News

Security policy and user awareness

• October 27, 2023 27 Oct'23

  Tech firms cite risk to end-to-end encryption as Online Safety Bill gets royal assent

  Tech firms continue to be concerned that the Online Safety Bill could undermine end-to-end encryption despite government reassurances

• October 27, 2023 27 Oct'23

  Microsoft warns over growing threat from Octo Tempest gang

  The English-speaking Octo Tempest extortion gang – which became an ALPHV/BlackCat affiliate recently – presents one of the most significant and rapidly growing threats to large organisations at this time, says Microsoft

• October 27, 2023 27 Oct'23

  How Elastic manages cyber security threats

  Mandy Andress, CISO at Elastic, highlights the company’s approach to tackling evolving cyber threats through the use of AI tools and enhanced security measures while strengthening the capabilities of its security offerings

• October 26, 2023 26 Oct'23

  ChatGPT, Bard, lack effective defences against fraudsters, Which? warns

  Consumer advocacy Which? warns that popular generative AI tools are vulnerable to loopholes that render existing protections against malicious usage easily bypassed

• October 26, 2023 26 Oct'23

  Boardrooms losing control in generative AI takeover, says Kaspersky

  C-suite executives are increasingly fretful about what they perceive as a ‘silent infiltration’ of generative AI tools across their organisations

• October 25, 2023 25 Oct'23

  Demystifying the top five OT security myths

  Goh Eng Choon, president of ST Engineering’s cyber business, outlines the common myths around OT security in a bid to raise awareness of the security challenges confronting OT systems

• October 24, 2023 24 Oct'23

  Cisco hackers likely taking steps to avoid identification

  Cisco confirms that a drop in detections of devices compromised by two zero-days was likely the result of reactive measures taken by the threat actors to avoid discovery

• October 24, 2023 24 Oct'23

  Research team tricks AI chatbots into writing usable malicious code

  Researchers at the University of Sheffield have demonstrated that so-called Text-to-SQL systems can be tricked into writing malicious code for use in cyber attacks

• October 24, 2023 24 Oct'23

  Kaspersky opens up over spyware campaign targeting its staffers

  Kaspersky has shared more details of the TriangleDB spyware that was used against its own workforce by an unknown APT group

• October 24, 2023 24 Oct'23

  Customers speak out over Okta’s response to latest breach

  Customers of identity specialist Okta have been attacked via a compromise of its systems, and are claiming Okta’s response leaves something to be desired

• October 24, 2023 24 Oct'23

  Suzy Lamplugh Trust treads path to improved cyber resilience

  Personal safety charity enlists the support of the London Cyber Resilience Centre to improve staff awareness and strengthen its overall cyber resilience

• October 23, 2023 23 Oct'23

  Cisco pushes update to stop exploitation of two IOS XE zero-days

  Cisco releases updates to thwart exploitation of two flaws affecting users of its IOS XE software

• October 23, 2023 23 Oct'23

  How Ensign is leading the charge in cyber security

  Lee Fook Sun, chairman of Ensign InfoSecurity, traces the company’s journey and how it is leading the charge in cyber security by doing things differently, investing in R&D and engaging with the wider ecosystem

• October 20, 2023 20 Oct'23

  Computer Weekly contributor named Godfather of UK Security

  Advent IM founder Mike Gillespie was among those honoured at the eighth annual Security Serious Unsung Heroes Awards

• October 20, 2023 20 Oct'23

  RagnarLocker cyber gang that pioneered double extortion busted

  Europol and the FBI have taken down the RagnarLocker ransomware crew, a long-standing gang that helped pioneer some now common tactics, taking its dark web negotiation and data leak sites offline

• October 19, 2023 19 Oct'23

  Nuclear regulator raps EDF over cyber compliance

  The Office for Nuclear Regulation says EDF has come up short on needed measures to improve cyber security standards at several critical UK nuclear facilities

• October 18, 2023 18 Oct'23

  What are the cyber risks from the latest Middle Eastern conflict?

