IT for financial services

CVE volumes head towards 50,000 in 2025, analysts claim

Many trends, notably a big shift to open source tools, are behind an expected boom in the number of disclosed vulnerabilities Continue Reading

By

• Alex Scroxton, Security Editor

CISOs spending more on insider risk

Insider risk management budgets have more than doubled in the past 12 months and look set to grow further still in 2025, according to a report Continue Reading

By

• Alex Scroxton, Security Editor

Government seeks payments tech partner through £49m contract

UK government wants tech partner to help it embed open banking functionality into its Gov.uk Pay platform Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

A landscape forever altered? The LockBit takedown one year on

The NCA-led takedown of the LockBit ransomware gang in February 2024 heralded a transformative year in the fight against cyber crime. One year on, we look back at Operation Cronos and its impact Continue Reading

By

• Alex Scroxton, Security Editor

CaixaBank outlines artificial intelligence intentions in €5bn plan

Spanish bank announces Cosmos, an investment in its processes and technology that sits within its €5bn strategic plan Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Balancing act: Managing business needs alongside digital transformation and innovation

How can IT leaders deliver on the challenging balancing act between innovation, cost control, and managing corporate expectations? One startup CTO in a highly established industry shares his experiences Continue Reading

By

• Chris Gray, Inshur

EY: Industrial companies worldwide stunted in emerging technology use

Businesses globally are spending more on emerging technologies year-on-year, but struggle to expand experimental use cases, finds EY’s sixth annual Reimagining Industry Futures study Continue Reading

By

• Brian McKenna, Enterprise Applications Editor

Cyber Monitoring Centre develops hurricane scale to count cost of cyber attacks

A non-profit company aims to measure the impact of cyber events on the economy using a 1 to 5 scale borrowed from hurricane classification Continue Reading

By

• Bill Goodwin, Computer Weekly

Meta’s planned subsea cable will exceed circumference of Earth and support AI innovation

Meta’s planned 50,000 km subsea cable will be the world’s longest and connect the five major continents Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

‘Times are hard’ for fintech but latest report reveals glimmer of recovery

Fintech investment in the UK hit a four-year low last year, as the wider EMEA region saw the lowest numbers in eight years Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Gartner: CISOs struggling to balance security, business objectives

Only 14% of security leaders can ‘effectively secure organisational data assets while also enabling the use of data to achieve business objectives’, according to Gartner Continue Reading

By

• Alex Scroxton, Security Editor

Government launches consultation on plan to streamline business through e-invoicing

Government announces 12-week consultation on electronic invoicing as part of its plan for change Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Cisco Live EMEA: Network supplier tightens AI embrace

At its annual EMEA show, Cisco tech leadership unveiled a raft of new products, services and features designed to help customers do more with artificial intelligence Continue Reading

By

• Alex Scroxton, Security Editor

MPs demand bank bosses come clean over IT outages following Barclays crash

Treasury committee wants banks to provide details of how IT failures have affected their businesses over the past two years Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Courting global talent: How can Web3 startups attract the best developers in the world?

James Strudwick, executive director at Web3 tech startup Starknet Foundation, on how to attract the best talent in the Web3 space Continue Reading

By

• James Strudwick

HMRC spends £785m a year on running digital tax systems

Beyond £785m spend, HMRC also spent £482m on upgrading legacy systems and introducing new digital systems, as it continues to fall behind its plans to become one of the most digitally advanced tax authorities in the world Continue Reading

By

• Lis Evenstad

US lawmakers move to ban DeepSeek AI tool

US politicians have introduced a bill seeking to ban the use of the DeepSeek AI tool on government-owned devices, citing national security concerns due to its alleged links to the Chinese state Continue Reading

By

• Alex Scroxton, Security Editor

Ransomware payment value fell over 30% in 2024

Several factors, including the impact of law enforcement operations disrupting cyber criminal gangs and better preparedness among users, may be behind a significant drop in the total value of ransomware payments Continue Reading

By

• Alex Scroxton, Security Editor

Self-healing networks: The next evolution in network management

The age of AI is highlighting the security risks and pitfalls of traditional network management techniques. Self-healing networks may offer a solution that not only bolsters security, but makes IT and network teams more efficient Continue Reading

By

• Isla Sibanda

UK’s Cyber Monitoring Centre begins incident classification work

The Cyber Monitoring Centre will work to categorise major incidents against a newly developed scale to help organisations better understand the nature of systemic cyber attacks and learn from their impact Continue Reading

By

• Alex Scroxton, Security Editor

MPs to scrutinise use of artificial intelligence in the finance sector

MPs launch inquiry into the use of artificial intelligence technologies in the financial services sector Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

“Unsafe At Any Speed”. Comparing automobiles to code risk

Outgoing CISA chief Jen Easterly called on buyers to demand better security standards from their software suppliers. The Security Think Tank considers what better means, and what best practice for secure software procurement looks like in 2025. Continue Reading

By

• Tyler Shields

Can AI identify financially vulnerable people better than humans?

