Security policy and user awareness

Professionals need protection from the Computer Misuse Act

The UK needs cyber legislation fit for the 21st century, so it is important for the industry to get behind the government’s proposed reform of the Computer Misuse Act Continue Reading

Ransomware gangs seek people skills for negotiations

The process of negotiating a ransomware payment is delicate, hence cyber criminal organisations are prepared to offer good terms to those with the right skillsets Continue Reading

Are you betting your future on the worst gambling odds in the world?

Gambling is a high-risk strategy. Doing nothing in the face of the threat from ransomware and hoping for the best provides some of the worst odds you will ever come across Continue Reading

How do we win back digital adolescents recruited to the Dark Side during lockdown?

The Hacker Forum is one of the most welcoming, friendly and attractive "support" group for those stuck in their bedrooms, isolated from friends and school during lockdown and bored with home-learning. Continue Reading

Kaseya apologises for extended downtime after ransom attack

CEO of Kaseya apologises after pushing back the restoration of the firm’s VSA service following a REvil ransomware attack Continue Reading

Why identity is the central problem for the future of the internet

As debate rages over who has the right to control user identities online, is the concept of decentralised identity about to have its day? Continue Reading

PrintNightmare haunts Microsoft as patch may miss mark

Microsoft dropped an out-of-band patch to fix PrintNightmare, but there are concerns it may not be totally effective. This does not mean it shouldn’t be applied Continue Reading

Security Think Tank: Reopening is an opportunity to reassess wider security posture

With Covid-19 restrictions easing, offices are welcoming back remote workers this summer, bringing with them their notebooks and mobiles, and creating an endpoint management headache for CISOs. What do security teams need to account for to protect their returning office workers? Continue Reading

ICO to probe Hancock over private email use

Former health secretary faces an investigation by the UK’s data protection watchdog over his use of private email to conduct government business Continue Reading

How the UK Cyber Security Council plans to professionalise security

As chair of the new UK Cyber Security Council, Claudia Natanson is in a superb position to develop professional standards in IT security and she intends to fundamentally reimagine what a security job actually is Continue Reading

Security Think Tank: As offices reopen, address patching and ‘build drift’

With Covid-19 restrictions easing, offices are welcoming back remote workers this summer, bringing with them their notebooks and mobiles, and creating an endpoint management headache for CISOs. What do security teams need to account for to protect their returning office workers? Continue Reading

About 60 Kaseya customers hit by REvil

Kaseya has revised upward the number of managed service providers compromised by the REvil ransomware gang in a supply chain attack at the weekend Continue Reading

Cyber insurance costs up by a third

The frequency and severity of ransomware attacks is a leading factor behind a substantial increase in the cost of obtaining cyber security insurance Continue Reading

Security Think Tank: Returning workers to the office: Is your security posture up to date?

With Covid-19 restrictions easing, offices are welcoming back remote workers this summer, bringing with them their notebooks and mobiles, and creating an endpoint management headache for CISOs. What do security teams need to account for to protect their returning office workers? Continue Reading

Going back to office networks, only to dismantle them once and for all

With Covid-19 restrictions easing, offices are welcoming back remote workers this summer, bringing with them their notebooks and mobiles, and creating an endpoint management headache for CISOs. What do security teams need to account for to protect their returning office workers? Continue Reading

REvil crew wants $70m in Kaseya ransomware heist

Two days after one of the largest ransomware attacks in history by the REvil/Sodinokibi gang, the security community is assessing its next moves, while over 1,000 victims remain in limbo Continue Reading

Berlin court finds EncroChat intercept evidence cannot be used in criminal trials

In a major setback for police hacking operations, Berlin’s regional court has decided that intercepted data from the EncroChat phone network should not be used in criminal prosecutions Continue Reading

The secret to building a future-proof cyber security team

In a post-pandemic digital world, where cyber criminals see a feast of opportunities, what are the secrets to building a world-class cyber security function? Continue Reading

Security Think Tank: Hydration, hiring, hacking – lessons in post-Covid risk

With Covid-19 restrictions easing, offices are welcoming back remote workers this summer, bringing with them their notebooks and mobiles, and creating an endpoint management headache for CISOs. What do security teams need to account for to protect their returning office workers? Continue Reading

Should I be worried about PrintNightmare?

