News

Security policy and user awareness

• January 17, 2024 17 Jan'24

  The Security Interviews: Rebecca Taylor, SecureWorks Counter Threat Unit

  In October 2023, Rebecca Taylor of the SecureWorks Counter Threat Unit was recognised at the annual Security Serious Unsung Heroes Awards for her work. Computer Weekly caught up with her to talk mentoring, cyber career development and diversity

• January 17, 2024 17 Jan'24

  Victims of 2023 Capita data breaches head to High Court

  More than 5,000 people impacted by data breaches arising from two cyber incidents affecting outsourcer Capita have joined a group action lawsuit

• January 17, 2024 17 Jan'24

  Singapore proposes governance framework for generative AI

  AI Verify Foundation and Infocomm Media Development Authority have proposed a governance framework for generative AI to address the risks and concerns about the emerging technology

• January 16, 2024 16 Jan'24

  Kaspersky shares Pegasus spyware-hunting tool

  Kaspersky has developed a way of easily exposing the presence of Pegasus spyware on iOS devices and believes its methodology may also help users identify other such surveillance malware

• January 15, 2024 15 Jan'24

  Russia hacked ex-MI6 chief’s emails – what they reveal is more Dad’s Army than deep state

  A Russian hacking group that published emails of ex-MI6 chief Richard Dearlove claimed to have uncovered a conspiracy, but it was more Dad’s Army than the ‘deep state’, Computer Weekly and Byline Times reveal

• January 15, 2024 15 Jan'24

  NCA director sacked after WhatsApp and email security breaches

  Nikki Holland, former director of investigations at the NCA, was sacked for “misconduct” after sending sensitive NCA information over personal email and WhatsApp

• January 10, 2024 10 Jan'24

  Windows Kerberos, Hyper-V vulns among January Patch Tuesday bugs

  Microsoft starts 2024 right with another slimline Patch Tuesday drop, but there are some critical vulns to be alert to, including a number of man-in-the-middle attack vectors

• January 10, 2024 10 Jan'24

  SEC social media hack highlights value of MFA

  The US SEC briefly appeared to approve new bitcoin trading rules after a social media account was targeted by troublemakers, proving the value of MFA once again

• January 09, 2024 09 Jan'24

  Study reveals cyber risks to US elections

  With the 2024 US presidential election cycle beginning, a study produced by Arctic Wolf has highlighted big gaps in preparedness and resourcing at government bodies across the US

• January 08, 2024 08 Jan'24

  British Library ransomware attack could cost up to £7m

  The cost of recovering the British Library’s ransomware-stricken IT systems could be up to £7m, it has emerged

• January 03, 2024 03 Jan'24

  Dutch working to promote cooperation in Europe to keep internet safe

  A Dutch cooperative approach offers national and international cooperation opportunities for ISPs to guard against DDoS attacks, lawful interception and detect abuse in networks

• January 02, 2024 02 Jan'24

  China’s UNC4841 pivots to new Barracuda ESG zero-day

  The Chinese state threat actor behind a series of cyber attacks on Barracuda Networks customers embarked on a campaign targeting the supplier’s email security products in the run-up to Christmas

• December 21, 2023 21 Dec'23

  Top 10 cyber crime stories of 2023

  Ransomware gangs dominated the cyber criminal underworld in 2023, a year that will prove notable for significant evolutionary trends in their tactics

• December 19, 2023 19 Dec'23

  Top 10 cyber security stories of 2023

  The past 12 months have seen the security agenda dominated by the usual round of vulnerabilities, concerns over supply chain security and more besides, but it was the chaotic state of global geopolitics that really made an impact

• December 14, 2023 14 Dec'23

  The Security Interviews: Talking identity with Microsoft’s Joy Chik

  Microsoft’s president of identity and network access, Joy Chik, joins Computer Weekly to discuss the evolving threat landscape in identity security, using innovations in artificial intelligence to stay ahead, and advocating for the coming ...

