News

Business continuity planning

• October 09, 2024 09 Oct'24

  Five zero-days to be fixed on October Patch Tuesday

  Stand-out vulnerabilities in Microsoft’s latest Patch Tuesday drop include problems in Microsoft Management Console and the Windows MSHTML Platform

• October 09, 2024 09 Oct'24

  UK Cyber Team seeks future security professionals

  Young people from across the UK have a chance to represent the country in international competitions and advance their future careers in cyber security

• October 08, 2024 08 Oct'24

  Secureworks: Ransomware takedowns didn’t put off cyber criminals

  The number of active cyber criminal ransomware gangs has surged by almost a third in the space of 12 months, according to the latest intelligence from Secureworks

• October 08, 2024 08 Oct'24

  UK’s cyber incident reporting law to move forward in 2025

  The UK government says that enforced cyber incident and ransomware reporting for critical sectors of the economy will help to build a better picture of the threat landscape and enable more proactive and preventative responses

• October 07, 2024 07 Oct'24

  IBM: Data breach cost in ASEAN hits new high

  The average cost of a data breach in ASEAN grew by 7% from last year, as organisations grapple with increasingly distributed IT environments and complex security systems

• October 04, 2024 04 Oct'24

  NCSC celebrates eight years as Horne blows in

  Outgoing NCSC interim leader Felicity Oswald shares her thoughts on the body’s work over the past eight years as she hands over the reins to incoming CEO Richard Horne

• October 03, 2024 03 Oct'24

  SOC teams falling out of love with threat detection tools

  Security operations centre practitioners are fed up of being flooded with pointless alerts and many no longer have much confidence in their threat detection tools, according to a report

• October 02, 2024 02 Oct'24

  Cyber UK’s quickest growing tech field, but skills gap remains

  More people than ever are joining the cyber security profession in the UK, according to a report, but there is still a serious shortage even with a doubling in numbers

• October 01, 2024 01 Oct'24

  Unmasked: The Evil Corp cyber gangster who worked for LockBit

  The NCA has named and shamed a prominent member of the Evil Corp cyber crime collective who also worked as an affiliate of the LockBit ransomware gang as the UK unveils new sanctions against 16 Russian cyber criminals

• October 01, 2024 01 Oct'24

  Post Office ditches MoneyGram after cyber attack

  The Post Office offered a short extension to enable it to asses the impact of the MoneyGram cyber incident, but the contract has now expired and MoneyGram services are no longer available in Post Office branches

• October 01, 2024 01 Oct'24

  Cyber teams say they can’t keep up with attack volumes

  Over 60% of European security pros say their teams are understaffed, and over 50% don’t have enough budget, according to data from ISACA

• September 25, 2024 25 Sep'24

  CrowdStrike apologises to US government for global mega-outage

  CrowdStrike executive Adam Meyers appears before a US government committee to explain the series of errors that led directly to one of the biggest IT outages in history

• September 24, 2024 24 Sep'24

  Unique malware sample volumes seen surging

  BlackBerry’s latest ‘Global threat intelligence’ report details a surge in unique malware samples as threat actors ramp up the pace of targeted attacks

• September 23, 2024 23 Sep'24

  Microsoft shares progress on Secure Future Initiative

  Microsoft has published a progress report on its Secure Future Initiative, launched last year in the wake of multiple security incidents, and made a series of commitments to improve its internal cyber culture

• September 17, 2024 17 Sep'24

  First CyberBoost Catalyse startup cohort named

  The first group of companies named to a cyber incubator programme run by Plexal and the National University of Singapore includes two growing UK businesses

• September 16, 2024 16 Sep'24

  Crest secures FCDO funding to help overseas countries increase their cyber-readiness

  Non-profit Crest is launching an initiative to help overseas, private-sector firms get better prepared for cyber threats

• September 13, 2024 13 Sep'24

  Cyber workforce must almost double to meet global talent need

  Research from ISC2 finds global cyber workforce needs additional 4.8 million people to fully secure businesses

