News
Security policy and user awareness
-
January 16, 2025
16
Jan'25
Biden signs new cyber order days before Trump inauguration
With days left in the White House, outgoing US president Joe Biden has signed a wide-ranging cyber security executive order with far-reaching implications
-
January 16, 2025
16
Jan'25
Almost half of UK banks set to miss DORA deadline
A significant minority of financial services organisations in the UK will not be fully compliant with the EU’s DORA cyber and risk management regulation when it comes into force on 17 January
-
January 15, 2025
15
Jan'25
Users protest, flee TikTok as clock ticks on US ban
As the US Supreme Court prepares to rule on the future of TikTok, rumours of a sale are swirling around Washington DC while panicked users make plans for an exodus
-
January 15, 2025
15
Jan'25
Biggest Patch Tuesday in years sees Microsoft address 159 vulnerabilities
The largest Patch Tuesday of the 2020s so far brings fixes for more than 150 CVEs ranging widely in their scope and severity – including eight zero-day flaws
-
January 13, 2025
13
Jan'25
UK government plans to extend ransomware payment ban
A ban on ransomware payments by UK government departments will be extended to cover organisations such as local councils, schools and the NHS should new government proposals move forward
-
January 13, 2025
13
Jan'25
CNI operators should ask these 12 questions of their OT suppliers
The NCSC, CISA and others have set out 12 cyber security considerations CNI organisations and other users of operational technology should incorporate into their buying processes to force their suppliers to do better
-
January 13, 2025
13
Jan'25
UK government unveils AI-fuelled industrial strategy
Labour plans to implement the 50 recommendations set out by entrepreneur Matt Clifford to boost the use of AI in the UK
-
January 10, 2025
10
Jan'25
Mandiant: Latest Ivanti vulns exploited by Chinese cyber spooks
Threat actors are once again lining up to exploit vulnerabilities in the widely used Ivanti product suite, with an apparent link to Chinese espionage activity
-
January 07, 2025
07
Jan'25
Regional skills plan to boost UK cyber defences
Over 30 projects in England and Northern Ireland will receive a share of a £1.9m fund designed to enhance cyber security skills and protect small businesses
-
December 19, 2024
19
Dec'24
LockBit ransomware gang teases February 2025 return
An individual associated with the LockBit ransomware gang has broken cover to tease details of a new phase of the cyber criminal operation's activity, which they claim is set to begin in February 2025
-
December 19, 2024
19
Dec'24
Latest attempt to override UK’s outdated hacking law stalls
Amendments to the Data Bill that would have given the UK cyber industry a boost by updating restrictive elements of the Computer Misuse Act have failed to progress beyond a Lords committee
-
December 19, 2024
19
Dec'24
French court refuses to expedite trial of Sky ECC cryptophone distributor Thomas Herdman
Canadian businessman Thomas Herdman, who was arrested by French police despite agreeing a deal to cooperate with US investigators, has been denied bail after 42 months in pre-trial detention
-
December 18, 2024
18
Dec'24
The Security Interviews: Martin Lee, Cisco Talos
Threat intel expert and author Martin Lee, EMEA technical lead for security research at Cisco Talos, joins Computer Weekly to mark the 35th anniversary of the first ever ransomware attack
-
December 18, 2024
18
Dec'24
Top 10 cyber security stories of 2024
Data breaches, data privacy and protection, and the thorny issue of open source security were all hot topics this year. Meanwhile, security companies frequently found themselves hitting the headlines, and not always for good reasons. Here are ...
