Security policy and user awareness

Coronavirus: Kaspersky, Bitdefender make products free to NHS

Kaspersky and Bitdefender have both made various products and services available free to healthcare customers as the Covid-19 coronavirus pandemic intensifies Continue Reading

Thousands of Netflix, Disney+ streaming accounts being stolen

Proofpoint has urged users of streaming services to be alert to cyber criminals hijacking their accounts Continue Reading

Why zero trust may not be all it’s cracked up to be

While they are discussed ad nauseam in the security industry, zero-trust architectures may not be all they’re cracked up to be, according to analyst Sam Bocetta Continue Reading

Cyber gangsters hit UK medical firm poised for work on coronavirus with Maze ransomware attack

The Maze ransomware group has published personal and medical details of thousands of former patients of a London-based medical research company after a failed attempt to disable the firm's computer systems Continue Reading

Coronavirus: Sans Institute issues cyber security advice for parents

With schools now shut across the UK, parents will bear more responsibility for keeping children safe online and educating them about online harms Continue Reading

IT Priorities 2020: ANZ firms to spend more on cyber security

Over half of respondents in Australia and New Zealand plan to invest more in cyber security, especially in key areas such as data loss prevention Continue Reading

Volume of computer misuse incidents falling, says ONS

Downward trend comes despite an overall increase in fraud, according to new statistics Continue Reading

Coronavirus: How to implement safe and secure remote working

Find out what CIOs and CISOs need to know to enable their end-users to work remotely and stay secure during the Covid-19 coronavirus crisis, and learn how users can help themselves Continue Reading

Coronavirus now possibly largest-ever cyber security threat

The cumulative volume of coronavirus-related email lures and other threats is the largest collection of attack types exploiting a single theme for years, possibly ever Continue Reading

Security Think Tank: Amid panic, how to find a sound level of security

In our globalised world, high-profile events such as Covid-19 have huge business impacts, some of which may be felt by CISOs. What responsibilities do security professionals have in such circumstances? Continue Reading

Covid-19: NCSC issues secure remote working guidance

With hundreds of thousands likely to be working remotely for some time, the UK’s NCSC has issued best practice guidance to enable security teams to support them Continue Reading

UN identifies tech companies working in Occupied Palestinian Territories

United Nations Human Rights Office report names a number of technology companies that could be involved in violating human rights Continue Reading

SentinelOne makes security platform free to support remote workers

Endpoint protection platform service will be made free until 16 May 2020 to help protect remote workers during the Covid-19 coronavirus crisis Continue Reading

Security Think Tank: To tackle Covid-19, be prepared, flexible and resilient

In our globalised world, high-profile events such as Covid-19 have huge business impacts, some of which may be felt by CISOs. What responsibilities do security professionals have in such circumstances? Continue Reading

Coronavirus-linked hacks likely as Czech hospital comes under attack

The world of cyber security is on high alert to heightened vulnerabilities as the spread of the Covid-19 coronavirus changes daily life across Europe Continue Reading

Security Think Tank: A guide to security best practice for pandemics

In our globalised world, high-profile events such as Covid-19 have huge business impacts, some of which may be felt by CISOs. What responsibilities do security professionals have in such circumstances? Continue Reading

UK’s security sector failing on most diversity measures

A DCMS report on the state of the UK’s cyber security workforce highlights a huge lack of diversity and a substantial skills gap Continue Reading

Security pros just want to be loved, report finds

Being valued by the business for their role in keeping the organisation safe and upholding ethical standards is a primary motivator for CISOs and other security professionals Continue Reading

Cookie-stealing trojans found lurking on Android phones

Kaspersky discovers two new Android malware modifications that could give hackers control of their victims’ social media accounts Continue Reading

Security Think Tank: Coronavirus crisis helps put security in context

In our globalised world, high-profile events such as Covid-19 have huge business impacts, some of which may be felt by CISOs. What responsibilities do security professionals have in such circumstances? Continue Reading

Microsoft locks down new vulnerability with EternalBlue echoes

Microsoft has moved to get ahead of a serious remote code execution vulnerability in Microsoft Server Message Block 3.1.1, which was accidentally disclosed then missed in its March Patch Tuesday update Continue Reading

Microsoft fixes 26 critical vulnerabilities in another heavy Patch Tuesday

March’s Patch Tuesday is another big one for Microsoft, addressing 115 vulnerabilities, 26 of them critical Continue Reading

