Security policy and user awareness
-
News
27 May 2025
US makes fresh indictments over DanaBot, Qakbot malwares
US charges the operators of two malwares, DanaBot and Qakbot, whose actions led to millions of dollars worth of cyber theft and fraud Continue Reading
-
News
27 May 2025
Armed forces charity steps in to address cyber mental health crisis
CIISec and military charity PTSD Resolution hope to address a gathering mental health crisis among frontline cyber professionals Continue Reading
-
News
16 Feb 2023
How to tame the identity sprawl
Organisations should find a comprehensive way to gain full visibility into their digital identities and leverage automation to tame the identify sprawl Continue Reading
-
News
15 Feb 2023
Multi-purpose malwares can use more than 20 MITRE ATT&CK TTPs
Report warns of the development of increasingly sophisticated, multi-purpose malwares, and calls on defenders to play close attention to the MITRE ATT&CK framework to ward them off Continue Reading
-
Opinion
15 Feb 2023
What charities should know about ransomware and reputational threats
The NCSC recently called for charities to elevate their cyber security practice. Find out why charities are a soft target for cyber criminals, and what they can do to fight back Continue Reading
-
News
15 Feb 2023
Microsoft fixes three zero-days in February update
February’s Patch Tuesday update contains fixes for three previously unpublicised zero-days in Microsoft Office, Windows Graphics Component and Windows Common Log File System Driver Continue Reading
-
News
14 Feb 2023
Vidar, nJRAT re-emerge as prominent malware threats in January
Trojans and infostealers once again dominate the list of most commonly observed threats, according to Check Point’s latest telemetry Continue Reading
-
News
14 Feb 2023
UK authorities clamp down on illegal crypto ATMs
The Financial Conduct Authority and West Yorkshire Police have disrupted a number of illegal crypto ATMs Continue Reading
-
News
14 Feb 2023
OSC&R framework to stop supply chain attacks in the wild
The backers of a new MITRE ATT&CK style framework called OSC&R hope to help organisations get to grips with threats to their software supply chains Continue Reading
-
News
10 Feb 2023
Social media platform Reddit breached in phishing attack
An unspecified threat actor obtained access to internal documents, code and business systems at Reddit after stealing employee credentials in a phishing attack Continue Reading
-
News
09 Feb 2023
UK imposes sanctions on Conti ransomware gang leaders
Seven Russian nationals associated with the Conti and Ryuk ransomware operations have been sanctioned by the UK Continue Reading
-
News
09 Feb 2023
How Check Point is keeping pace with the cyber security landscape
Check Point Software CEO Gil Shwed talks up the company’s growth areas, its approach to cloud security and the impact of generative AI on cyber security Continue Reading
-
Opinion
08 Feb 2023
Security Think Tank: Poor training is worse than no training at all
Bad security training is a betrayal of users, a security risk, and ultimately a waste of money, but there are some reasons to be optimistic about the future, say Mike Gillespie and Ellie Hurst of Advent IM Continue Reading
-
News
08 Feb 2023
Russian hacking group Seaborgium targets SNP MP Stewart McDonald
Scottish National Party MP Stewart McDonald says his personal emails have been hacked by a group linked to the Russian state in a targeted phishing attack Continue Reading
-
News
08 Feb 2023
Campaigners lament lack of movement on Computer Misuse Act reform
Westminster has opened a new consultation on proposed reforms to the Computer Misuse Act of 1990, but campaigners who want the law changed to protect cyber professionals have been left disappointed Continue Reading
-
News
06 Feb 2023
Online banks still riddled with cyber security flaws, report says
Online bank Virgin Money was found to have the weakest online and application security measures in a Which? study but Nationwide, TSB and The Co-Operative Bank all failed on multiple points, too. Continue Reading
-
06 Feb 2023
How gamifying cyber training can improve your defences
With ever-escalating threats, it’s now more important than ever for security training to be an engaging experience. Continue Reading
-
E-Zine
06 Feb 2023
Making IT security training stick
In this week’s Computer Weekly, our latest buyer’s guide looks at IT security training, and asks whether gamification could be the secret to making it stick. We examine how the metaverse might change the way we work in real life. And we find out how job cuts across the tech sector affect employment opportunities for IT contractors in 2023. Read the issue now. Continue Reading
-
News
06 Feb 2023
The Security Interviews: How to overcome data protection compliance challenges
