News

Business continuity planning

• January 29, 2025 29 Jan'25

  How government hackers are trying to exploit Google Gemini AI

  Google’s threat intel squad has shared information on how nation state threat actors are attempting to exploit its Gemini AI tool for nefarious ends

• January 29, 2025 29 Jan'25

  Vallance rejects latest charge to reform UK hacking laws

  Science minister Patrick Vallance rejects proposed amendments to the Computer Misuse Act, arguing that they could create a loophole for cyber criminals to exploit

• January 27, 2025 27 Jan'25

  Cyber incident that closed British Museum was inside job

  An IT incident that disrupted visitor access to the British Museum last week was the work of a disgruntled contractor who had been let go

• January 27, 2025 27 Jan'25

  Inside CyberArk’s security strategy

  CyberArk CIO Omer Grossman talks up the company’s security-first ethos, the importance of an assumed breach mentality and how the company is addressing threats from the growing use of AI

• January 24, 2025 24 Jan'25

  US indicts five in fake North Korean IT contractor scandal

  The US authorities have accused five men, including two American citizens, of involvement in a scheme which saw companies duped into hiring fake North Korean IT contractors

• January 22, 2025 22 Jan'25

  Privacy professionals expect budget cuts, lack confidence

  Over 50% of privacy professionals in Europe expect to see less money earmarked for data security initiatives in 2025, and many don’t have faith their organisations are taking the issue seriously, according to an ISACA report

• January 17, 2025 17 Jan'25

  US Supreme Court upholds TikTok ban

  The US Supreme Court has upheld a legal ban on TikTok, meaning that the video-sharing application will be shut down from midnight on Sunday 19 January

• January 16, 2025 16 Jan'25

  Biden signs new cyber order days before Trump inauguration

  With days left in the White House, outgoing US president Joe Biden has signed a wide-ranging cyber security executive order with far-reaching implications

• January 16, 2025 16 Jan'25

  Almost half of UK banks set to miss DORA deadline

  A significant minority of financial services organisations in the UK will not be fully compliant with the EU’s DORA cyber and risk management regulation when it comes into force on 17 January

• January 15, 2025 15 Jan'25

  Users protest, flee TikTok as clock ticks on US ban

  As the US Supreme Court prepares to rule on the future of TikTok, rumours of a sale are swirling around Washington DC while panicked users make plans for an exodus

• January 15, 2025 15 Jan'25

  Biggest Patch Tuesday in years sees Microsoft address 159 vulnerabilities

  The largest Patch Tuesday of the 2020s so far brings fixes for more than 150 CVEs ranging widely in their scope and severity – including eight zero-day flaws

• January 13, 2025 13 Jan'25

  UK government plans to extend ransomware payment ban

  A ban on ransomware payments by UK government departments will be extended to cover organisations such as local councils, schools and the NHS should new government proposals move forward

• January 13, 2025 13 Jan'25

  CNI operators should ask these 12 questions of their OT suppliers

  The NCSC, CISA and others have set out 12 cyber security considerations CNI organisations and other users of operational technology should incorporate into their buying processes to force their suppliers to do better

• December 19, 2024 19 Dec'24

  Latest attempt to override UK’s outdated hacking law stalls

  Amendments to the Data Bill that would have given the UK cyber industry a boost by updating restrictive elements of the Computer Misuse Act have failed to progress beyond a Lords committee

• December 18, 2024 18 Dec'24

  The Security Interviews: Martin Lee, Cisco Talos

  Threat intel expert and author Martin Lee, EMEA technical lead for security research at Cisco Talos, joins Computer Weekly to mark the 35th anniversary of the first ever ransomware attack

• December 18, 2024 18 Dec'24

  Top 10 cyber security stories of 2024

  Data breaches, data privacy and protection, and the thorny issue of open source security were all hot topics this year. Meanwhile, security companies frequently found themselves hitting the headlines, and not always for good reasons. Here are ...

