Security policy and user awareness

Top science journal faced secret attacks from Covid conspiracy theory group

A conspiratorial group of extreme Brexit lobbyists mounted an extraordinary campaign against one of the world’s most prestigious science journals Continue Reading

Automated cloud IR: Empowering cyber with AI-powered playbooks

As cyber threats increasingly target cloud infrastructure, demand for robust and reliable incident response measures is through the roof. Find out why you might want to consider bringing artificial intelligence into play Continue Reading

Security Think Tank: To encrypt or not to encrypt, that is the question

The Security Think Tank assesses the state of encryption technology, exploring topics such as cryptographic techniques, data-masking, the legal ramifications of end-to-end encryption, and the impact of quantum Continue Reading

Yahoo picks Intigriti to run crowdsourced bug bounty programme

Digital media brand Yahoo is setting up a crowdsourced bug bounty programme with ethical hacking specialist Intigriti, and is reaching out to the Capture the Flag community to participate Continue Reading

Researchers offer free threat briefings on Vegas casino hackers

Permiso, a cloud detection and response startup, is making its threat intel team available to speak on Scattered Spider, the group behind recent cyber attacks on MGM Resorts and Caesars Entertainment Continue Reading

City of Las Vegas masters cyber incident response with Darktrace

The high-rolling city of Las Vegas experiences unique cyber security challenges rarely seen elsewhere. CIO Mike Sherwood reveals how he turned to Darktrace to help address incidents quicker and with confidence Continue Reading

Cover-ups still the norm in the wake of a cyber incident

Almost half of organisations that have experienced a cyber incident did not report it to the appropriate authorities, according to a report Continue Reading

Crest and IASME to deliver upcoming NCSC Cyber Exercise programme

Crest and IASME have been tasked with assuring that security services providers signing up to a soon-to-launch NCSC Cyber Incident Exercising scheme are up to the job Continue Reading

Security Think Tank: Three ways to identify the best encryption use cases

The Security Think Tank assesses the state of encryption technology, exploring topics such as cryptographic techniques, data-masking, the legal ramifications of end-to-end encryption, and the impact of quantum Continue Reading

Apple fixes three vulnerabilities found by spyware researchers

Apple has patched three more vulnerabilities uncovered by spyware and surveillance researchers at The Citizen Lab Continue Reading

Annual Security Serious Awards nominations announced

Annual Security Serious Awards will recognise the professionals and organisations doing the most to safeguard and advance cyber security, as well as those committed to diversity and mental health in the industry Continue Reading

UK-US data bridge to open to traffic on 12 October

Government forges ahead with the implementation of the UK-US data bridge, which will come into effect for real just under three weeks from now Continue Reading

Fear is the mind-killer: Governance key to safety in the cyber dunes

Whether you’re tasked with protecting your organisation against cyber threats or ravenous subterranean worms, getting the basics of governance and risk management right counts for a lot and choosing the right framework will remove a huge burden from security teams and executives Continue Reading

‘Top’ ransomware gangs favour smaller businesses

Despite high-profile attacks on prominent organisations, the world’s most prolific ransomware operations tend to target smaller businesses Continue Reading

Poor digital experience a blocker for cyber resilience

Organisations that neglect the digital employee experience are not only vulnerable to employee attrition, but putting themselves at increased cyber risk, an Ivanti report finds Continue Reading

Parliament passes sweeping Online Safety Bill but tech companies still concerned over encryption

Ofcom will consult on standards to enforce new powers, but tech companies remain concerned about the impact of the bill’s ‘spy clause’, which could require them to scan encrypted messages Continue Reading

Organisations failing to proactively address insider cyber risk

Organisations are spending less than 10% of their annual security budgets on trying to solve one of the costliest problems in cyber: insider risk Continue Reading

38TB Microsoft data leak highlights risks of oversharing

An accidentally disclosed SAS token with excessive privileges enabled researchers to access nearly 40TB of Microsoft’s data, highlighting the risks of privilege mismanagement and oversharing Continue Reading

Nominet and European counterparts link up on intelligence sharing

The new European TLD ISAC, a collaborative project between top-level domain providers across Europe, aims to enhance their collective security posture to better protect internet users Continue Reading