Complying with the vast swathe of data protection legislation around the world is complex, especially for smaller organisations without the necessary expertise. Could the compliance process be simplified, and if so, how? Continue Reading
-
News
06 Feb 2023
Ransomware operator turns their fire on two-year-old VMware bug
A vulnerability in VMware ESXi servers that users should have patched in 2021 is now being exploited to spread ransomware Continue Reading
-
News
05 Feb 2023
Australian organisations underinvesting in cyber security
Over half of Australian organisations failed to invest enough in cyber security over past three years, though awareness is improving in aftermath of high-profile data breaches Continue Reading
-
Opinion
03 Feb 2023
Security Think Tank: In 2023, we need a new way to cultivate better habits
Regular, small adjustments to behaviour offer a better way to keep employees on track and cultivate a corporate culture of cyber awareness, writes Elastic’s Mandy Andress Continue Reading
-
Opinion
02 Feb 2023
Security Think Tank: Getting the training and development mix right
Rob Dartnall, CEO at SecAlliance and chair of Crest’s UK Council, describes the need for formal, varied and continuous development in the cyber security sector Continue Reading
-
News
02 Feb 2023
North Korea’s Lazarus gang exposes itself in opsec failure
WithSecure researchers linked a campaign of cyber attacks targeting medical research and energy firms to North Korea’s infamous Lazarus APT after a group member accidentally screwed up Continue Reading
-
News
02 Feb 2023
Arnold Clark customer data was stolen in Play ransomware attack
Arnold Clark confirms data leaked on dark web was stolen from its systems in ransomware attack Continue Reading
-
News
01 Feb 2023
Romance fraudsters stole £65m from Brits since 2020
Online romance fraudsters have scammed Brits out of £65m in the past three years, according to retail bank TSB Continue Reading
-
News
01 Feb 2023
Cisco fixes two bugs that could have led to supply chain attacks on users
Two vulnerabilities uncovered in Cisco hardware could have opened the door to serious supply chain cyber attacks, according to the Trellix researchers who found them Continue Reading
-
News
01 Feb 2023
CryptoRom scam abuses Apple and Google app stores to claim victims
Sophos researchers report on two fake apps used by romance scammers to lure victims into parting with their money, both of which were able to escape the attention of Apple and Google app store safeguards Continue Reading
-
News
01 Feb 2023
Malware variant can block contactless payments
Kaspersky warns that the latest variant of the Prilex malware can block contactless payments to force people to insert cards, enabling criminals to steal money Continue Reading
-
News
01 Feb 2023
UK Cyber Council and ISACA launch audit, assurance programme
The UK Cyber Security Council has teamed up with ISACA to partner on a new audit and assurance programme for security pros Continue Reading
-
News
31 Jan 2023
Cyber training firm launches £20k data protection scholarship
Training specialist Freevacy has launched a £20,000 scholarship fund to train data privacy and protection professionals Continue Reading
-
News
31 Jan 2023
GitHub warns Desktop, Atom users after code-signing certificates pinched
Threat actors stole encrypted code-signing certificates for GitHub’s Desktop and Atom applications in December 2022, prompting warnings for users Continue Reading
-
News
31 Jan 2023
MI5 unlawfully collected and held millions of people’s data
Secretive court finds MI5 knowingly acted unlawfully in use of bulk surveillance warrants, and the Home Office continued granting warrants despite information the agency was operating outside the law Continue Reading
-
News
31 Jan 2023
Royal Mail recovers more International Tracked services
Royal Mail is making further progress in recovering IT systems hit by a ransomware attack, and has re-enabled another tranche of international export services Continue Reading
-
News
31 Jan 2023
ATO renews major Macquarie deal
The contract renewal will enable the Australian Tax Office to tap Macquarie’s security operations centre, among other services, to secure its IT environment and protect sensitive data Continue Reading
-
News
30 Jan 2023
Data of 10 million JD Sports customers accessed in cyber attack
Data on 10 million people who shopped online at JD Sports over a two-year period was accessed and potentially stolen in a cyber attack Continue Reading
-
News
27 Jan 2023
Hive ransomware gang taken down after FBI hacks back
The FBI hacked into Hive’s servers, stole its decryption keys and then took down its servers in a major action that has successfully disrupted a prolific and dangerous ransomware operation Continue Reading
-
News
25 Jan 2023
NCSC exposes Iranian, Russian spear-phishing campaign targeting UK
Spear-phishing campaigns likely linked to Iranian and Russian espionage activity are targeting persons of interest in the UK, warns the NCSC Continue Reading