-
December 18, 2024
18
Dec'24
Top 10 cyber crime stories of 2024
From ransomware targeting the NHS to nation-state-backed intrusions, 2024 was another big year for cyber criminals and cyber spooks alike, but they didn't have it all their own way as the good guys fought back
-
December 16, 2024
16
Dec'24
The Security Interviews: Stephen McDermid, Okta
Okta regional chief security officer for EMEA sits down with Dan Raywood to talk about how Okta is pivoting to a secure-by-design champion
-
December 13, 2024
13
Dec'24
Computer Misuse Act reform gains traction in Parliament
An amendment to the proposed Data (Access and Use) Bill that will right a 35-year-old wrong and protect security professionals from criminalisation is to be debated at Westminster
-
December 12, 2024
12
Dec'24
Emerging Ymir ransomware heralds more coordinated threats in 2025
A newly observed ransomware strain has the community talking about more collaboration, and blurred lines, between threat groups next year, according to NCC’s monthly cyber barometer
-
December 10, 2024
10
Dec'24
Dangerous CLFS and LDAP flaws stand out on Patch Tuesday
Microsoft has fixed over 70 CVEs in its final Patch Tuesday update of the year, and defenders should prioritise a zero-day in the Common Log File System Driver, and another impactful flaw in the Lightweight Directory Access Protocol
-
December 10, 2024
10
Dec'24
iOS vuln leaves user data dangerously exposed
Jamf threat researchers detail an exploit chain for a recently patched iOS vulnerability that enables a threat actor to steal sensitive data, warning that many organisations are still neglecting mobile updates
-
December 06, 2024
06
Dec'24
US TikTok ban imminent after appeal fails
TikTok’s appeal against a US government ban has failed, with a judge dismissing its arguments that its First Amendment free speech rights are being restricted
-
December 04, 2024
04
Dec'24
Nordics move to deepen cyber security cooperation
Nordic countries are increasing collaboration on cyber security amid more sophisticated and aggressive attacks
-
December 03, 2024
03
Dec'24
US updates telco security guidance after mass Chinese hack
Following the widespread Salt Typhoon hacks of US telecoms operators including AT&T and Verizon, CISA and partner agencies have launched refreshed security guidance for network engineers and defenders alike
-
December 02, 2024
02
Dec'24
APAC businesses face cyber onslaught
The Asia-Pacific region is a cyber security hotspot, enduring significantly more cyber attacks than the global average, with AI-powered threats and skills shortages exacerbating the problem
-
December 02, 2024
02
Dec'24
NCSC boss calls for ‘sustained vigilance’ in an aggressive world
NCSC CEO Richard Horne is to echo wider warnings about the growing number and severity of cyber threats facing the UK as he launches the security body’s eighth annual report
-
November 28, 2024
28
Nov'24
Energy sector’s digital shift opens door to cyber threats
The transition to renewable energy and the increasing integration of IT and OT systems in the energy sector are creating new cyber security challenges
-
November 26, 2024
26
Nov'24
Blue Yonder ransomware attack breaks systems at UK retailers
UK supermarkets continue to deal with the impact of a ransomware attack on the systems of supply chain software supplier Blue Yonder, which is disrupting multiple aspects of their businesses including deliveries and staff management
-
November 26, 2024
26
Nov'24
Russian threat actors poised to cripple power grid, UK warns
UK government escalates cyber rhetoric in a speech at a Nato event, saying Russian advanced persistent threats stand ready to conduct cyber attacks that could ‘turn off the lights for millions’
-
November 25, 2024
25
Nov'24
Microsoft calls on Trump to ‘push harder’ on cyber threats
Microsoft’s Brad Smith urges president-elect Donald Trump to keep the faith when it comes to fighting back against hostile cyber actors from China, Iran and Russia
-
November 25, 2024
25
Nov'24
Geopolitical strife drives increased ransomware activity
The lines between financially motivated cyber criminals and nation state APTs are rapidly blurring, as geopolitical influences weigh heavily on the threat landscape, according to data from NCC
-
November 21, 2024
21
Nov'24
BianLian cyber gang drops encryption-based ransomware
The Australian and American cyber authorities have published updated intelligence on the BianLian ransomware gang, which has undergone a rapid evolution in tactics
-
November 21, 2024
21
Nov'24
Microsoft slaps down Egyptian-run rent-a-phish operation