  The outbreak of war between Hamas and Israel in October 2023 has seen a wide variety of accompanying cyber attacks from hacktivists and other groups. We look at the risks to organisations

• October 17, 2023 17 Oct'23

  Alert sounded over dangerous Cisco IOS XE zero-day

  Cisco warns customers using its IOS XE software of a newly discovered vulnerability that could enable a threat actor to take over their systems

• October 17, 2023 17 Oct'23

  What it takes to succeed in DevSecOps

  Providing engineering leadership and balancing between speed and security are some areas that organisations will need to focus on in their DevSecOps journey

• October 10, 2023 10 Oct'23

  MGM faces £100m loss from cyber attack on its casinos

  MGM Resorts has provided further details on the fallout of the hack targeting its casinos in early September, confirming that a range of personal information has been stolen and that it will likely cost the firm around $100m

• October 05, 2023 05 Oct'23

  Ransomware dwell times now measured in hours, says Secureworks

  Ransomware payloads are now being deployed and executed within 24 hours in more than 50% of cases, according to Secureworks’ annual report

• October 03, 2023 03 Oct'23

  Cyber experts urge EU to rethink vulnerability disclosure plans

  The European Union’s proposed cyber security vulnerability disclosure measures are well-intentioned but ultimately counterproductive, as making unmitigated vulnerabilities public knowledge increases the risk of their exploitation by various actors, ...

• October 03, 2023 03 Oct'23

  CIISec scores DSIT funding to expand successful CyberEPQ scheme

  DSIT has committed to enhanced funding to expand CIISec’s CyberEPQ education programme after recording excellent results to date

• October 03, 2023 03 Oct'23

  Top science journal faced secret attacks from Covid conspiracy theory group

  A conspiratorial group of extreme Brexit lobbyists mounted an extraordinary campaign against one of the world’s most prestigious science journals – part of a series of joint investigations between Byline Times and Computer Weekly

• September 28, 2023 28 Sep'23

  Yahoo picks Intigriti to run crowdsourced bug bounty programme

  Digital media brand Yahoo is setting up a crowdsourced bug bounty programme with ethical hacking specialist Intigriti, and is reaching out to the Capture the Flag community to participate

• September 27, 2023 27 Sep'23

  Researchers offer free threat briefings on Vegas casino hackers

  Permiso, a cloud detection and response startup, is making its threat intel team available to speak on Scattered Spider, the group behind recent cyber attacks on MGM Resorts and Caesars Entertainment

• September 27, 2023 27 Sep'23

  City of Las Vegas masters cyber incident response with Darktrace

  The high-rolling city of Las Vegas experiences unique cyber security challenges rarely seen elsewhere. CIO Mike Sherwood reveals how he turned to Darktrace to help address incidents quicker and with confidence

• September 26, 2023 26 Sep'23

  Cover-ups still the norm in the wake of a cyber incident

  Almost half of organisations that have experienced a cyber incident did not report it to the appropriate authorities, according to a report

• September 26, 2023 26 Sep'23

  Crest and IASME to deliver upcoming NCSC Cyber Exercise programme

  Crest and IASME have been tasked with assuring that security services providers signing up to a soon-to-launch NCSC Cyber Incident Exercising scheme are up to the job

• September 25, 2023 25 Sep'23

  Apple fixes three vulnerabilities found by spyware researchers

  Apple has patched three more vulnerabilities uncovered by spyware and surveillance researchers at The Citizen Lab

• September 22, 2023 22 Sep'23

  Annual Security Serious Awards nominations announced

  Annual Security Serious Awards will recognise the professionals and organisations doing the most to safeguard and advance cyber security, as well as those committed to diversity and mental health in the industry

• September 22, 2023 22 Sep'23

  UK-US data bridge to open to traffic on 12 October

  Government forges ahead with the implementation of the UK-US data bridge, which will come into effect for real just under three weeks from now

• September 21, 2023 21 Sep'23

  ‘Top’ ransomware gangs favour smaller businesses

  Despite high-profile attacks on prominent organisations, the world’s most prolific ransomware operations tend to target smaller businesses

• September 21, 2023 21 Sep'23

  Poor digital experience a blocker for cyber resilience

  Organisations that neglect the digital employee experience are not only vulnerable to employee attrition, but putting themselves at increased cyber risk, an Ivanti report finds

