News

Security policy and user awareness

• May 11, 2022 11 May'22

  Emotet has commanding lead on Check Point monthly threat chart

  Emotet remains by some margin the most prevalent malware, according to Check Point’s latest monthly statistics

• May 11, 2022 11 May'22

  CyberUK 22: Five Eyes focuses on MSP security

  The western intelligence community has set out practical steps IT service providers and their customers can take to protect themselves

• May 11, 2022 11 May'22

  CyberUK 22: Data-sharing service to protect public from scams

  A new data-sharing service set up by the NCSC and industry partners will give ISPs access to real-time threat data that they can use to block fraudulent websites

• May 11, 2022 11 May'22

  Cyber accreditation body Crest forges new training partnerships

  Crest says partnerships with Hack The Box and Immersive Labs will enhance its members’ defensive and offensive security skills

• May 11, 2022 11 May'22

  Microsoft fixes three zero-days on May Patch Tuesday

  It’s the second-to-last Patch Tuesday as we know it, and Microsoft has fixed a total of 75 bugs, including three zero-days

• May 10, 2022 10 May'22

  ‘Spy cops’ inquiry delves into police relationship with MI5

  There was ‘no filter’ on the information that undercover police officers were collecting on activists throughout the 1970s, despite senior managers and officials involved in directing the surveillance questioning the appropriateness of the ...

• May 10, 2022 10 May'22

  CyberUK 22: Cyber leaders affirm UK’s whole-of-society strategy

  On the opening day of CyberUK 2022, GCHQ director Jeremy Fleming and NCSC CEO Lindy Cameron have spoken of their commitment to the government’s ambition for a whole-of-society cyber strategy

• May 10, 2022 10 May'22

  CyberUK 22: NCSC refreshes cloud security guidance

  The National Cyber Security Centre is revising its cloud guidance as increasing uptake of potentially vulnerable cloud services puts more organisations at risk of compromise

• May 10, 2022 10 May'22

  CyberUK 22: Wales splashes £9.5m on cyber innovation hub

  A new innovation hub hopes to spur on cyber security innovation in Wales

• May 09, 2022 09 May'22

  CyberUK 22: NCSC’s ACD programme blocks 2.7 million scams

  On the opening day of its annual CyberUK event, the NCSC reveals how organisations around the country have used its Active Cyber Defence programme to their advantage

• May 04, 2022 04 May'22

  NHS email accounts hijacked for phishing campaign

  Microsoft credentials targeted in phishing operation using hijacked NHSMail accounts

• May 04, 2022 04 May'22

  Intellectual property theft operation attributed to Winnti group

  Winnti conducted a prolonged cyber espionage campaign that went undetected for years, allowing it to exfiltrate massive amounts of corporate data and intellectual property

• May 03, 2022 03 May'22

  Five TLS comms vulnerabilities hit Aruba, Avaya switching kit

  Five new vulnerabilities in the implementation of transport layer security communications leave several popular switches vulnerable to remote code execution

• April 28, 2022 28 Apr'22

  Ransomware recovery costs dwarf actual ransoms

  The cost of recovering from a ransomware attack far outweighs the ransoms now being demanded by cyber criminals, according to recent data

• April 28, 2022 28 Apr'22

  Manufacturer sues JPMorgan after cyber criminals stole $272m

  Manufacturer files lawsuit alleging that US bank failed to inform it of suspicious transaction activity

• April 28, 2022 28 Apr'22

  Russia plumbs new depths in cyber war on Ukraine

  Microsoft details cyber attacks on Ukrainian civilian communications, nuclear safety authorities, and the exploitation of the destruction of Mariupol in a phishing campaign

• April 27, 2022 27 Apr'22

  Log4Shell, ProxyLogon, ProxyShell among most exploited bugs of 2021

  These 15 CVEs were the most commonly exploited last year, and if you haven’t mitigated against them, now is the time

• April 27, 2022 27 Apr'22

  Leeds Beckett’s ethical hacking platform wins Innovate UK backing

  An ethical hacking and cyber education platform developed at Leeds Beckett University has received a major funding boost to help it launch commercially

• April 27, 2022 27 Apr'22

  BT, Toshiba team on first commercial trial of quantum secured network with EY

  Revolutionary computer infrastructure to be used in trial of management consultancy’s aim to connect quantum secure data transmission between its major London offices

• April 26, 2022 26 Apr'22

  Emotet tests new tricks to thwart enhanced security

  The operators of the Emotet botnet seem to be trying to find a way to get around recent changes made by Microsoft to better protect its users

• April 22, 2022 22 Apr'22

  How Adnovum is leveraging its Swiss roots

  Software company Adnovum is leveraging its strengths in identity and access management and its Swiss heritage as it expands into new markets and areas such as zero-trust security

• April 22, 2022 22 Apr'22

  UAE bolsters cyber security

  The United Arab Emirates has successfully improved its security posture amid mounting cyber threats

• April 21, 2022 21 Apr'22

  Five Eyes in new Russia cyber warning

  Latest cross-body alert warns of Russian threat to utilities and other core elements of national infrastructure

• April 20, 2022 20 Apr'22

  One-third of scams that hit TSB are impersonation fraud

  TSB reports an increase in fraudsters impersonating trusted organisations to trick consumers into making payments to them

• April 20, 2022 20 Apr'22

  AWS fixes vulnerabilities in Log4Shell hot patch

  AWS issues fixes for a series of Log4Shell hot patches after they turned out to leave its services vulnerable to further exploitation

