Security policy and user awareness

Zero-trust network policies should reflect varied threats

Role-based access systems create enormous pools of responsibility for administrators. Explore how to eliminate these insecure pools of trust with zero-trust network policies. Continue Reading

Zero-trust methodology's popularity a double-edged sword

The authors of 'Zero Trust Networks' discuss how the zero-trust methodology's popularity produces both vendor hype and renewed attention to critical areas of security weakness. Continue Reading

Calls for clarity over Amazon insider breach

Security experts call for more clarity from Amazon over an apparent leak of customer data Continue Reading

Sopra Steria hit by new version of Ryuk ransomware

IT services company Sopra Steria says it has contained the ransomware virus, but systems will take a few weeks to be fully operational Continue Reading

APAC CISOs warm up to zero trust

Security leaders in Asia-Pacific are adopting zero-trust security, but challenges stand in their way of reaping the full potential of the security model Continue Reading

Cooperation between Norway’s security agencies planned following cyber attack on parliament

Government seeks to develop enhanced national IT infrastructure with an embedded early warning system and defence shield to protect the IT systems of public and private organisations Continue Reading

SonicWall patches 11 firewall vulnerabilities

SonicWall users are advised to download updates that fix 11 CVEs in the SonicOS operating system, uncovered by Positive Technologies Continue Reading

Protecting remote workers an opportunity to do security better

Securing the fully remote workforce has been a challenge for IT teams, but it presents an opportunity to commit to a higher standard of cyber security, according to a Cisco report Continue Reading

NSA’s top CVE list a timely reminder to patch

Many of the CVEs detailed on the NSA’s top 25 chart are golden oldies Continue Reading

Charities warned over ‘Robin Hood’ cyber criminals

Accepting donations from cyber criminal groups could be deemed as profiting from crime, money laundering or handling stolen goods – so don’t do it Continue Reading

Customer loyalty accounts in danger from cyber criminals

Billions of credential stuffing attacks are harvesting valuable customer data for the dark web economy Continue Reading

Why securing the DNS layer is crucial to fight cyber crime

Domain name system security is often overlooked by organisations, but focusing on this layer could actually improve the effectiveness of cyber security strategies. We explore the latest DNS trends and best practice Continue Reading

Retailers get access to new security toolkit

The British Retail Consortium has worked with the NCSC to develop a new cyber security toolkit pitched at retailers Continue Reading

Security Think Tank: Essential tools to mitigate double extortion attacks

The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cyber crime heighten risk for the enterprise, and what steps can we take to safeguard the personal data we hold? Continue Reading

Resilient Trickbot down but not yet knocked out

Global, Microsoft-led effort to disrupt the Trickbot botnet has seen some success, but new command and control servers continue to pop up Continue Reading

Police given access to self-isolation data

NHS Test and Trace self-isolation data will be made available to police after new guidance changes data-sharing rules Continue Reading

BA breach penalty sets new GDPR precedents

The 90% reduction in the fine levied on BA over a 2018 data breach has legal experts talking about the ramifications for the future of data protection Continue Reading

Podcast: Cybersecurity Awareness Month, Covid-19 and storage

We look at how organisations can use Cybersecurity Awareness Month as an opportunity to revisit their handling of data and compliance, especially with changes brought by Covid-19 and home working Continue Reading

Security Think Tank: Safeguarding PII in the current threat landscape

The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cybercrime heighten risk for the enterprise, and what steps can we take to safeguard the personal data we hold? Continue Reading

Cloud data protection keeps the Crick’s medical research Covid-secure

Cloud data management services from Rubrik gave the Francis Crick Institute a data protection edge and have helped keep its vital work going through the pandemic Continue Reading

Security Think Tank: Essential tools to mitigate data loss and identity theft

The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cybercrime heighten risk for the enterprise, and what steps can we take to safeguard the personal data we hold? Continue Reading

Hackney services still offline in ongoing cyber attack

Services remain disrupted two days after council was hit by a serious incident, as residents are warned to be on their guard Continue Reading

Public sector security failings leave UK at risk, says think tank

Reform report urges adoption of new policies in the next version of the UK’s National Cyber Security Strategy Continue Reading

US Elections: Malicious internet domains spike as campaigns heat up

Internet domains related to the US presidential election are 56% more likely to be malicious than regular ones Continue Reading

Fintech ‘unicorn’ Klarna probed over data misuse

Online bank blames misuse of user data on human error as Information Commissioner’s Office weighs in Continue Reading

Microsoft fixes 87 bugs in October 2020 Patch Tuesday

Smaller October Patch Tuesday update includes fixes for critical bugs in Windows 10 and Windows Server 2019 Continue Reading

