News

Business continuity planning

March 05, 2024 05 Mar'24
Meta outage disrupts social media globally

Meta services, including Facebook, Instagram and Threads, have been downed in a brief service outage
March 05, 2024 05 Mar'24
Banning ransomware payments back on the agenda

The idea of banning ransomware payments to cyber criminals is back on the agenda, with former NCSC chief Ciaran Martin arguing that tougher measures need to be taken
February 28, 2024 28 Feb'24
75% of third-party breaches target software, IT supply chains

Data drawn from SecurityScorecard’s telemetry reveals how supply chain breaches are becoming a weapon of choice for threat actors
February 28, 2024 28 Feb'24
Users love their cyber teams, but find them frustrating

Despite strong support for security teams, a good number of ordinary workers see them as obstructive to business goals, and would like to see them operate more transparently

February 27, 2024 27 Feb'24
Majority of UK employees ‘willingly gamble’ with security

Human-centric threats originating from employees continue to damage organisations both financially and reputationally, according to a report
February 27, 2024 27 Feb'24
Hycu uses AI to develop APIs for SaaS application backup

SaaS applications don’t usually come with built-in data protection, but Hycu plans to tackle that gap in the market with AI to generate the connectors needed to backup user data
February 27, 2024 27 Feb'24
Cozy Bear and other APTs changing tack as cloud adoption increases

A change in APT tactics has been observed resulting from greater adoption of cloud-based services, according to the NCSC
February 26, 2024 26 Feb'24
LockBit bids to save face after NCA takedown

The LockBit gang’s ringleader resurfaces with new infrastructure and new victims, claiming to have shrugged off a multinational police sting
February 26, 2024 26 Feb'24
Storage and backup spend in 2024 targets risk and resilience

The TechTarget and ESG spending intentions survey finds big bias towards averting risk and building organisational resilience, but on-premise storage a significant planned outlay
February 23, 2024 23 Feb'24
ConnectWise users see cyber attacks surge, including ransomware

ConnectWise ScreenConnect users who have yet to patch against a critical vulnerability are now being targeted by a barrage of cyber attacks, including ransomware

February 21, 2024 21 Feb'24
CVE volumes set to increase 25% this year

The number of reported Common Vulnerabilities and Exposures is likely to grow significantly in 2024, hitting a new high of almost 35,000, according to Coalition, a cyber insurance specialist
February 15, 2024 15 Feb'24
Security-by-design push prompts new ISC2 accreditations

Security-by-design has become a hot-button regulatory issue. ISC2 has decided now is the time to upskill cyber pros around these vital software and hardware development principles
February 14, 2024 14 Feb'24
Microsoft patches two zero-days for Valentine’s Day

Two security feature bypasses impacting Microsoft SmartScreen are on the February Patch Tuesday docket, among more than 70 issues
February 13, 2024 13 Feb'24
Hunter-killer malware volumes seen surging

Latest Picus Security report on malware tactics, techniques and procedures reveals an increasing focus on disabling security defences
February 09, 2024 09 Feb'24
MoD ethical hacking programme expands after initial success

The Ministry of Defence has expanded the scope of its defensive security partnership with HackerOne
February 06, 2024 06 Feb'24
UK’s McPartland Cyber Review to probe trust in technology

The UK government has launched a cyber security review that will investigate how best to give businesses the confidence they need to use new technologies
February 06, 2024 06 Feb'24
Inquiry to explore cyber risk to Sunak-Starmer showdown

The UK’s Joint Committee on National Security Strategy is opening an inquiry into securing the democratic process ahead of the next general election
January 24, 2024 24 Jan'24
Critical vulnerability exposes Fortra GoAnywhere users

Fortra GoAnywhere MFT users must take steps to address a newly disclosed zero-day vulnerability without delay
January 24, 2024 24 Jan'24
AI will heighten global ransomware threat, says NCSC

The benefits of artificial intelligence to cyber criminals being well-known, the NCSC now assesses it’s likely AI will soon be widely used to enhance ransomware attacks
January 24, 2024 24 Jan'24
Salesforce’s bug bounty programme paid out $3m in 2023

Ethical hackers disclosed more than 4,000 vulnerabilities to Salesforce last year through its bug bounty programme, and received over $3m in rewards
January 23, 2024 23 Jan'24
Treat cyber risk like financial or legal issue, says UK government

UK government and NCSC launch proposed code of practice on cyber security governance to help directors and business leaders toughen their defences
January 23, 2024 23 Jan'24
Leak of 26 billion records may prove to be ‘mother of all breaches’

The discovery of a dataset comprising 26 billion stolen records may prove to be record-breaking in both its size and the danger it poses to ordinary people
January 19, 2024 19 Jan'24
Neighbouring Kent councils hit by simultaneous cyber attacks

Canterbury, Dover and Thanet Councils in Kent have all been struck by simultaneous cyber attacks knocking systems offline, with indications of a link between all three
January 18, 2024 18 Jan'24
Cyber non-profit enlists ex-NCSC head as technical chair

Founding NCSC chief exec Ciaran Martin is to join the newly launched Cyber Monitoring Centre non-profit as chair of its technical committee
January 17, 2024 17 Jan'24
NCSC invites security pros to join the big leagues

The NCSC is inviting security pros from across the UK to sign up to work with its experts on an intelligence-sharing initiative
January 15, 2024 15 Jan'24
British Library catalogues back online after ransomware attack

The British Library has restored online access to its main catalogue of nearly 40 million items on a limited basis as it continues the long and arduous process of recovering from a ransomware attack
January 15, 2024 15 Jan'24
Cosmetics retailer Lush dealing with mystery cyber incident