Security Think Tank: ID-driven security helps safeguard the workforce

In our globalised world, high-profile events such as Covid-19 have huge business impacts and some of these impacts may be felt by CISOs. What responsibilities do security pros have in such circumstances, and what steps can they take to shore up their defences? Continue Reading

Schoolgirl security experts prepare to do battle

The finals of the CyberFirst Girls contest will take place on 16 March as the culmination of the NCSC’s annual competition to unearth future security talent Continue Reading

Hacking community targeted by cyber criminals in new trojan campaign

Cybereason’s Nocturnus threat research team has uncovered a cyber criminal campaign that weaponises popular hacking tools Continue Reading

Bill Gates backs Crest fintech security scheme for Africa and Asia

UK-based cyber security accreditation and certification non-profit Crest has been awarded a $1.4m grant from the Bill and Melinda Gates Foundation to expand cyber security capacity for fintechs in Africa and Asia Continue Reading

DCMS to oversee coronavirus disinformation unit

A cross-departmental counter-disinformation unit will seek to protect and secure UK citizens from disinformation, scams and cyber security threats related to the Covid-19 outbreak Continue Reading

MI5 slammed by watchdog for failing to delete intercepted phone and internet data

The Investigatory Powers Commissioner (IPCO) has criticised MI5 for failing to report serious errors in the way it handles intercepted phone and internet data Continue Reading

Cathay Pacific hit with £500,000 data protection fine from ICO over 2018 breach

Airline receives maximum financial penalty under Data Protection Act for data breach that led to nine million customers having their personal data accessed by hackers Continue Reading

Australian government pulls plug on cloud certification programme

The Australian Signals Directorate is closing its cloud services certification programme to allow for more home-grown suppliers Continue Reading

NCSC issues smart camera security guidance to protect consumers from unauthorised snoops

Government’s latest push to safeguard users of in-home connected devices sees National Cyber Security Centre issue guidance to help consumers tighten up security of smart cameras and baby monitors Continue Reading

Tech readiness for coronavirus

As more cases of the coronavirus are found in the UK, businesses are going to have to face the very real prospect that encouraging people to go into the office, raises the risk of the virus ... Continue Reading

Singapore among world’s top sources of online threats

Singapore remained a hotspot for originating cyber attacks in 2019, with 11 million attacks launched from servers in the city-state Continue Reading

The Security Interviews: Inside the world of bug bounties

You may not make a million as a bug bounty hunter, but you might help remove some of the stigma that persists around cyber security, says HackerOne’s Shlomie Liberow Continue Reading

Data breaches in Australia showing no signs of abating

Compromised login credentials and human error were the most common causes of data breaches reported under Australia’s notifiable data breach regime from July to December 2019 Continue Reading

NCSC makes ransomware attack guidance more accessible

Following a swathe of high-profile ransomware attacks, the UK’s National Cyber Security Centre has made changes to its guidance, emphasising the importance of offline backups Continue Reading

Redcar & Cleveland Council confirms ransomware attack

Local authority’s systems are still offline nearly three weeks after being attacked Continue Reading

Cloud Snooper firewall bypass may be work of nation state

Cloud Snooper deploys a combination of specialised techniques to sneak past enterprise firewalls, warns Sophos Continue Reading

FCA data breach could happen to anybody, but easy to avoid

Minor data breach at the Financial Conduct Authority was the result of simple human error, and highlights the need for organisations to consider a wide range of potential threats Continue Reading

Google warns users not to mess with Huawei devices

Google tells users of Huawei devices to try to avoid bypassing controls preventing them from loading its apps Continue Reading

Cloud data leaks compounded by lack of automation tools

Data leaks caused by misconfigured clouds are being compounded because security teams lack appropriate automation and integration tools, according to a report Continue Reading

Cyber criminals targeting UK motorists, warns DVLA

Cyber criminals are offering various services and tax refunds that purport to be from the DVLA Continue Reading

McAfee buys Light Point to enhance web browser protection

Acquisition of Light Point Security will extend the capabilities of multiple McAfee products Continue Reading

Thai university to roll out data protection certification

Thailand’s National Institute of Development Administration is offering a certification programme to get organisations ready for the country’s data protection regime Continue Reading

Open security group unveils common OpenDXL language

Open Cybersecurity Alliance announces the availability of OpenDXL Ontology, the first open source language for connecting disparate security tools through a common messaging framework Continue Reading

Labour condemns Google data plans

Shadow digital minister Chi Onwurah challenges the government to stop Google’s plans to move UK user data out of the EU Continue Reading