Security Think Tank: Adapting defences to evolving ransomware and cyber crime

The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cyber crime heighten risk for the enterprise, and what steps can we take to safeguard the personal data we hold? Continue Reading

Suppliers neglecting virtual appliance security, putting users at risk

Software suppliers are often distributing their products on virtual appliances that contain known vulnerabilities or are running outdated or unsupported operating systems, according to a report Continue Reading

Security Think Tank: What you need to know about addressing the doxing threat

The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cybercrime heighten risk for the enterprise, and what steps can we take to safeguard the personal data we hold? Continue Reading

Five Eyes spy group again demands access to private messages

Spooks are once again calling for the tech industry to break end-to-end encryption in messaging platforms Continue Reading

Cyber security skills ad branded ‘crass’ by minister

Security skills campaign advert depicting a ballet dancer comes in for criticism as the arts sector struggles in the pandemic Continue Reading

Making sense of zero-trust security

Implementing zero-trust security is not an easy feat, but enterprises can still get it right if they approach it from a process perspective and get a handle on their infrastructure footprint Continue Reading

Security Think Tank: Tighten data and access controls to stop identity theft

The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cyber crime heighten risk for the enterprise, and what steps can we take to safeguard the personal data we hold? Continue Reading

NCSC relaunches SME security guide with home working focus

The NCSC is issuing an updated version of its guide to security for SMEs, reflecting the long-lasting changes to the world of work seen in 2020 Continue Reading

Emotet rated September’s ‘most popular’ malware

The current resurgence of Emotet is attracting attention as governments issue new warnings and cyber criminals rush to exploit the chaotic US election Continue Reading

Crown Prosecution Service suffers 1,600 data breaches in 12 months

CPS sees a spike in data security incidents, many of them serious enough to be reported to the Information Commissioner’s Office Continue Reading

Threat of GDPR fines increasingly driving security buying decisions

Scaring the people who hold the purse strings may be the best option for CISOs who need a little extra budget Continue Reading

Southeast Asia remains hotspot for cyber attacks

Geopolitics and Covid-19 have been fodder for cyber criminals to advance their motives in Southeast Asia in 2020 Continue Reading

EU’s top court questions legality of UK phone and internet data surveillance

European Court of Justice rules that the UK and EU member states must comply with EU privacy laws when harvesting people’s sensitive communications data from telecoms and internet companies Continue Reading

The privacy and compliance challenges organisations face in 2021

Privacy and compliance teams have a lot on their plate as 2021 approaches. What are the key issues to consider? Continue Reading

Ransomware attacks go through the roof

The volume of ransomware attacks has jumped 50% in the past three months, according to data produced at Check Point Continue Reading

MosaicRegressor APT campaign using rare malware variant

Kaspersky researchers have shared details of a APT campaign utilising a rarely seen and hard-to-stop variety of malware Continue Reading

Fake news tops list of online concerns worldwide

Receiving false information is a greater worry than other online risks such as cyber bullying and fraud, says the Lloyd’s Register Foundation Continue Reading

HMRC warns locked-down freshers of ‘wave’ of tax scams

New university intake may be being targeted by cyber criminals amid Covid-19 confusion Continue Reading

Honesty is the best policy: Forging a security culture in the NHS

Clinician and technologist Sam Shah helped set up NHSX in 2019. Now he’s helping advance digital transformation in healthcare from the outside, and a big part of that is addressing security in the sector Continue Reading

Security pros face sanctions if they help ransomware victims pay

New advisory from the US government warns cyber insurance and incident response specialists that they could be skating on thin ice if they help ransomware victims pay their attackers off Continue Reading

Find and fix your Adobe Flash dependencies, says NCSC

As Adobe’s Flash Player approaches end-of-life, the National Cyber Security Centre is urging organisations to fix their Flash dependencies Continue Reading

Threat actors becoming vastly more sophisticated

Malicious actors have been busily honing their craft and cyber security incidents are up across the board as a result, according to a Microsoft report Continue Reading

NCSC expands schools programme to north-east England and Northern Ireland

Following an initial roll-out in Gloucestershire and Wales, the NCSC’s CyberFirst Schools programme is being extended to north-east England and Northern Ireland Continue Reading

NatWest offers online banking customers free security services

Bank responds to a surge in cyber crime targeting users of online banking services Continue Reading

Ryuk attack downs private health provider in major incident

Private healthcare provider UHS has been been hit by a major big game hunting cyber attack that infected its systems with the Ryuk ransomware Continue Reading

TikTok ban stayed after last-minute court case

TikTok’s lawyers have staved off an imminent ban for the time being, after successfully arguing that it infringed rights guaranteed under the Constitution of the United States Continue Reading