• December 18, 2024 18 Dec'24

  Top 10 cyber crime stories of 2024

  From ransomware targeting the NHS to nation-state-backed intrusions, 2024 was another big year for cyber criminals and cyber spooks alike, but they didn't have it all their own way as the good guys fought back

• December 16, 2024 16 Dec'24

  The Security Interviews: Stephen McDermid, Okta

  Okta regional chief security officer for EMEA sits down with Dan Raywood to talk about how Okta is pivoting to a secure-by-design champion

• December 13, 2024 13 Dec'24

  Computer Misuse Act reform gains traction in Parliament

  An amendment to the proposed Data (Access and Use) Bill that will right a 35-year-old wrong and protect security professionals from criminalisation is to be debated at Westminster

• December 12, 2024 12 Dec'24

  Emerging Ymir ransomware heralds more coordinated threats in 2025

  A newly observed ransomware strain has the community talking about more collaboration, and blurred lines, between threat groups next year, according to NCC’s monthly cyber barometer

• December 10, 2024 10 Dec'24

  Dangerous CLFS and LDAP flaws stand out on Patch Tuesday

  Microsoft has fixed over 70 CVEs in its final Patch Tuesday update of the year, and defenders should prioritise a zero-day in the Common Log File System Driver, and another impactful flaw in the Lightweight Directory Access Protocol

• December 06, 2024 06 Dec'24

  TfL cyber attack cost over £30m to date

  TfL provides more detail on the financial impact of the September 2024 cyber attack that crippled several of its online systems

• December 04, 2024 04 Dec'24

  Shared digital gateway was source of three NHS ransomware attacks

  Alder Hey children’s hospital confirms ransomware operators accessed its systems through a shared digital gateway, but is standing firm in the face of the gang’s demands

• December 04, 2024 04 Dec'24

  Nordics move to deepen cyber security cooperation

  Nordic countries are increasing collaboration on cyber security amid more sophisticated and aggressive attacks

• December 02, 2024 02 Dec'24

  NCSC boss calls for ‘sustained vigilance’ in an aggressive world

  NCSC CEO Richard Horne is to echo wider warnings about the growing number and severity of cyber threats facing the UK as he launches the security body’s eighth annual report

• November 26, 2024 26 Nov'24

  Sellafield operator opens dedicated cyber centre

  The UK’s Nuclear Decommissioning Authority has opened a cyber security centre spanning its activities across the nuclear sector

• November 25, 2024 25 Nov'24

  Microsoft calls on Trump to ‘push harder’ on cyber threats

  Microsoft’s Brad Smith urges president-elect Donald Trump to keep the faith when it comes to fighting back against hostile cyber actors from China, Iran and Russia

• November 21, 2024 21 Nov'24

  BianLian cyber gang drops encryption-based ransomware

  The Australian and American cyber authorities have published updated intelligence on the BianLian ransomware gang, which has undergone a rapid evolution in tactics

• November 20, 2024 20 Nov'24

  Apple addresses two iPhone, Mac zero-days

  Two zero-day vulnerabilities uncovered in Apple’s operating systems could have allowed for arbitrary code execution and cross-site scripting attacks

• November 18, 2024 18 Nov'24

  AWS widening scope of MFA programme after early success

  AWS reports strong take-up of multi-factor authentication among customers since making it compulsory for root users earlier this year, and plans to expand the scope of its IAM programme in spring 2025

• November 12, 2024 12 Nov'24

  Microsoft fixes 89 CVEs on penultimate Patch Tuesday of 2024

  High-profile vulns in NTLM, Windows Task Scheduler, Active Directory Certificate Services and Microsoft Exchange Server should be prioritised from November’s Patch Tuesday update

• November 12, 2024 12 Nov'24

  Zero-day exploits increasingly sought out by attackers

  Threat actors increasingly favour zero-day exploits to attack their victims before patches become available, according to the NCSC and CISA, which have just published a list of the most widely used vulnerabilities of 2023

• November 07, 2024 07 Nov'24

  Google Cloud MFA enforcement meets with approval

  Latest Google Cloud policy to enforce multifactor authentication across its user base is welcomed by security professionals