-
News
25 Jan 2023
Boards struggle to resolve cyber risk in digital supply chains
Accelerated digitisation of supply chains is introducing more cyber risk for which many organisations seem unprepared, according to the BSI’s annual report on supply chain risk Continue Reading
-
News
24 Jan 2023
Chinese IoT suppliers expose UK businesses to espionage and data theft
Chinese companies supplying network components, known as IoT modules, post a greater long-term threat to UK security than the now banned 5G supplier Huawei, according to a study by a Chinese expert and former diplomat Continue Reading
-
News
24 Jan 2023
UK insurers need to up their game on cyber gaps, says PRA
Gaps and limitations in how insurers respond to cyber risk need to be addressed, according to the Bank of England regulator, the Prudential Regulation Authority Continue Reading
-
News
24 Jan 2023
SSRF attacks hit 100,000 businesses globally since November
There has been a dramatic increase in attacks exploiting the ProxyNotShell/OWASSRF exploit chains to target Microsoft Exchange servers Continue Reading
-
News
24 Jan 2023
Fake online contest makes Yahoo! most phished brand of Q4 2022
Yahoo! was the most frequently phished brand during the last three months of 2022, according to a report Continue Reading
-
News
23 Jan 2023
Trellix automates patching for 62,000 vulnerable open source projects
Since revealing startling statistics about the prevalence of a 15-year-old Python vulnerability, Trellix says it has helped fix almost 62,000 vulnerable projects in the past four months Continue Reading
-
News
23 Jan 2023
NCSC warning over cyber risk to charity sector
Cash-strapped charities without the resource to tackle their resilience deficit are increasingly at risk from malicious actors, says the NCSC Continue Reading
-
News
22 Jan 2023
Royal Mail making limited progress on ransomware recovery
Royal Mail asks customers to hold back from sending post overseas as some services get back on track, while a report warns that disruptive attacks on critical infrastructure are set to become more common Continue Reading
-
News
19 Jan 2023
KFC, Pizza Hut parent shuts UK restaurants after cyber attack
A ransomware attack on Yum! Brands, the parent organisation of restaurants including KFC and Pizza Hut, was forced to shut approximately 300 outlets in the UK following a ransomware attack by an unspecified group Continue Reading
-
News
19 Jan 2023
Mailchimp suffers third breach in 12 months
Email marketing service Mailchimp has suffered its third data breach in a year, but has been praised for being open about its latest attack Continue Reading
-
News
18 Jan 2023
Ukraine CERT leaders touch down in London for talks
The UK’s NCSC has been hosting Ukrainian cyber security leaders for a round of bilateral talks on improving resilience Continue Reading
-
News
18 Jan 2023
Oracle and CBI: companies cautious, selective in 2023 IT, business investment
Oracle and the CBI are seeing much the same picture of cautious technology investment of UK businesses in 2023, in the context of long Covid and the energy price inflation crisis Continue Reading
-
News
17 Jan 2023
Cloudflare urged to clamp down on pirates, counterfeiters
A whitepaper produced by brand protection specialist Corsearch calls on Cloudflare to do more to stop online content piracy and sales of counterfeit goods Continue Reading
-
News
17 Jan 2023
Royal Mail promises ‘workarounds’ to restore services after ransomware attack
Royal Mail CEO Simon Thompson apologises to customers whose businesses are being disrupted by a ransomware attack and promises a ‘workaround’ will be in place in the near future Continue Reading
-
News
16 Jan 2023
The Security Interviews: Protecting your digital self
Our digital self – the virtual presence of who we are online – has a pervasive influence in the real world. People make judgements based on these digital depictions, so what can be done to ensure positive representation? Continue Reading
-
Blog Post
13 Jan 2023
AI 2023 and beyond
Artificial intelligence (AI) is set to become part of the boardroom agenda as organisations look at how they can shave off more from operational costs and work out how they can grow the business ... Continue Reading
-
Opinion
12 Jan 2023
Europe’s cyber security strategy must be clear about open source
Europe’s cyber security policy on open source is lagging behind the US, and despite growing government awareness of the issues, that poses a problem Continue Reading
-
News
12 Jan 2023
Guardian confirms Christmas 2022 cyber attack was ransomware
Guardian Media Group bosses confirm the 20 December cyber attack that left staff locked out of its London office and disrupted several key systems was an untargeted ransomware attack Continue Reading
-
News
11 Jan 2023
Should we be worried about malicious use of AI language models?