Police Scotland to set up new cyber crime centre

National Centre of Excellence will employ specially trained officers to tackle a vertiginous rise in cyber crime Continue Reading

Security now main driving force behind digital transformation

Organisations are urgently remodelling their core technology stack in the light of the Covid-19 pandemic, and this is pushing security to the top of the agenda Continue Reading

Airbnb hosts’ account data exposed in internal leak

Data exposure within Airbnb’s system was the result of a technical issue but was swiftly fixed, says the firm Continue Reading

Digital Identity Policy must address Fake (and Fogged) Credentials   

Banks and employers cannot afford to trust the credentials (digital or otherwise) issued by Government or mandated by regulators (e.g. Passports, Driving Licenses or Utility Bills) until the issues ... Continue Reading

Covid-19 has changed how we think about cyber security forever

Six months into the global pandemic, the true impact on the future of cyber security is beginning to look clearer, says Microsoft’s Ann Johnson Continue Reading

Third-party code bug left Instagram users at risk of account takeover

A critical vulnerability in Instagram’s image processing could have allowed attackers to take over not just their victim’s account, but their entire device Continue Reading

NHS whistleblower privacy concerns passed on to regulator, but campaigners not holding their breath

NHS Improvement chair Dido Harding acknowledges receiving concerns raised about the anonymity of whistleblowers, but campaigners have little faith that anything will be done Continue Reading

Government blasted over ‘reckless’ contact-tracing security

The Open Rights Group and Big Brother Watch accuse the government of endangering public health with a reckless attitude to contact-tracing data security Continue Reading

Public admires security professionals, but doesn’t want their jobs

(ISC)² research finds attitudes towards security roles are increasingly positive, but not many people fancy joining the fight against cyber crime Continue Reading

Video gamers barraged with cyber attacks

From credential stuffing to SQL injection and DDoS, video game producers and players are seeing massive volumes of cyber attacks Continue Reading

US agencies warn of election disinformation and cyber attacks

Federal agencies are warning of heightened disinformation as the crucial 2020 presidential election nears Continue Reading

Activision shoots down data breach claims

Gaming company denies there has been any data breach after up to 500,000 accounts appeared to have been compromised, but evidence mounts that credential stuffing attacks are to blame Continue Reading

Scam mobile apps spreading via rogue TikTok accounts

Malicious TikTok accounts are promoting a number of adware scam mobile apps Continue Reading

Trump implicated in plans to prosecute Assange over war leaks

US journalist and Trump supporter, Cassandra Fairbanks, said she was given advanced details of US plans to oust Wikileaks founder Julian Assange from the Ecuadorian Embassy and to arrest him for over documents leaked by former soldier Chelsea Manning Continue Reading

Why business resilience management should be high on the agenda

Business resilience management is key to business survival in the face of rapidly changing IT, cyber threat and regulatory environments Continue Reading

German authorities probe ransomware hospital death

Hackers failed to extort a ransom from University Hospital Düsseldorf, but indirectly caused the death of a patient Continue Reading

Rampant Kitten spent six years hacking Iranian dissidents

Details emerge of an ongoing campaign by Tehran-backed threat actors targeting dissidents and activists Continue Reading

Saudi Arabia sees cyber security boom as coronavirus bites

Saudi Arabian CIOs have been forced to increase their security posture as the Covid-19 pandemic transforms working methods Continue Reading

What are the habits of highly effective CISOs?

Data crunched by Gartner analysts reveals the behaviours that differentiate the top-performing chief information security officers from the pack Continue Reading

Security Think Tank: Edge security in the world of Covid-19

That datacentre security is a complex subject is not in doubt and, given the trend to move beyond centralised datacentre to distributed environments, this is not going to change. How can security professionals ensure such setups are just as secure as the traditional centralised model? Continue Reading

NCSC steps up ransomware support for schools and universities

New alert and updated guidance comes after several academic institutions were targeted in ransomware attacks Continue Reading

Security Think Tank: Edge datacentre security depends on specific needs

That datacentre security is a complex subject is not in doubt and, given the trend to move beyond centralised datacentres to distributed environments, this is not going to change. How can security professionals ensure such setups are just as secure as the traditional centralised model? Continue Reading

Gartner Security Summit: Covid-19 brings agile security to the fore

The evolving threat landscape is the top driver impacting cyber security during the next three to five years, and Covid-19 has accelerated the trend towards more agile security deployments Continue Reading

Risky development practice leaves company access keys exposed

Database stores, cloud storage and myriad other services are being put at risk by the accidental exposure of company access keys during development Continue Reading

