News

Security policy and user awareness

July 08, 2022 08 Jul'22
Microsoft appears to reverse VBA macro-blocking

Microsoft quietly reverses VBA macro-blocking across its Office portfolio in a move that has left security experts puzzled
July 07, 2022 07 Jul'22
MI5, FBI chiefs warn of Chinese cyber espionage threat

In a joint appearance in London, MI5 director general Ken McCallum and FBI director Chris Wray warn of the growing threat posed by the Chinese government to UK and US interests
July 07, 2022 07 Jul'22
The Security Interviews: Inside Russia’s Ukraine information operation

Computer Weekly speaks to Craig Terron of Recorded Future about delving deep inside the Russian disinformation machine, and how the Kremlin’s strategy is set to evolve
July 06, 2022 06 Jul'22
Plexal seeks new scaleups for next phase of Cyber Runway

Established security startups looking to grow and scale their operations are being invited to join the next phase of Plexal’s Cyber Runway programme

July 06, 2022 06 Jul'22
ESET: Lazarus APT hit aero, defence sector with fake job ads

ESET researchers present new findings into a series of cyber attacks on the aerospace and defence sectors by North Korea’s Lazarus crime syndicate
July 05, 2022 05 Jul'22
Prepare for long-term cyber threat from Ukraine war, says NCSC

The NCSC has published refreshed guidance on cyber preparedness as the war on Ukraine continues, urging organisations to pay attention to the state of their security teams
July 05, 2022 05 Jul'22
NCSC CEO: Why we should run towards crises to elevate cyber security

National Cyber Security Centre CEO Lindy Cameron, the 2022 Computer Weekly UKtech50 Most Influential Person in UK IT, reflects on a career immersed in crisis management, and how she is using this to elevate cyber security standards across the country
June 29, 2022 29 Jun'22
New cyber extortion op appears to have hit AMD

Semiconductor specialist AMD has confirmed it is investigating reports that a ‘bad actor’ has stolen hundreds of gigabytes of its data
June 29, 2022 29 Jun'22
Romance scammers exploit Ukraine war in cynical campaign

Romance scammers can make easy money exploiting people looking for love, but in this newly observed campaign linked to the Ukraine war they are playing on deeper emotions
June 27, 2022 27 Jun'22
Brexit a net negative for UK cyber, say CISOs

Six years on from the UK’s Brexit vote, the majority of security professionals say leaving the EU has raised concerns over their ability to keep their organisations safe

June 27, 2022 27 Jun'22
LockBit ransomware gang launches bug bounty programme

A bug bounty programme is among a number of features LockBit’s developers have added to ‘version 3.0’ of the ransomware
June 24, 2022 24 Jun'22
Black Basta ransomware crew aiming for ‘big leagues’

Emergent Black Basta ransomware gang has hit more than 50 countries since bursting onto the scene earlier this year, says Cybereason
June 24, 2022 24 Jun'22
US cyber agency in fresh warning over Log4Shell risk to VMware

Many VMware Horizon and UAG servers remain defenceless against Log4Shell, and organisations continue to fall victim to the vulnerability
June 24, 2022 24 Jun'22
Developers grapple with open source software security

Software developers are taking longer to fix vulnerabilities and many do not know about the dependencies of open source software components they are using, study finds
June 22, 2022 22 Jun'22
How TDCX is building a people-centric business

Every digital tool deployed by the Singapore-based services firm is aimed at augmenting the performance and experience of its employees, says TDCX’s group CIO, Byron Fernandez
June 21, 2022 21 Jun'22
Government won’t regulate on professional cyber standards

The government has elected not to proceed with regulatory intervention to embed standards and pathways across the cyber profession
June 21, 2022 21 Jun'22
Microsoft Office 365 has ability to ‘spy’ on workers

Microsoft faces calls for ‘transparency’ over tools in Office 365 that allow employers to read staff emails and monitor their computer use at work
June 20, 2022 20 Jun'22
Lords move to protect cyber researchers from prosecution

A cross-party group in the House of Lords has proposed an amendment to the Product Security and Telecommunications Infrastructure Bill that would address concerns about security researchers or ethical hackers being prosecuted in the course of their ...
June 20, 2022 20 Jun'22
Complex Russian cyber threat requires we go back to basics

The situation in Russia is anything but simple, but it is the fundamentals of cyber security hygiene that pose the best defence against the country’s digital threat, as Mandiant’s Jamie Collier explains
June 19, 2022 19 Jun'22
Aussie mobile users most vulnerable to security threats

Australia has the highest percentage of mobile app threats detected on a per-device basis, with iPhone users more likely to download a risky app than an Android user, study finds
June 17, 2022 17 Jun'22
MoD sets out strategy to develop military AI with private sector

The UK Ministry of Defence has outlined its intention to work closely with the private sector to develop and deploy a range of artificial intelligence-powered technologies, committing to ‘lawful and ethical AI use’
June 16, 2022 16 Jun'22
Office 365 loophole may give ransomware an easy shot at your files

Researchers at Proofpoint have discovered potentially dangerous Microsoft Office 365 functionality that they believe may give ransomware a clear shot at files stored on SharePoint and OneDrive
June 16, 2022 16 Jun'22
Interpol arrests thousands in global cyber fraud crackdown

A two-month operation saw law enforcement agencies in 76 countries crack down on organised cyber fraud
June 15, 2022 15 Jun'22
Patch Tuesday dogged by concerns over Microsoft vulnerability response

