Security policy and user awareness

A third of UK cyber leaders want to quit, report says

Nearly a third of UK security leaders are considering leaving their current role, and more than half are struggling to keep on top of their workload Continue Reading

NCSC looks back on year of ‘profound change’ for cyber

The NCSC ramped up its support for UK plc in the past 12 months, but it was events beyond the UK’s borders that proved the most impactful Continue Reading

How to build consumer trust with a privacy-by-design approach

Undertaken with the right mindset and technology, privacy by design delivers value to consumers and builds trust for the long term Continue Reading

The risk of losing our EU data adequacy agreement is real

While some may welcome the government’s ambition to shake up the UK’s data protection regime, Westminster should be wary of drifting too far from the path charted by our US and European partners Continue Reading

Prepare today for potentially high-impact OpenSSL bug

OpenSSL trailed a critical vulnerability patch last week, which will be only the second such flaw ever found in the open source encryption project. Unfortunately, the first was Heartbleed Continue Reading

Government ups cyber support for elderly, vulnerable web users

DCMS announces a funding boost to help the elderly, disabled and other vulnerable groups stay safe online and avoid being misled by disinformation Continue Reading

NCSC’s Levy steps down after 20-year intelligence career

NCSC technical director Ian Levy bids farewell, telling his successor: ‘Don’t panic’ Continue Reading

Will the OCSF create an open and collaborative cyber industry?

The Open Cybersecurity Schema Framework promises to transform security data analysis and collection, but there are challenges around adoption Continue Reading

NHS to get new national CISO

The Department for Health and Social Care is seeking a new national CISO, who will be tasked with providing strategic cyber leadership, direction and expertise across DHSC and the wider NHS Continue Reading

Medibank breach casts spotlight on data security

Health insurer Medibank Private recently suffered a major data breach involving the personal and health information of millions of customers, once again casting the spotlight on data security in Australia Continue Reading

Santander calls for cooperation to tackle APP fraud

New report puts forward key recommendations that the banking sector, government and other industries could take to tackle authorised push payment fraud Continue Reading

The Conservatives are laughing at cyber security pros

If causing a security breach is a resigning matter, then you shouldn’t expect to get your old job back a week later. Unless you’re a Conservative home secretary, apparently Continue Reading

Cuba ransomware cartel spoofs Ukraine armed forces

Ukrainian cyber experts issue a warning over the activities of the Cuba ransomware cartel Continue Reading

Global digital trust market to double by 2027

The global market for digital trust technology is expected to double to $537bn by 2027, up from $270bn today as demand for cyber security and other capabilities continues to grow Continue Reading

Digital-first businesses more willing to accept some fraud

Companies founded in the past 20 years appear more willing to accept higher levels of fraudulent activity during the customer onboarding process, according to a report Continue Reading

Complacency biggest cyber risk to UK plc, says ICO

Information commissioner John Edwards warns against complacency as his office issues a multimillion-pound fine to a building company that failed to prevent a ransomware attack Continue Reading

Half of staff might quit after a cyber attack, report says

Findings from a survey of CISOs, IT leaders and staffers reveal how experiencing a cyber incident may take a larger-than-thought toll on employee retention Continue Reading

What do the US’s new software security rules mean for UK organisations?

The White House announced recently that all software supplied to the US government and its agencies needs to be secure, so what does this mean for the UK and EU security sectors? Continue Reading

Cyber professional shortfall hits 3.4 million

Shortage of cyber security professionals continues to grow and shows no signs of abating, says report Continue Reading

Ransomware crews regrouping as LockBit rise continues

Overall ransomware activity dropped off in the third quarter of 2022, but increasing attack volumes in September may herald a difficult few months ahead Continue Reading

Treat cyber crime as a ‘strategic threat’, UK businesses told

The government’s new National Cyber Advisory Board aims to help elevate cyber discussion and spur action in the business community Continue Reading

Virtually all vulnerable open source downloads are avoidable

Some 96% of known vulnerable open source downloads could have been avoided altogether, according to a report Continue Reading

How Russia hacked a former MI6 spy chief

In this week’s Computer Weekly, Russian hackers leaked emails and documents from British government, military, and intelligence officials – we examine the implications. New EU laws will govern online safety and the use of AI, but what do they mean for organisations? And we look at the growth in checkout-free shopping. Read the issue now. Continue Reading

Malicious WhatsApp add-on highlights risks of third-party mods

Kaspersky researchers discovered a malicious version of a widely used WhatsApp messenger mod, highlighting the risks of using so-called mods Continue Reading

Cyber training firm KnowBe4 bought by private equity firm

Acquisition of KnowBe4 supposedly reflects the success the company has seen since its spring 2021 IPO Continue Reading

Unsung Heroes Awards celebrate diversity in cyber community

The seventh annual Security Serious Unsung Heroes Awards recognise those trying to improve diversity and mental health in cyber for the first time Continue Reading