• April 19, 2022 19 Apr'22

  Median threat actor ‘dwell time’ dropped during 2021

  Security teams appear to be getting better at detecting attackers within their networks, according to a report

• April 14, 2022 14 Apr'22

  Lack of expertise hurting UK government’s cyber preparedness

  UK government bodies and critical infrastructure owners cite a lack of staff resources, and internal and external expertise, as hampering factors when it comes to cyber readiness, according to a report

• April 13, 2022 13 Apr'22

  WatchGuard firewall users urged to patch Cyclops Blink vulnerability

  The US authorities have seen fit to add the WatchGuard vulnerability used by Sandworm to build the Cyclops Blink botnet to its list of must-patch vulnerabilities

• April 13, 2022 13 Apr'22

  Microsoft patches two zero-days, 10 critical bugs

  Patch Tuesday is here once again. This month, security teams must fix two privilege escalation zero-days in the Windows Common Log File System Driver and the Windows User Profile Service

• April 13, 2022 13 Apr'22

  Criminals researched hacking TTPs post-breach in ‘messy’ cyber attack

  Sophos shares details of a cyber attack that saw attackers hang out in their victim environment for five months while they prepared to sow further mischief

• April 12, 2022 12 Apr'22

  Universal IAM policy failings put cloud environments at risk

  Almost all organisations lack appropriate IAM policy controls to effectively secure their data in the cloud, according to a damning study

• April 11, 2022 11 Apr'22

  Open source CMS platform Directus patches XSS bug

  A stored cross-site scripting vulnerability in the Directus platform could have enabled malicious actors to gain access to valuable data

• April 11, 2022 11 Apr'22

  Raspberry Pi Foundation ditches default username policy

  Raspberry Pi owners will no longer be able to use the default ‘pi’ username, as the Raspberry Pi Foundation clamps down on insecure practices

• April 11, 2022 11 Apr'22

  Nordic countries discuss joint cyber defence capability

  Nordic countries are in talks to increase their cyber defences in the face of the threat from Russia

• April 08, 2022 08 Apr'22

  Was Spring4Shell a lot of hot air? No, but...

  Find out why Spring4Shell was apparently not as impactful a security problem as many had at first feared, and why it’s on the cyber community as a whole to do better

• April 06, 2022 06 Apr'22

  Apple criticised over unpatched CVEs in Catalina, Big Sur

  Apple patched two zero-days in macOS Monterey last week, but did not address the same issue in Catalina or Big Sur, raising questions

• April 05, 2022 05 Apr'22

  Secrecy over police EncroChat hacking is unconstitutional, defence lawyers tell top French court

  France’s constitutional court, the Conseil Constitutionnel, has heard arguments that the use of ‘defence secrecy’ to withhold information about police surveillance operations breaches the French constitution

• April 05, 2022 05 Apr'22

  Triple-threat Borat malware no joke for victims

  Unlike its namesake, the newly discovered Borat malware won’t raise a smile for IT security pros

• April 01, 2022 01 Apr'22

  Apple drops emergency patches for two zero-days

  Apple has fixed two zero-day vulnerabilities that appear to have been actively exploited in the wild

• March 31, 2022 31 Mar'22

  Global upheaval shows cyber security isn’t good enough, says GCHQ director

  Generational global upheaval has laid bare significant gaps in national cyber strategies, GCHQ chief Jeremy Fleming has said in a speech

• March 31, 2022 31 Mar'22

  Lapsus$ cyber crime spree continues despite arrests

  The arrests of seven people in connection with the Lapsus$ cyber crime group has not dented the gang’s enthusiasm for causing chaos

• March 30, 2022 30 Mar'22

  One-third of UK firms suffer a cyber attack every week

  New statistics from the annual DCMS Cyber security breaches survey reveal the extent and frequency with which UK organisations are being attacked by malicious actors

• March 30, 2022 30 Mar'22

  Australia to spend A$9.9bn on intelligence and cyber capabilities

  The Morrison government is investing in a landmark package of measures to shore up the intelligence and cyber security capabilities of the Australian Signals Directorate

• March 29, 2022 29 Mar'22

  NCSC: Not necessarily wise to ditch Kaspersky

  UK’s National Cyber Security Centre issues refreshed guidance on organisations’ usage of technology and services of Russian origin, but stops short of advising users to expunge all Russian products from their IT estates

• March 29, 2022 29 Mar'22

  Wave of Log4j-linked attacks targeting VMware Horizon

  Sophos issues a new warning to organisations that have so far failed to patch their VMware Horizon servers against Log4Shell

• March 29, 2022 29 Mar'22

  FCA reports 52% jump in security incidents

  The Financial Conduct Authority received 116 cyber incident reports in 2021, a fifth of them involving ransomware

• March 29, 2022 29 Mar'22

  Singapore rolls out cyber security certification scheme

  Two new cyber security marks are expected to provide an edge for Singapore businesses with good cyber security practices

• March 28, 2022 28 Mar'22

  IT professionals wary of government campaign to limit end-to-end encryption

  Members of the Chartered Institute of IT, the professional body for technology professionals in the UK, warn against limiting end-to-end encryption

• March 24, 2022 24 Mar'22

  Anonymous claims it has hacked the Central Bank of Russia

  Hackers operating under the Anonymous banner claim to have stolen more than 35,000 sensitive files from the Central Bank of Russia as part of its cyber war against the Russian state

• March 24, 2022 24 Mar'22

  Ransomware demands and payments increase with use of leak sites

  Ransomware demands and payments continue to climb as gangs increasingly turn to Dark Web leak sites to add pressure on victims