Security policy and user awareness
-
News
27 May 2025
US makes fresh indictments over DanaBot, Qakbot malwares
US charges the operators of two malwares, DanaBot and Qakbot, whose actions led to millions of dollars worth of cyber theft and fraud Continue Reading
-
News
27 May 2025
Armed forces charity steps in to address cyber mental health crisis
CIISec and military charity PTSD Resolution hope to address a gathering mental health crisis among frontline cyber professionals Continue Reading
-
News
07 Jul 2022
MI5, FBI chiefs warn of Chinese cyber espionage threat
In a joint appearance in London, MI5 director general Ken McCallum and FBI director Chris Wray warn of the growing threat posed by the Chinese government to UK and US interests Continue Reading
-
Opinion
07 Jul 2022
Security Think Tank: Cyber insurance – A nice safety blanket, but don’t count on it
In the second instalment of this month’s Security Think Tank, Mike Gillespie argues that cyber insurance should be thought of like car insurance – you don’t start driving recklessly because you’re covered Continue Reading
-
News
07 Jul 2022
The Security Interviews: Inside Russia’s Ukraine information operation
Computer Weekly speaks to Craig Terron of Recorded Future about delving deep inside the Russian disinformation machine, and how the Kremlin’s strategy is set to evolve Continue Reading
-
News
06 Jul 2022
Plexal seeks new scaleups for next phase of Cyber Runway
Established security startups looking to grow and scale their operations are being invited to join the next phase of Plexal’s Cyber Runway programme Continue Reading
-
News
06 Jul 2022
ESET: Lazarus APT hit aero, defence sector with fake job ads
ESET researchers present new findings into a series of cyber attacks on the aerospace and defence sectors by North Korea’s Lazarus crime syndicate Continue Reading
-
News
05 Jul 2022
Prepare for long-term cyber threat from Ukraine war, says NCSC
The NCSC has published refreshed guidance on cyber preparedness as the war on Ukraine continues, urging organisations to pay attention to the state of their security teams Continue Reading
-
News
05 Jul 2022
NCSC CEO: Why we should run towards crises to elevate cyber security
National Cyber Security Centre CEO Lindy Cameron, the 2022 Computer Weekly UKtech50 Most Influential Person in UK IT, reflects on a career immersed in crisis management, and how she is using this to elevate cyber security standards across the country Continue Reading
-
E-Zine
05 Jul 2022
How to get the right level of cyber insurance
In this week’s Computer Weekly, we look at how the market for cyber insurance is evolving and how to avoid buying the wrong level of cover. We find out what role hydrogen technologies could play in reducing datacentre carbon emissions. And we hear how a 125-year-old bicycle maker is embracing digital innovation. Read the issue now. Continue Reading
-
Opinion
01 Jul 2022
Security Think Tank: Now is the time to think about cyber insurance
Many IT leaders shy away from cyber insurance, but new, innovative developments in the market can help organisations take an approach that suits their needs Continue Reading
-
News
29 Jun 2022
New cyber extortion op appears to have hit AMD
Semiconductor specialist AMD has confirmed it is investigating reports that a ‘bad actor’ has stolen hundreds of gigabytes of its data Continue Reading
-
News
29 Jun 2022
Romance scammers exploit Ukraine war in cynical campaign
Romance scammers can make easy money exploiting people looking for love, but in this newly observed campaign linked to the Ukraine war they are playing on deeper emotions Continue Reading
-
E-Zine
28 Jun 2022
Collaboration key to IT sector sustainability
In this week’s Computer Weekly, as sustainability rises up the corporate agenda, IT leaders say more collaboration is needed to meet climate goals. Microsoft faces further calls for greater transparency over software tools used to monitor employees. And the cyber security industry warns over an increasing loss of talent. Read the issue now. Continue Reading
-
News
27 Jun 2022
Brexit a net negative for UK cyber, say CISOs
Six years on from the UK’s Brexit vote, the majority of security professionals say leaving the EU has raised concerns over their ability to keep their organisations safe Continue Reading
-
News
27 Jun 2022
LockBit ransomware gang launches bug bounty programme
A bug bounty programme is among a number of features LockBit’s developers have added to ‘version 3.0’ of the ransomware Continue Reading
-
Feature
27 Jun 2022
The cyber security impact of Operation Russia by Anonymous
The campaign against the Russian government by Anonymous surprised many with the depth and scale of the cyber attacks. What can we learn from this online war? Continue Reading
-
Feature
27 Jun 2022
Secure everything, not just the weakest link
The rise in cyber attacks on supply chains has expanded the role of IT security chiefs and the complexity of keeping organisations secure Continue Reading
-
E-Zine
24 Jun 2022
CW APAC: Tech career guide to cyber security
The demands placed on those fighting against hackers are constantly evolving. In this handbook, focused on cyber security in the Asia-Pacific region, Computer Weekly looks at the skills required to make it in the industry, how Singapore’s critical systems remain protected, the short-term options for tech stack management and how organisations can support cyber professionals’ mental health. Continue Reading
