News
Security policy and user awareness
-
April 06, 2022
06
Apr'22
Apple criticised over unpatched CVEs in Catalina, Big Sur
Apple patched two zero-days in macOS Monterey last week, but did not address the same issue in Catalina or Big Sur, raising questions
-
April 05, 2022
05
Apr'22
Secrecy over police EncroChat hacking is unconstitutional, defence lawyers tell top French court
France’s constitutional court, the Conseil Constitutionnel, has heard arguments that the use of ‘defence secrecy’ to withhold information about police surveillance operations breaches the French constitution
-
April 05, 2022
05
Apr'22
Triple-threat Borat malware no joke for victims
Unlike its namesake, the newly discovered Borat malware won’t raise a smile for IT security pros
-
April 01, 2022
01
Apr'22
Apple drops emergency patches for two zero-days
Apple has fixed two zero-day vulnerabilities that appear to have been actively exploited in the wild
-
March 31, 2022
31
Mar'22
Global upheaval shows cyber security isn’t good enough, says GCHQ director
Generational global upheaval has laid bare significant gaps in national cyber strategies, GCHQ chief Jeremy Fleming has said in a speech
-
March 31, 2022
31
Mar'22
Lapsus$ cyber crime spree continues despite arrests
The arrests of seven people in connection with the Lapsus$ cyber crime group has not dented the gang’s enthusiasm for causing chaos
-
March 30, 2022
30
Mar'22
One-third of UK firms suffer a cyber attack every week
New statistics from the annual DCMS Cyber security breaches survey reveal the extent and frequency with which UK organisations are being attacked by malicious actors
-
March 30, 2022
30
Mar'22
Australia to spend A$9.9bn on intelligence and cyber capabilities
The Morrison government is investing in a landmark package of measures to shore up the intelligence and cyber security capabilities of the Australian Signals Directorate
-
March 29, 2022
29
Mar'22
NCSC: Not necessarily wise to ditch Kaspersky
UK’s National Cyber Security Centre issues refreshed guidance on organisations’ usage of technology and services of Russian origin, but stops short of advising users to expunge all Russian products from their IT estates
-
March 29, 2022
29
Mar'22
Wave of Log4j-linked attacks targeting VMware Horizon
Sophos issues a new warning to organisations that have so far failed to patch their VMware Horizon servers against Log4Shell
-
March 29, 2022
29
Mar'22
FCA reports 52% jump in security incidents
The Financial Conduct Authority received 116 cyber incident reports in 2021, a fifth of them involving ransomware
-
March 29, 2022
29
Mar'22
Singapore rolls out cyber security certification scheme
Two new cyber security marks are expected to provide an edge for Singapore businesses with good cyber security practices
-
March 28, 2022
28
Mar'22
IT professionals wary of government campaign to limit end-to-end encryption
Members of the Chartered Institute of IT, the professional body for technology professionals in the UK, warn against limiting end-to-end encryption
-
March 24, 2022
24
Mar'22
Anonymous claims it has hacked the Central Bank of Russia
Hackers operating under the Anonymous banner claim to have stolen more than 35,000 sensitive files from the Central Bank of Russia as part of its cyber war against the Russian state
-
March 24, 2022
24
Mar'22
Ransomware demands and payments increase with use of leak sites
Ransomware demands and payments continue to climb as gangs increasingly turn to Dark Web leak sites to add pressure on victims
-
March 24, 2022
24
Mar'22
How India organisations can mitigate cyber threats
Organisations in India will need to invest more in cloud security, gain more visibility into their systems and improve security awareness among employees to fend off cyber attacks
-
March 24, 2022
24
Mar'22
Hiring and retention challenges in cyber security persist
Latest ISACA report shows that enterprises are struggling to find and retain cyber security talent
-
March 22, 2022
22
Mar'22
Biden issues warning about Russian cyber attacks
President Biden has said that US companies running critical infrastructure should immediately harden their defences in anticipation of potential cyber attacks from Russia
-
March 17, 2022
17
Mar'22
NCSC catches 10 million phishes
Nation Cyber Security Centre’s scam email reporting service enjoys great success as government embarks on new cyber awareness campaign
-
March 16, 2022
16
Mar'22
Biden signs ransomware reporting mandate into law
CNI operators in the US must now report cyber attacks within 72 hours, and ransomware payments within 24 hours
-
March 10, 2022
10
Mar'22
Tech brands sign on to HackerOne responsible security drive
Tech companies sign HackerOne’s new corporate security responsibility pledge to bring cyber out of the shadows and promote effective, secure development practices
-
March 10, 2022
10
Mar'22
Orange Business Services and Fortinet seal SASE partnership
Business services division of telco inks partnership with cyber security firm to gain differentiation for secure access service edge solution based on cloud-native technologies and using a dedicated global IP backbone to deliver expanded on-demand ...
