London
May 19, 2022 19 May'22
Red teaming will be standard in Dutch governmental organisations by 2025

The Dutch government wants to include the testing of the digital security of systems, processes and people – also known as red teaming – in all of its governmental organisations’ test planning and budgeting by 2025 at the latest
May 17, 2022 17 May'22
(ISC)² to train 100,000 cyber pros in UK

Security association (ISC)² unveils ambitious UK training programme
May 11, 2022 11 May'22
CyberUK 22: Five Eyes focuses on MSP security

The western intelligence community has set out practical steps IT service providers and their customers can take to protect themselves
May 11, 2022 11 May'22
Analysts confirm return of REvil ransomware gang

Secureworks CTU analysis has found that the REvil ransomware is undergoing active development, possibly heralding a new campaign of cyber attacks
May 11, 2022 11 May'22
Microsoft fixes three zero-days on May Patch Tuesday

It’s the second-to-last Patch Tuesday as we know it, and Microsoft has fixed a total of 75 bugs, including three zero-days
May 10, 2022 10 May'22
CyberUK 22: NCSC refreshes cloud security guidance

The National Cyber Security Centre is revising its cloud guidance as increasing uptake of potentially vulnerable cloud services puts more organisations at risk of compromise
April 28, 2022 28 Apr'22
Ransomware recovery costs dwarf actual ransoms

The cost of recovering from a ransomware attack far outweighs the ransoms now being demanded by cyber criminals, according to recent data
April 28, 2022 28 Apr'22
Manufacturer sues JPMorgan after cyber criminals stole $272m

Manufacturer files lawsuit alleging that US bank failed to inform it of suspicious transaction activity
April 28, 2022 28 Apr'22
Russia plumbs new depths in cyber war on Ukraine

Microsoft details cyber attacks on Ukrainian civilian communications, nuclear safety authorities, and the exploitation of the destruction of Mariupol in a phishing campaign
April 27, 2022 27 Apr'22
Log4Shell, ProxyLogon, ProxyShell among most exploited bugs of 2021

These 15 CVEs were the most commonly exploited last year, and if you haven’t mitigated against them, now is the time
April 27, 2022 27 Apr'22
Ransomware victims paying out when they don’t need to

Sophos’s annual State of Ransomware report shows dramatic increases in the impact of ransomware attacks, but also finds many organisations are paying ransoms when they don’t need to
April 25, 2022 25 Apr'22
Sophos soaks up SOC.OS

Sophos says acquisition of BAE spinout SOC.OS will enhance its managed threat and extended detection and response services
April 22, 2022 22 Apr'22
What’s up with Conti and REvil, and should we be worrying?

New intelligence on some of the world’s most prolific ransomware gangs suggests recent disruption to their activities was like water off a duck’s back
April 22, 2022 22 Apr'22
UAE bolsters cyber security

The United Arab Emirates has successfully improved its security posture amid mounting cyber threats
April 21, 2022 21 Apr'22
Five Eyes in new Russia cyber warning

Latest cross-body alert warns of Russian threat to utilities and other core elements of national infrastructure
April 21, 2022 21 Apr'22
Impact of Lapsus$ attack on Okta less than feared

Okta’s investigation into Lapsus$ breach of its systems via a Sitel workstation has concluded that the impact was significantly less than the maximum potential
April 14, 2022 14 Apr'22
Lack of expertise hurting UK government’s cyber preparedness

UK government bodies and critical infrastructure owners cite a lack of staff resources, and internal and external expertise, as hampering factors when it comes to cyber readiness, according to a report
April 11, 2022 11 Apr'22
Border IT system fixed after 10-day outage

Post-Brexit border IT system failure fixed after going down at the start of April, allowing traders to once again file customs documents electronically rather than by hand
April 07, 2022 07 Apr'22
US shuts down Russia’s Cyclops Blink botnet operation

Operation by US authorities has taken the Russia-attributed Cyclops Blink botnet ‘off the board’
March 30, 2022 30 Mar'22
One-third of UK firms suffer a cyber attack every week

New statistics from the annual DCMS Cyber security breaches survey reveal the extent and frequency with which UK organisations are being attacked by malicious actors
March 29, 2022 29 Mar'22
NCSC: Not necessarily wise to ditch Kaspersky

UK’s National Cyber Security Centre issues refreshed guidance on organisations’ usage of technology and services of Russian origin, but stops short of advising users to expunge all Russian products from their IT estates
March 29, 2022 29 Mar'22
Wave of Log4j-linked attacks targeting VMware Horizon

Sophos issues a new warning to organisations that have so far failed to patch their VMware Horizon servers against Log4Shell
March 25, 2022 25 Mar'22
London police arrest seven in connection to Lapsus$

Seven people arrested by London police over cyber attacks carried out by Lapsus$ group, which is responsible for a number of recent, high profile attacks
March 24, 2022 24 Mar'22
Ransomware demands and payments increase with use of leak sites

Ransomware demands and payments continue to climb as gangs increasingly turn to Dark Web leak sites to add pressure on victims
March 18, 2022 18 Mar'22
Ukrainian cyber defences prove resilient

Thanks to a combination of prior experience and global support, Ukraine’s defences against cyber incidents are holding strong in the face of Russian attacks
March 17, 2022 17 Mar'22
Kaspersky CEO: Ukraine war must end through diplomacy

Eugene Kaspersky speaks out on the war in Ukraine, and rebuffs Germany’s BSI, branding its warnings over his company’s trustworthiness as insulting