-
News
24 Jun 2022
Black Basta ransomware crew aiming for ‘big leagues’
Emergent Black Basta ransomware gang has hit more than 50 countries since bursting onto the scene earlier this year, says Cybereason Continue Reading
-
News
24 Jun 2022
US cyber agency in fresh warning over Log4Shell risk to VMware
Many VMware Horizon and UAG servers remain defenceless against Log4Shell, and organisations continue to fall victim to the vulnerability Continue Reading
-
Opinion
24 Jun 2022
Assessment and knowledge: Your key tools to secure suppliers
There is no silver bullet that will resolve all the issues arising from today’s interconnected businesses and complex supply chains, but there are some key tools at your disposal Continue Reading
-
News
24 Jun 2022
Developers grapple with open source software security
Software developers are taking longer to fix vulnerabilities and many do not know about the dependencies of open source software components they are using, study finds Continue Reading
-
Opinion
23 Jun 2022
Finding the balance between innovation and data security in healthcare
As the government launches its data strategy for health and social care, a fine line must be trodden between innovating through privacy-enhancing technologies, and retaining data security for patients Continue Reading
-
Feature
23 Jun 2022
What the world can learn from Saudi Arabia’s fight against industrial control system attacks
Iran learned from attacks on its infrastructure and unleashed similar malware on Saudi Arabia. The world has now gained valuable lessons from the Saudi response Continue Reading
-
News
22 Jun 2022
How TDCX is building a people-centric business
Every digital tool deployed by the Singapore-based services firm is aimed at augmenting the performance and experience of its employees, says TDCX’s group CIO, Byron Fernandez Continue Reading
-
Opinion
22 Jun 2022
Security Think Tank: Balanced approach can detangle supply chain complexity
Achieving an appropriate balance between people, processes and technology can help to detangle the complexities of the supply chain and create better security practices Continue Reading
-
News
21 Jun 2022
Government won’t regulate on professional cyber standards
The government has elected not to proceed with regulatory intervention to embed standards and pathways across the cyber profession Continue Reading
-
News
21 Jun 2022
Microsoft Office 365 has ability to ‘spy’ on workers
Microsoft faces calls for ‘transparency’ over tools in Office 365 that allow employers to read staff emails and monitor their computer use at work Continue Reading
-
Opinion
21 Jun 2022
Supply chain security goes deep – forget this at your peril
It may have hit the headlines as an IT issue, but supply chain security goes far deeper into an organisation than just technology Continue Reading
-
News
20 Jun 2022
Lords move to protect cyber researchers from prosecution
A cross-party group in the House of Lords has proposed an amendment to the Product Security and Telecommunications Infrastructure Bill that would address concerns about security researchers or ethical hackers being prosecuted in the course of their work Continue Reading
-
News
20 Jun 2022
Complex Russian cyber threat requires we go back to basics
The situation in Russia is anything but simple, but it is the fundamentals of cyber security hygiene that pose the best defence against the country’s digital threat, as Mandiant’s Jamie Collier explains Continue Reading
-
News
19 Jun 2022
Aussie mobile users most vulnerable to security threats
Australia has the highest percentage of mobile app threats detected on a per-device basis, with iPhone users more likely to download a risky app than an Android user, study finds Continue Reading
-
Feature
17 Jun 2022
What the EU’s content-filtering rules could mean for UK tech
EU proposals to clamp down on child sexual abuse material will have a material impact on the UK’s technology sector Continue Reading
-
Opinion
17 Jun 2022
Consider governance, coordination and risk to secure supply chain
A recent ISACA study found myriad factors that give good reason to be concerned about supply chain security. Cyber adviser Brian Fletcher recommends three areas to zero in on Continue Reading
-
News
17 Jun 2022
MoD sets out strategy to develop military AI with private sector
The UK Ministry of Defence has outlined its intention to work closely with the private sector to develop and deploy a range of artificial intelligence-powered technologies, committing to ‘lawful and ethical AI use’ Continue Reading
-
News
16 Jun 2022
Office 365 loophole may give ransomware an easy shot at your files
Researchers at Proofpoint have discovered potentially dangerous Microsoft Office 365 functionality that they believe may give ransomware a clear shot at files stored on SharePoint and OneDrive Continue Reading
-
Opinion
16 Jun 2022
Security Think Tank: Best practices for boosting supply chain security
In a highly connected world, managing the supply chain landscape requires an adaptation of the ‘traditional’ approach to managing cyber risk Continue Reading
-
News
16 Jun 2022
Interpol arrests thousands in global cyber fraud crackdown
A two-month operation saw law enforcement agencies in 76 countries crack down on organised cyber fraud Continue Reading