Malicious apps still getting past Google controls

Check Point researchers have found multiple malware-infected apps in the Google Play store, including a clicker called Haken, which has been downloaded more than 50,000 times Continue Reading

F-Secure’s AI reads mean tweets to fight abuse and trolls

Researchers working on F-Secure’s Project Blackfin have developed a model for clustering tweets to help pinpoint abuse and harassment Continue Reading

Google plans to send Brits’ data to US after Brexit

Move puts British user data beyond the reach of the EU’s GDPR, makes it more accessible to UK and US law enforcement agencies, and has prompted anger Continue Reading

Cost of cloud misconfigurations set at $5tn

Cloud security outfit DivvyCloud says more than 33 billion records have been exposed in cloud misconfiguration incidents in the past 24 months Continue Reading

Blasé directors put business data at risk

The higher up within a business you go, the more likely you are to find people intentionally leaking confidential data, says Egress Continue Reading

Questions raised over Office 365 shared content policy

Buried 300 words into Microsoft’s standard service level agreement is a clause that affects intellectual property and privacy Continue Reading

US ‘breached due process’ in spying operation against Julian Assange’s lawyers

Surveillance footage of Julian Assange’s meetings with lawyers and doctors in the Ecuadorian Embassy in London was an “abuse of process” Continue Reading

Girlguiding hosts interactive cyber security workshop

100 Guides from South West England took part in an NCSC event to learn more about security fundamentals Continue Reading

Untrusted security teams being left out of business decisions

Only a third of organisations are involving their cyber security function at the planning stage of business initiatives Continue Reading

Is this Netflix-style thriller the future of security training?

Cyber awareness specialists at KnowBe4 reckon that bringing Netflix-style production values to corporate videos heralds a new approach to security training Continue Reading

Most CISOs ready to move jobs if something better comes along

The shortage of skilled security pros is creating an active recruitment market, with over 80% of CISOs saying they would consider a new role if approached Continue Reading

Security Think Tank: Zero trust strategies must start small, then grow

In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs approach moving their organisations from traditional network security to a zero-trust architecture? Continue Reading

Australians more savvy about cyber security

More Australians look out for signs of security features such as SSL encryption even as they remain sceptical of the data protection capabilities of small businesses Continue Reading

Mastercard opens European security resilience unit

Mastercard’s European Cyber Resilience Centre will bring together its partners and other industry bodies to support enterprise resilience Continue Reading

Ex-soldiers to become ethical hackers

A new programme will give armed forces veterans in Scotland a grounding in cyber security skills, including penetration testing and ethical hacking Continue Reading

Security Think Tank: Ask yourself if zero trust is right for you

In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust architecture? Continue Reading

Security Think Tank: How zero trust lets you take back control

In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero trust architecture? Continue Reading

Cyber criminals spread coronavirus conspiracy theories

The latest email campaigns identified by Proofpoint are spreading conspiracy theories about the coronavirus outbreak Continue Reading

Security Think Tank: Practical steps to achieve zero trust

In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust architecture? Continue Reading

Emotet evolving to exploit coronavirus fear

With coronavirus cases now reported across the world, Emotet campaigns are exploiting legitimate fears to compromise their targets Continue Reading

Internet Explorer zero day among 99 Patch Tuesday problems

After an eventful January Patch Tuesday that marked the end of support for Windows 7, the February 2020 update is another whopper, fixing close to 100 vulnerabilities Continue Reading

Mac-based security threats outpacing Windows

Security threats targeting Apple endpoints are growing more quickly than those targeting Windows machines, according to Malwarebytes Continue Reading

Chinese military personnel accused of Equifax hack

A US federal grand jury has indicted four Chinese army personnel over the 2017 Equifax breach Continue Reading

What should be in Australia’s next cyber security strategy

The Australian government is reviewing the nation’s cyber security strategy, but is it looking at the right issues? Continue Reading

Security Think Tank: Zero trust is complex, but has rich rewards

In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust architecture? Continue Reading

RobbinHood ransomware tricks Windows into deleting defences

By subverting kernel memory settings in Windows 7, Windows 8 and Windows 10, the RobbinHood ransomware can now delete cyber security defences from target systems Continue Reading

Joaquin Phoenix’s Joker is ‘most dangerous’ movie

Ahead of the 2020 Oscars, Kaspersky researchers say they found more than 300 files masquerading as the Joker movie Continue Reading

Security Think Tank: No trust in zero trust need not be a problem

In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust architecture? Continue Reading