Unregulated DeFi services abused in latest pig butchering twist

Pig butchering scammers are taking advantage of the unregulated nature of DeFi crypto trading apps to siphon off even more money from their victims, according to the latest findings of an ongoing investigation Continue Reading

Security Think Tank: A user’s guide to encryption

The Security Think Tank assesses the state of encryption technology, exploring topics such as cryptographic techniques, data-masking, the legal ramifications of end-to-end encryption, and the impact of quantum Continue Reading

Government seeks industry views on cyber threat to UK CNI

The Science, Innovation and Technology Select Committee is seeking evidence from the cyber sector as it launches an inquiry into the resilience of the UK's critical national infrastructure Continue Reading

Las Vegas mainstay Caesars Palace likely paid off ransomware crew

Caesars Entertainment, owner of the lavish Roman Empire-themed Caesars Palace casino in Las Vegas, has revealed it also suffered a ransomware attack, and appears to have paid off its hackers Continue Reading

How CIOs can build cybersecurity teamwork across leadership

Cross-departmental relationships are key to long-term business success. Discover why CIOs must focus on teamwork with these three C-suite roles for highly effective cybersecurity. Continue Reading

Google, Microsoft and Mozilla push browser updates to foil zero-day

A zero-day in Google’s Chrome browser was first reported by surveillance researchers at The Citizen Lab and Apple, but also affects other browsers Continue Reading

As vehicle safety regulations loom, carmakers fret over cyber risks

Global, UN-backed car safety and security regulations come into force next year, and automotive bosses say they are not only unprepared, but “swamped” by a tide of compliance and security risks Continue Reading

GitHub fixes race condition that could have led to ‘repojacking’

A subtle flaw in how GitHub handled repository creation and user renaming could have had serious consequences for the open source community, but has now been fixed. Learn more about how it worked Continue Reading

Storm-0324 gathers over Microsoft Teams

An initial access broker associated with several different ransomware operations is now conducting Microsoft Teams phishing attacks Continue Reading

NCSC and ICO sign MoU to forge deeper collaborative links

The scope of the MoU signed by the NCSC and the ICO includes collaboration on new cyber regulations and guidance, and how to support cyber attack victims appropriately and minimise regulatory penalties Continue Reading

Patch Tuesday: Microsoft fixes zero-days in Word and Streaming Service

September 2023 brings a light Patch Tuesday, with two zero-days and five critical vulnerabilities listed in the latest release Continue Reading

US casino giant MGM Resorts battles 36-hour outage after cyber attack

Multiple systems at US hotel and casino operator MGM went down in the wake of the incident on 10 September, crippling several of Las Vegas’ most prominent casinos Continue Reading

Podcast: ‘Data first’ a key principle of digital transformation

Chris Gorton of Syniti says organisations should put data first during digital transformation projects, and that means getting data quality, access rights and governance right Continue Reading

Brits happy to break cyber law if the price is right

A study conducted ahead of an upcoming security trade fair reveals a slim majority of Brits would come out in favour of offensive government security ops and even engage in cyber criminality themselves in the right circumstances Continue Reading

Professional ransomware gangs clearly a threat, but attacks can be easily stopped

NCSC and NCA report reveals insight into business models and underpinnings of ransomware gangs and their affiliates, but also urges defenders to take heart, as stopping a ransomware attack is not that hard to do Continue Reading

UK boardrooms and CISOs increasingly aligned on cyber risks

Board members and CISOs in UK organisations seem to be working together much better, but while this is an encouraging sign, there remain some areas of concern over how the two relate to each other Continue Reading

Salesforce and Zoom embrace ethical hackers. You should, too

Software companies Salesforce and Zoom discuss their successful bug bounty programmes, what they learned at a recent in-person hackathon in which they participated, and why others shouldn’t be scared of hackers Continue Reading

AI-powered cloud SIEM: Real-time threat intel boosts defences

Thanks to their advanced data analysis and predictive capabilities, AI and ML will be valuable protective tools going forward. Learn about the potential of AI-backed cloud SIEM technology Continue Reading

Deputy PM urges UK plc not to lose focus on cyber

In a speech at TechUK, deputy prime minister Oliver Dowden urges the cyber security community not to lose focus, and to do more to further collaboration across sectors Continue Reading

North Koreans using new zero-day to target security researchers

A threat actor linked to the North Korean government is continuing a long-running campaign targeting legitimate security researchers, using an as-yet undisclosed zero-day vulnerability to gain access to their victims Continue Reading