NCSC urges organisations to secure supply chains

NCSC’s latest guidance package centres supply chain security, helping medium to large organisations assess and mitigate cyber risks from suppliers Continue Reading

Microsoft fixes lone zero-day on October Patch Tuesday

Microsoft patched a solitary zero-day vulnerability in its latest monthly drop, but fixes for two others disclosed in the past few weeks are nowhere to be seen Continue Reading

Reducing the cyber stack with API security

Budgets are tight, making it difficult to secure spend, but is there an argument for jettisoning fragmented approaches to securing APIs in favour of a dedicated end-to-end approach? Doubling down on API security could help businesses not just reduce risk, but also costs Continue Reading

Ukraine and EU explore deeper cyber collaboration

A Ukrainian delegation has met with officials from the EU’s ENISA cyber agency to explore deeper cooperation on cyber security issues Continue Reading

Security Think Tank: Design security in to reap container benefits

Provided container security basics are built into your development and runtime environment from the start, containerised services and applications can provide rapid – and secure – achievement of business objectives Continue Reading

Inside Dell Technologies’ zero-trust approach

Dell Technologies’ zero-trust reference model starts with defining business controls and having a central control plane that manages all the security aspects of an organisation’s infrastructure Continue Reading

Tories to replace GDPR

IT industry reacts to the government’s plan to replace the pan-European data protection regulation Continue Reading

Five startups to join NCSC for Startups initiative

The NCSC has invited five startups to join its NCSC for Startups programme to help the government with pressing cyber challenges facing the UK Continue Reading

Optus breach casts spotlight on cyber resilience

The massive data breach that affected more than 10 million Optus customers has cast the spotlight on API security and other factors that contribute to the cyber resilience of organisations in Australia Continue Reading

UK suffers third highest number of ransomware attacks globally

Based on an analysis of around 5,000 ransomware incidents, NordLocker has found that UK businesses, and small businesses in particular, are a priority target for ransomware gangs Continue Reading

Most hackers exfiltrate data within five hours of gaining access

Insights from more than 300 sanctioned adversaries, otherwise known as ‘ethical’ hackers, reveal that around two-thirds are able to collect and exfiltrate data within just five hours of gaining access Continue Reading

Fraudsters adapt phishing scams to exploit cost-of-living crisis

Around 80,000 Brits a month are falling victim to phishing attacks as fraudsters switch up tactics to take advantage of cost-of-living crisis and behavioural changes prompted by pandemic Continue Reading

How Russian intelligence hacked the encrypted emails of former MI6 boss Richard Dearlove

Hack by Russian-linked ColdRiver group exposed former MI6 chief Richard Dearlove’s contacts and email communications with government, military, intelligence and political officials Continue Reading

More than 30 startups to join Plexal’s Cyber Runway accelerator

Now in its second year, the Cyber Runway accelerator has been designed to support firms at various stages of growth, as well as help the cyber security sector to improve on its diversity, inclusion and regional representation Continue Reading

It’s time for engineering teams to own DevSecOps

It may seem counterintuitive, but maybe organisations should consider delegating responsibility for DevSecOps to engineering teams, not security teams, argues Elastic’s Mandy Andress Continue Reading

Threat actors abused lack of MFA, OAuth in spam campaign

Microsoft threat researchers have reported on a series of cyber attacks in which enterprises with lax IAM policies had their systems hijacked to conduct spam email campaigns Continue Reading

Nordic private equity firms pursue cyber security acquisitions

Increasing interest in the security sector from Nordic private equity firms is a reflection of growing threats and increasing enterprise security budgets Continue Reading

Privacy Pledge signatories dream of alternative internet

A group of privacy-focused organisations have come together to establish a set of principles for taking the internet back from big tech and surveillance capitalism Continue Reading

NCSC publishes cyber guidance for retailers

The NCSC has published tailored advice to support online retailers, hospitality providers and utility services in protecting themselves and their customers from cyber crime Continue Reading

15-year-old Python bug present in 350,000 open source projects

A Python tarfile vulnerability first disclosed in 2007 still persists to this day, according to analysis from Trellix Continue Reading

Thousands of customers affected in Revolut data breach

Digital challenger bank has warned its customers to be vigilant after their data was exposed in a cyber attack Continue Reading

Reports Uber and Rockstar incidents work of same attacker

Rockstar Games was hit over the weekend by an attacker who claimed to have accessed its Slack channel to steal data on an upcoming release, and may be the same person who compromised Uber Continue Reading

Six new vulnerabilities added to CISA catalogue

CISA adds six new vulnerabilities to its most-wanted list, including one that dates back to 2010 Continue Reading

Uber suffers major cyber attack

Details are trickling out of an apparent ‘near total’ compromise of ride-sharing service Uber by an alleged teenage hacktivist Continue Reading