Research from customer experience firm Nice finds that AI can identify financially vulnerable people better than humans and offer more comfortable channels for financial problem solving Continue Reading

By

• Brian McKenna, Enterprise Applications Editor

Nationwide Building Society to train people to think like cyber criminals

Nationwide wants to help bring more diversity into UK cyber security skills base through partnership with training specialist Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Vigilant buyers are the best recipe for accountable suppliers

In January 2025, outgoing CISA chief Jen Easterly called on IT buyers to demand better security standards from their software suppliers. The Security Think Tank considers what better means, and what does best practice for secure software procurement looks like in 2025. Continue Reading

By

• Aditya K Sood, Aryaka

Barclays hit by major IT outage on HMRC deadline day

Customers of Barclays Bank are left unable to access web app and online banking following a significant IT outage that seems to have come at the worst possible time Continue Reading

By

• Alex Scroxton, Security Editor

Vallance rejects latest charge to reform UK hacking laws

Science minister Patrick Vallance rejects proposed amendments to the Computer Misuse Act, arguing that they could create a loophole for cyber criminals to exploit Continue Reading

By

• Alex Scroxton, Security Editor

Your first steps to improve international compliance

The Computer Weekly Security Think Tank considers how security leaders should best navigate the multitude of new national and multinational regulations affecting their work, and ensure their organisations remain compliant and protected Continue Reading

By

• Petra Wenham

Three sentenced over OTP.Agency MFA fraud service

Three men have been sentenced over their role in a cyber criminal subscription service that offered access to online accounts using illicitly obtained one-time passcodes Continue Reading

By

• Alex Scroxton, Security Editor

Cyber incident that closed British Museum was inside job

An IT incident that disrupted visitor access to the British Museum last week was the work of a disgruntled contractor who had been let go Continue Reading

By

• Alex Scroxton, Security Editor

ICO launches major review of cookies on UK websites

ICO sets out 2025 goals, including a review of cookie compliance across the UK’s top 1,000 websites, as it seeks to achieve its ultimate goal of giving the public meaningful control over how their data is used Continue Reading

By

• Alex Scroxton, Security Editor

Privacy professionals expect budget cuts, lack confidence

Over 50% of privacy professionals in Europe expect to see less money earmarked for data security initiatives in 2025, and many don’t have faith their organisations are taking the issue seriously, according to an ISACA report Continue Reading

By

• Alex Scroxton, Security Editor

Funksec gang turned up ransomware heat in December

The criminal ransomware fraternity was hard at work over the festive period, with attack volumes rising and a new threat actor emerging on the scene Continue Reading

By

• Alex Scroxton, Security Editor

The death of the piggy bank marks coming of age of a fintech

Fintech is a broad church that can be applied to high finance and child savings alike, as the team at startup Those Beyond have demonstrated Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Cyber innovation to address rising regulatory, threat burden

The Computer Weekly Security Think Tank considers how security leaders should best navigate the multitude of new national and multinational regulations affecting their work, and ensure their organisations remain compliant and protected Continue Reading

By

• Nick New, Optalysys

A guide to DORA compliance

We look at the new EU regulation for cyber resiliency, the role of IT asset management in auditing and third-party risks Continue Reading

By

• Cliff Saran, Managing Editor

Almost half of UK banks set to miss DORA deadline

A significant minority of financial services organisations in the UK will not be fully compliant with the EU’s DORA cyber and risk management regulation when it comes into force on 17 January Continue Reading

By

• Alex Scroxton, Security Editor

Bank of England and New York counterpart exchange puts technology cooperation into 3D

A staff exchange between regulators will see US and UK financial technology experts cross the Atlantic Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Government, Nesta and ODI issue £600k smart data challenge to technologists