The last Patch Tuesday in its current form is overshadowed by persistent concerns about how Microsoft deals with vulnerability disclosure
June 14, 2022 14 Jun'22
MS Azure Synapse vulnerability fixed after six-month slog

Microsoft patched a critical Azure Synapse vulnerability twice, but each time the researcher who discovered it was able to bypass it with ease, leading to a lengthy saga
June 13, 2022 13 Jun'22
Government recommits to UK’s cyber future in Digital Strategy

New strategy leans heavily on cyber security but stops short of announcing any initiatives that have not already been launched or heavily trailed
June 13, 2022 13 Jun'22
New warning over tech suppliers in thrall to hostile governments

Ukraine war could lead to shakeup of dual-use tech exports, says former UK intelligence officer
June 13, 2022 13 Jun'22
Qatar bolsters cyber security in preparation for World Cup

With hackers honing their cyber weapons to target the upcoming football World Cup, Qatar is busy developing countermeasures and raising awareness
June 10, 2022 10 Jun'22
Snake Keylogger climbing malware charts, says Check Point

Cyber criminals behind Snake Keylogger campaigns have been switching up their tactics in the past few weeks, say researchers
June 09, 2022 09 Jun'22
SolarWinds CEO offers to commit staffers to government cyber agencies

A new proposal from SolarWinds’ outspoken CEO, Sudhakar Ramakrishna, could see software companies commit key staff to work with government cyber agencies to improve cooperation and incident response
June 09, 2022 09 Jun'22
Cyber researchers step in to fill Patch Tuesday’s shoes

Afraid you’ll miss Patch Tuesday when it’s gone? You’re not alone, but security analysts at Recorded Future are taking action to help the community come to terms with its loss
June 08, 2022 08 Jun'22
China using top consumer routers to hack Western comms networks

An advisory from US cyber authorities shares details of multiple vulnerabilities exploited by Chinese state actors to hack into Western telecoms networks
May 31, 2022 31 May'22
Researchers discover zero-day Microsoft vulnerability in Office

Malicious Word documents have been used to invoke a previously undisclosed vulnerability in Microsoft Office without user interaction through Windows utility functions
May 31, 2022 31 May'22
Industrial systems not safe for the future, say Dutch ethical hackers

Ethical hackers in the Netherlands say operational technology and IT networks need to be integrated to prevent cyber attacks penetrating their operations
May 26, 2022 26 May'22
Two-thirds of UK organisations defrauded since start of pandemic

Nearly two out of three UK companies say they have experienced some form of fraud or economic crime in the past two years, according to a report
May 26, 2022 26 May'22
Most CFOs being left out of ransomware conversations

Barely a tenth of CFOs are actively involved in planning for cyber attacks, according to a report
May 24, 2022 24 May'22
Ransomware volumes grew faster than ever in 2021

Verizon’s annual DBIR assessment of the security landscape highlights an unprecedented boom in ransomware volumes, to the surprise of nobody
May 23, 2022 23 May'22
Did the Conti ransomware crew orchestrate its own demise?

Analysts examining the shutdown of the Conti ransomware syndicate suggest the cyber crime collective orchestrated its own demise
May 23, 2022 23 May'22
How Ivanti views patch management with a security lens

Bringing development, operations and security teams together will help organisations to improve their visibility of IT assets and vulnerabilities while keeping threat actors at bay
May 20, 2022 20 May'22
Applying international law to cyber will be a tall order

Many in the security community have voiced their support for the UK government’s ambitions to work towards agreement with other countries on the application of international law to cyber space, but not without some reservations
May 20, 2022 20 May'22
Microsoft drops emergency patch after Patch Tuesday screw up

Microsoft fixed a certificate mapping issue that caused server authentication failures on domain controllers for users that had installed the most recent Patch Tuesday updates
May 20, 2022 20 May'22
Former Welsh steelworks becomes ‘living’ cyber lab

ResilientWorks security centre in Ebbw Vale provides an education hub for students and a testbed for industry
May 19, 2022 19 May'22
Defensive cyber attacks may be justified, says attorney general

Speaking ahead of a speech at the Chatham House think tank, the UK’s attorney general has suggested defensive cyber attacks against hostile countries may be legally justifiable
May 19, 2022 19 May'22
Top cyber criminal earnings outpace those of business leaders

Cyber crime can pay significantly better than leading a FTSE 100 organisation, according to a report
May 19, 2022 19 May'22
Red teaming will be standard in Dutch governmental organisations by 2025

The Dutch government wants to include the testing of the digital security of systems, processes and people – also known as red teaming – in all of its governmental organisations’ test planning and budgeting by 2025 at the latest
May 17, 2022 17 May'22
(ISC)² to train 100,000 cyber pros in UK

Security association (ISC)² unveils ambitious UK training programme
May 17, 2022 17 May'22
Australian CISOs least prepared for cyber attacks

Australian CISOs are under pressure and feel the least prepared globally to deal with the consequences of a cyber attack, study finds
May 16, 2022 16 May'22
Keeping Singapore’s critical systems secure

Tracy Thng offers a glimpse into her work in strengthening the cyber resilience of 11 essential service sectors in Singapore
May 13, 2022 13 May'22
Open source community sets out path to secure software

A 10-point plan to improve the security and resilience of open source software was presented this week at a summit in the US
May 12, 2022 12 May'22
GPDPR data scrape a ‘mistake’, says leading scientist

Giving evidence to the Science and Technology Committee, academic, physician and science writer Ben Goldacre has expressed serious misgivings about the on-hold GPDPR NHS data scrape