-
News
15 Jun 2022
Patch Tuesday dogged by concerns over Microsoft vulnerability response
The last Patch Tuesday in its current form is overshadowed by persistent concerns about how Microsoft deals with vulnerability disclosure Continue Reading
-
Opinion
15 Jun 2022
Security Think Tank: Basic steps to secure your supply chain
When it comes to supply chain security, there are some core things you should be doing – but remember, the devil is in the detail Continue Reading
-
News
14 Jun 2022
MS Azure Synapse vulnerability fixed after six-month slog
Microsoft patched a critical Azure Synapse vulnerability twice, but each time the researcher who discovered it was able to bypass it with ease, leading to a lengthy saga Continue Reading
-
News
13 Jun 2022
Government recommits to UK’s cyber future in Digital Strategy
New strategy leans heavily on cyber security but stops short of announcing any initiatives that have not already been launched or heavily trailed Continue Reading
-
News
13 Jun 2022
New warning over tech suppliers in thrall to hostile governments
Ukraine war could lead to shakeup of dual-use tech exports, says former UK intelligence officer Continue Reading
-
News
13 Jun 2022
Qatar bolsters cyber security in preparation for World Cup
With hackers honing their cyber weapons to target the upcoming football World Cup, Qatar is busy developing countermeasures and raising awareness Continue Reading
-
Opinion
10 Jun 2022
Security Think Tank: Don’t trust the weakest link? Don’t trust any link
Your security model shouldn’t fall apart just because a part of your business, or a partner, has weak security. This is why information-centric security is a must Continue Reading
-
News
10 Jun 2022
Snake Keylogger climbing malware charts, says Check Point
Cyber criminals behind Snake Keylogger campaigns have been switching up their tactics in the past few weeks, say researchers Continue Reading
-
News
09 Jun 2022
SolarWinds CEO offers to commit staffers to government cyber agencies
A new proposal from SolarWinds’ outspoken CEO, Sudhakar Ramakrishna, could see software companies commit key staff to work with government cyber agencies to improve cooperation and incident response Continue Reading
-
News
09 Jun 2022
Cyber researchers step in to fill Patch Tuesday’s shoes
Afraid you’ll miss Patch Tuesday when it’s gone? You’re not alone, but security analysts at Recorded Future are taking action to help the community come to terms with its loss Continue Reading
-
News
08 Jun 2022
China using top consumer routers to hack Western comms networks
An advisory from US cyber authorities shares details of multiple vulnerabilities exploited by Chinese state actors to hack into Western telecoms networks Continue Reading
-
Blog Post
06 Jun 2022
How has the UK response to ransomware worked?
Ransomware gangs begin with their own due diligence - to calculate how much the victim (or insurer) will pay before reporting. They are likely to move on and find a victim who will not report, ... Continue Reading
-
Opinion
01 Jun 2022
What does the EU’s NIS 2 cyber directive cover?
We run the rule over the European Union’s updated NIS2 security directive Continue Reading
-
Opinion
31 May 2022
The importance of making information security more accessible
Robin Smith, CSO of Aston Martin Lagonda, talks about how an accessible approach to cyber is helping him to keep the organisation secure Continue Reading
-
News
31 May 2022
Researchers discover zero-day Microsoft vulnerability in Office
Malicious Word documents have been used to invoke a previously undisclosed vulnerability in Microsoft Office without user interaction through Windows utility functions Continue Reading
-
Feature
31 May 2022
Attack of the clones: the rise of identity theft on social media
The proliferation of social media has resulted in the rise of identity theft on these platforms, with accounts copied for fraudulent or malicious purposes. What can be done to mitigate it? Continue Reading
-
News
31 May 2022
Industrial systems not safe for the future, say Dutch ethical hackers
Ethical hackers in the Netherlands say operational technology and IT networks need to be integrated to prevent cyber attacks penetrating their operations Continue Reading
-
Opinion
30 May 2022
Strong internal foundations are key to withstanding external threats
The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back Continue Reading
-
Opinion
26 May 2022
Security Think Tank: Core security processes must adapt in a complex landscape
The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back Continue Reading
-
News
26 May 2022
Two-thirds of UK organisations defrauded since start of pandemic
Nearly two out of three UK companies say they have experienced some form of fraud or economic crime in the past two years, according to a report Continue Reading
-
News
26 May 2022
Most CFOs being left out of ransomware conversations
Barely a tenth of CFOs are actively involved in planning for cyber attacks, according to a report Continue Reading
-
News
24 May 2022
Ransomware volumes grew faster than ever in 2021
Verizon’s annual DBIR assessment of the security landscape highlights an unprecedented boom in ransomware volumes, to the surprise of nobody Continue Reading
-
News
23 May 2022
Did the Conti ransomware crew orchestrate its own demise?