Cosmetics retailer Lush confirms it’s investigating a cyber attack of an undisclosed nature, but key public-facing systems appear to be unaffected
January 10, 2024 10 Jan'24
Windows Kerberos, Hyper-V vulns among January Patch Tuesday bugs

Microsoft starts 2024 right with another slimline Patch Tuesday drop, but there are some critical vulns to be alert to, including a number of man-in-the-middle attack vectors
January 09, 2024 09 Jan'24
Babuk Tortilla ransomware decryptor made available

A joint effort between Cisco Talos, Avast and the Dutch police will bring relief to many victims of a variant of the Babuk ransomware known as Tortilla
December 21, 2023 21 Dec'23
Top 10 cyber crime stories of 2023

Ransomware gangs dominated the cyber criminal underworld in 2023, a year that will prove notable for significant evolutionary trends in their tactics
December 20, 2023 20 Dec'23
ALPHV/BlackCat operation down, but maybe not out

Multinational law enforcement has targeted the operations of the notorious ALPHV/BlackCat cyber extortion gang, but the group’s members appear to remain defiant
December 19, 2023 19 Dec'23
Top 10 cyber security stories of 2023

The past 12 months have seen the security agenda dominated by the usual round of vulnerabilities, concerns over supply chain security and more besides, but it was the chaotic state of global geopolitics that really made an impact
December 14, 2023 14 Dec'23
Government plans to regulate to tackle datacentre threats

DSIT outlines a range of proposals designed to protect data storage facilities from cyber attacks, as well as physical threats and the effects of climate breakdown
December 14, 2023 14 Dec'23
The Security Interviews: Talking identity with Microsoft’s Joy Chik

Microsoft’s president of identity and network access, Joy Chik, joins Computer Weekly to discuss the evolving threat landscape in identity security, using innovations in artificial intelligence to stay ahead, and advocating for the coming ...
December 14, 2023 14 Dec'23
NCSC CEO Lindy Cameron to step down in 2024

NCSC chief exec Lindy Cameron, who helped lead and elevate the national dialogue on cyber security through major events such as Covid-19, SolarWinds Sunburst and Colonial Pipeline, is to step down in the New Year
December 13, 2023 13 Dec'23
How ransomware gangs use the tech media against their victims

Ransomware gangs are increasingly media-savvy operators, and this means incident response plans now need to account for communications and PR strategies too
December 13, 2023 13 Dec'23
Microsoft’s Christmas present for cyber teams: no zero-days

Barely 30 vulnerabilities, and no zero-days, have been fixed in the final Patch Tuesday drop of 2023
December 13, 2023 13 Dec'23
Critical UK infrastructure a ‘hostage of fortune’ to ransomware

A lack of ransomware planning and preparedness at the highest levels of government is leaving UK operators or critical national infrastructure dangerously exposed, according to a Joint Committee report
December 13, 2023 13 Dec'23
Inside the Singapore government’s cloud journey

The Smart Nation Group’s chief digital technology officer outlines the government’s cloud journey, including its approach to cloud migration and how it came to host mission-critical workloads on AWS
December 12, 2023 12 Dec'23
Outdated data protection practice key factor in PSNI data breach

The August 2023 data breach at the Police Service of Northern Ireland arose chiefly from an outdated approach to data protection and compliance at the force, according to an independent review
December 06, 2023 06 Dec'23
How a Node4 virtual datacentre proved better than MS cloud for mental health charity

Charity Together For Mental Wellbeing managed to migrate legacy servers into a new virtual environment and fix a major disaster recovery issue
December 01, 2023 01 Dec'23
Report reveals sorry state of cyber security at UK football clubs

Football clubs up and down the country are putting staff, players and fans alike at risk through outdated attitudes to cyber security, according to a report
December 01, 2023 01 Dec'23
The Security Interviews: Mark McClain, SailPoint Technologies

SailPoint founder and CEO Mark McClain reflects on how the concept of identity has evolved over the past 20 years, and points to rapid evolution still to come
November 30, 2023 30 Nov'23
Rhysida gang stole hundreds of gigabytes of British Library data

The Rhysida ransomware gang behind the cyber attack on the British Library has published almost 600GB of stolen data to its dark web leak site
November 29, 2023 29 Nov'23
Scope of Okta helpdesk breach widens to impact all users

Okta has widened the scope of the October breach of its systems to include every customer that has used its helpdesk service, after new information came to light
November 28, 2023 28 Nov'23
Scope of British Library data breach widens

Personal data on British Library users has appeared for sale on the dark web following a Rhysida ransomware attack, as the scope of the still-developing incident widens again
November 23, 2023 23 Nov'23
MOVEit incident spurred UK decision makers to spend big on cyber

The MOVEit cyber attacks that unfolded in the spring and summer of 2023 seem to have driven an increase in both ransomware awareness and spend, according to a report
November 23, 2023 23 Nov'23
North Korean APTs go all in on supply chain attacks, warns NCSC

Threat actors linked to the North Korean regime are becoming more adept at targeting software supply chains in the service of their cyber attacks
November 22, 2023 22 Nov'23
CISA reveals how LockBit hacked Boeing via Citrix Bleed

As alarm grows around the world about the impact of the so-called Citrix Bleed vulnerability, Boeing has shared details of its experience at the hands of the LockBit ransomware crew
November 21, 2023 21 Nov'23
Over half of SME cyber incidents now ‘malware-free’

The age of malware-driven cyber attacks may have peaked, at least when it comes to incidents affecting small and medium sized enterprises