Security policy and user awareness
-
News
24 Apr 2025
M&S systems remain offline days after cyber incident
M&S is still unable to provide contactless payment or click-and-collect services amid a cyber attack that it says has forced it to move a number of processes offline to safeguard its customers, staff and business Continue Reading
-
Opinion
24 Apr 2025
Challenges persist as UK’s Cyber Security and Resilience Bill moves forward
Elements of the Cyber Security and Resilience Bill are welcome but questions remain about how best to act in the face of persistent challenges like geopolitical chaos, threats to critical infrastructure, and technological advances Continue Reading
-
News
20 Jun 2022
Complex Russian cyber threat requires we go back to basics
The situation in Russia is anything but simple, but it is the fundamentals of cyber security hygiene that pose the best defence against the country’s digital threat, as Mandiant’s Jamie Collier explains Continue Reading
-
News
19 Jun 2022
Aussie mobile users most vulnerable to security threats
Australia has the highest percentage of mobile app threats detected on a per-device basis, with iPhone users more likely to download a risky app than an Android user, study finds Continue Reading
-
Feature
17 Jun 2022
What the EU’s content-filtering rules could mean for UK tech
EU proposals to clamp down on child sexual abuse material will have a material impact on the UK’s technology sector Continue Reading
-
Opinion
17 Jun 2022
Consider governance, coordination and risk to secure supply chain
A recent ISACA study found myriad factors that give good reason to be concerned about supply chain security. Cyber adviser Brian Fletcher recommends three areas to zero in on Continue Reading
-
News
17 Jun 2022
MoD sets out strategy to develop military AI with private sector
The UK Ministry of Defence has outlined its intention to work closely with the private sector to develop and deploy a range of artificial intelligence-powered technologies, committing to ‘lawful and ethical AI use’ Continue Reading
-
News
16 Jun 2022
Office 365 loophole may give ransomware an easy shot at your files
Researchers at Proofpoint have discovered potentially dangerous Microsoft Office 365 functionality that they believe may give ransomware a clear shot at files stored on SharePoint and OneDrive Continue Reading
-
Opinion
16 Jun 2022
Security Think Tank: Best practices for boosting supply chain security
In a highly connected world, managing the supply chain landscape requires an adaptation of the ‘traditional’ approach to managing cyber risk Continue Reading
-
News
16 Jun 2022
Interpol arrests thousands in global cyber fraud crackdown
A two-month operation saw law enforcement agencies in 76 countries crack down on organised cyber fraud Continue Reading
-
News
15 Jun 2022
Patch Tuesday dogged by concerns over Microsoft vulnerability response
The last Patch Tuesday in its current form is overshadowed by persistent concerns about how Microsoft deals with vulnerability disclosure Continue Reading
-
Opinion
15 Jun 2022
Security Think Tank: Basic steps to secure your supply chain
When it comes to supply chain security, there are some core things you should be doing – but remember, the devil is in the detail Continue Reading
-
News
14 Jun 2022
MS Azure Synapse vulnerability fixed after six-month slog
Microsoft patched a critical Azure Synapse vulnerability twice, but each time the researcher who discovered it was able to bypass it with ease, leading to a lengthy saga Continue Reading
-
News
13 Jun 2022
Government recommits to UK’s cyber future in Digital Strategy
New strategy leans heavily on cyber security but stops short of announcing any initiatives that have not already been launched or heavily trailed Continue Reading
-
News
13 Jun 2022
New warning over tech suppliers in thrall to hostile governments
Ukraine war could lead to shakeup of dual-use tech exports, says former UK intelligence officer Continue Reading
-
News
13 Jun 2022
Qatar bolsters cyber security in preparation for World Cup
With hackers honing their cyber weapons to target the upcoming football World Cup, Qatar is busy developing countermeasures and raising awareness Continue Reading
-
Opinion
10 Jun 2022
Security Think Tank: Don’t trust the weakest link? Don’t trust any link
Your security model shouldn’t fall apart just because a part of your business, or a partner, has weak security. This is why information-centric security is a must Continue Reading
-
News
10 Jun 2022
Snake Keylogger climbing malware charts, says Check Point
Cyber criminals behind Snake Keylogger campaigns have been switching up their tactics in the past few weeks, say researchers Continue Reading
-
News
09 Jun 2022
SolarWinds CEO offers to commit staffers to government cyber agencies
A new proposal from SolarWinds’ outspoken CEO, Sudhakar Ramakrishna, could see software companies commit key staff to work with government cyber agencies to improve cooperation and incident response Continue Reading
-
News
09 Jun 2022
Cyber researchers step in to fill Patch Tuesday’s shoes
Afraid you’ll miss Patch Tuesday when it’s gone? You’re not alone, but security analysts at Recorded Future are taking action to help the community come to terms with its loss Continue Reading
-
News
08 Jun 2022
China using top consumer routers to hack Western comms networks
An advisory from US cyber authorities shares details of multiple vulnerabilities exploited by Chinese state actors to hack into Western telecoms networks Continue Reading
-
Blog Post
06 Jun 2022
How has the UK response to ransomware worked?