• December 14, 2023 14 Dec'23

  NCSC CEO Lindy Cameron to step down in 2024

  NCSC chief exec Lindy Cameron, who helped lead and elevate the national dialogue on cyber security through major events such as Covid-19, SolarWinds Sunburst and Colonial Pipeline, is to step down in the New Year

• December 13, 2023 13 Dec'23

  Microsoft’s Christmas present for cyber teams: no zero-days

  Barely 30 vulnerabilities, and no zero-days, have been fixed in the final Patch Tuesday drop of 2023

• December 13, 2023 13 Dec'23

  Critical UK infrastructure a ‘hostage of fortune’ to ransomware

  A lack of ransomware planning and preparedness at the highest levels of government is leaving UK operators or critical national infrastructure dangerously exposed, according to a Joint Committee report

• December 12, 2023 12 Dec'23

  MoD fined after breach of Afghan staffers’ data put lives at risk

  The MoD has been fined £350,000 by the ICO after an email blunder exposed data on Afghan nationals who had worked with British forces and were at risk of Taliban reprisals

• December 12, 2023 12 Dec'23

  Outdated data protection practice key factor in PSNI data breach

  The August 2023 data breach at the Police Service of Northern Ireland arose chiefly from an outdated approach to data protection and compliance at the force, according to an independent review

• December 08, 2023 08 Dec'23

  Fancy Bear targets Nato entities via critical Outlook flaw

  A vulnerability patched in March has likely been exploited by the Russian state actor Fancy Bear, for over two years, according to the latest intelligence

• December 07, 2023 07 Dec'23

  UK names Russian FSB agents behind political hacking campaign

  Russian hacking group, Star Blizzard, was part of a Russian intelligence operation aimed at interfering with UK politics and the democratic process, says government.

• December 07, 2023 07 Dec'23

  2023 may have seen highest ransomware ‘body count’ yet

  Ransomware, or cyber extortion as it is increasingly being termed, remained the most prominent security threat in 2023 – and thanks to large-scale supply chain attacks, the past 12 months may have seen the most victims ever

• December 06, 2023 06 Dec'23

  Government launches UK-wide Cyber Explorers Cup

  Schoolkids across the UK are being called on to team up and defeat Herbert the Hacker in a new government-backed competition

• December 05, 2023 05 Dec'23

  Operator of Sellafield nuclear facility denies hacking claims

  The operator of the Sellafield nuclear site has denied allegations that senior managers covered up a series of cyber security lapses that enabled Chinese and Russian threat actors to compromise its networks

• December 01, 2023 01 Dec'23

  Report reveals sorry state of cyber security at UK football clubs

  Football clubs up and down the country are putting staff, players and fans alike at risk through outdated attitudes to cyber security, according to a report

• November 30, 2023 30 Nov'23

  Government’s Online Fraud Charter welcomed

  The government has corralled 11 of the largest tech platforms in the world to commit to its Online Fraud Charter, designed to tackle online scams, fake adverts, and more

• November 29, 2023 29 Nov'23

  Scope of Okta helpdesk breach widens to impact all users

  Okta has widened the scope of the October breach of its systems to include every customer that has used its helpdesk service, after new information came to light

• November 28, 2023 28 Nov'23

  Volume of unique malware samples threatens to overwhelm defenders

  A massive increase in malware volumes could cause problems for security teams tasked with adapting their defences against them

• November 27, 2023 27 Nov'23

  NCSC publishes landmark guidelines on AI cyber security

  The NCSC and its US counterpart CISA have brought together tech companies and governments to countersign a new set of guidelines aimed at promoting a secure-by-design culture in AI development

• November 23, 2023 23 Nov'23

  MOVEit incident spurred UK decision makers to spend big on cyber

  The MOVEit cyber attacks that unfolded in the spring and summer of 2023 seem to have driven an increase in both ransomware awareness and spend, according to a report

• November 23, 2023 23 Nov'23

  Australia ups ante on cyber security

  Australia’s new cyber security strategy will focus on building threat-blocking capabilities, protecting critical infrastructure and improving the cyber workforce, among other priorities

• November 22, 2023 22 Nov'23

  An inside look at a Scattered Spider cyber attack

  Threat researchers at ReliaQuest share the inside track on a Scattered Spider cyber attack they investigated

• November 22, 2023 22 Nov'23

  CISA reveals how LockBit hacked Boeing via Citrix Bleed

  As alarm grows around the world about the impact of the so-called Citrix Bleed vulnerability, Boeing has shared details of its experience at the hands of the LockBit ransomware crew

