News
IT for charity organisations
-
March 30, 2023
30
Mar'23
OSC&R supply chain security framework goes live on Github
The OSC&R framework for understanding and evaluating threats to supply chain security has made its debut on Github to allow anybody to contribute to the framework
-
March 30, 2023
30
Mar'23
NCSC issues revised security Board Toolkit for business leaders
National Cyber Security Centre calls on CEOs and senior business leaders to take a more hands-on approach to cyber resilience with the launch of revised board-level tools
-
March 28, 2023
28
Mar'23
Apple security updates fix 33 iPhone vulnerabilities
A larger-than-usual update to Apple’s mobile operating system fixes more than 30 distinct vulnerabilities, including two serious issues that may potentially affect device kernels
-
March 28, 2023
28
Mar'23
Ransomware attacks up 45% in February, LockBit responsible
NCC Group says it observed a surge in ransomware attacks in February, with LockBit, BlackCat and BianLian all highly active
-
March 24, 2023
24
Mar'23
National Crime Agency sting operation infiltrates cyber crime market
The UK National Crime Agency has tricked thousands of potential cyber criminals into registering with a fake website pretending to offer tools for creating DDoS attacks
-
March 22, 2023
22
Mar'23
AWS Imagine Grant launches in UK to fund charity cloud-based tech projects
The AWS Imagine Grant initiative has been running in the US for several years, with 66 charitable organisations receiving more than $6m in funding so far
-
March 21, 2023
21
Mar'23
Ransomware gangs harass victims to ‘bypass’ backups
Analysis reveals how cyber criminal gangs are turning to extensive, targeted harassment campaigns to force victims to pay up, even if their backups are in good order
-
March 20, 2023
20
Mar'23
BBC cracks down on TikTok after review
The BBC is asking staff not to install TikTok on corporate-owned devices without a justified business purpose, although its use will still be allowed to share media content with its audiences
-
March 17, 2023
17
Mar'23
UK TikTok ban gives us all cause to consider social media security
The UK government’s ban on TikTok should give all organisations cause to look into what information social media platforms are collecting on us, and what they are using it for
-
March 16, 2023
16
Mar'23
BEC attacks doubled in 2022, outstripping ransomware
Massive growth in the volume of Business Email Compromise or BEC attacks was linked to a surge in successful phishing campaigns, according to data from Secureworks
-
March 16, 2023
16
Mar'23
Mandiant: Dangerous MS Outlook zero-day widely used against Ukraine
A zero-day vulnerability in Microsoft Outlook that was fixed in the March Patch Tuesday update has likely been actively exploited by Russian actors for a year or more, and its use will now spread rapidly
-
March 15, 2023
15
Mar'23
Chinese Silkloader cyber attack tool falls into Russian hands
A loader tool used by Chinese cyber criminals seems to have been enthusiastically taken up in recent weeks by Russian ransomware operators
-
March 15, 2023
15
Mar'23
Microsoft patches Outlook zero-day for March Patch Tuesday
A highly dangerous privilege escalation bug in Outlook is among 80 different vulnerabilities patched in Microsoft’s March Patch Tuesday update
-
March 13, 2023
13
Mar'23
MI5 to oversee new National Protective Security Authority
The new National Protective Security Authority will address various national security threats including state-sponsored cyber espionage against UK targets
-
February 23, 2023
23
Feb'23
WithSecure proposes ‘undo’ button for ransomware
WithSecure’s Activity Monitor technology supposedly overcomes the shortcomings of sandbox test environments, and may be able to stop ransomware attacks from ever happening
-
February 22, 2023
22
Feb'23
Researchers find new bug ‘class’ in Apple devices
A group of vulnerabilities in Apple products that stem from the ForcedEntry exploit used by spyware firm NSO constitutes a whole new class of bug, say researchers at Trellix
-
February 22, 2023
22
Feb'23
Dutch cyber security professionals experience stress akin to soldiers in war zone, claims expert