-
March 09, 2022
09
Mar'22
Microsoft serves up three zero-days on March Patch Tuesday
Three zero-days pop up in Microsoft’s March update, along with a number of other noteworthy concerns for defenders
-
March 07, 2022
07
Mar'22
Ukraine joins Nato cyber knowledge hub
Ukraine is to become a contributing participant in Nato’s Cooperative Cyber Defence Centre of Excellence
-
March 04, 2022
04
Mar'22
Scrapping NHS Digital a backward step for patient data rights
Former NHS Digital chair Kingsley Manning has spoken out over proposals to fold NHS Digital into NHS England, saying that more oversight is needed to safeguard patient data in light of recent events
-
March 03, 2022
03
Mar'22
Boardroom does not see ransomware as a priority
Less than a quarter of company directors think ransomware is a top priority for their security teams, according to Egress
-
March 03, 2022
03
Mar'22
Direct action is a risky business for Ukraine's volunteer hackers
Hackers have been responding to Ukraine’s call to create an IT army, but there are many reasons why taking direct action in a kinetic conflict is a bad idea
-
March 02, 2022
02
Mar'22
Eight schools recognised for quality security education
Eight new schools and colleges around the UK have been recognised by the NCSC’s CyberFirst Schools initiative
-
March 01, 2022
01
Mar'22
BBC blasted with millions of malicious emails
Responding to an FoI request, the BBC has revealed it receives more than 300,000 malicious email attacks every day
-
February 28, 2022
28
Feb'22
Ukraine cyber attacks seen spiking, but no destructive cyber war yet
While cyber attacks linked to Russia’s war on Ukraine are taking place, they are having little impact beyond the region
-
February 25, 2022
25
Feb'22
Mass phishing attacks against Ukrainian citizens reported
The Ukrainian cyber authorities are alerting people located in the country to be alert to phishing attacks
-
February 24, 2022
24
Feb'22
KnowBe4 cyber drama tackles Colonial Pipeline in fourth season
KnowBe4’s ongoing cyber security training drama, The Inside Man, reaches its fourth season with a plot drawing inspiration from one of the most impactful cyber attacks of 2021
-
February 24, 2022
24
Feb'22
New wave of cyber attacks on Ukraine preceded Russian invasion
A wave of DDoS attacks, and a second data wiper attack, were seen hitting Ukraine in the hours leading up to the Russian invasion
-
February 24, 2022
24
Feb'22
Security organisations form Nonprofit Cyber coalition
Founding members of the Nonprofit Cyber coalition pledge to enhance joint action on cyber security around the world
-
February 24, 2022
24
Feb'22
New cyber guidelines to safeguard construction sector
NCSC launches sector-specific security guidance for organisations in the construction industry, with input from the Chartered Institute of Building
-
February 24, 2022
24
Feb'22
Russia behind dangerous Cyclops Blink malware
Joint NCSC CISA advisory attributes a dangerous malware, dubbed Cyclops Blink, to Russia’s Sandworm APT, likely a GRU unit, with WatchGuard users at particular risk
-
February 23, 2022
23
Feb'22
No imminent cyber threat to UK from Russia
Intelligence officials say they have no evidence or indication that Russian cyber attackers are preparing offensive assaults on infrastructure or organisations in Britain
-
February 23, 2022
23
Feb'22
Attempted burglary exposes risk of NatWest customer data in former worker’s home
Former Royal Bank of Scotland employee offers bank a compromise in her dispute over the return of confidential customer information
-
February 23, 2022
23
Feb'22
IBM opens cyber security hub in India
Big Blue’s new cyber security hub, comprising a cyber range, software development facilities and a security operations centre, will serve enterprises across the Asia-Pacific region
-
February 22, 2022
22
Feb'22
UK organisations swift to chide phishing victims
While UK organisations are doing better at security training, many are quick to punish employees who fall victim to phishing attacks, whether real or simulated
-
February 18, 2022
18
Feb'22
UK organisations untroubled by Trickbot surge
A surge in Trickbot infections is targeting some of the world’s most prominent brands, but UK organisations seem thankfully unaffected
-
February 16, 2022
16
Feb'22
2021 another record year for UK cyber investment
Total revenue generated by the UK’s cyber sector was up 14% last year, and UK-registered security firms raised over £1bn in investment
-
February 15, 2022
15
Feb'22
Parasol data breach: Frustrated IT contractors dig into the dark web in search of their data
The emergence on the dark web of passports, payslips and other personal documents belonging to contractors affected by the cyber attack and subsequent data breach at Parasol is prompting group actions and forcing some IT contractors to find out for ...
-
February 15, 2022
15
Feb'22
TA2451 targets aviation and transport sector with tailored lures
Newly designated cyber criminal group favours highly specific lures and a tried-and-tested modus operandi to compromise targets in the aviation, aerospace and transport sectors
-
February 15, 2022
15
Feb'22
China emerges as leader in vulnerability exploitation
Threat actors linked to China are emerging as a significant force in the weaponisation of newly discovered CVEs
-
February 11, 2022
11
Feb'22
CMA secures final Privacy Sandbox guarantees from Google
The CMA has secured a final set of Privacy Sandbox commitments from Google relating to the proposed removal of third-party cookies from its Chrome browser
-
February 11, 2022
11
Feb'22
Lack of knowledge disastrous for effective security strategy within Dutch companies
Most Dutch companies still haven’t realised that security is an integral part of their IT and company strategy
-
February 11, 2022
11
Feb'22
Why security professionals should pay attention to what Russia is doing
Even though the average organisation is an unlikely target for a Russian state cyber attack, here's why security teams still need to watch what Russian threat groups are up to
-
February 09, 2022
09
Feb'22
Ransomware ever more sophisticated and impactful, warns NCSC
UK’s National Cyber Security Centre teams up with US and Australian partners in a joint advisory warning organisations of the increasing sophistication exhibited by criminal ransomware gangs
-
February 09, 2022
09
Feb'22
Microsoft stomps on 48 bugs in February Patch Tuesday update
It’s a light Patch Tuesday for February 2022, as Microsoft issues fixes for just 48 CVEs, including a solitary zero-day