• November 21, 2023 21 Nov'23

  Over half of SME cyber incidents now ‘malware-free’

  The age of malware-driven cyber attacks may have peaked, at least when it comes to incidents affecting small and medium sized enterprises

• November 21, 2023 21 Nov'23

  Internal documents leaked as Rhysida claims responsibility for British Library ransomware attack

  Ransomware group Rhysida threatens to sell documents stolen from the British Library to the highest bidder

• November 20, 2023 20 Nov'23

  Cubbit DS3 Composer brings DIY cloud to object storage pool

  Cubbit customers can now build and configure S3-compatible clouds from unused capacity and offer MSP-grade services with high levels of resilience, security and data sovereignty

• November 16, 2023 16 Nov'23

  Ransomware gang grasses up uncooperative victim to US regulator

  The ALPHV/BlackCat ransomware gang has added a new tactic to its playbook, going to ever more extreme lengths in search of a pay-off

• November 15, 2023 15 Nov'23

  BlackCat affiliate seen using malvertising to spread ransomware

  Researchers at eSentire identified a wave activity from an ALPHV/BlackCat ransomware affiliate which has adopted a somewhat unusual approach to delivering its locker

• November 09, 2023 09 Nov'23

  Revealed: How Russia’s Sandworm ramped up attacks on Ukraine’s critical infrastructure

  New Mandiant intelligence reveals how the APT known as Sandworm has been evolving its playbook, twisting legitimate executables known as LoLBins into malicious tools as it seeks to disrupt daily life in Ukraine

• November 09, 2023 09 Nov'23

  NCSC makes annual Black Friday plea to consumers

  Ahead of the annual festival of retail avarice, the NCSC is once again asking consumers to do the bare minimum to avoid falling victim to scams

• November 09, 2023 09 Nov'23

  The Security Interviews: Why cyber needs to integrate better

  Cyber security is an intensely technical field, but we shouldn’t ignore the soft skills of communication and collaboration. Wipro’s Tony Buffomante explains why a robust security posture is dependent on a security team engaging with the wider ...

• November 08, 2023 08 Nov'23

  The Security Interviews: ISC2’s Clar Rosso on cyber diversity and policy

  Computer Weekly catches up with ISC2 CEO Clar Rosso to talk about diversifying the cyber workforce and supporting cyber pros as they keep up with growing compliance and security policy demands

• November 07, 2023 07 Nov'23

  Researchers ‘break’ rule designed to guard against Barracuda vulnerability

  Vectra AI researchers found that a Suricata rule designed to detect exploitation of a dangerous Barracuda Email Security Gateway flaw was not entirely effective

• November 07, 2023 07 Nov'23

  Unesco unveils seven-point anti-disinformation plan

  United Nations body outlines seven proposals for civil society, governments, regulators and tech platforms to adopt to combat the source of disinformation

• November 02, 2023 02 Nov'23

  Admins told to take action over F5 Big-IP platform flaws

  Two vulnerabilities in the widely used F5 Networks Big-IP platform are now being exploited in the wild

• November 02, 2023 02 Nov'23

  UK workers exhibit poor security behaviours, report reveals

  Report by KnowBe4 has found that four in five UK workers do not make security-conscious choices, whether in-office, remote or hybrid working

• November 02, 2023 02 Nov'23

  How the UK crime agency repurposed Amazon cloud platform to analyse EncroChat cryptophone data

  UK crime agency repurposed AWS-based analytics platform to triage EncroChat data and identify threats to life in messages sent on encrypted phone network

• November 02, 2023 02 Nov'23

  EU digital ID reforms should be ‘actively resisted’, say experts

  Over 300 cyber security experts have called for the EU to rethink its proposals for eIDAS digital identity reforms, saying some of the provisions risk damaging user privacy and security

• November 01, 2023 01 Nov'23

  Darktrace CEO Poppy Gustafsson on her AI Safety Summit goals

  As the AI Safety Summit at Bletchley Park takes place, Computer Weekly caught up with Darktrace CEO Poppy Gustafsson to find out what one of the UK’s most prominent AI advocates wants from proceedings