• September 20, 2023 20 Sep'23

  Parliament passes sweeping Online Safety Bill but tech companies still concerned over encryption

  Ofcom will consult on standards to enforce new powers, but tech companies remain concerned about the impact of the bill’s ‘spy clause’, which could require them to scan encrypted messages

• September 20, 2023 20 Sep'23

  Organisations failing to proactively address insider cyber risk

  Organisations are spending less than 10% of their annual security budgets on trying to solve one of the costliest problems in cyber: insider risk

• September 19, 2023 19 Sep'23

  38TB Microsoft data leak highlights risks of oversharing

  An accidentally disclosed SAS token with excessive privileges enabled researchers to access nearly 40TB of Microsoft’s data, highlighting the risks of privilege mismanagement and oversharing

• September 19, 2023 19 Sep'23

  Nominet and European counterparts link up on intelligence sharing

  The new European TLD ISAC, a collaborative project between top-level domain providers across Europe, aims to enhance their collective security posture to better protect internet users

• September 18, 2023 18 Sep'23

  Unregulated DeFi services abused in latest pig butchering twist

  Pig butchering scammers are taking advantage of the unregulated nature of DeFi crypto trading apps to siphon off even more money from their victims, according to the latest findings of an ongoing investigation

• September 18, 2023 18 Sep'23

  Government seeks industry views on cyber threat to UK CNI

  The Science, Innovation and Technology Select Committee is seeking evidence from the cyber sector as it launches an inquiry into the resilience of the UK's critical national infrastructure

• September 15, 2023 15 Sep'23

  Las Vegas mainstay Caesars Palace likely paid off ransomware crew

  Caesars Entertainment, owner of the lavish Roman Empire-themed Caesars Palace casino in Las Vegas, has revealed it also suffered a ransomware attack, and appears to have paid off its hackers

• September 14, 2023 14 Sep'23

  Google, Microsoft and Mozilla push browser updates to foil zero-day

  A zero-day in Google’s Chrome browser was first reported by surveillance researchers at The Citizen Lab and Apple, but also affects other browsers

• September 14, 2023 14 Sep'23

  As vehicle safety regulations loom, carmakers fret over cyber risks

  Global, UN-backed car safety and security regulations come into force next year, and automotive bosses say they are not only unprepared, but “swamped” by a tide of compliance and security risks

• September 13, 2023 13 Sep'23

  GitHub fixes race condition that could have led to ‘repojacking’

  A subtle flaw in how GitHub handled repository creation and user renaming could have had serious consequences for the open source community, but has now been fixed. Learn more about how it worked

• September 13, 2023 13 Sep'23

  Storm-0324 gathers over Microsoft Teams

  An initial access broker associated with several different ransomware operations is now conducting Microsoft Teams phishing attacks

• September 13, 2023 13 Sep'23

  NCSC and ICO sign MoU to forge deeper collaborative links

  The scope of the MoU signed by the NCSC and the ICO includes collaboration on new cyber regulations and guidance, and how to support cyber attack victims appropriately and minimise regulatory penalties

• September 13, 2023 13 Sep'23

  Patch Tuesday: Microsoft fixes zero-days in Word and Streaming Service

  September 2023 brings a light Patch Tuesday, with two zero-days and five critical vulnerabilities listed in the latest release

• September 12, 2023 12 Sep'23

  US casino giant MGM Resorts battles 36-hour outage after cyber attack

  Multiple systems at US hotel and casino operator MGM went down in the wake of the incident on 10 September, crippling several of Las Vegas’ most prominent casinos

• September 11, 2023 11 Sep'23

  Brits happy to break cyber law if the price is right

  A study conducted ahead of an upcoming security trade fair reveals a slim majority of Brits would come out in favour of offensive government security ops and even engage in cyber criminality themselves in the right circumstances

• September 11, 2023 11 Sep'23

  Professional ransomware gangs clearly a threat, but attacks can be easily stopped

  NCSC and NCA report reveals insight into business models and underpinnings of ransomware gangs and their affiliates, but also urges defenders to take heart, as stopping a ransomware attack is not that hard to do