The accidental publication of proof of concept code for a Windows vulnerability, and the reclassification of said bug from low to critical severity, has the cyber community concerned. Is it right to be? Continue Reading

Cyber attackers up the ante on embattled IT teams

Opportunistic threat actors are pouncing on embattled IT teams that are under pressure to expand remote work arrangements Continue Reading

How do I get my users to pay attention to security training?

 Continue Reading

NCSC joins US authorities to expose Russian brute force campaign

A joint attribution by the British and American authorities accuses Russia’s GRU intelligence services of conducting a campaign of brute force attacks on enterprise and cloud environments Continue Reading

US Cybersecurity and Infrastructure Security Agency launches ransomware assessment tool

Newly launched service will help US organisations understand how prepared they are to deal with a ransomware attack Continue Reading

NHS IT fraudster Barry Stannard sentenced to five years in prison

Stannard used his position as head of unified communications at an Essex NHS Trust to cheat the taxpayer of more than £800,000 Continue Reading

Nominations open for 2021 Security Serious Unsung Heroes Awards

Nominations are now open for this year’s edition of the Unsung Heroes Awards for cyber professionals and educators Continue Reading

Half of mobile phones sold in the UK at risk of security issues

Lengthy mobile phone contracts leave buyers at risk of their devices losing support for security updates Continue Reading

REvil affiliates offer hefty ransom discounts, data reveals

REvil or Sodinokibi ransomware activity is higher than ever, but its success appears to be relative, with some affiliates prepared to dramatically cut their prices Continue Reading

LinkedIn denies exposure of 700 million user records is a data breach

Data relating to 700 million users of the LinkedIn networking platform has appeared for sale, but the firm says it is the victim of data scraping, not a security breach Continue Reading

UK data exchanges with EU can continue after adequacy decision - but for how long?

For now European businesses can continue to send data to the UK without additional safeguards and paperwork. How long will it last? Continue Reading

Ethical hacking: What, why, and overcoming concerns

We find out why and how hitting your own business with a cyber attack can help improve security Continue Reading

New Nobelium attacks a reminder to attend to cyber basics

A new campaign from the same threat group that broke into SolarWinds serves as a reminder that cyber crime gangs will try to exploit any avenue they can, even if technically unsophisticated Continue Reading

UK Cyber Security Council launches inaugural initiatives

Security association seeks to determine terms of reference for committees to oversee standards and ethics, and qualifications and careers in the cyber sector Continue Reading

Banking tech fraud: How to trace and recover your money

Even when stolen assets are sent offshore, the special powers of the English civil court system mean all may not be lost Continue Reading

UK’s FCA bans crypto exchange Binance as crackdown spreads

Ban on Binance Markets comes amid a wider global crackdown on the largely unregulated global market for cryptocurrencies and related assets. Continue Reading

HMRC-branded phishing scams surge despite protections

The number of HMRC-branded phishing scams surged 87% in the past 12 months, according to latest revealed figures Continue Reading

NCSC CEO: UK-Ireland collaboration crucial to stop cyber threats

Speaking at a conference in Dublin, NCSC Lindy Cameron is highlighting the importance of continued collaboration between the UK and Ireland to protect shared interests and counter security threats Continue Reading

CMA to probe Amazon and Google over fake reviews

The CMA has opened an investigation into Amazon and Google over possible breaches of consumer protection law Continue Reading

AWS launches bug-busting programme for developers

Amazon Web Services is inviting customers to probe their code for software bugs and vulnerabilities using its CodeGuru console Continue Reading