Ransomware gangs begin with their own due diligence - to calculate how much the victim (or insurer) will pay before reporting. They are likely to move on and find a victim who will not report, ... Continue Reading
-
Opinion
01 Jun 2022
What does the EU’s NIS 2 cyber directive cover?
We run the rule over the European Union’s updated NIS2 security directive Continue Reading
-
Opinion
31 May 2022
The importance of making information security more accessible
Robin Smith, CSO of Aston Martin Lagonda, talks about how an accessible approach to cyber is helping him to keep the organisation secure Continue Reading
-
News
31 May 2022
Researchers discover zero-day Microsoft vulnerability in Office
Malicious Word documents have been used to invoke a previously undisclosed vulnerability in Microsoft Office without user interaction through Windows utility functions Continue Reading
-
Feature
31 May 2022
Attack of the clones: the rise of identity theft on social media
The proliferation of social media has resulted in the rise of identity theft on these platforms, with accounts copied for fraudulent or malicious purposes. What can be done to mitigate it? Continue Reading
-
News
31 May 2022
Industrial systems not safe for the future, say Dutch ethical hackers
Ethical hackers in the Netherlands say operational technology and IT networks need to be integrated to prevent cyber attacks penetrating their operations Continue Reading
-
Opinion
30 May 2022
Strong internal foundations are key to withstanding external threats
The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back Continue Reading
-
Opinion
26 May 2022
Security Think Tank: Core security processes must adapt in a complex landscape
The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back Continue Reading
-
News
26 May 2022
Two-thirds of UK organisations defrauded since start of pandemic
Nearly two out of three UK companies say they have experienced some form of fraud or economic crime in the past two years, according to a report Continue Reading
-
News
26 May 2022
Most CFOs being left out of ransomware conversations
Barely a tenth of CFOs are actively involved in planning for cyber attacks, according to a report Continue Reading
-
News
24 May 2022
Ransomware volumes grew faster than ever in 2021
Verizon’s annual DBIR assessment of the security landscape highlights an unprecedented boom in ransomware volumes, to the surprise of nobody Continue Reading
-
News
23 May 2022
Did the Conti ransomware crew orchestrate its own demise?
Analysts examining the shutdown of the Conti ransomware syndicate suggest the cyber crime collective orchestrated its own demise Continue Reading
-
Opinion
23 May 2022
Security Think Tank: Understanding attack paths is a question of training
The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back Continue Reading
-
News
23 May 2022
How Ivanti views patch management with a security lens
Bringing development, operations and security teams together will help organisations to improve their visibility of IT assets and vulnerabilities while keeping threat actors at bay Continue Reading
-
News
20 May 2022
Applying international law to cyber will be a tall order
Many in the security community have voiced their support for the UK government’s ambitions to work towards agreement with other countries on the application of international law to cyber space, but not without some reservations Continue Reading
-
News
20 May 2022
Microsoft drops emergency patch after Patch Tuesday screw up
Microsoft fixed a certificate mapping issue that caused server authentication failures on domain controllers for users that had installed the most recent Patch Tuesday updates Continue Reading
-
News
20 May 2022
Former Welsh steelworks becomes ‘living’ cyber lab
ResilientWorks security centre in Ebbw Vale provides an education hub for students and a testbed for industry Continue Reading
-
News
19 May 2022
Defensive cyber attacks may be justified, says attorney general
Speaking ahead of a speech at the Chatham House think tank, the UK’s attorney general has suggested defensive cyber attacks against hostile countries may be legally justifiable Continue Reading
-
News
19 May 2022
Top cyber criminal earnings outpace those of business leaders
Cyber crime can pay significantly better than leading a FTSE 100 organisation, according to a report Continue Reading
-
News
19 May 2022
Red teaming will be standard in Dutch governmental organisations by 2025
The Dutch government wants to include the testing of the digital security of systems, processes and people – also known as red teaming – in all of its governmental organisations’ test planning and budgeting by 2025 at the latest Continue Reading
-
Opinion
19 May 2022
Security Think Tank: Yes, zero trust can help you understand attack paths
The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back Continue Reading