WithSecure research into GPT-3 language models, used by the likes of ChatGPT, surfaces concerning findings about how easy it is to use large language models for malicious purposes. Should security teams be concerned? Continue Reading
-
News
11 Jan 2023
Microsoft fixes EoP zero-day on January Patch Tuesday
On the first Patch Tuesday of 2023, Microsoft fixed an elevation of privilege vulnerability in Windows Advanced Local Procedure Call, which has been actively exploited in the wild and may be co-opted into ransomware campaigns Continue Reading
-
News
08 Jan 2023
Vulnerable organisations to get free Cyber Essentials support
Charities and legal aid firms are among those to be offered free security checks and certifications from the National Cyber Security Centre Continue Reading
-
News
06 Jan 2023
Russia’s Turla falls back on old malware C2 domains to avoid detection
Mandiant says it has observed the Russian APT UNC2410, also known as Turla, re-registering expired or sinkholed domains previously used by financially motivated cyber criminals Continue Reading
-
News
06 Jan 2023
Vice Society cyber gang targeted multiple UK schools
The Vice Society ransomware gang has made a habit of attacking educational institutions, and now appears to have struck multiple schools, colleges and universities in the UK Continue Reading
-
News
05 Jan 2023
Cyber gang abused free trials to exploit public cloud CPU resources
A South Africa-based cyber crime gang exploited free trials and introductory offers to run cryptominers via public cloud services, then did a runner without paying Continue Reading
-
News
05 Jan 2023
Warning over ransomware attacks spreading via Fortinet kit
Following the disclosure of a critical vulnerability in October 2022, Fortinet VPN devices were exploited in two known ransomware attacks, with access likely sold on the dark web Continue Reading
-
Feature
29 Dec 2022
Cyber security professionals share their biggest lessons of 2022
In the run-up to 2023, cyber security professionals are taking the time to reflect on the past few months and share their biggest lessons of 2022 Continue Reading
-
Opinion
29 Dec 2022
How does red teaming test the ultimate limits of cyber security?
An expert ethical hacker reveals how he goes about carrying out a red team exercise Continue Reading
-
Opinion
28 Dec 2022
Why the current fraud model is broken, and how to fix it
Scammers and fraudsters are catching up with the good guys; a new technological approach is needed to fight skyrocketing volumes of digital fraud, says Darwinium founder Alisdair Faulkner Continue Reading
-
News
22 Dec 2022
NCA ‘wrong-footed’ defence lawyers after agreeing to take expert evidence on EncroChat ‘as read’
The National Crime Agency argued at the Investigatory Powers Tribunal that expert evidence it agreed to ‘take as read’ is limited, flawed and often based on an incorrect interpretation of the law Continue Reading
-
News
22 Dec 2022
Top 10 cyber security stories of 2022
The war in Ukraine loomed large over the cyber security news agenda, but 2022 also saw growing awareness of open source security, discussion around cyber insurance, and more besides Continue Reading
-
News
22 Dec 2022
Top 10 cyber crime stories of 2022
Cyber crime continued to hit the headlines in 2022, with impactful cyber attacks abounding, digitally enabled fraud ever more widespread and plenty of ransomware incidents Continue Reading
-
Feature
21 Dec 2022
A sticky story: How, and why, hackers love stickers on laptops
We’ve all seen laptops adorned with security stickers and in-jokes, but how did this cyber community trend get started, what does it signify, and what does it say about the humans behind the screens? Continue Reading
-
Opinion
21 Dec 2022
Post-Brexit cyber dynamics in the UK and Europe: diverging paradigms?