Analysts examining the shutdown of the Conti ransomware syndicate suggest the cyber crime collective orchestrated its own demise Continue Reading
-
Opinion
23 May 2022
Security Think Tank: Understanding attack paths is a question of training
The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back Continue Reading
-
News
23 May 2022
How Ivanti views patch management with a security lens
Bringing development, operations and security teams together will help organisations to improve their visibility of IT assets and vulnerabilities while keeping threat actors at bay Continue Reading
-
News
20 May 2022
Applying international law to cyber will be a tall order
Many in the security community have voiced their support for the UK government’s ambitions to work towards agreement with other countries on the application of international law to cyber space, but not without some reservations Continue Reading
-
News
20 May 2022
Microsoft drops emergency patch after Patch Tuesday screw up
Microsoft fixed a certificate mapping issue that caused server authentication failures on domain controllers for users that had installed the most recent Patch Tuesday updates Continue Reading
-
News
20 May 2022
Former Welsh steelworks becomes ‘living’ cyber lab
ResilientWorks security centre in Ebbw Vale provides an education hub for students and a testbed for industry Continue Reading
-
News
19 May 2022
Defensive cyber attacks may be justified, says attorney general
Speaking ahead of a speech at the Chatham House think tank, the UK’s attorney general has suggested defensive cyber attacks against hostile countries may be legally justifiable Continue Reading
-
News
19 May 2022
Top cyber criminal earnings outpace those of business leaders
Cyber crime can pay significantly better than leading a FTSE 100 organisation, according to a report Continue Reading
-
News
19 May 2022
Red teaming will be standard in Dutch governmental organisations by 2025
The Dutch government wants to include the testing of the digital security of systems, processes and people – also known as red teaming – in all of its governmental organisations’ test planning and budgeting by 2025 at the latest Continue Reading
-
Opinion
19 May 2022
Security Think Tank: Yes, zero trust can help you understand attack paths
The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back Continue Reading
-
Opinion
18 May 2022
Security Think Tank: To follow a path, you need a good map
The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back Continue Reading
-
News
17 May 2022
(ISC)² to train 100,000 cyber pros in UK
Security association (ISC)² unveils ambitious UK training programme Continue Reading
-
News
17 May 2022
Australian CISOs least prepared for cyber attacks
Australian CISOs are under pressure and feel the least prepared globally to deal with the consequences of a cyber attack, study finds Continue Reading
-
News
16 May 2022
Keeping Singapore’s critical systems secure
Tracy Thng offers a glimpse into her work in strengthening the cyber resilience of 11 essential service sectors in Singapore Continue Reading
-
News
13 May 2022
Open source community sets out path to secure software
A 10-point plan to improve the security and resilience of open source software was presented this week at a summit in the US Continue Reading
-
Blog Post
13 May 2022
Mind the gap: public and private sector disparity in cybersecurity
Amidst increasingly sophisticated cyber attacks and a constantly shifting threat landscape, cyber security partnerships across the private and public sector are essential in tackling these threats. ... Continue Reading
-
News
12 May 2022
GPDPR data scrape a ‘mistake’, says leading scientist
Giving evidence to the Science and Technology Committee, academic, physician and science writer Ben Goldacre has expressed serious misgivings about the on-hold GPDPR NHS data scrape Continue Reading
-
E-Zine
12 May 2022
CW Benelux: Meta shelves hyperscale datacentre plan in Netherlands
Meta’s plan for a hyperscale datacentre in the Netherlands which was to serve the metaverse world has been halted following a campaign by environmentalists and the Dutch parliament’s call for the government to do everything in its power to stop the facility being built. Also read how the Dutch arm of customer services supplier Teleperformance has led the entire organisation to adopt robotic process automation software. Continue Reading
-
Opinion
12 May 2022
Security Think Tank: Your path to understanding attack paths
The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back Continue Reading
-
News
12 May 2022
APAC career guide: Becoming a cyber security pro
The region’s burgeoning cyber security industry has attracted more talent last year, but it takes more than just technical knowhow to succeed in the field Continue Reading
-
News
11 May 2022
Nerbian RAT enjoys using Covid-19 phishing lures