Google hands third-party cookies a stay of execution

Google’s proposed Privacy Sandbox initiative – which will see third-party cookies phased out in the Chrome web browser – has been pushed back to 2023 Continue Reading

NCSC recognises cyber degree apprenticeships for the first time

Addition of new cyber courses to National Cyber Security Centre’s accredited list will supposedly help students make better choices and help universities get more funding Continue Reading

Stalkerware apps becoming normalised among young people

Data in a new report appears to show that dangerous stalkerware apps are becoming normalised in younger age groups Continue Reading

(ISC)² makes ransomware education course free through 31 July

Cyber security association is making its Professional Development Institute course on ransomware free to the general public until the end of July Continue Reading

Make ransomware payments illegal, say 79% of cyber pros

Report produced for MSSP Talion claims overwhelming support for the criminalisation of ransomware payments Continue Reading

City of York picks Barracuda Networks for data protection

York Council needed to refresh its backup service to bring new security protections after it went ‘all-in’ on Microsoft Office 365 Continue Reading

European Union to set up new cyber response unit

Proposed Joint Cyber Unit will tackle a rising number of serious incidents impacting public services, businesses and citizens of the EU Continue Reading

UK councils reported over 700 data breaches to ICO in 2020

Data disclosed under the Freedom of Information Act reveals an estimated 700 data breaches were reported to the Information Commissioner’s Office by local councils last year Continue Reading

SonicWall sees 226.3 million ransomware attack attempts this year

SonicWall detected 226.3 million attempted ransomware attacks between January and May 2021, more than double the number seen in the same period last year Continue Reading

NSPCC, IWF help under-18s scrub their nude photos from the web

Report Remove tool is designed to be used by under-18s to report nude images or videos of themselves that have appeared online Continue Reading

UK SMEs lack capacity to fend off cyber attacks

Three-quarters of UK SME leaders would not have sufficient capacity or expertise to deal with a cyber attack, according to a report Continue Reading

A new three-year plan for digital government

In this week’s Computer Weekly, the new CEO of the Gov-ernment Digital Service, Tom Read, explains his three-year strategy for improving online public services. EU attempts to regulate AI are under fire – we examine the issues. And we find out how Bupa is turning to the cloud to deliver per-sonalised healthcare. Read the issue now. Continue Reading

Parliamentary devices left in taxis, buses, trains and pubs

Nearly 100 devices belonging to parliamentary staffers, including MPs and peers, were lost or stolen over the course of 2019 and 2020 Continue Reading

Lorca Ignite programme targets breakout cyber talent

Six of the most successful companies to have come through Lorca’s existing accelerators are being inducted into an intensive programme Continue Reading

Cyber crooks target Amazon Prime users ahead of retail bonanza

A surge in malicious domain registrations ahead of Amazon Prime Day indicates cyber criminals have set their sights on exploiting vulnerable shoppers Continue Reading

Biden tackles Putin on ransomware at Geneva summit

Discussions between Joe Biden and Vladimir Putin on cyber crime appear to have been somewhat positive, but the path ahead remains unclear Continue Reading

Organisations cannot rely on cyber insurance to cover losses

Ransomware attacks have become a big driver of cyber insurance claims, but insurance must not be relied upon as a failsafe, says a report Continue Reading

Privacy pro salaries rise throughout pandemic, but at a cost

Data from the IAPP’s latest salary survey reveals some insight into how the pandemic impacted the privacy profession Continue Reading

The Security Interviews: How to build a government model to ‘hack for good’

Kyle Hanslovan started Huntress to give back after a career in the intelligence sector. After US authorities took action to help people hit by the Microsoft Exchange attacks, we discussed how governments can ‘hack for good’ Continue Reading

G7 commits to action on ransomware, digital privacy

The G7 urges Russia to do more to hold criminal ransomware gangs operating from within its borders to account as it commits to more action on the issue Continue Reading