• September 10, 2024 10 Sep'24

  JFrog and GitHub unveil open source security integrations

  Secure software specialist JFrog is working with code development service GitHub to integrate the onboard capabilities of its Software Supply Chain Platform service into GitHub’s platform

• September 06, 2024 06 Sep'24

  Longstanding Darktrace CEO Poppy Gustafsson to step down

  Darktrace CEO Poppy Gustafsson is to leave the AI cyber company she helped build with Mike Lynch after more than a decade, following its acquisition by a private equity firm

• September 05, 2024 05 Sep'24

  NCSC and allies call out Russia's Unit 29155 over cyber warfare

  The NCSC and counterpart agencies from the US and other countries have exposed a long-running campaign of Russian cyber espionage and warfare conducted by GRU Unit 29155

• September 05, 2024 05 Sep'24

  Fog ransomware crew evolving into wide-ranging threat

  The emergent Fog ransomware gang appears to be changing up its victimology in search of more cash-rich victims

• September 03, 2024 03 Sep'24

  Transport for London hit by cyber attack

  London’s transport network provider TfL experiences cyber security incident, but reassures customers there is no impact on services

• August 30, 2024 30 Aug'24

  Norwegian Refugee Council leverages Okta for Good cyber scheme

  Pietro Galli, CIO of the Norwegian Refugee Council, reveals how the globally distributed NGO has been taking advantage of the Okta for Good CSR programme to improve its own cyber security and data protection practice, and elevate good practice in ...

• August 28, 2024 28 Aug'24

  Global cyber spend to rise 15% in 2025, pushed along by AI

  Security spending will increase at pace in 2025, with artificial intelligence, cloud and consultancy services all pushing outlay to new highs, according to Gartner

• August 28, 2024 28 Aug'24

  Cambridge Enterprise saves big with Keepit SaaS backup

  University innovation body avoids hardware spend and saves management time as it switches from tape to cloud-to-cloud backup, instant recovery and decades-long retention from Keepit

• August 22, 2024 22 Aug'24

  New Qilin tactics a ‘bonus multiplier’ for ransomware chaos

  Sophos X-Ops caught the Qilin ransomware gang stealing credentials stored by victims' employees in Google Chrome, heralding further cyber attacks and breaches down the line.

• August 20, 2024 20 Aug'24

  ICO launches privacy notice tool for SMEs

  ICO tool designed to make it easier for small businesses and sole traders operating online to create bespoke data privacy notices for compliance purposes

• August 14, 2024 14 Aug'24

  Leeds Teaching Hospitals deploys patient records and data sharing on Azure

  In-house patient records system has been migrated to the Microsoft public cloud, opening up the potential for greater data sharing

• August 13, 2024 13 Aug'24

  NIST debuts three quantum-safe encryption algorithms

  NIST has launched the first three quantum-resistant encryption algorithms, and as the threat of quantum-enabled cyber attacks grows greater, organisations are encouraged to adopt them as soon as they can

• August 08, 2024 08 Aug'24

  Royal ransomware crew puts on a BlackSuit in rebrand

  The Royal ransomware gang is back, with a new name and refreshed capabilities, including an apparently unique ‘partial encryption’ gambit, according to CISA

• August 08, 2024 08 Aug'24

  US lawmakers seek to brand ransomware gangs as terrorists

  Proposals from legislators in Washington DC could shake up the global ransomware ecosystem and give law enforcement sweeping new powers

• August 07, 2024 07 Aug'24

  Microsoft and CrowdStrike hit back at Delta’s legal threats

  Microsoft and CrowdStrike have rejected claims by Delta Air Lines that it was left high and dry amid thousands of flight cancellations during July’s software outage, accusing the airline of ignoring their offers of help and running out-of-date IT ...