The world is slowly coming to terms with Covid-19, but fear of the coronavirus is no less useful to cyber criminals because of it, as Proofpoint researchers have discovered Continue Reading
-
News
11 May 2022
Emotet has commanding lead on Check Point monthly threat chart
Emotet remains by some margin the most prevalent malware, according to Check Point’s latest monthly statistics Continue Reading
-
News
11 May 2022
CyberUK 22: Five Eyes focuses on MSP security
The western intelligence community has set out practical steps IT service providers and their customers can take to protect themselves Continue Reading
-
News
11 May 2022
CyberUK 22: Data-sharing service to protect public from scams
A new data-sharing service set up by the NCSC and industry partners will give ISPs access to real-time threat data that they can use to block fraudulent websites Continue Reading
-
News
11 May 2022
Cyber accreditation body Crest forges new training partnerships
Crest says partnerships with Hack The Box and Immersive Labs will enhance its members’ defensive and offensive security skills Continue Reading
-
News
11 May 2022
Microsoft fixes three zero-days on May Patch Tuesday
It’s the second-to-last Patch Tuesday as we know it, and Microsoft has fixed a total of 75 bugs, including three zero-days Continue Reading
-
News
10 May 2022
‘Spy cops’ inquiry delves into police relationship with MI5
There was ‘no filter’ on the information that undercover police officers were collecting on activists throughout the 1970s, despite senior managers and officials involved in directing the surveillance questioning the appropriateness of the information gathering and sharing Continue Reading
-
News
10 May 2022
CyberUK 22: Cyber leaders affirm UK’s whole-of-society strategy
On the opening day of CyberUK 2022, GCHQ director Jeremy Fleming and NCSC CEO Lindy Cameron have spoken of their commitment to the government’s ambition for a whole-of-society cyber strategy Continue Reading
-
News
10 May 2022
CyberUK 22: NCSC refreshes cloud security guidance
The National Cyber Security Centre is revising its cloud guidance as increasing uptake of potentially vulnerable cloud services puts more organisations at risk of compromise Continue Reading
-
News
10 May 2022
CyberUK 22: Wales splashes £9.5m on cyber innovation hub
A new innovation hub hopes to spur on cyber security innovation in Wales Continue Reading
-
News
09 May 2022
CyberUK 22: NCSC’s ACD programme blocks 2.7 million scams
On the opening day of its annual CyberUK event, the NCSC reveals how organisations around the country have used its Active Cyber Defence programme to their advantage Continue Reading
-
Feature
05 May 2022
How to retain cyber talent in the Great Resignation
The cyber security industry is experiencing alarming rates of resignations, leaving organisations vulnerable to cyber attacks. How can we better retain cyber talent? Continue Reading
-
Opinion
05 May 2022
Security Think Tank: Identify, assess and monitor to understand attack paths
The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back Continue Reading
-
News
04 May 2022
NHS email accounts hijacked for phishing campaign
Microsoft credentials targeted in phishing operation using hijacked NHSMail accounts Continue Reading
-
News
04 May 2022
Intellectual property theft operation attributed to Winnti group
Winnti conducted a prolonged cyber espionage campaign that went undetected for years, allowing it to exfiltrate massive amounts of corporate data and intellectual property Continue Reading
-
Opinion
04 May 2022
Security Think Tank: Defenders must get out ahead of complexity
The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to better understand these attack pathways to fight back Continue Reading
-
News
03 May 2022
Five TLS comms vulnerabilities hit Aruba, Avaya switching kit
Five new vulnerabilities in the implementation of transport layer security communications leave several popular switches vulnerable to remote code execution Continue Reading
-
News
28 Apr 2022
Ransomware recovery costs dwarf actual ransoms
The cost of recovering from a ransomware attack far outweighs the ransoms now being demanded by cyber criminals, according to recent data Continue Reading
-
News
28 Apr 2022
Manufacturer sues JPMorgan after cyber criminals stole $272m
Manufacturer files lawsuit alleging that US bank failed to inform it of suspicious transaction activity Continue Reading
-
News
28 Apr 2022
Russia plumbs new depths in cyber war on Ukraine
Microsoft details cyber attacks on Ukrainian civilian communications, nuclear safety authorities, and the exploitation of the destruction of Mariupol in a phishing campaign Continue Reading
-
News
27 Apr 2022
Log4Shell, ProxyLogon, ProxyShell among most exploited bugs of 2021
These 15 CVEs were the most commonly exploited last year, and if you haven’t mitigated against them, now is the time Continue Reading