Department for Business and Trade, Challenge Works and the Open Data Institute have issued a Smart Data Challenge to app developers and entrepreneurs with a total prize fund of £600,000 Continue Reading

By

• Brian McKenna, Enterprise Applications Editor

Biggest Patch Tuesday in years sees Microsoft address 159 vulnerabilities

The largest Patch Tuesday of the 2020s so far brings fixes for more than 150 CVEs ranging widely in their scope and severity – including eight zero-day flaws Continue Reading

By

• Alex Scroxton, Security Editor

UK’s female fintech leaders hit harder by investment collapse

UK fintechs led by women suffered disproportionately as a result of the fall in investment in the sector Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Interview: Wendy Redshaw, chief digital information officer, NatWest Retail Bank

The retail bank is moving at pace to introduce generative AI into key customer-facing services as part of a wider digital transformation across the organisation Continue Reading

Generating customer experience at NatWest Bank

In this week’s Computer Weekly, we find out how NatWest Bank is using generative AI to enhance its customer experience. Our latest buyer’s guide examines the emerging regulatory compliance environment affecting IT leaders. And we learn how Toyota is turning to automation to improve its helpdesk support service for employees. Read the issue now. Continue Reading

Why we need better cyber regulation to protect the UK from disruption

The Computer Weekly Security Think Tank considers how security leaders should best navigate the multitude of new national and multinational regulations affecting their work, and ensure their organisations remain compliant and protected. Continue Reading

By

• Adam Stringer, PA Consulting

Experts say ‘something has to break’ before banks slow IT-driven cost-cutting measures

Banks will cut costs until something breaks and they are forced to scale back, according to industry experts Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

US bank FNBO uses Pindrop to tackle voice fraud, deepfakes

Learn how First National Bank of Omaha in the US is enhancing customer authentication and verification in its contact centres, eliminating friction points and making life easier for its customer service teams, with Pindrop voice security technology Continue Reading

By

• Alex Scroxton, Security Editor

Mandiant: Latest Ivanti vulns exploited by Chinese cyber spooks

Threat actors are once again lining up to exploit vulnerabilities in the widely used Ivanti product suite, with an apparent link to Chinese espionage activity Continue Reading

By

• Alex Scroxton, Security Editor

UK fintech investment drops by almost double global average

Global fintech investments fell 20% compared to 37% in the UK, according to latest Innovate Finance figures Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Why CISOs should build stronger bonds with the legal function in 2025

The Computer Weekly Security Think Tank considers how security leaders should best navigate the multitude of new national and multinational regulations affecting their work, and ensure their organisations remain compliant and protected. Continue Reading

By

• Mandy Andress, Elastic

US Treasury incident a clear warning on supply chain security in 2025

A cyber incident at the US Department of the Treasury – blamed on a Chinese state actor – raises fresh warnings about supply chain risk after it was found to have originated via vulnerabilities in a remote tech support product Continue Reading

By

• Alex Scroxton, Security Editor

Top 10 financial services stories of 2024

Here are Computer Weekly’s top 10 financial services stories of 2024 Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Interview: Wendy Redshaw, chief digital information officer, NatWest Retail Bank

The retail bank is moving at pace to introduce generative AI into key customer-facing services as part of a wider digital transformation across the organisation Continue Reading

By

• Mark Samuels

Government introduces technology adoption review

Whitehall has launched a call for evidence on barriers to adopting new technologies in the UK, wanting to know what needs to change for the country to stay at the forefront of technology adoption Continue Reading

By

• Lis Evenstad

LockBit ransomware gang teases February 2025 return

An individual associated with the LockBit ransomware gang has broken cover to tease details of a new phase of the cyber criminal operation's activity, which they claim is set to begin in February 2025 Continue Reading

By

• Alex Scroxton, Security Editor

Latest attempt to override UK’s outdated hacking law stalls

Amendments to the Data Bill that would have given the UK cyber industry a boost by updating restrictive elements of the Computer Misuse Act have failed to progress beyond a Lords committee Continue Reading

By

• Alex Scroxton, Security Editor

Innovation, insight and influence: the CISO playbook for 2025 and beyond

From Covid-19 to war in Ukraine, SolarWinds Sunburst, Kaseya, Log4j, MOVEit and more, the past five years brought cyber to mainstream attention, but what comes next? The Computer Weekly Security Think Tank looks ahead to the second half of the 2020s Continue Reading