EU Cyber Resilience Act sets global standard for connected products

European Commission lays out proposed security regulations on device and software security to better protect consumers and drive global standards Continue Reading

Nominations closing soon for annual cyber awards

Nominations for the annual Security Serious Unsung Heroes Awards closes 16 September Continue Reading

New player pioneers ‘active cyber insurance’ for UK market

Arrival of US-based insurer Coalition in London will supposedly offer SMEs more options when it comes to cyber security insurance Continue Reading

Organisations failing to account for digital trust

The vast majority of businesses are well aware of the importance of digital trust, yet very few have a dedicated staff role responsible for it, report finds Continue Reading

US charges three Iranians over CNI cyber attacks

Three Iranian nationals have been indicted over a spate of ransomware attacks against organisations in the US, UK, Israel and Iran Continue Reading

FormBook knocks Emotet off top of malware chart

FormBook emerged as the most widely seen malware in August, according to Check Point’s latest data Continue Reading

Ex-CISA head Krebs: Disrupt ransomware support networks to win the war

Speaking at an event hosted by data protection specialist Rubrik, former CISA director Chris Krebs calls for the security community to work collectively to kick out the supports from under ransomware gangs Continue Reading

NCSC warns public of potential Queen-related phishing attacks

The National Cyber Security Centre is urging users to be on guard against phishing attacks during the period of national mourning for the Queen Continue Reading

Cloud compromise a doddle for threat actors as victims attest

Two separate studies into the state of public cloud security reveal insight into the ease with which threat actors can compromise vast numbers of targets, and some of the challenges security teams are facing in the cloud Continue Reading

Users warned over Azure Active Directory authentication flaw

Secureworks researchers found what they say is a serious vulnerability in an Azure Active Directory authentication method, but Microsoft says it should not pose a serious risk to users Continue Reading

Blancco works with charity to provide IT for African schools

Blancco is providing data sanitisation and erasure software to The Turing Trust so that old IT equipment can be securely reused by school children in Sub-Saharan Africa, instead of adding to world’s growing e-waste problem Continue Reading

Multi-persona impersonation adds new dimension to phishing

Iranian APT used multiple personas on a single email thread to convince targets of the legitimacy of its phishing lures Continue Reading

CISOs should spend on critical apps, cloud, zero-trust, in 2023

Faced with a global recession next year, security buyers should try to direct investment towards technology that protects customer-facing and revenue-generating workloads, say analysts Continue Reading

Security Think Tank: Adding trust to AppSec and DevSecOps

When building in trust and assurance into app development through standards, it is critically important not to stifle innovation Continue Reading

NCSC CyberUK event heads to Belfast in 2023

National Cyber Security Centre’s annual CyberUK roadshow is crossing the Irish Sea to Belfast in April 2023 Continue Reading

Dutch cyber security organisations to join forces

Cyber security organisations in the Netherlands are going to merge into a single central expertise centre and information hub, which all organisations in the country will soon be able to tap into Continue Reading

Security Think Tank: Creating a DevSecOps-friendly cyber strategy

When slowing down is not an option, you need to find a security strategy that is DevSecOps friendly, says Airbus Protect’s Olivier Allaire Continue Reading

India’s wake-up call on health data privacy

Health app developers and industry watchers in India are keeping an eye on data privacy following the reversal of the Roe vs Wade ruling in the US Continue Reading

Albania cuts diplomatic ties with Iran after cyber attack

In a global geopolitical first, the Albanian government has severed diplomatic ties with Iran and expelled its ambassador after it was targeted by an APT backed by Tehran Continue Reading

August ’22 a bumper month for high-impact vulnerabilities

Bugs in products from Apple, Google, Microsoft and VMware dominated the threat landscape in August, says Recorded Future Continue Reading

Prince’s Trust teams with threat management specialist in skills push

Prince’s Trust hopes to address shortfall in cyber professionals and improve diversity in the industry Continue Reading

Security Think Tank: The many dimensions of DevSecOps

It is imperative to make our colleagues and customers know that when we talk DevSecOps, we are facing a multiphase challenge that starts at the very beginning of DevOps, and one that never ends Continue Reading

Digital identity is key to coping with surge in air travel

The International Air Transport Association’s One ID digital identity initiative will pave the way for seamless air travel from curb to gate and help airports cope with growing passenger traffic Continue Reading

Campaigners call on Truss to change UK’s archaic hacking laws

The CyberUp coalition, a campaign to reform the Computer Misuse Act, has called on Liz Truss to push ahead with needed changes to protect cyber pros from potential prosecution Continue Reading

Saudi Arabian organisations choose to outsource to improve cyber security posture

Overwhelmed by rising threats and a growing number of government mandates, many organisations in Saudi Arabia are looking for outside help to take care of cyber security Continue Reading