Finnish government to bolster spending on cyber-AI defences

Finland’s government will increase spending on cyber security amid heightened threats from artificial intelligence-based attacks Continue Reading

How to prevent ransomware in 6 steps

Ransomware can cost companies billions in damage. Incorporate these ransomware prevention best practices, from defense in depth to patch management, to keep attackers out. Continue Reading

Meet the professional BEC op that targeted Microsoft 365 users for years

The so-called W3LL cyber crime operation ran a phishing empire that has played a large role in compromising Microsoft 365 accounts for years. Its activities are now coming to light thanks to Group-IB researchers Continue Reading

Okta customers targeted in new wave of social engineering attacks

Authentication specialist Okta has warned customers to be on alert for a campaign of social engineering attacks exploiting highly privileged users Continue Reading

Law firm Fieldfisher launches data breach management tool

UK and European data breach law specialist Fieldfisher has enlisted legal tech specialist Lawcadia to supply a 24-hour data breach notification assessment platform Continue Reading

Hacked Electoral Commission failed Cyber Essentials audit

The Electoral Commission failed an NCSC Cyber Essentials audit on multiple counts at about the same time as cyber criminals breached its systems in 2021, it has emerged Continue Reading

NCSC names ex-NCC man as new CTO

New NCSC CTO Ollie Whitehouse joins from NCC Group, having also worked at BlackBerry and Symantec Continue Reading

Police Scotland five-year digital strategy approved

Police Scotland’s new strategy outlines how the force will approach and invest in its digital transformation over the next five years, but notes its ability to achieve its ambitions is subject to the availability of funding Continue Reading

It might be too soon to claim victory against Qakbot

The multinational operation to take down the Qakbot (aka Qbot) malware has been hailed as a great victory, but Lumu Technologies’ Ricardo Villadiego argues that the celebrations may be a little premature Continue Reading

Ducktail social media marketing malware rears its head again

Use of the Ducktail infostealer, which first popped up in 2022 targeting Meta Business accounts, seems to be increasing Continue Reading

Top-performing CISOs reserve time for professional development

Survey of chief information security officers conducted by Gartner sheds light on habits shared by the top-performing members of the profession Continue Reading

AI and supply chain visibility key to mitigating OT security threats

Leveraging AI and maintain visibility into the security of your software supply chain are key to mitigating cyber attacks against operational technology systems Continue Reading

St Helens Council in Merseyside hit by ransomware attack

St Helens Borough Council is investigating a suspected ransomware incident targeting its systems, and is advising residents to be on the alert for follow-on phishing attacks Continue Reading

Cyber attacks in 2023 develop quicker as average dwell times plummet

The median attacker dwell time shrunk from 10 to eight days in the first seven months of 2023, and in the case of ransomware attacks it is down to just five days Continue Reading

Cyber Explorers programme reaches 50,000 11-14 year olds in 18 months

The government-backed Cyber Explorers programme has reached 50,000 students in its first 18 months, and more schools are being invited to sign up for the Autumn Term Continue Reading

NatWest customer calls bank’s handling of breach of his data ‘disgusting’

A second NatWest customer has contacted Computer Weekly after finding out from a whistleblower that his sensitive personal data has been in her home for 14 years Continue Reading

Researchers demo fake airplane mode exploit that tricks iPhone users

Exploit chain that tricks a victim into believing their iOS device is offline in airplane mode when it is not could open the door to grave privacy concerns Continue Reading

Top marks for graduates of CIISec vocational cyber course

132 young people who sat the UK’s first Extended Project Qualification in Cyber Security have received their results today Continue Reading

CyberArk eyes growth beyond PAM

CyberArk is seeing exponential growth in the broader identity security market as the company expands its capabilities beyond privileged access management Continue Reading

ITAM influence on cyber risk becoming a factor in credit ratings

Credit agency S&P Global Ratings warns that organisations that pay inadequate attention to IT asset management as a factor in their cyber risk management processes may find their creditworthiness takes a dive Continue Reading

Norfolk and Suffolk police hit by FoI-linked data breach

Latest UK police data breach relates to crime suspects, victims and witnesses across East Anglia, and comes just days after a similar incident at the Northern Irish service Continue Reading