By

• Mandy Andress, Elastic

The Security Interviews: Martin Lee, Cisco Talos

Threat intel expert and author Martin Lee, EMEA technical lead for security research at Cisco Talos, joins Computer Weekly to mark the 35th anniversary of the first ever ransomware attack Continue Reading

By

• Alex Scroxton, Security Editor

Top 10 cyber security stories of 2024

Data breaches, data privacy and protection, and the thorny issue of open source security were all hot topics this year. Meanwhile, security companies frequently found themselves hitting the headlines, and not always for good reasons. Here are Computer Weekly's top 10 cyber security stories of 2024 Continue Reading

By

• Alex Scroxton, Security Editor

Look to the future: How the threat landscape may evolve next

From Covid-19 to war in Ukraine, SolarWinds Sunburst, Kaseya, Log4j, MOVEit and more, the past five years brought cyber to mainstream attention, but what comes next? The Computer Weekly Security Think Tank looks ahead to the second half of the 2020s Continue Reading

By

• Elliott Wilkes, ACDS

Top 10 cyber crime stories of 2024

From ransomware targeting the NHS to nation-state-backed intrusions, 2024 was another big year for cyber criminals and cyber spooks alike, but they didn't have it all their own way as the good guys fought back Continue Reading

By

• Alex Scroxton, Security Editor

2025-30: Geopolitical influence on cyber and the convergence of threat

From Covid-19 to war in Ukraine, SolarWinds Sunburst, Kaseya, Log4j, MOVEit and more, the past five years brought cyber to mainstream attention, but what comes next? The Computer Weekly Security Think Tank looks ahead to the second half of the 2020s Continue Reading

By

• Rob Dartnall, SecAlliance

Using AI to build stronger client relationships in 2025

On the Twelfth Day of AI, we explore the key benefits of Copilot, the potential risks, barriers to adoption, and strategies for ensuring successful implementation. Continue Reading

By

• Josie Rickerd, ANS

Top 10 IT leadership interviews of 2024

The top technology leaders talk to Computer Weekly to discuss the challenges they face and the strategies, solutions and successes they are delivering Continue Reading

By

• Computer Weekly staff

Decoding the end of the decade: What CISOs should watch out for

From Covid-19 to war in Ukraine, SolarWinds Sunburst, Kaseya, Log4j, MOVEit and more, the past five years brought cyber to mainstream attention, but what comes next? The Computer Weekly Security Think Tank looks ahead to the second half of the 2020s Continue Reading

By

• Paul Lewis, Nominet

Decking the halls with AI: the evolution of managed services

On the Tenth Day of AI, we explore the evolving role of AI in managed services and what to expect in 2025. Continue Reading

By

• Ben Clarke, ANS

Computer Misuse Act reform gains traction in Parliament

An amendment to the proposed Data (Access and Use) Bill that will right a 35-year-old wrong and protect security professionals from criminalisation is to be debated at Westminster Continue Reading

By

• Alex Scroxton, Security Editor

Post Office scandal 2024 – part 3: Fujitsu’s 12-month fall from grace

After years of refusing to comment, Fujitsu was unable to continue hiding from its role in the Post Office Horizon IT scandal as politicians and a public inquiry demanded answers Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Emerging Ymir ransomware heralds more coordinated threats in 2025

A newly observed ransomware strain has the community talking about more collaboration, and blurred lines, between threat groups next year, according to NCC’s monthly cyber barometer Continue Reading

By

• Alex Scroxton, Security Editor

Data: The reindeer pulling AI's sleigh

On the Ninth Day of AI, we explore the critical role data plays in AI implementation and the key steps business leaders must take to prepare their data for a successful AI future. Continue Reading

By

• Martin Brierly, ANS

Happy New Year: Three steps to maximise AI’s ROI in 2025

On the Eighth Day of AI, we explore the key considerations and strategic frameworks essential for extracting maximum value from AI projects. Continue Reading

By

• Robert Cottrill, ANS

Dangerous CLFS and LDAP flaws stand out on Patch Tuesday

Microsoft has fixed over 70 CVEs in its final Patch Tuesday update of the year, and defenders should prioritise a zero-day in the Common Log File System Driver, and another impactful flaw in the Lightweight Directory Access Protocol Continue Reading

By

• Alex Scroxton, Security Editor

iOS vuln leaves user data dangerously exposed

Jamf threat researchers detail an exploit chain for a recently patched iOS vulnerability that enables a threat actor to steal sensitive data, warning that many organisations are still neglecting mobile updates Continue Reading

