News

Security policy and user awareness

• November 14, 2024 14 Nov'24

  Williams Racing F1 team supports kids cyber campaign

  A multi-region campaign will teach pre-teen children cyber security basics – with a little help from Formula 1 star Alex Albon

• November 14, 2024 14 Nov'24

  Ping CEO on ForgeRock integration and future of identity

  Ping Identity CEO Andre Durand discusses the company’s unified roadmap, commitment to customer stability and growth plans in the evolving identity landscape following the merger with ForgeRock

• November 12, 2024 12 Nov'24

  Microsoft fixes 89 CVEs on penultimate Patch Tuesday of 2024

  High-profile vulns in NTLM, Windows Task Scheduler, Active Directory Certificate Services and Microsoft Exchange Server should be prioritised from November’s Patch Tuesday update

• November 12, 2024 12 Nov'24

  Zero-day exploits increasingly sought out by attackers

  Threat actors increasingly favour zero-day exploits to attack their victims before patches become available, according to the NCSC and CISA, which have just published a list of the most widely used vulnerabilities of 2023

• November 07, 2024 07 Nov'24

  Google Cloud MFA enforcement meets with approval

  Latest Google Cloud policy to enforce multifactor authentication across its user base is welcomed by security professionals

• November 07, 2024 07 Nov'24

  AI a force multiplier for the bad guys, say cyber pros

  CIISec’s annual report on the security profession finds evidence of growing concern that artificial intelligence will ultimately prove more useful to threat actors than defenders

• November 01, 2024 01 Nov'24

  CISA looks to global collaboration as fraught US election begins

  The US' CISA cyber agency has unveiled a two-year International Strategic Plan to advance collaboration and improve resilience against shared risks and threats

• October 29, 2024 29 Oct'24

  EMEA businesses siphoning budgets to hit NIS2 goals

  With NIS2 now in effect, European business leaders are having to divert budget from elsewhere to achieve compliance

• October 28, 2024 28 Oct'24

  Russian Linux kernel maintainers blocked

  To ensure compliance, the Linux kernel will no longer allow Russian software developers to work on maintaining the codebase

• October 28, 2024 28 Oct'24

  UK launches cyber guidance package for tech startups

  The NCSC and NPSA, alongside agencies from the Five Eyes alliance, have issued guidance for startups on how to secure themselves against common cyber threats and targeted industrial espionage

• October 25, 2024 25 Oct'24

  Dutch critical infrastructure at risk despite high leadership confidence

  Stark paradox in Dutch cyber security landscape has business leaders expressing high confidence in their IT infrastructure as cyber attacks rise

• October 22, 2024 22 Oct'24

  Danish government reboots cyber security council amid AI expansion

  Denmark’s government relaunches digital security initiative to protect business sectors and society at large

• October 21, 2024 21 Oct'24

  Can AI be secure? Experts discuss emerging threats and AI safety

  International cyber security experts call for global cooperation and proactive strategies to address the security challenges posed by artificial intelligence

• October 17, 2024 17 Oct'24

  EU cyber security bill NIS2 hits compliance deadline

  The EU’s NIS2 bill will harmonise how companies and member states approach cyber security, but its success will depend on how well it is implemented and enforced

• October 15, 2024 15 Oct'24

  NCSC expands school cyber service to academies and private schools

  The National Cyber Security Centre is expanding its PDNS for Schools service to encompass a wider variety of institutions up and down the UK

• October 10, 2024 10 Oct'24

  NCSC issues fresh alert over wave of Cozy Bear activity

  The NCSC, FBI and NSA publish updated warning about Cozy Bear’s activities, highlighting a range of vulnerabilities the threat actor is using to set up its cyber attacks

• October 10, 2024 10 Oct'24

  Government launches cyber standard for local authorities

  Local government bodies are being invited to take advantage of a new NCSC-derived Cyber Assessment Framework to help enhance their resilience and ward off cyber attacks