Online safety message failing to get through to women

The security community could be doing a lot more to make its advice and guidance more accessible to women, according to a study Continue Reading

Unconventional career: A Computer Weekly Downtime Upload podcast

Cyber security expert Junade Ali, talks about his non-academic route to a PhD. He was recently elected as a fellow of the IET Continue Reading

Healthcare cybersecurity risks and management

Healthcare institutions are rich in what cybercriminals want: sensitive data like PII and financial information. Learn the danger and what an effective strategy must include. Continue Reading

Healthcare cybersecurity risks and management

Healthcare institutions are rich in what cybercriminals want: sensitive data like PII and financial information. Learn the danger and what an effective strategy must include. Continue Reading

US Cyber Board to probe cloud security after latest Exchange hack

CSRB review of cloud security comes in the wake of a major Chinese cyber attack on US government bodies orchestrated through Microsoft’s cloud services Continue Reading

Google speeds up security update frequency for Chrome

Changes to Google’s security update policy are supposed to help close the gap in which cyber criminals can exploit n-day vulnerabilities Continue Reading

PSNI investigating second breach after laptop stolen

Just hours after accidentally disclosing the personal details of 10,000 personnel, the Police Service of Northern Ireland has notified a second data breach after a police issue laptop and documents were stolen from a parked car Continue Reading

Microsoft addresses Office vulnerability attacked by Russian spooks in latest update

Microsoft has issued fixes for over 70 vulnerabilities in its August Patch Tuesday drop, including remedies for CVE-2023-36884, which was disclosed without a fix in July and has been the subject of Kremlin-backed cyber attacks Continue Reading

Northern Irish police expose staff data in botched FoI response

Human error is being blamed for the leak of personally identifiable information on all serving officers and civilian staff at the Police Service of Northern Ireland Continue Reading

MPs warn about growing prevalence of tech-enabled domestic abuse

The UK government must take action to prevent perpetrators from being able to use connected or smart technologies to conduct their domestic abuse, a select committee has warned Continue Reading

UK voter data hacked in cyber attack on election watchdog

An unknown threat actor who attacked the UK’s Electoral Commission had access to data on millions of UK voters for over a year, the watchdog has revealed Continue Reading

Many UK organisations considering ChatGPT bans on employee devices

More than 60% of organisations in the UK have either banned, or are considering banning, the use of generative AI tools on employee- or business-owned devices Continue Reading

Microsoft fixes Azure flaw that was subject of researcher criticism

Microsoft has confirmed a potentially-dangerous flaw in the Azure platform has now been fully fixed, and moved to reassure customers that despite criticism it is committed to responsible disclosure and timely fixes Continue Reading

Rise in fraudsters spoofing the websites of leading UK banks

Despite safeguards to protect customers from scams, UK retail banks are still seeing high volumes of fake phishing websites exploiting their brands, and the problem seems to be increasing in scope and scale Continue Reading

Log4Shell, ProxyShell still among most widely exploited flaws

Statistics released by the collective Five Eyes cyber agencies reveals insight into the most exploited vulnerabilities of 2022, and unsurprisingly there are some old ‘friends’ on the list Continue Reading

Biden’s SBOM mandate a ‘shot heard around the world’, report says

Two years and three months after Joe Biden mandated new standards in supply chain security, over 40% of UK respondents to a survey say they have implemented new SBOM policies in direct response Continue Reading

Scottish NHS trust ducks fine after staff shared patient data via WhatsApp

NHS Lanarkshire has been issued a formal reprimand by the ICO after staff members used WhatsApp to share patients’ personal data with one another Continue Reading

Plexal takes on new cohort for cyber security leadership scheme

Six more cyber security startup founders have been selected to take part in Plexal’s latest Cyber Runway Ignite programme, which is designed to help them develop their leadership skills Continue Reading

Cozy Bear hijacks SME Microsoft 365 tenants in latest campaign

Microsoft shares intelligence on a newly observed Cozy Bear campaign that saw the APT take over genuine Microsoft 365 tenants and subvert them to try to phish its victims Continue Reading

Microsoft attacked over ‘grossly irresponsible’ security practice

The CEO of Tenable has launched a scathing attack on Microsoft, asserting that the organisation is deliberately keeping its Azure cloud customers in the dark about dangerous vulnerabilities and accusing it of a culture of ‘toxic obfuscation’ Continue Reading