Maastricht University pays €200,000 to Russian hackers

A Dutch university has taken the difficult decision to pay hundreds of thousands of Euros to Russian hackers that compromised its systems through a ransomware attack Continue Reading

Stressed, overworked CISOs losing £23k a year in unpaid overtime

Nominet’s latest CISO Stress Report has revealed the extent to which organisations are taking advantage of their security staff, and the deleterious effects of overwork and stress on mental health Continue Reading

Scammers using fake PayPal emails stole over £1m in the UK in last quarter

Fraudsters tricked Brits into sending over £1m worth of goods to them that they hadn't paid for Continue Reading

Web app ubiquity gives cyber criminals new opportunities

The popularity and ubiquity of web-based apps such as Office 365 and Salesforce is a temptation too good to miss for cyber criminals Continue Reading

IoT network flaw left Philips Hue bulbs open to attack

Vulnerabilities in the ZigBee internet of things networking protocol have left market-leading smart devices, including Philips Hue lightbulbs, open to exploitation Continue Reading

Security Think Tank: Zero trust is not the answer to all your problems

In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust architecture? Continue Reading

The fight against cyber crime: Why cooperation matters

With the WEF’s Global Risk Report 2019 ranking cyber attack in the top five global risks, we now see rising consensus at institutional level that no individual stakeholder can address the breadth of security challenges we face today Continue Reading

Security Think Tank: Facing the challenge of zero trust

In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust architecture? Continue Reading

Security Think Tank: Zero trust – just another name for the basics?

In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust architecture? Continue Reading

Davos: The clock is ticking on climate change but cyber crime and emerging technologies add to risks

Climate change, natural disasters, extreme weather and loss of biodiversity are the greatest risks we face. With cyber conflicts, state-sponsored hacking and internet fragmentation, doing nothing is not an option, says the World Economic Forum Continue Reading

NCSC launches study on cyber security diversity

The UK’s National Cyber Security Centre wants to improve the diversity of the cyber security sector Continue Reading

First coronavirus cyber threats seen in the wild

Kaspersky has reported the first incidences of cyber security threats playing on fears of the emerging coronavirus Continue Reading

UK cyber security sector worth more than £8bn

The UK’s cyber security industry employs 43,000 full-time workers, and contributed nearly £4bn to the UK economy in 2019, according to DCMS Continue Reading

NHS suffers fewer ransomware attacks, but threat persists

Ransomware attacks against the NHS have tapered off dramatically, according to statistics obtained under FoI legislation, but this does not mean the threat has diminished Continue Reading

Fintechs fear deepfake fraud

New research reveals the majority of CISOs working in the financial services sector are increasingly concerned about the potential use of deepfakes Continue Reading

Organisations losing control of cloud data

Data is more widely dispersed in enterprise clouds than most organisations think, and as a result they are at risk of losing control of it, according to a report Continue Reading

Data privacy benefits outweigh spend, says Cisco

Cisco’s 2020 data privacy study shows organisations can generate substantial returns on their data privacy and protection spending Continue Reading

UK in catch-22 decision over Huawei security

The UK’s final decision on whether to permit mobile operators to use Huawei equipment is expected imminently, and its decision will have ramifications far beyond the technology sphere Continue Reading

Government tightens law around IoT cyber security

New legislation developed by DCMS and the NCSC may help guarantee the security and privacy of users of consumer IoT devices Continue Reading

Security Think Tank: Bug bounties are changing the image of hackers

The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security? Continue Reading

SANS Institute calls on Manchester security pros

Manchester will play host to a week-long cyber security training event during February Continue Reading

NHS alerted to severe vulnerabilities in GE health equipment

A series of vulnerabilities in patient monitoring equipment manufactured by General Electric could have left patient data exposed in hospitals around the world, including the UK Continue Reading

CISOs fear becoming the next Travelex

Poll of security professionals by the organisers of the Infosecurity Europe trade fair highlights huge gaps in incident response capabilities Continue Reading

End-user security ignorance laid bare in new report

Proofpoint’s 2020 State of the Phish report highlights an urgent need for better user training and reporting Continue Reading

Startup uses machine learning to support GDPR’s right to be forgotten

Non-intrusive algorithms enable users to track which companies hold their data, so they can take it back Continue Reading

Citrix releases IoC scanner for ADC and Gateway vulnerabilities

As patches for its compromised NetScaler ADC and Gateway products begin to roll out, Citrix enlists FireEye Mandiant to develop an indicator of compromise scanner for end-users Continue Reading