• August 06, 2024 06 Aug'24

  2024 seeing more CVEs than ever before, but few are weaponised

  The number of disclosed CVEs soared by 30% in the first seven-and-a-half months of the year, but a tiny fraction of these have been exploited by threat actors, a reminder of the importance of focused security strategies

• August 05, 2024 05 Aug'24

  World’s largest companies at near-universal risk of supply chain breach

  Data from SecurityScorecard once again focuses on the interconnected nature of business supply chains and the risk posed to operational resilience by unexpected IT problems and cyber threats

• August 01, 2024 01 Aug'24

  CrowdStrike shareholders sue, alleging false security claims

  A US pension fund is lining up a lawsuit against CrowdStrike, claiming the cyber company lied about the integrity of its systems, leading to failings that caused a worldwide IT outage

• July 31, 2024 31 Jul'24

  Campaigners call for evidence to reform UK cyber laws

  The CyberUp Campaign for reform of the 1990 Computer Misuse Act launches an industry survey inviting cyber experts to share their views on how the outdated law hinders legitimate work

• July 31, 2024 31 Jul'24

  Breach costs soar as record ransomware payment made

  IBM publishes data on the spiralling costs of cyber attacks and data breaches, while researchers identify what appears to be the largest ransomware payment ever made

• July 30, 2024 30 Jul'24

  Core British Library services to return for new academic year

  The British Library’s recovery from a devastating ransomware attack that laid waste to its IT systems continues - with hopes that some of its most popular services will be running again in September

• July 29, 2024 29 Jul'24

  Scam CrowdStrike domains growing in volume

  Hundreds of malicious domains exploiting CrowdStrike’s branding are appearing all over the web in the wake of the 19 July outage. Experts from Akamai share some noteworthy examples, along with guidance on how to avoid getting caught out

• July 29, 2024 29 Jul'24

  CrowdStrike says most Falcon sensors now up and running

  The vast majority of CrowdStrike Falcon sensors affected by a coding error have now been recovered, with a final resolution expected this week

• July 25, 2024 25 Jul'24

  North Korean cyber APT targeting nuclear secrets

  Mandiant has upgraded the North Korean threat actor known as Andariel to APT status and warned of coordinated efforts to steal western military IP, including nuclear secrets

• July 25, 2024 25 Jul'24

  Fortune 500 stands to lose $5bn plus from CrowdStrike incident

  The largest global organisations hit by the CrowdStrike-Microsoft incident on 19 July will likely be out of pocket to the tune of billions of dollars

• July 24, 2024 24 Jul'24

  CrowdStrike blames outage on content configuration update

  CrowdStrike publishes the preliminary findings of what will be a lengthy investigation into the root causes of the failed 19 July update that caused Windows computers to crash all over the world

• July 24, 2024 24 Jul'24

  Mimecast to buy insider threat specialist Code42

  Mimecast is to buy fellow human-centred risk experts Code42 for an undisclosed sum to take advantage of its insider threat and data loss protection specialisms

• July 23, 2024 23 Jul'24

  Innovations to power secure-by-design development

  Secure Code Warrior unveils technology designed to help CISOs and AppSec teams ensure their projects remain safe and free of coding errors and vulnerabilities – a big issue following the CrowdStrike incident

• July 22, 2024 22 Jul'24

  NCSC: Beware of criminal CrowdStrike opportunists

  Financially motivated cyber criminals are already conducting opportunistic attacks on organisations that leverage the CrowdStrike incident, and more targeted attacks are sure to follow

• July 22, 2024 22 Jul'24

  CrowdStrike chaos shows risks of concentrated ‘big IT’

  The concentration of so much mission-critical technology in the hands of a few large suppliers makes incidents like the Microsoft-CrowdStrike outage all the more dangerous

• July 21, 2024 21 Jul'24

  CrowdStrike update snafu affected 8.5 million Windows devices

  About 8.5 million devices globally were hit by the botched CrowdStrike update, with a significant number now back online and operational

• July 17, 2024 17 Jul'24

  UK Cyber Bill teases mandatory ransomware reporting

  In the Cyber Security and Resilience Bill introduced in the King's Speech, the UK's new government pledges to give regulators more teeth to ensure compliance with security best practice and to mandate incident reporting

• July 16, 2024 16 Jul'24

  Strategic Defence Review must emphasise cyber security, says industry

  Cyber security leaders say the new government's Strategic Defence Review needs to put digital security front and centre