News
Security policy and user awareness
-
March 17, 2024
17
Mar'24
UK’s AI ambitions pointless while cyber security is still neglected
The UK’s AI ambitions may be at considerable risk without stronger cyber defences across the private and public sectors
-
March 13, 2024
13
Mar'24
Microsoft AI-powered cyber service to go live in April
After a year being previewed by beta customers, Microsoft’s much vaunted Copilot for Security service is about to go on general release, promising time savings and improved accuracy for hard-pressed security pros
-
March 13, 2024
13
Mar'24
British Library opens up over ransomware attack to help others
The British Library has opted for full transparency after experiencing a devastating ransomware attack, publishing details of the intrusion, its response and the lessons it has learned
-
March 12, 2024
12
Mar'24
March Patch Tuesday throws up two critical Hyper-V flaws
Two critical vulnerabilities in Windows Hyper-V stand out on an otherwise unremarkable Patch Tuesday
-
March 11, 2024
11
Mar'24
Dutch organisations vulnerable to deepfake fraud
With the information many employees share on social media, Dutch companies are especially vulnerable to a new form of fraud
-
March 08, 2024
08
Mar'24
OSS leaders detail commitments to bolster software security
CISA has announced a number of actions to help secure the global open source ecosystem, as leading package repositories including the Python and Rust foundations advance their own initiatives
-
March 05, 2024
05
Mar'24
Rapid7 hits out over botched vulnerability disclosure
Software development firm JetBrains and security specialist Rapid7 fall out over the handling of a critical vulnerability disclosure, while customers are left rushing to patch
-
March 05, 2024
05
Mar'24
Banning ransomware payments back on the agenda
The idea of banning ransomware payments to cyber criminals is back on the agenda, with former NCSC chief Ciaran Martin arguing that tougher measures need to be taken
-
February 29, 2024
29
Feb'24
Okta doubles down on cyber in wake of high-profile breaches
Okta launches Secure Identity Commitment to shore up its technology in the wake of a damaging breach and elevate best practice around identity
-
February 28, 2024
28
Feb'24
75% of third-party breaches target software, IT supply chains
Data drawn from SecurityScorecard’s telemetry reveals how supply chain breaches are becoming a weapon of choice for threat actors
-
February 28, 2024
28
Feb'24
Users love their cyber teams, but find them frustrating
Despite strong support for security teams, a good number of ordinary workers see them as obstructive to business goals, and would like to see them operate more transparently
-
February 27, 2024
27
Feb'24
Black Basta and Bl00dy ransomware gangs exploiting ConnectWise vulns
More ransomware gangs have been observed exploiting two dangerous vulnerabilities in ConnectWise ScreenConnect software, prompting new warnings for users to get patching
-
February 27, 2024
27
Feb'24
Majority of UK employees ‘willingly gamble’ with security
Human-centric threats originating from employees continue to damage organisations both financially and reputationally, according to a report
-
February 23, 2024
23
Feb'24
ConnectWise users see cyber attacks surge, including ransomware
ConnectWise ScreenConnect users who have yet to patch against a critical vulnerability are now being targeted by a barrage of cyber attacks, including ransomware
-
February 20, 2024
20
Feb'24
LockBit locked out: Cyber community reacts
Reaction to the takedown of the LockBit ransomware gang is enthusiastic, but tempered with the knowledge that cyber criminals are often remarkably resilient
-
February 20, 2024
20
Feb'24
LockBit gang members arrested in Poland and Ukraine
The UK’s National Crime Agency and its global partners have shared more details on their audacious takedown of the LockBit ransomware operation, including news of two arrests
-
February 19, 2024
19
Feb'24
Cops take down LockBit ransomware gang
The notorious LockBit ransomware crew has been disrupted in an international law enforcement sting led by the UK's National Crime Agency
-
February 15, 2024
15
Feb'24
Security-by-design push prompts new ISC2 accreditations
Security-by-design has become a hot-button regulatory issue. ISC2 has decided now is the time to upskill cyber pros around these vital software and hardware development principles
-
February 14, 2024
14
Feb'24
Microsoft: Nation-state hackers are exploiting ChatGPT
Threat actors from China, Iran, North Korea and Russia have all been probing use cases for generative AI service ChatGPT, but have yet to use such tools in a full-blown cyber attack
-
February 14, 2024
14
Feb'24
Microsoft patches two zero-days for Valentine’s Day
Two security feature bypasses impacting Microsoft SmartScreen are on the February Patch Tuesday docket, among more than 70 issues
-
February 13, 2024
13
Feb'24
New variants of Qakbot malware under development
Despite its infrastructure having been taken down by the FBI last year, someone appears to be actively working on a new and improved version of the infamous Qakbot malware
-
February 13, 2024
13
Feb'24
Hunter-killer malware volumes seen surging
Latest Picus Security report on malware tactics, techniques and procedures reveals an increasing focus on disabling security defences
-
February 09, 2024
09
Feb'24
MoD ethical hacking programme expands after initial success
The Ministry of Defence has expanded the scope of its defensive security partnership with HackerOne
-
February 06, 2024
06
Feb'24
UK’s McPartland Cyber Review to probe trust in technology
The UK government has launched a cyber security review that will investigate how best to give businesses the confidence they need to use new technologies
-
February 06, 2024
06
Feb'24
UK and France push for international agreement on spyware
The UK and France are hosting diplomats, big tech companies and civil society groups, in a two-day conference in London targeting the proliferation of spyware tools and ‘hackers for hire’
-
February 05, 2024
05
Feb'24
US sanctions Iranians behind CNI cyber attacks