• November 07, 2024 07 Nov'24

  AI a force multiplier for the bad guys, say cyber pros

  CIISec’s annual report on the security profession finds evidence of growing concern that artificial intelligence will ultimately prove more useful to threat actors than defenders

• November 01, 2024 01 Nov'24

  CISA looks to global collaboration as fraught US election begins

  The US' CISA cyber agency has unveiled a two-year International Strategic Plan to advance collaboration and improve resilience against shared risks and threats

• October 29, 2024 29 Oct'24

  EMEA businesses siphoning budgets to hit NIS2 goals

  With NIS2 now in effect, European business leaders are having to divert budget from elsewhere to achieve compliance

• October 28, 2024 28 Oct'24

  UK launches cyber guidance package for tech startups

  The NCSC and NPSA, alongside agencies from the Five Eyes alliance, have issued guidance for startups on how to secure themselves against common cyber threats and targeted industrial espionage

• October 25, 2024 25 Oct'24

  Dutch critical infrastructure at risk despite high leadership confidence

  Stark paradox in Dutch cyber security landscape has business leaders expressing high confidence in their IT infrastructure as cyber attacks rise

• October 22, 2024 22 Oct'24

  Danish government reboots cyber security council amid AI expansion

  Denmark’s government relaunches digital security initiative to protect business sectors and society at large

• October 15, 2024 15 Oct'24

  NCSC expands school cyber service to academies and private schools

  The National Cyber Security Centre is expanding its PDNS for Schools service to encompass a wider variety of institutions up and down the UK

• October 10, 2024 10 Oct'24

  NCSC issues fresh alert over wave of Cozy Bear activity

  The NCSC, FBI and NSA publish updated warning about Cozy Bear’s activities, highlighting a range of vulnerabilities the threat actor is using to set up its cyber attacks

• October 10, 2024 10 Oct'24

  Government launches cyber standard for local authorities

  Local government bodies are being invited to take advantage of a new NCSC-derived Cyber Assessment Framework to help enhance their resilience and ward off cyber attacks

• October 10, 2024 10 Oct'24

  How Recorded Future finds ransomware victims before they get hit

  Threat intel specialists at Recorded Future have shared details of newly developed techniques they are using to disrupt Rhysida ransomware attacks before the gang even has a chance to execute them

• October 10, 2024 10 Oct'24

  Australia bolsters cyber defences with security bill

  Legislation tackles IoT security and establishes a Cyber Incident Review Board to bolster Australia’s cyber resilience

• October 09, 2024 09 Oct'24

  Five zero-days to be fixed on October Patch Tuesday

  Stand-out vulnerabilities in Microsoft’s latest Patch Tuesday drop include problems in Microsoft Management Console and the Windows MSHTML Platform

• October 09, 2024 09 Oct'24

  UK Cyber Team seeks future security professionals

  Young people from across the UK have a chance to represent the country in international competitions and advance their future careers in cyber security

• October 08, 2024 08 Oct'24

  Secureworks: Ransomware takedowns didn’t put off cyber criminals

  The number of active cyber criminal ransomware gangs has surged by almost a third in the space of 12 months, according to the latest intelligence from Secureworks

• October 08, 2024 08 Oct'24

  UK’s cyber incident reporting law to move forward in 2025

  The UK government says that enforced cyber incident and ransomware reporting for critical sectors of the economy will help to build a better picture of the threat landscape and enable more proactive and preventative responses

• October 07, 2024 07 Oct'24

  IBM: Data breach cost in ASEAN hits new high

  The average cost of a data breach in ASEAN grew by 7% from last year, as organisations grapple with increasingly distributed IT environments and complex security systems

• October 04, 2024 04 Oct'24

  NCSC celebrates eight years as Horne blows in

  Outgoing NCSC interim leader Felicity Oswald shares her thoughts on the body’s work over the past eight years as she hands over the reins to incoming CEO Richard Horne