Cyber attacks are taking a heavy toll on Dutch IT professionals, with over a third reporting that their mental health suffers as a result
-
February 22, 2023
22
Feb'23
Half of cyber leaders to switch jobs by 2025, citing stress
A substantial number of cyber security leaders are plotting their great escape, saying the industry is leaving them too stressed to go on, according to a study
-
February 15, 2023
15
Feb'23
Multi-purpose malwares can use more than 20 MITRE ATT&CK TTPs
Report warns of the development of increasingly sophisticated, multi-purpose malwares, and calls on defenders to play close attention to the MITRE ATT&CK framework to ward them off
-
February 15, 2023
15
Feb'23
Microsoft fixes three zero-days in February update
February’s Patch Tuesday update contains fixes for three previously unpublicised zero-days in Microsoft Office, Windows Graphics Component and Windows Common Log File System Driver
-
February 14, 2023
14
Feb'23
Vidar, nJRAT re-emerge as prominent malware threats in January
Trojans and infostealers once again dominate the list of most commonly observed threats, according to Check Point’s latest telemetry
-
February 13, 2023
13
Feb'23
KPMG launches metaverse and digital twin hub in Saudi Arabia
The Saudi Arabian government’s commitment to investing in metaverse technology has attracted a KPMG centre of excellence to its shores
-
February 13, 2023
13
Feb'23
Security buyers lack insight into threats, attackers, report finds
The majority of cyber security purchasing decisions are made without proper insight into the attackers organisations are facing, according to a Mandiant report
-
February 06, 2023
06
Feb'23
The Security Interviews: How to overcome data protection compliance challenges
Complying with the vast swathe of data protection legislation around the world is complex, especially for smaller organisations without the necessary expertise. Could the compliance process be simplified, and if so, how?
-
February 01, 2023
01
Feb'23
UK Cyber Council and ISACA launch audit, assurance programme
The UK Cyber Security Council has teamed up with ISACA to partner on a new audit and assurance programme for security pros
-
January 27, 2023
27
Jan'23
Hive ransomware gang taken down after FBI hacks back
The FBI hacked into Hive’s servers, stole its decryption keys and then took down its servers in a major action that has successfully disrupted a prolific and dangerous ransomware operation
-
January 25, 2023
25
Jan'23
NCSC exposes Iranian, Russian spear-phishing campaign targeting UK
Spear-phishing campaigns likely linked to Iranian and Russian espionage activity are targeting persons of interest in the UK, warns the NCSC
-
January 25, 2023
25
Jan'23
Boards struggle to resolve cyber risk in digital supply chains
Accelerated digitisation of supply chains is introducing more cyber risk for which many organisations seem unprepared, according to the BSI’s annual report on supply chain risk
-
January 24, 2023
24
Jan'23
UK insurers need to up their game on cyber gaps, says PRA
Gaps and limitations in how insurers respond to cyber risk need to be addressed, according to the Bank of England regulator, the Prudential Regulation Authority
-
January 24, 2023
24
Jan'23
SSRF attacks hit 100,000 businesses globally since November
There has been a dramatic increase in attacks exploiting the ProxyNotShell/OWASSRF exploit chains to target Microsoft Exchange servers
-
January 23, 2023
23
Jan'23
NCSC warning over cyber risk to charity sector
Cash-strapped charities without the resource to tackle their resilience deficit are increasingly at risk from malicious actors, says the NCSC
-
January 17, 2023
17
Jan'23
Claim IR35 reform repeal and U-turn cost the government ‘nothing’ called into question
After responding to a question about the cost of the government’s repeal of the IR35 reforms and its subsequent U-turn on the decision, the financial secretary has come under fire for claiming no additional costs were incurred by its flip-flopping
-
January 17, 2023
17
Jan'23
Crest throws support behind CyberUp CMA reform campaign
Cyber accreditation association Crest International has lent its support to the CyberUp campaign for reform to the Computer Misuse Act of 1990