Alleged Twitter security failings spell trouble

Twitter’s former security head, Peiter Zatko, has alleged a number of serious cyber failures at the social media company, raising the spectre of investigations and sanctions. Continue Reading

Russian-speaking cyber criminals feel economic pinch

Russian-speaking cyber criminals are being forced to refine and adapt their techniques as Vladimir Putin’s invasion of Ukraine makes current methods redundant Continue Reading

How Okta is regaining customer trust after a cyber attack

In early 2022, cyber firm Okta was among several tech companies hit by the Lapsus$ gang. Vice-president of customer trust Ben King talks about how he has been working behind the scenes to rebuild confidence after the incident Continue Reading

Security Think Tank: Good procurement practices pave the way to app security

Application security is as much a question of good procurement practice as it is good development practice, says Petra Wenham of the BCS Continue Reading

Security Think Tank: Shift left, shift right. What about shift everywhere?

The concepts of shift left and shift right are highly effective in securing the development process, but for those who want to take things that step further there is shift everywhere Continue Reading

Space nerds beware: James Webb images used to spread malware

Astronomy and space aficionados are being targeted by cyber criminals exploiting some of the now-famous images captured by Nasa’s James Webb Space Telescope to distribute malware Continue Reading

Swedish Electronics Protection Act coincides with major cyber spend

Swedish cyber security law comes at a time of heavy government investment Continue Reading

New (ISC)² cyber careers schemes go live

(ISC)² has opened up two new global cyber careers schemes to applicants to try to help organisations fill 2.7 million vacant roles worldwide Continue Reading

Security Think Tank: Effective DevSecOps requires collaboration

Application security and effective DevSecOps can only be achieved through collaboration with the business – the ultimate goal is to make it safer to do business, which requires considering integrated risk management and identity and access management alongside cyber security and application security Continue Reading

Google debuts open source bug bounty programme

Google is calling on hackers to take pot-shots at its open source projects for the first time through a new vulnerability research programme Continue Reading

Breaches You Don’t Hear About

I think it’s fair to say that, over the decades, if the general public had been alerted to all the attempted terrorist attacks tracked down and prevented by intelligence – as opposed to just the ... Continue Reading

UK government presses on with new cyber rules for telcos

Government has finalised new security rules for telecoms companies and will move to make them binding in the near future Continue Reading

LastPass breach limited in scale and well-managed, say experts

A breach of LastPass’s developer environment does not seem to have affected users of the password management service, but it may still be time for a credential reset Continue Reading

Adaptive RedAlert, Monster ransomwares go cross-platform

Kaspersky researchers have shared new intelligence on two emergent cyber criminal groups that have adapted their ransomwares to target different operating systems at the same time Continue Reading

Millions of Plex users may be at risk in password breach

Up to half of Plex’s 30 million users may have had their personal data stolen by an unknown threat actor Continue Reading

Security pros fret about stress and promotion over cyber attacks

CIISec’s annual report on the state of the security profession reveals some home truths for security leaders Continue Reading

Most CISOs think they’ve been attacked by a nation state

Most organisations have made changes to their cyber strategies and policies following Russia’s invasion, and almost two-thirds suspect they have been directly targeted or impacted by a nation-state cyber attack Continue Reading

Alleged Twitter security failings spell trouble ahead

Twitter’s former security head, Peiter Zatko, has alleged a number of serious cyber failures at the social media platform, raising the spectre of investigations and sanctions Continue Reading

NCSC shares cyber guidance for large infrastructure builds

Balfour Beatty and McAlpine are among the large construction firms to have input into latest NCSC guidance for ensuring the security of major infrastructure projects Continue Reading

Kaspersky threat data added to Microsoft Sentinel service

Microsoft and Kaspersky have agreed a collaboration to integrate Kaspersky’s threat data feeds into Microsoft’s cloud-native SIEM/SOAR service Continue Reading

Lloyd’s to end insurance coverage for state cyber attacks

Lloyd’s of London has instructed its members to exclude nation state cyber attacks from insurance policies beginning in 2023, saying they pose unacceptable levels of risk Continue Reading

Cozy Bear targets MS 365 environments with new tactics

Cozy Bear, or APT29, is trying out new tricks as it seeks access to its targets’ Microsoft 365 environments Continue Reading

Apple patches two zero-days in macOs, iOS

Mac users should urgently apply new patches addressing vulnerabilities in its desktop and mobile operating systems Continue Reading

Inside Singapore’s national digital identity journey

Singapore’s national digital identity system has evolved from providing single sign-on to e-government services to pandemic-related and digital document capabilities in recent years Continue Reading

Growing MFA use spurs ‘pass-the-cookie’ attacks

The exploitation of stolen session cookies by cyber criminals is once again back on the agenda, thanks to the growing popularity of multifactor authentication tools Continue Reading