The UK faces a choice in terms of its ongoing cyber security relationship with the EU – to preserve its collaboration with the EU by adopting an aligned approach or to adopt a divergent approach Continue Reading
-
Opinion
19 Dec 2022
Security Think Tank: 2022 brought plenty of learning opportunities in cyber
At the end of another busy 12 months, Turnkey Consulting’s Andrew Morris sums up some of the most important takeaways for cyber pros Continue Reading
-
News
16 Dec 2022
Defence lawyers claim NCA witness gave unreliable evidence on EncroChat hacking operation
National Crime Agency argues that the lawfulness of surveillance warrants issued to hack the EncroChat phone network should only be considered in the light of facts and assessments known at the time Continue Reading
-
News
16 Dec 2022
UK unis implement new IP traffic policies to combat ransomware
Jisc will introduce new measures to protect UK universities and research institutions from ransomware attacks that exploit the Remote Desktop Protocol remote-access feature Continue Reading
-
News
15 Dec 2022
Lego fixes dangerous API vulnerability in BrickLink service
The Lego Group has remediated two potentially serious API vulnerabilities in its BrickLink digital resale platform, just in time for Christmas Continue Reading
-
News
14 Dec 2022
Private health provider data could be shared with NHS England
Plans are advancing to create a single source of healthcare data in England combining both private providers and the NHS to avoid a repeat of the Ian Paterson scandal Continue Reading
-
News
14 Dec 2022
Advanced Azov data wiper likely to become active threat
Check Point deep dives into an emergent data wiper strain known as Azov, which is making waves with hundreds of new samples being submitted to VirusTotal daily Continue Reading
-
News
14 Dec 2022
NHS gets new guidance on public benefits of data sharing
NHS national data guardian Nicola Byrne has published new guidance on how health and social care bodies should approach the task of evaluating public benefit when using data for purposes beyond individual care Continue Reading
-
News
14 Dec 2022
Ethical hackers flex their muscles in 2022
Ethical hackers working through HackerOne programmes found 21% more vulnerabilities in 2022 than in 2021 Continue Reading
-
News
14 Dec 2022
Microsoft fixes two zero-days in final Patch Tuesday of 2022
December’s Patch Tuesday is typically a light month for Microsoft, and this year proved no exception, but there are still several critical issues worth addressing, and two zero-days for defenders to pore over Continue Reading
-
Opinion
14 Dec 2022
Security Think Tank: How much digital trust can you place on zero-trust?