US government issues new sanctions against six Iranians suspected of being behind a series of cyber attacks targeting critical national infrastructure, notably water supply systems
-
January 25, 2024
25
Jan'24
Bugcrowd sees surge in vulnerability submissions, led by public sector
Crowdsourced vulnerability disclosure and bug bounty platform Bugcrowd says it saw a 151% uptick in submissions related to government and public sector organisations in 2023
-
January 24, 2024
24
Jan'24
Inside Cisco’s security platform strategy
Raj Chopra, senior vice-president of Cisco’s security business, outlines the company’s security platform strategy and how it brought different products together into a single platform
-
January 24, 2024
24
Jan'24
Critical vulnerability exposes Fortra GoAnywhere users
Fortra GoAnywhere MFT users must take steps to address a newly disclosed zero-day vulnerability without delay
-
January 24, 2024
24
Jan'24
AI will heighten global ransomware threat, says NCSC
The benefits of artificial intelligence to cyber criminals being well-known, the NCSC now assesses it’s likely AI will soon be widely used to enhance ransomware attacks
-
January 24, 2024
24
Jan'24
Salesforce’s bug bounty programme paid out $3m in 2023
Ethical hackers disclosed more than 4,000 vulnerabilities to Salesforce last year through its bug bounty programme, and received over $3m in rewards
-
January 23, 2024
23
Jan'24
Treat cyber risk like financial or legal issue, says UK government
UK government and NCSC launch proposed code of practice on cyber security governance to help directors and business leaders toughen their defences
-
January 23, 2024
23
Jan'24
Leak of 26 billion records may prove to be ‘mother of all breaches’
The discovery of a dataset comprising 26 billion stolen records may prove to be record-breaking in both its size and the danger it poses to ordinary people
-
January 22, 2024
22
Jan'24
Chat control: Tech companies warn ministers over EU encryption plans
Tech companies have written to EU ministers to urge them to back the European Parliament, rather than the European Commission, over proposed regulations to police child abuse
-
January 19, 2024
19
Jan'24
Neighbouring Kent councils hit by simultaneous cyber attacks
Canterbury, Dover and Thanet Councils in Kent have all been struck by simultaneous cyber attacks knocking systems offline, with indications of a link between all three
-
January 18, 2024
18
Jan'24
Cyber non-profit enlists ex-NCSC head as technical chair
Founding NCSC chief exec Ciaran Martin is to join the newly launched Cyber Monitoring Centre non-profit as chair of its technical committee
-
January 17, 2024
17
Jan'24
NCSC invites security pros to join the big leagues
The NCSC is inviting security pros from across the UK to sign up to work with its experts on an intelligence-sharing initiative
-
January 17, 2024
17
Jan'24
The Security Interviews: Rebecca Taylor, SecureWorks Counter Threat Unit
In October 2023, Rebecca Taylor of the SecureWorks Counter Threat Unit was recognised at the annual Security Serious Unsung Heroes Awards for her work. Computer Weekly caught up with her to talk mentoring, cyber career development and diversity
-
January 17, 2024
17
Jan'24
Victims of 2023 Capita data breaches head to High Court
More than 5,000 people impacted by data breaches arising from two cyber incidents affecting outsourcer Capita have joined a group action lawsuit
-
January 17, 2024
17
Jan'24
Singapore proposes governance framework for generative AI
AI Verify Foundation and Infocomm Media Development Authority have proposed a governance framework for generative AI to address the risks and concerns about the emerging technology
-
January 16, 2024
16
Jan'24
Kaspersky shares Pegasus spyware-hunting tool
Kaspersky has developed a way of easily exposing the presence of Pegasus spyware on iOS devices and believes its methodology may also help users identify other such surveillance malware
-
January 15, 2024
15
Jan'24
Russia hacked ex-MI6 chief’s emails – what they reveal is more Dad’s Army than deep state
A Russian hacking group that published emails of ex-MI6 chief Richard Dearlove claimed to have uncovered a conspiracy, but it was more Dad’s Army than the ‘deep state’, Computer Weekly and Byline Times reveal
-
January 15, 2024
15
Jan'24
NCA director sacked after WhatsApp and email security breaches
Nikki Holland, former director of investigations at the NCA, was sacked for “misconduct” after sending sensitive NCA information over personal email and WhatsApp
-
January 10, 2024
10
Jan'24
Windows Kerberos, Hyper-V vulns among January Patch Tuesday bugs
Microsoft starts 2024 right with another slimline Patch Tuesday drop, but there are some critical vulns to be alert to, including a number of man-in-the-middle attack vectors
-
January 10, 2024
10
Jan'24
SEC social media hack highlights value of MFA
The US SEC briefly appeared to approve new bitcoin trading rules after a social media account was targeted by troublemakers, proving the value of MFA once again
-
January 09, 2024
09
Jan'24
Study reveals cyber risks to US elections
With the 2024 US presidential election cycle beginning, a study produced by Arctic Wolf has highlighted big gaps in preparedness and resourcing at government bodies across the US
-
January 08, 2024
08
Jan'24
British Library ransomware attack could cost up to £7m
The cost of recovering the British Library’s ransomware-stricken IT systems could be up to £7m, it has emerged
-
January 03, 2024
03
Jan'24
Dutch working to promote cooperation in Europe to keep internet safe
A Dutch cooperative approach offers national and international cooperation opportunities for ISPs to guard against DDoS attacks, lawful interception and detect abuse in networks
-
January 02, 2024
02
Jan'24
China’s UNC4841 pivots to new Barracuda ESG zero-day
The Chinese state threat actor behind a series of cyber attacks on Barracuda Networks customers embarked on a campaign targeting the supplier’s email security products in the run-up to Christmas
-
December 21, 2023
21
Dec'23
Top 10 cyber crime stories of 2023
Ransomware gangs dominated the cyber criminal underworld in 2023, a year that will prove notable for significant evolutionary trends in their tactics