News

Security policy and user awareness

October 19, 2022 19 Oct'22
Ransomware crews regrouping as LockBit rise continues

Overall ransomware activity dropped off in the third quarter of 2022, but increasing attack volumes in September may herald a difficult few months ahead
October 19, 2022 19 Oct'22
Treat cyber crime as a ‘strategic threat’, UK businesses told

The government’s new National Cyber Advisory Board aims to help elevate cyber discussion and spur action in the business community
October 18, 2022 18 Oct'22
Virtually all vulnerable open source downloads are avoidable

Some 96% of known vulnerable open source downloads could have been avoided altogether, according to a report
October 14, 2022 14 Oct'22
Malicious WhatsApp add-on highlights risks of third-party mods

Kaspersky researchers discovered a malicious version of a widely used WhatsApp messenger mod, highlighting the risks of using so-called mods

October 13, 2022 13 Oct'22
Cyber training firm KnowBe4 bought by private equity firm

Acquisition of KnowBe4 supposedly reflects the success the company has seen since its spring 2021 IPO
October 13, 2022 13 Oct'22
Unsung Heroes Awards celebrate diversity in cyber community

The seventh annual Security Serious Unsung Heroes Awards recognise those trying to improve diversity and mental health in cyber for the first time
October 12, 2022 12 Oct'22
NCSC urges organisations to secure supply chains

NCSC’s latest guidance package centres supply chain security, helping medium to large organisations assess and mitigate cyber risks from suppliers
October 12, 2022 12 Oct'22
Microsoft fixes lone zero-day on October Patch Tuesday

Microsoft patched a solitary zero-day vulnerability in its latest monthly drop, but fixes for two others disclosed in the past few weeks are nowhere to be seen
October 10, 2022 10 Oct'22
Ukraine and EU explore deeper cyber collaboration

A Ukrainian delegation has met with officials from the EU’s ENISA cyber agency to explore deeper cooperation on cyber security issues
October 05, 2022 05 Oct'22
Inside Dell Technologies’ zero-trust approach

Dell Technologies’ zero-trust reference model starts with defining business controls and having a central control plane that manages all the security aspects of an organisation’s infrastructure

October 04, 2022 04 Oct'22
Tories to replace GDPR

IT industry reacts to the government’s plan to replace the pan-European data protection regulation
September 29, 2022 29 Sep'22
Five startups to join NCSC for Startups initiative

The NCSC has invited five startups to join its NCSC for Startups programme to help the government with pressing cyber challenges facing the UK
September 29, 2022 29 Sep'22
Optus breach casts spotlight on cyber resilience

The massive data breach that affected more than 10 million Optus customers has cast the spotlight on API security and other factors that contribute to the cyber resilience of organisations in Australia
September 28, 2022 28 Sep'22
UK suffers third highest number of ransomware attacks globally

Based on an analysis of around 5,000 ransomware incidents, NordLocker has found that UK businesses, and small businesses in particular, are a priority target for ransomware gangs
September 28, 2022 28 Sep'22
Most hackers exfiltrate data within five hours of gaining access

Insights from more than 300 sanctioned adversaries, otherwise known as ‘ethical’ hackers, reveal that around two-thirds are able to collect and exfiltrate data within just five hours of gaining access
September 27, 2022 27 Sep'22
Fraudsters adapt phishing scams to exploit cost-of-living crisis

Around 80,000 Brits a month are falling victim to phishing attacks as fraudsters switch up tactics to take advantage of cost-of-living crisis and behavioural changes prompted by pandemic
September 26, 2022 26 Sep'22
How Russian intelligence hacked the encrypted emails of former MI6 boss Richard Dearlove

Hack by Russian-linked ColdRiver group exposed former MI6 chief Richard Dearlove’s contacts and email communications with government, military, intelligence and political officials
September 26, 2022 26 Sep'22
More than 30 startups to join Plexal’s Cyber Runway accelerator

Now in its second year, the Cyber Runway accelerator has been designed to support firms at various stages of growth, as well as help the cyber security sector to improve on its diversity, inclusion and regional representation
September 23, 2022 23 Sep'22
Threat actors abused lack of MFA, OAuth in spam campaign

Microsoft threat researchers have reported on a series of cyber attacks in which enterprises with lax IAM policies had their systems hijacked to conduct spam email campaigns
September 22, 2022 22 Sep'22
Nordic private equity firms pursue cyber security acquisitions

Increasing interest in the security sector from Nordic private equity firms is a reflection of growing threats and increasing enterprise security budgets
September 22, 2022 22 Sep'22
Privacy Pledge signatories dream of alternative internet

A group of privacy-focused organisations have come together to establish a set of principles for taking the internet back from big tech and surveillance capitalism
September 21, 2022 21 Sep'22
NCSC publishes cyber guidance for retailers

The NCSC has published tailored advice to support online retailers, hospitality providers and utility services in protecting themselves and their customers from cyber crime
September 21, 2022 21 Sep'22
15-year-old Python bug present in 350,000 open source projects

A Python tarfile vulnerability first disclosed in 2007 still persists to this day, according to analysis from Trellix
September 20, 2022 20 Sep'22
Thousands of customers affected in Revolut data breach

Digital challenger bank has warned its customers to be vigilant after their data was exposed in a cyber attack
September 20, 2022 20 Sep'22
Reports Uber and Rockstar incidents work of same attacker