FBI planned a sting against An0m cryptophone users over drinks with Australian investigators

Australian Federal Police and the FBI came up with the idea over drinks: build a cryptophone network with a built-in backdoor and sell it to crime gangs around the world Continue Reading

Security Think Tank: To secure printers think process, technology and people

Though rarely discussed in a cyber context, the prevalence of connected printers and MFPs poses security risks both technological and physical. What does a print security strategy need to take into account? Continue Reading

UK promises tougher line on cyber crime

Speaking ahead of the G7 Summit, foreign secretary Dominic Raab says the UK is ready to take on cyber criminals and other malicious actors wherever they may be Continue Reading

Australia names ‘strategic’ datacentre operators

Australia’s Digital Transformation Agency certifies Macquarie Telecom, Canberra Data Centres and Australian Data Centres as strategic operators for hosting government data Continue Reading

Risk data shows UK energy sector most vulnerable to cyber attack

New report compiled by insurance firm Hiscox reveals the state of cyber preparedness in the UK and beyond Continue Reading

Security Think Tank: Time to accept printers will leak data

Though rarely discussed in a cyber context, the prevalence of connected printers and MFPs poses security risks both technological and physical. What does a print security strategy need to take into account? Continue Reading

Australian organisations face heightened cyber attacks

Nearly three in four Australian organisations experienced cyber attacks that largely resulted from a growing remote workforce in 2020 Continue Reading

Unit 42 warns of emergent Prometheus ransomware

Palo Alto’s Unit 42 shares intel on the emergent Prometheus ransomware gang, with apparent links to the Thanos crew Continue Reading

Why agility is the key to secure software

Continuous delivery of software product releases demands continuous security. Businesses and regulators are right to wonder whether organisations are valuing cyber security by the design of their products Continue Reading

Microsoft fixes seven zero-days on its Patch Tuesday rounds

Fixes for six actively-exploited – and one yet-to-be-exploited – zero-day bugs are released in the June 2021 Patch Tuesday update Continue Reading

NHS Digital delays data collection plans until September

NHS Digital has postponed its proposed collection of GP data for two months, to allow more time for the public to understand the process and opt out if wanted Continue Reading

We Open Tech community supports non-binary and trans security pros

New tech community established to advocate for the interests of non-binary people, trans and cis women, trans men, and other marginalised genders in security Continue Reading

National data guardian calls for dialogue on NHS Digital GP plans

The UK’s national data guardian says it is important the public has clarity on how their confidential medical information will be used and kept secure under NHS data-sharing plans Continue Reading

The rise and rise of supply chain attacks

Supply chain attacks in Asia-Pacific and elsewhere have intensified as cyber threat actors look to exploit the weakest links in business and digital supply chains Continue Reading

Security Think Tank: What must a secure print strategy take into account?

Though rarely discussed in a cyber context, the prevalence of connected printers and MFPs poses security risks both technological and physical. What does a print security strategy need to take into account? Continue Reading

NCSC updates schools ransomware guidance amid surge

The National Cyber Security Centre says it is dealing with a renewed surge of ransomware attacks targeting schools, colleges and universities Continue Reading

Campaigners plan legal action over NHS data sharing

Privacy coalition aims to force NHS Digital to push back its plans to scrape medical information on millions of patients into a central database Continue Reading

Towards Joined Up Action on On-line Harms, Fraud and Cybersecurity

We have to join up the debate and put cybersecurity into business, economic and social context. Hence the importance of the Digital Policy Alliance and its groups. Continue Reading

Security Think Tank: Printers can’t be an ‘add-on’ in your cyber strategy

Though rarely discussed in a cyber context, the prevalence of connected printers and MFPs does pose security risks both technological and physical. What does a print security strategy need to take into account? Continue Reading

BCS: Lack of communication over NHS GPDPR ‘astonishing’

The Chartered Institute for IT has warned that millions of people are not being properly informed of NHS Digital plans to harvest their data Continue Reading