• October 09, 2024 09 Oct'24

  MoneyGram customer data breached in attack

  MoneyGram confirms that customer data has been stolen in an incident that appears to have started with a social engineering attack on its IT helpdesk staff

• October 09, 2024 09 Oct'24

  Five zero-days to be fixed on October Patch Tuesday

  Stand-out vulnerabilities in Microsoft’s latest Patch Tuesday drop include problems in Microsoft Management Console and the Windows MSHTML Platform

• October 09, 2024 09 Oct'24

  UK Cyber Team seeks future security professionals

  Young people from across the UK have a chance to represent the country in international competitions and advance their future careers in cyber security

• October 08, 2024 08 Oct'24

  Secureworks: Ransomware takedowns didn’t put off cyber criminals

  The number of active cyber criminal ransomware gangs has surged by almost a third in the space of 12 months, according to the latest intelligence from Secureworks

• October 04, 2024 04 Oct'24

  NCSC celebrates eight years as Horne blows in

  Outgoing NCSC interim leader Felicity Oswald shares her thoughts on the body’s work over the past eight years as she hands over the reins to incoming CEO Richard Horne

• October 03, 2024 03 Oct'24

  Microsoft files lawsuit to seize domains used by Russian spooks

  Microsoft has been given permission to seize multiple domains used by the Russian state threat actor Star Blizzard as part of a coordinated disruption effort undertaken ahead of the US elections

• October 02, 2024 02 Oct'24

  UK and Singapore to collaborate on supporting ransomware victims

  At the fourth Counter Ransomware Initiative Summit in the US, both the UK and Singapore have committed to working on new guidance designed to better support victims and undermine cyber criminal business models

• October 02, 2024 02 Oct'24

  Cyber UK’s quickest growing tech field, but skills gap remains

  More people than ever are joining the cyber security profession in the UK, according to a report, but there is still a serious shortage even with a doubling in numbers

• October 01, 2024 01 Oct'24

  Unmasked: The Evil Corp cyber gangster who worked for LockBit

  The NCA has named and shamed a prominent member of the Evil Corp cyber crime collective who also worked as an affiliate of the LockBit ransomware gang as the UK unveils new sanctions against 16 Russian cyber criminals

• October 01, 2024 01 Oct'24

  Cyber teams say they can’t keep up with attack volumes

  Over 60% of European security pros say their teams are understaffed, and over 50% don’t have enough budget, according to data from ISACA

• September 27, 2024 27 Sep'24

  UK on high alert over Iranian spear phishing attacks, says NCSC

  The NCSC and counterpart agencies in the US have issued a warning over enhanced Iranian spear phishing activity targeting politicians, journalists, activists and others with an interest in Middle Eastern affairs

• September 26, 2024 26 Sep'24

  Racist Network Rail Wi-Fi hack was work of malicious insider

  Police have revealed that this week’s racist cyber attack on public Wi-Fi networks at stations across the UK appears to have been the work of a malicious insider, after arresting an employee of one of the service providers

• September 24, 2024 24 Sep'24

  Unique malware sample volumes seen surging

  BlackBerry’s latest ‘Global threat intelligence’ report details a surge in unique malware samples as threat actors ramp up the pace of targeted attacks

• September 23, 2024 23 Sep'24

  Microsoft shares progress on Secure Future Initiative

  Microsoft has published a progress report on its Secure Future Initiative, launched last year in the wake of multiple security incidents, and made a series of commitments to improve its internal cyber culture

• September 18, 2024 18 Sep'24

  NCSC exposes Chinese company running malicious Mirai botnet

  The NCSC and its Five Eyes allies have published details of the activities of a China-based cyber security company that is operating a Mirai IoT botnet in the service of government-backed intrusions

• September 13, 2024 13 Sep'24

  Cyber workforce must almost double to meet global talent need

  Research from ISC2 finds global cyber workforce needs additional 4.8 million people to fully secure businesses