Rockstar Games was hit over the weekend by an attacker who claimed to have accessed its Slack channel to steal data on an upcoming release, and may be the same person who compromised Uber
September 16, 2022 16 Sep'22
Six new vulnerabilities added to CISA catalogue

CISA adds six new vulnerabilities to its most-wanted list, including one that dates back to 2010
September 16, 2022 16 Sep'22
Uber suffers major cyber attack

Details are trickling out of an apparent ‘near total’ compromise of ride-sharing service Uber by an alleged teenage hacktivist
September 15, 2022 15 Sep'22
EU Cyber Resilience Act sets global standard for connected products

European Commission lays out proposed security regulations on device and software security to better protect consumers and drive global standards
September 15, 2022 15 Sep'22
Nominations closing soon for annual cyber awards

Nominations for the annual Security Serious Unsung Heroes Awards closes 16 September
September 15, 2022 15 Sep'22
New player pioneers ‘active cyber insurance’ for UK market

Arrival of US-based insurer Coalition in London will supposedly offer SMEs more options when it comes to cyber security insurance
September 15, 2022 15 Sep'22
Organisations failing to account for digital trust

The vast majority of businesses are well aware of the importance of digital trust, yet very few have a dedicated staff role responsible for it, report finds
September 15, 2022 15 Sep'22
US charges three Iranians over CNI cyber attacks

Three Iranian nationals have been indicted over a spate of ransomware attacks against organisations in the US, UK, Israel and Iran
September 14, 2022 14 Sep'22
FormBook knocks Emotet off top of malware chart

FormBook emerged as the most widely seen malware in August, according to Check Point’s latest data
September 14, 2022 14 Sep'22
Ex-CISA head Krebs: Disrupt ransomware support networks to win the war

Speaking at an event hosted by data protection specialist Rubrik, former CISA director Chris Krebs calls for the security community to work collectively to kick out the supports from under ransomware gangs
September 14, 2022 14 Sep'22
NCSC warns public of potential Queen-related phishing attacks

The National Cyber Security Centre is urging users to be on guard against phishing attacks during the period of national mourning for the Queen
September 13, 2022 13 Sep'22
Cloud compromise a doddle for threat actors as victims attest

Two separate studies into the state of public cloud security reveal insight into the ease with which threat actors can compromise vast numbers of targets, and some of the challenges security teams are facing in the cloud
September 13, 2022 13 Sep'22
Users warned over Azure Active Directory authentication flaw

Secureworks researchers found what they say is a serious vulnerability in an Azure Active Directory authentication method, but Microsoft says it should not pose a serious risk to users
September 13, 2022 13 Sep'22
Blancco works with charity to provide IT for African schools

Blancco is providing data sanitisation and erasure software to The Turing Trust so that old IT equipment can be securely reused by school children in Sub-Saharan Africa, instead of adding to world’s growing e-waste problem
September 13, 2022 13 Sep'22
Multi-persona impersonation adds new dimension to phishing

Iranian APT used multiple personas on a single email thread to convince targets of the legitimacy of its phishing lures
September 12, 2022 12 Sep'22
CISOs should spend on critical apps, cloud, zero-trust, in 2023

Faced with a global recession next year, security buyers should try to direct investment towards technology that protects customer-facing and revenue-generating workloads, say analysts
September 08, 2022 08 Sep'22
NCSC CyberUK event heads to Belfast in 2023

National Cyber Security Centre’s annual CyberUK roadshow is crossing the Irish Sea to Belfast in April 2023
September 08, 2022 08 Sep'22
Dutch cyber security organisations to join forces

Cyber security organisations in the Netherlands are going to merge into a single central expertise centre and information hub, which all organisations in the country will soon be able to tap into
September 08, 2022 08 Sep'22
India’s wake-up call on health data privacy

Health app developers and industry watchers in India are keeping an eye on data privacy following the reversal of the Roe vs Wade ruling in the US
September 07, 2022 07 Sep'22
Albania cuts diplomatic ties with Iran after cyber attack

In a global geopolitical first, the Albanian government has severed diplomatic ties with Iran and expelled its ambassador after it was targeted by an APT backed by Tehran
September 07, 2022 07 Sep'22
August ’22 a bumper month for high-impact vulnerabilities

Bugs in products from Apple, Google, Microsoft and VMware dominated the threat landscape in August, says Recorded Future
September 07, 2022 07 Sep'22
Prince’s Trust teams with threat management specialist in skills push

Prince’s Trust hopes to address shortfall in cyber professionals and improve diversity in the industry
September 07, 2022 07 Sep'22
Digital identity is key to coping with surge in air travel

The International Air Transport Association’s One ID digital identity initiative will pave the way for seamless air travel from curb to gate and help airports cope with growing passenger traffic
September 06, 2022 06 Sep'22
Campaigners call on Truss to change UK’s archaic hacking laws

The CyberUp coalition, a campaign to reform the Computer Misuse Act, has called on Liz Truss to push ahead with needed changes to protect cyber pros from potential prosecution
September 06, 2022 06 Sep'22
Saudi Arabian organisations choose to outsource to improve cyber security posture

Overwhelmed by rising threats and a growing number of government mandates, many organisations in Saudi Arabia are looking for outside help to take care of cyber security
September 05, 2022 05 Sep'22
Russian-speaking cyber criminals feel economic pinch

Russian-speaking cyber criminals are being forced to refine and adapt their techniques as Vladimir Putin’s invasion of Ukraine makes current methods redundant