-
Opinion
18 May 2022
Security Think Tank: To follow a path, you need a good map
The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back Continue Reading
-
News
17 May 2022
(ISC)² to train 100,000 cyber pros in UK
Security association (ISC)² unveils ambitious UK training programme Continue Reading
-
News
17 May 2022
Australian CISOs least prepared for cyber attacks
Australian CISOs are under pressure and feel the least prepared globally to deal with the consequences of a cyber attack, study finds Continue Reading
-
News
16 May 2022
Keeping Singapore’s critical systems secure
Tracy Thng offers a glimpse into her work in strengthening the cyber resilience of 11 essential service sectors in Singapore Continue Reading
-
News
13 May 2022
Open source community sets out path to secure software
A 10-point plan to improve the security and resilience of open source software was presented this week at a summit in the US Continue Reading
-
Blog Post
13 May 2022
Mind the gap: public and private sector disparity in cybersecurity
Amidst increasingly sophisticated cyber attacks and a constantly shifting threat landscape, cyber security partnerships across the private and public sector are essential in tackling these threats. ... Continue Reading
-
News
12 May 2022
GPDPR data scrape a ‘mistake’, says leading scientist
Giving evidence to the Science and Technology Committee, academic, physician and science writer Ben Goldacre has expressed serious misgivings about the on-hold GPDPR NHS data scrape Continue Reading
-
E-Zine
12 May 2022
CW Benelux: Meta shelves hyperscale datacentre plan in Netherlands
Meta’s plan for a hyperscale datacentre in the Netherlands which was to serve the metaverse world has been halted following a campaign by environmentalists and the Dutch parliament’s call for the government to do everything in its power to stop the facility being built. Also read how the Dutch arm of customer services supplier Teleperformance has led the entire organisation to adopt robotic process automation software. Continue Reading
-
Opinion
12 May 2022
Security Think Tank: Your path to understanding attack paths
The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back Continue Reading
-
News
12 May 2022
APAC career guide: Becoming a cyber security pro
The region’s burgeoning cyber security industry has attracted more talent last year, but it takes more than just technical knowhow to succeed in the field Continue Reading
-
News
11 May 2022
Nerbian RAT enjoys using Covid-19 phishing lures
The world is slowly coming to terms with Covid-19, but fear of the coronavirus is no less useful to cyber criminals because of it, as Proofpoint researchers have discovered Continue Reading
-
News
11 May 2022
Emotet has commanding lead on Check Point monthly threat chart
Emotet remains by some margin the most prevalent malware, according to Check Point’s latest monthly statistics Continue Reading
-
News
11 May 2022
CyberUK 22: Five Eyes focuses on MSP security
The western intelligence community has set out practical steps IT service providers and their customers can take to protect themselves Continue Reading
-
News
11 May 2022
CyberUK 22: Data-sharing service to protect public from scams
A new data-sharing service set up by the NCSC and industry partners will give ISPs access to real-time threat data that they can use to block fraudulent websites Continue Reading
-
News
11 May 2022
Cyber accreditation body Crest forges new training partnerships
Crest says partnerships with Hack The Box and Immersive Labs will enhance its members’ defensive and offensive security skills Continue Reading
-
News
11 May 2022
Microsoft fixes three zero-days on May Patch Tuesday
It’s the second-to-last Patch Tuesday as we know it, and Microsoft has fixed a total of 75 bugs, including three zero-days Continue Reading
-
News
10 May 2022
‘Spy cops’ inquiry delves into police relationship with MI5
There was ‘no filter’ on the information that undercover police officers were collecting on activists throughout the 1970s, despite senior managers and officials involved in directing the surveillance questioning the appropriateness of the information gathering and sharing Continue Reading
-
News
10 May 2022
CyberUK 22: Cyber leaders affirm UK’s whole-of-society strategy
On the opening day of CyberUK 2022, GCHQ director Jeremy Fleming and NCSC CEO Lindy Cameron have spoken of their commitment to the government’s ambition for a whole-of-society cyber strategy Continue Reading
-
News
10 May 2022
CyberUK 22: NCSC refreshes cloud security guidance
The National Cyber Security Centre is revising its cloud guidance as increasing uptake of potentially vulnerable cloud services puts more organisations at risk of compromise Continue Reading
-
News
10 May 2022
CyberUK 22: Wales splashes £9.5m on cyber innovation hub