• September 11, 2024 11 Sep'24

  How Sonar is elevating code quality in the age of AI

  Sonar’s code quality platform helps developers maintain secure, high-quality code amid the rise of artificial intelligence-based coding assistants, now expanding into the Asian market

• September 11, 2024 11 Sep'24

  ICO and NCA sign MoU to provide joint support for cyber crime victims

  UK data protection watchdog joins forces with law enforcement agency to provide more support for organisations that fall victim to cyber crime and ransomware attacks

• September 10, 2024 10 Sep'24

  JFrog and GitHub unveil open source security integrations

  Secure software specialist JFrog is working with code development service GitHub to integrate the onboard capabilities of its Software Supply Chain Platform service into GitHub’s platform

• September 05, 2024 05 Sep'24

  NCSC and allies call out Russia's Unit 29155 over cyber warfare

  The NCSC and counterpart agencies from the US and other countries have exposed a long-running campaign of Russian cyber espionage and warfare conducted by GRU Unit 29155

• September 05, 2024 05 Sep'24

  Fog ransomware crew evolving into wide-ranging threat

  The emergent Fog ransomware gang appears to be changing up its victimology in search of more cash-rich victims

• September 05, 2024 05 Sep'24

  Canadian arrested by France after cooperating with US on Sky ECC cryptophone investigation

  Thomas Herdman, who faces charges in France over his involvement in distributing Sky ECC encrypted phones, was arrested by French police despite agreeing to cooperate with US law enforcement

• September 04, 2024 04 Sep'24

  Fraud and scam complaints hit highest ever level in UK

  The Financial Ombudsman Service says it recorded almost 9,000 complaints about fraud and scams from April to June, the most ever recorded

• August 29, 2024 29 Aug'24

  Check Point secured for annual Security Serious cyber awards

  The annual Security Serious Unsung Heroes awards, recognising the champions of the UK cyber security industry, are back once again, with a new headline sponsor joining the party

• August 29, 2024 29 Aug'24

  Iranian APT caught acting as access broker for ransomware crews

  Members of Iran-backed Pioneer Kitten APT appear to be trying to supplement their pay packets by helping Russian-speaking ransomware gangs to access their victims in exchange for a cut of the profits

• August 28, 2024 28 Aug'24

  Iranian APT Peach Sandstorm teases new Tickler malware

  Peach Sandstorm, an Iranian state threat actor, has developed a dangerous new malware strain that forms a key element of a rapidly evolving attack sequence

• August 28, 2024 28 Aug'24

  Global cyber spend to rise 15% in 2025, pushed along by AI

  Security spending will increase at pace in 2025, with artificial intelligence, cloud and consultancy services all pushing outlay to new highs, according to Gartner

• August 22, 2024 22 Aug'24

  New Qilin tactics a ‘bonus multiplier’ for ransomware chaos

  Sophos X-Ops caught the Qilin ransomware gang stealing credentials stored by victims' employees in Google Chrome, heralding further cyber attacks and breaches down the line.

• August 21, 2024 21 Aug'24

  Pakistani national arrested over Southport ‘cyber terrorism’

  Authorities in Pakistan have arrested a man on suspicion of cyber terrorism over his role in the spread of online misinformation in the wake of the Southport knife attack

• August 20, 2024 20 Aug'24

  Phishing links becoming bigger threat than email attachments

  Phishing techniques are evolving away from malicious email attachments, according to a report

• August 19, 2024 19 Aug'24

  Challenges of deploying PQC globally

  Quantum computers will eventually be powerful and reliable enough to crack strong encryption. PQC is the answer, but it could take years to deploy

• August 16, 2024 16 Aug'24

  Thousands of NetSuite customers accidentally exposing their data

  Misconfigured permissions across live websites are leaving thousands of NetSuite users open to having their valuable customer data stolen, researchers say

• August 14, 2024 14 Aug'24

  August Patch Tuesday proves busy with six zero-days to fix

  Microsoft patches six actively exploited zero-days among over 100 issues during its regular monthly update