The events of the past couple of years have highlighted many considerations that should be taken into consideration when pursuing a zero-trust strategy, says ISACA’s Steven Sim Kok Leong Continue Reading
-
News
13 Dec 2022
The nature of the CISO role will be in flux in 2023
As cyber risk outpaces organisational defences, and cyber attacks and breaches cause more and more damage, the nature of the CISO role is entering a state of flux, according to a report Continue Reading
-
News
13 Dec 2022
Finnish government launches information security voucher scheme
Finland’s government is offering businesses financial support to help them improve their cyber security Continue Reading
-
News
13 Dec 2022
More Uber data exposed in possible supply chain attack
A second incident affecting ride-sharing app Uber appears to have originated through a third party in a supply chain attack Continue Reading
-
Opinion
12 Dec 2022
Security Think Tank: Embrace prioritisation, people, imperfections
Security and IT professionals should try to make peace with their imperfections in 2023, says Nominet CISO Paul Lewis Continue Reading
-
News
11 Dec 2022
How Zscaler is cracking APAC’s cloud security market
Zscaler’s head in Asia-Pacific and Japan talks up the company’s growth momentum in the region and what it is doing to address areas where it can do better Continue Reading
-
News
09 Dec 2022
CIISec, DCMS to fund vocational cyber courses for A-level students
The Chartered Institute of Information Security and the Department for Digital, Culture, Media and Sport plan to fund vocational cyber qualifications for 300 teenagers Continue Reading
-
News
09 Dec 2022
Iranian APT seen exploiting GitHub repository as C2 mechanism
A subgroup of the Iran-linked Cobalt Mirage APT group has been caught taking advantage of the GitHub open source project as a means to operate its latest custom malware Continue Reading
-
Opinion
09 Dec 2022
Security Think Tank: 2022 changed how we thought about resilience
Increasing cyber resilience is at the heart of the people-processes-technology triangle, and 2022 saw shifts in all three of these aspects, says PA Consulting’s Sharon Shochat Continue Reading
-
News
08 Dec 2022
Consumers to get new protections against dodgy apps
Government’s new code of practice will impose new privacy and security measures on app store operators and developers Continue Reading
-
Feature
08 Dec 2022
Too many secrets: What can today’s cyber teams learn from a 30-year-old film?
Despite being 30 years old, Sneakers remains a classic hacker film. The technology may have dated, but the underlying themes remain relevant and remind us about the threats lurking online Continue Reading
-
News
08 Dec 2022
Australia to develop new cyber security strategy
New strategy to be developed by top cyber security experts aims to turn Australia into a global cyber leader, among other goals Continue Reading
-
News
07 Dec 2022
Rackspace email outage confirmed as ransomware attack
An ongoing outage affecting Rackspace email customers is the result of a ransomware attack Continue Reading
-
News
07 Dec 2022
Google, MS, Oracle vulnerabilities make November ’22 a big month for patching
Vulnerabilities affecting the likes of Google, Microsoft and Oracle proved particularly troublesome in November Continue Reading
-
Opinion
07 Dec 2022
Security Think Tank: As cyber pros, we need to articulate our needs better
There is always a lot to learn about security, but one of the most important lessons may not relate to technology at all, says Petra Wenham Continue Reading
-
News
06 Dec 2022
Don’t become an unwitting tool in Russia’s cyber war
Researchers have turned up evidence that enterprise networks are being co-opted by Russian threat actors to launch attacks against targets in Ukraine. How can you avoid becoming an unwitting tool in a state-backed attack? Continue Reading
-
Podcast
06 Dec 2022
AWS mutes trash talk at Re:Invent – Computer Weekly Downtime Upload podcast
The team chats through the AWS Re:Invent conference, as well as an initiative for getting young women into cyber security, and how SAP Build travelled from Vegas to SAP users in Birmingham Continue Reading
-
E-Zine
06 Dec 2022
Is Twitter still safe, and should you stop using the platform?
In this week’s Computer Weekly, with a litany of security and compliance issues caused by Elon Musk’s takeover of Twitter, we ask if it’s still safe for enterprises. Our latest buyer’s guide examines the technologies and best practices behind data visualisation. And we look at the emerging devices for accessing the metaverse. Read the issue now. Continue Reading
-
News
05 Dec 2022
Fake investment ads persist on Meta’s social networks
Online adverts for investment scams relating to property and crypto assets are still getting past measures designed to stop them Continue Reading
-
News
05 Dec 2022
French cyber consultancy Hackuity sets up UK operation
Risk-based vulnerability management company is to establish a UK base of operations in the hope of expanding its enterprise client base Continue Reading
-
Opinion
05 Dec 2022
Security Think Tank: The more you buy, the less you protect
The most important lesson learned this year is that the more controls you have in place, the less secure you become, argues 2-sec’s Tim Holman Continue Reading
-
News
02 Dec 2022
Twitter ‘replacement’ Hive Social shuts off service in privacy alert
Hive Social, a recently established social media network, has temporarily closed its servers to address deep structural privacy issues identified by ethical hackers Continue Reading