-
January 11, 2023
11
Jan'23
Microsoft fixes EoP zero-day on January Patch Tuesday
On the first Patch Tuesday of 2023, Microsoft fixed an elevation of privilege vulnerability in Windows Advanced Local Procedure Call, which has been actively exploited in the wild and may be co-opted into ransomware campaigns
-
January 10, 2023
10
Jan'23
Insurer Beazley introduces catastrophe bond to ease cyber risk
Insurance company Beazley says that its $45m cyber catastrophe bond will help to protect its balance sheet and enable it to offer more cyber insurance cover
-
January 08, 2023
08
Jan'23
Vulnerable organisations to get free Cyber Essentials support
Charities and legal aid firms are among those to be offered free security checks and certifications from the National Cyber Security Centre
-
January 04, 2023
04
Jan'23
Diversity and inclusion figures high in New Year Honours List 2023
The New Year Honours List 2023 hailed those in the technology community who promote diversity and inclusion
-
December 30, 2022
30
Dec'22
Top 10 information management stories of 2022
Data for good is a theme of the information management stories of 2022 selected here. From tracking space junk, through medical kits for Ukraine, to professionalising data science to benefit society
-
December 29, 2022
29
Dec'22
Top 10 Nordic IT stories of 2022
Here are Computer Weekly's top 10 Nordic IT articles of 2022
-
December 22, 2022
22
Dec'22
Top 10 cyber security stories of 2022
The war in Ukraine loomed large over the cyber security news agenda, but 2022 also saw growing awareness of open source security, discussion around cyber insurance, and more besides
-
December 22, 2022
22
Dec'22
Top 10 cyber crime stories of 2022
Cyber crime continued to hit the headlines in 2022, with impactful cyber attacks abounding, digitally enabled fraud ever more widespread and plenty of ransomware incidents
-
December 20, 2022
20
Dec'22
Four-day working week set to stay at Atom bank
Challenger bank Atom has formalised a four-day working week policy after a successful trial
-
December 14, 2022
14
Dec'22
Ethical hackers flex their muscles in 2022
Ethical hackers working through HackerOne programmes found 21% more vulnerabilities in 2022 than in 2021
-
December 14, 2022
14
Dec'22
Microsoft fixes two zero-days in final Patch Tuesday of 2022
December’s Patch Tuesday is typically a light month for Microsoft, and this year proved no exception, but there are still several critical issues worth addressing, and two zero-days for defenders to pore over
-
December 13, 2022
13
Dec'22
EU issues draft data adequacy decision in favour of US
The European Commission has concluded that the United States does ensure an adequate level of protection for personal data transferred from the European Union and will now launch the process towards the adoption of an adequacy decision
-
December 13, 2022
13
Dec'22
The nature of the CISO role will be in flux in 2023
As cyber risk outpaces organisational defences, and cyber attacks and breaches cause more and more damage, the nature of the CISO role is entering a state of flux, according to a report
-
December 09, 2022
09
Dec'22
Iranian APT seen exploiting GitHub repository as C2 mechanism
A subgroup of the Iran-linked Cobalt Mirage APT group has been caught taking advantage of the GitHub open source project as a means to operate its latest custom malware
-
December 08, 2022
08
Dec'22
Apple to tap third party for physical security keys
Apple is launching a number of new security protections, including the addition of third-party-provided hardware security keys
-
December 07, 2022
07
Dec'22
Google, MS, Oracle vulnerabilities make November ’22 a big month for patching
Vulnerabilities affecting the likes of Google, Microsoft and Oracle proved particularly troublesome in November
-
December 06, 2022
06
Dec'22
Don’t become an unwitting tool in Russia’s cyber war
Researchers have turned up evidence that enterprise networks are being co-opted by Russian threat actors to launch attacks against targets in Ukraine. How can you avoid becoming an unwitting tool in a state-backed attack?