A new innovation hub hopes to spur on cyber security innovation in Wales Continue Reading
-
News
09 May 2022
CyberUK 22: NCSC’s ACD programme blocks 2.7 million scams
On the opening day of its annual CyberUK event, the NCSC reveals how organisations around the country have used its Active Cyber Defence programme to their advantage Continue Reading
-
Feature
05 May 2022
How to retain cyber talent in the Great Resignation
The cyber security industry is experiencing alarming rates of resignations, leaving organisations vulnerable to cyber attacks. How can we better retain cyber talent? Continue Reading
-
Opinion
05 May 2022
Security Think Tank: Identify, assess and monitor to understand attack paths
The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back Continue Reading
-
News
04 May 2022
NHS email accounts hijacked for phishing campaign
Microsoft credentials targeted in phishing operation using hijacked NHSMail accounts Continue Reading
-
News
04 May 2022
Intellectual property theft operation attributed to Winnti group
Winnti conducted a prolonged cyber espionage campaign that went undetected for years, allowing it to exfiltrate massive amounts of corporate data and intellectual property Continue Reading
-
Opinion
04 May 2022
Security Think Tank: Defenders must get out ahead of complexity
The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to better understand these attack pathways to fight back Continue Reading
-
News
03 May 2022
Five TLS comms vulnerabilities hit Aruba, Avaya switching kit
Five new vulnerabilities in the implementation of transport layer security communications leave several popular switches vulnerable to remote code execution Continue Reading
-
News
28 Apr 2022
Ransomware recovery costs dwarf actual ransoms
The cost of recovering from a ransomware attack far outweighs the ransoms now being demanded by cyber criminals, according to recent data Continue Reading
-
News
28 Apr 2022
Manufacturer sues JPMorgan after cyber criminals stole $272m
Manufacturer files lawsuit alleging that US bank failed to inform it of suspicious transaction activity Continue Reading
-
News
28 Apr 2022
Russia plumbs new depths in cyber war on Ukraine
Microsoft details cyber attacks on Ukrainian civilian communications, nuclear safety authorities, and the exploitation of the destruction of Mariupol in a phishing campaign Continue Reading
-
News
27 Apr 2022
Log4Shell, ProxyLogon, ProxyShell among most exploited bugs of 2021
These 15 CVEs were the most commonly exploited last year, and if you haven’t mitigated against them, now is the time Continue Reading
-
News
27 Apr 2022
Leeds Beckett’s ethical hacking platform wins Innovate UK backing
An ethical hacking and cyber education platform developed at Leeds Beckett University has received a major funding boost to help it launch commercially Continue Reading
-
News
27 Apr 2022
BT, Toshiba team on first commercial trial of quantum secured network with EY
Revolutionary computer infrastructure to be used in trial of management consultancy’s aim to connect quantum secure data transmission between its major London offices Continue Reading
-
News
26 Apr 2022
Emotet tests new tricks to thwart enhanced security
The operators of the Emotet botnet seem to be trying to find a way to get around recent changes made by Microsoft to better protect its users Continue Reading
-
News
22 Apr 2022
How Adnovum is leveraging its Swiss roots
Software company Adnovum is leveraging its strengths in identity and access management and its Swiss heritage as it expands into new markets and areas such as zero-trust security Continue Reading
-
News
22 Apr 2022
UAE bolsters cyber security
The United Arab Emirates has successfully improved its security posture amid mounting cyber threats Continue Reading
-
News
21 Apr 2022
Five Eyes in new Russia cyber warning
Latest cross-body alert warns of Russian threat to utilities and other core elements of national infrastructure Continue Reading
-
E-Zine
20 Apr 2022
CW APAC: Trend Watch: Cyber security
Protection from malicious actors has become a critical consideration for organisations in recent years. In this handbook, focused on cyber security in the Asia-Pacific region, Computer Weekly looks at how to minimise edge security risks, India’s rise in cyber security revenues, Check Point’s sales force and partner ecosystem processes, and Trellix’s decision to democratise XDR access Continue Reading
-
News
20 Apr 2022
One-third of scams that hit TSB are impersonation fraud
TSB reports an increase in fraudsters impersonating trusted organisations to trick consumers into making payments to them Continue Reading
-
News
20 Apr 2022
AWS fixes vulnerabilities in Log4Shell hot patch
AWS issues fixes for a series of Log4Shell hot patches after they turned out to leave its services vulnerable to further exploitation Continue Reading
-
News
19 Apr 2022