Security Think Tank: No secret sauce for edge security, just good practice

That datacentre security is a complex subject is not in doubt, and given the trend to move beyond centralised datacentres to distributed environments, this is not going to change. How can security professionals ensure such setups are just as secure as the traditional centralised model? Continue Reading

Data of every Welsh Covid-19 patient leaked online

Data on all 18,105 people in Wales who have received positive tests for the coronavirus was uploaded to a public-facing web server in error Continue Reading

Julian Assange faces solitary confinement if extradited, court hears

WikiLeaks founder Julian Assange will be held under special administrative measures if extradited to the US, said Eric Lewis, a US legal expert, effectively placing him in solitary confinement Continue Reading

Microsoft drops out of TikTok talks, paves way for Oracle partnership

Microsoft confirms it is dropping out of the running to acquire the US operations of TikTok, leaving the way clear for an imminent partnership deal with Oracle Continue Reading

Cyber security is next frontier for open source

Open security will facilitate the interoperability and capabilities of cyber security tools while alleviating vendor lock-in for enterprises, says IBM Continue Reading

Government launches £500k healthcare security plan

A £500,000 funding pot from the government aims to help support small and mid-sized healthcare firms during the pandemic Continue Reading

Tackling the Post Covid Cybercrime Pandemic

The pace of change along criminal supply chains is accelerating. But so too is the response from law enforcement. Lockdown saw the first step with long overdue automation of incident notification ... Continue Reading

Why predictive threat intelligence is key

Threat intelligence startup Cyfirma is using virtual agents to gather intelligence on potential cyber attacks that are being coordinated in underground forums before they occur Continue Reading

Lockdown sees increase in girls applying for GCHQ cyber courses

The shift to online learning saw an increase in participants for its CyberFirst cyber security training programme, GCHQ found Continue Reading

Phishing scam targets Lloyds Bank customers

Bank customers warned of emails and SMS messages that direct them to a fraudulent site and then request account log-in details Continue Reading

Security Think Tank: Datacentre security is a business imperative

That datacentre security is a complex subject is not in doubt and, given the trend to move beyond centralised datacentres to distributed environments, this is not going to change. How can security professionals ensure such setups are just as secure as the traditional centralised model? Continue Reading

How Certis is digitising security operations

Certis has developed more than 50 applications in a year to help employees do their jobs better and has set up an AI centre to tap the potential of robotics and video analytics in security Continue Reading

Northumbria University suffers major disruption after cyber attack

Some exams cancelled as university appoints external specialists to investigate incident Continue Reading

Security Think Tank: Seven steps to edge security

That datacentre security is a complex subject is not in doubt and, given the trend to move beyond centralised datacentres to distributed environments, this is not going to change. How can security professionals ensure such setups are just as secure as the traditional centralised model? Continue Reading

Norway’s corporates want government to support ‘herd immunity’ to cyber attack

Leading business organisations in Norway call on government to play a more active role in improving and coordinating the country’s cyber defences Continue Reading

Vint Cerf: Why everyone has a role in internet safety

The Covid-19 pandemic has demonstrated the power of internet connectivity. Vint Cerf talks to Computer Weekly about the challenges the internet now faces Continue Reading

Security Think Tank: Security at the distributed edge

That datacentre security is a complex subject is not in doubt, and given the trend to move beyond centralised datacentres to distributed environments, this is not going to change. How can security professionals ensure such setups are just as secure as the traditional centralised model? Continue Reading

Machine learning wards off threats at TV studio Bunim Murray

TV studio behind reality hits including The Real World and Keeping Up With The Kardashians turned to Darktrace’s Antigena email protection service to keep its people safe from Covid-19 threats Continue Reading

Benefit fraud: Underground trade in stolen identities revealed

A roaring underground trade in stolen identities is undermining the Universal Credit system and could potentially defraud it out of millions of pounds Continue Reading

Double extortion ransomware attacks and how to stop them

As ransomware attacks increase, hackers are diversifying their tactics to get victims to hand over larger sums of money. We investigate the rise of double extortion attacks Continue Reading

NHS whistleblowers’ anonymity at mercy of inadequate trust IT policies and processes

They were clapped in the streets for their bravery at the height of the Covid-19 pandemic, but some NHS staff who raise workplace concerns are suffering abuse as a result Continue Reading

TikTok CEO clocks off

TikTok CEO Kevin Mayer has resigned from the firm after just three months Continue Reading

Avaddon ransomware operators having a go at double extortion

The operators of the Avaddon ransomware seem to be tooling up to leak the data of their victims in addition to holding it to ransom, Cofense researchers confirm Continue Reading

What are the latest GDPR security breach enforcement trends?

A cyber breach specialist from Fieldfisher runs the rule over the latest trends in cyber security, data protection and GDPR Continue Reading