Pig butchers caught using ChatGPT to con victims

Romance scammers looking to con people out of their savings appear to be turning to generative AI tools to save time and effort Continue Reading

Ivanti MDM users told to patch against two dangerous flaws

Users of Ivanti’s mobile device management platform have been warned to act now to patch two vulnerabilities that were chained by a threat actor in a series of cyber attacks on the Norwegian government Continue Reading

Vigilance advised if using AI to make cyber decisions

The AI arms race is heating up, and the battle lines are being redrawn. Still, organisations should proceed cautiously and remain vigilant in scrutinising AI’s ability to ensure accurate, safe, and informed decision-making. Continue Reading

Does AI have a future in cyber security? Yes, but only if it works with humans

Do AI and ML hold the promise of helping cyber pros achieving the holy grail of operating quicker, cheaper, and with higher efficiency? We shouldn’t hold our breath, says Nominet’s Paul Lewis Continue Reading

How Indian organisations are keeping pace with cyber security

Indian organisations are shoring up their defences to improve their cyber resilience amid intensifying cyber threats targeted at key sectors such as healthcare and logistics Continue Reading

Cyber criminals pivot away from ransomware encryption

Cyber breaches that saw data theft and extortion without an encryption or ransomware component account for more and more incidents, in a possible indication that ransomware gangs are changing up their business models Continue Reading

AI-enhanced cyber has potential, but watch out for marketing hype

As AI is a hot topic right now, it is no surprise there are some cyber solutions coming to market that have been thrown together in haste, but that said, genuine AI-powered security products do exist and their abilities could yet prove transformative. Continue Reading

US cyber breach reporting rules to have global impact

Organisations that operate as Foreign Private Issuers in the US will have to get to grips with strict new cyber breach reporting regulations handed down by the SEC in Washington Continue Reading

NATO countries must coordinate their cyber forces to combat the Russian threat  

The top item on the agenda at the Vilnius NATO Summit this month was the revamping the alliance’s defences. Continue Reading

UK organisations lack confidence to carry out basic cyber tasks

Amid a shortfall of more than 10,000 cyber pros, UK businesses are still finding it difficult to fill their cyber security skills gaps, with even those in charge of security saying they lack confidence in themselves Continue Reading

Cisco, BT and others launch network security coalition

Network Resilience Coalition focuses on bringing together global expertise to improve data and network security Continue Reading

Tetra radio users’ comms may have been exposed for years

A number of flaws in the encryption algorithms used in the secure Tetra radio communications standard have potentially left users exposed to snooping Continue Reading

Citrix NetScaler users told to patch new zero-day urgently

A vulnerability disclosed and patched last week by Citrix appears to be being exploited by China-backed threat actors as a zero-day, prompting warnings from government cyber bodies Continue Reading

Security AI and automation may reduce cost of data breaches

Organisations that go all in on security AI and automation tend to incur lower financial costs when they experience a data breach incident, according to an IBM report Continue Reading

Why cyber security should be part of your ESG strategy

The impact of data breaches and cyber threats on businesses, societies and the environment makes cyber security a key consideration in an environment, social and governance strategy Continue Reading

Future Cyber Threats: The four ‘horsemen of the apocalypse’

How to deal with emerging security threats from deep fake humans to the end of secure encryption  Continue Reading

Handbook helps Dutch organisations migrate to quantum-safe communication

Organisations must start implementing new cryptography standards – as migration is a lengthy process Continue Reading

What the Product Security and Telecommunications Infrastructure Act means for UK industry

For years, many network-connected devices have lacked adequate security, putting their users and others at risk of cyber attacks. The UK’s Product Security and Telecommunication Act aims to prevent this by mandating minimum security requirements, but what impact will this have on industry? Continue Reading

Renowned hacker and social engineer Kevin Mitnick dead at 59

Famed hacker and social engineer Kevin Mitnick, who was at one time one of the most wanted cyber criminals in the world, has died peacefully at the age of 59 from complications arising from pancreatic cancer, following a 14-month illness Continue Reading

How the DSMA balances security and privacy with press freedom

In a world of information sharing and 24-hour news cycles, the Defence and Security Media Advisory committee have to balance national security and data privacy with freedom of the press Continue Reading