Median threat actor ‘dwell time’ dropped during 2021
Security teams appear to be getting better at detecting attackers within their networks, according to a report Continue Reading
-
News
14 Apr 2022
Lack of expertise hurting UK government’s cyber preparedness
UK government bodies and critical infrastructure owners cite a lack of staff resources, and internal and external expertise, as hampering factors when it comes to cyber readiness, according to a report Continue Reading
-
News
13 Apr 2022
WatchGuard firewall users urged to patch Cyclops Blink vulnerability
The US authorities have seen fit to add the WatchGuard vulnerability used by Sandworm to build the Cyclops Blink botnet to its list of must-patch vulnerabilities Continue Reading
-
News
13 Apr 2022
Microsoft patches two zero-days, 10 critical bugs
Patch Tuesday is here once again. This month, security teams must fix two privilege escalation zero-days in the Windows Common Log File System Driver and the Windows User Profile Service Continue Reading
-
News
13 Apr 2022
Criminals researched hacking TTPs post-breach in ‘messy’ cyber attack
Sophos shares details of a cyber attack that saw attackers hang out in their victim environment for five months while they prepared to sow further mischief Continue Reading
-
News
12 Apr 2022
Universal IAM policy failings put cloud environments at risk
Almost all organisations lack appropriate IAM policy controls to effectively secure their data in the cloud, according to a damning study Continue Reading
-
News
11 Apr 2022
Open source CMS platform Directus patches XSS bug
A stored cross-site scripting vulnerability in the Directus platform could have enabled malicious actors to gain access to valuable data Continue Reading
-
Opinion
11 Apr 2022
We must target a broad church to fill vacant cyber roles
The security industry focuses a lot on cyber-specific specialisms and technical skills, but it could really benefit from widening its search. Take it from a social anthropologist Continue Reading
-
News
11 Apr 2022
Raspberry Pi Foundation ditches default username policy
Raspberry Pi owners will no longer be able to use the default ‘pi’ username, as the Raspberry Pi Foundation clamps down on insecure practices Continue Reading
-
Blog Post
11 Apr 2022
Just How Secure Are You?
Back in the autumn of last year, I talked about a vendor – Bugcrowd – that doesn’t simply rely on AI and ML within a microchip, but actually uses real flesh and bone people (AKA ethical hackers) to ... Continue Reading
-
News
11 Apr 2022
Nordic countries discuss joint cyber defence capability
Nordic countries are in talks to increase their cyber defences in the face of the threat from Russia Continue Reading
-
News
08 Apr 2022
Was Spring4Shell a lot of hot air? No, but...
Find out why Spring4Shell was apparently not as impactful a security problem as many had at first feared, and why it’s on the cyber community as a whole to do better Continue Reading
-
News
06 Apr 2022
Apple criticised over unpatched CVEs in Catalina, Big Sur
Apple patched two zero-days in macOS Monterey last week, but did not address the same issue in Catalina or Big Sur, raising questions Continue Reading
-
Blog Post
06 Apr 2022
Does Anyone Trust Zero Trust?
Has there been a more over-used term within IT security over the past few years than “zero trust”? Answers in the virtual black box at the back of the virtual room (in the virtual universe). I ... Continue Reading
-
News
05 Apr 2022
Secrecy over police EncroChat hacking is unconstitutional, defence lawyers tell top French court
France’s constitutional court, the Conseil Constitutionnel, has heard arguments that the use of ‘defence secrecy’ to withhold information about police surveillance operations breaches the French constitution Continue Reading
-
News
05 Apr 2022
Triple-threat Borat malware no joke for victims
Unlike its namesake, the newly discovered Borat malware won’t raise a smile for IT security pros Continue Reading
-
News
01 Apr 2022
Apple drops emergency patches for two zero-days
Apple has fixed two zero-day vulnerabilities that appear to have been actively exploited in the wild Continue Reading
-
News
31 Mar 2022
Global upheaval shows cyber security isn’t good enough, says GCHQ director
Generational global upheaval has laid bare significant gaps in national cyber strategies, GCHQ chief Jeremy Fleming has said in a speech Continue Reading
-
News
31 Mar 2022
Lapsus$ cyber crime spree continues despite arrests
The arrests of seven people in connection with the Lapsus$ cyber crime group has not dented the gang’s enthusiasm for causing chaos Continue Reading
-
News
30 Mar 2022
One-third of UK firms suffer a cyber attack every week
New statistics from the annual DCMS Cyber security breaches survey reveal the extent and frequency with which UK organisations are being attacked by malicious actors Continue Reading