Government action on ransomware epidemic gathers pace

The US government steps up action against ransomware operators, while the UK’s NCSC publishes guidance on preparing to deal with a ransomware attack Continue Reading

Norway’s auditor general lifts lid on energy industry’s cyber security risks

Auditor General’s Office questions the security posture of Norway’s energy industry Continue Reading

Scottish businesses missing out on Cyber Essentials benefits

More than a third of Scottish businesses do not believe they are adequately prepared to deal with a cyber security incident Continue Reading

Security Think Tank: Steps to a coherent print security strategy

Though rarely discussed in a cyber context, the prevalence of connected printers and MFPs poses security risks both technological and physical. What does a print security strategy need to take into account? Continue Reading

What the Telecommunications (Security) Bill means for UK industry

The Telecommunications (Security) Bill is intended to reinforce the security of the UK telecommunications infrastructure, but what are the implications for industry? Continue Reading

Security Think Tank: Printer risks go deep into IT history

Though rarely discussed in a cyber context, the prevalence of connected printers and MFPs does pose security risks both technological and physical. What does a print security strategy need to take into account? Continue Reading

Long-term thinking is vital to secure UK’s critical infrastructure

To face down the threat of cyber warfare against UK CNI, the government needs long-term thinking that looks beyond the next general election cycle, says Advent-IM’s Mike Gillespie Continue Reading

Ex-IT manager stole over £800,000 from NHS trust

A former senior IT manager at an Essex NHS trust has pleaded guilty to defrauding his employer out of more than £800,000 Continue Reading

Microsoft brings APAC policymakers together in security council

Microsoft’s APAC public sector security council will meet once a quarter to share threat intelligence and best practices for combating cyber threats Continue Reading

Inept cybersecurity education and training feed into skills gap

Learn why former infosec instructor and author of 'How Cybersecurity Really Works' advocates for changes to security education and training to alleviate the industry skills gap. Continue Reading

Privacy experts concerned over NHS data collection plans

Security and data privacy experts warn NHS Digital that its data collection plans could increase risk and cause a public backlash Continue Reading

Loss of 150,000 police records made worse by management failures

The loss of 150,000 records from a number of national policing systems was caused by a human coding error, but made worse by process and management failures Continue Reading

Security ops teams struggle to switch off at home

Spiralling stress levels among SOC and IT security teams can be attributed mainly to alert overload, says Trend Micro Continue Reading

Lessons from the Post Office Horizon Case

The presumption of the machine functioning properly in practice, means that the prosecution can rely on the presumption that a computer was operating reliably at all material times. It needs to be ... Continue Reading

Policies key to revolutionising Identity Governance and Administration

The proliferation of digital identities, applications, data, security threats and compliance requirements means that Identity Governance and Administration (IGA) has never been more important, but not all organisations are approaching it in an effective and efficient way Continue Reading

CyberSprinters game gives kids a head start, says NCSC

An online game for primary schools, clubs and youth organisations will teach children aged seven to 11 the fundamentals of staying safe online Continue Reading

Threat of group GDPR legal action haunts CISOs

The vast majority of security leaders questioned for a new report say they are concerned about the possibility of group legal settlements against them following a serious data breach Continue Reading

McAfee to change terms of auto-renewing consumer plans

Consumers who found their McAfee antivirus contracts auto-renewed will be able to get out of their contracts and get their money back Continue Reading

Industry reflects on three years of GDPR

Looking back on 12 tumultuous months, we assess how GDPR has weathered the effects of the Covid-19 pandemic and Brexit, and consider what the coming year may hold for data protection Continue Reading

Air India is latest victim of Sita hack

Data on millions of people who flew with Air India between 2011 and 2021 appears to have been compromised in the recent Sita supply chain attack Continue Reading

Dutch researchers build security software to mimic human immune system

Software could help IT systems develop immunity to some cyber attacks in a similar way to how the body fights infection Continue Reading