Microsoft’s Digital Crimes Unit has conducted a successful takedown of almost 250 malicious websites used in the cyber criminal ONNX phishing-as-a-service operation
-
November 18, 2024
18
Nov'24
AWS widening scope of MFA programme after early success
AWS reports strong take-up of multi-factor authentication among customers since making it compulsory for root users earlier this year, and plans to expand the scope of its IAM programme in spring 2025
-
November 18, 2024
18
Nov'24
UK consumers losing more than ever to holiday scams
Last Christmas, UK consumers lost over £11m to cyber criminals. This year, to save them from tears, the NCSC and Action Fraud are teaming up to launch an anti-fraud campaign
-
November 14, 2024
14
Nov'24
Williams Racing F1 team supports kids cyber campaign
A multi-region campaign will teach pre-teen children cyber security basics – with a little help from Formula 1 star Alex Albon
-
November 14, 2024
14
Nov'24
Ping CEO on ForgeRock integration and future of identity
Ping Identity CEO Andre Durand discusses the company’s unified roadmap, commitment to customer stability and growth plans in the evolving identity landscape following the merger with ForgeRock
-
November 12, 2024
12
Nov'24
Microsoft fixes 89 CVEs on penultimate Patch Tuesday of 2024
High-profile vulns in NTLM, Windows Task Scheduler, Active Directory Certificate Services and Microsoft Exchange Server should be prioritised from November’s Patch Tuesday update
-
November 12, 2024
12
Nov'24
Zero-day exploits increasingly sought out by attackers
Threat actors increasingly favour zero-day exploits to attack their victims before patches become available, according to the NCSC and CISA, which have just published a list of the most widely used vulnerabilities of 2023
-
November 07, 2024
07
Nov'24
Google Cloud MFA enforcement meets with approval
Latest Google Cloud policy to enforce multifactor authentication across its user base is welcomed by security professionals
-
November 07, 2024
07
Nov'24
AI a force multiplier for the bad guys, say cyber pros
CIISec’s annual report on the security profession finds evidence of growing concern that artificial intelligence will ultimately prove more useful to threat actors than defenders
-
November 01, 2024
01
Nov'24
CISA looks to global collaboration as fraught US election begins
The US' CISA cyber agency has unveiled a two-year International Strategic Plan to advance collaboration and improve resilience against shared risks and threats
-
October 29, 2024
29
Oct'24
EMEA businesses siphoning budgets to hit NIS2 goals
With NIS2 now in effect, European business leaders are having to divert budget from elsewhere to achieve compliance
-
October 28, 2024
28
Oct'24
Russian Linux kernel maintainers blocked
To ensure compliance, the Linux kernel will no longer allow Russian software developers to work on maintaining the codebase
-
October 28, 2024
28
Oct'24
UK launches cyber guidance package for tech startups
The NCSC and NPSA, alongside agencies from the Five Eyes alliance, have issued guidance for startups on how to secure themselves against common cyber threats and targeted industrial espionage
-
October 25, 2024
25
Oct'24
Dutch critical infrastructure at risk despite high leadership confidence
Stark paradox in Dutch cyber security landscape has business leaders expressing high confidence in their IT infrastructure as cyber attacks rise
-
October 22, 2024
22
Oct'24
Danish government reboots cyber security council amid AI expansion
Denmark’s government relaunches digital security initiative to protect business sectors and society at large
-
October 21, 2024
21
Oct'24
Can AI be secure? Experts discuss emerging threats and AI safety
International cyber security experts call for global cooperation and proactive strategies to address the security challenges posed by artificial intelligence
-
October 17, 2024
17
Oct'24
EU cyber security bill NIS2 hits compliance deadline
The EU’s NIS2 bill will harmonise how companies and member states approach cyber security, but its success will depend on how well it is implemented and enforced
-
October 15, 2024
15
Oct'24
NCSC expands school cyber service to academies and private schools
The National Cyber Security Centre is expanding its PDNS for Schools service to encompass a wider variety of institutions up and down the UK
-
October 10, 2024
10
Oct'24
NCSC issues fresh alert over wave of Cozy Bear activity
The NCSC, FBI and NSA publish updated warning about Cozy Bear’s activities, highlighting a range of vulnerabilities the threat actor is using to set up its cyber attacks