By

• Alex Scroxton, Security Editor

Defending against cyber grinches: AI for enhanced security

On the Seventh Day of AI, Defending against cyber grinches: AI for enhanced security, we explore the double-edged sword of AI in cybersecurity and how businesses can protect themselves against the cyber grinches. Continue Reading

By

• Justin Young, ANS

In 2025: Identities conquer, and hopefully unite

From Covid-19 to war in Ukraine, SolarWinds Sunburst, Kaseya, Log4j, MOVEit and more, the past five years brought cyber to mainstream attention, but what comes next? The Computer Weekly Security Think Tank looks ahead to the second half of the 2020s Continue Reading

By

• Stephen McDermid, Okta

AI and cloud: The perfect pair to scale your business in 2025

On the Sixth Day of AI, we explore how leveraging AI and cloud can enhance business performance and shares tips for successful implementation. Continue Reading

By

• Matt Gallagher, ANS

Six trends that will define cyber through to 2030

From Covid-19 to war in Ukraine, SolarWinds Sunburst, Kaseya, Log4j, MOVEit and more, the past five years brought cyber to mainstream attention, but what comes next? The Computer Weekly Security Think Tank looks ahead to the second half of the 2020s Continue Reading

By

• Pierre-Martin Tardif, ISACA

How AI can help you attract, engage and retain the best talent in 2025

On the Fifth Day of AI, we explore how AI is reshaping HR – boosting productivity, addressing concerns, and preparing organisations for the future. Continue Reading

By

• Toria Walters, ANS

Are you on the naughty or nice list for responsible AI adoption?

On the Fourth Day of AI, we discuss the value of adopting AI responsibly, and outlines how businesses can build responsible adoption into their plans Continue Reading

By

• Kyle Hill, ANS

The most pressing challenges for CISOs and cyber security teams

From Covid-19 to war in Ukraine, SolarWinds Sunburst, Kaseya, Log4j, MOVEit and more, the past five years brought cyber to mainstream attention, but what comes next? The Computer Weekly Security Think Tank looks ahead to the second half of the 2020s Continue Reading

By

• Elliot Rose, PA Consulting

2025: The year of AI for business - top trends to watch out for

On the Third Day of AI, we explore some of the key trends to keep an eye on, and prepare for, in 2025 Continue Reading

By

• Chris Huntingford, ANS

All businesses want for Christmas is a clear definition of AI

On the second of the 12 Days of AI, we look at the importance of truly understanding what AI is to enable true organisational transformation. Continue Reading

By

• Janet Robb, ANS

NCSC boss calls for ‘sustained vigilance’ in an aggressive world

NCSC CEO Richard Horne is to echo wider warnings about the growing number and severity of cyber threats facing the UK as he launches the security body’s eighth annual report Continue Reading

By

• Alex Scroxton, Security Editor

CISOs will face growing challenges in 2025 and beyond

From Covid-19 to war in Ukraine, SolarWinds Sunburst, Kaseya, Log4j, MOVEit and more, the past five years brought cyber to mainstream attention, but what comes next? The Computer Weekly Security Think Tank looks ahead to the second half of the 2020s Continue Reading

By

• Mike Gillespie and Ellie Hurst, Advent IM

Unwrapping the benefits of AI for marketing

In the first of a new series of articles, the 12 Days of AI, we explore how AI is being used in marketing, the benefits and key use cases, as well as concerns and how marketers can best take advantage of AI Continue Reading

By

• Sophie Rea, ANS

UK economy could see £600m boost through digital IDs for businesses

Government-backed organisation kicks off initiative to widen use of digital identities, in an effort to streamline financial services and cut hundreds of millions of pounds of economic crime Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Automated patch management: A proactive way to stay ahead of threats

Timely patch management should be crucial in any organisation, but too often it goes by the wayside. Automating the process may offer a path forward for hard-pressed cyber defenders Continue Reading

By

• Isla Sibanda

In the cloud, effective IAM should align to zero-trust principles

The Security Think Tank considers best practices in identity and access management and how can they be deployed to enable IT departments to combat cyber-attacks, phishing attacks and ransomware Continue Reading

By

• Vladimir Jirasek, Foresight Cyber

Russian threat actors poised to cripple power grid, UK warns

UK government escalates cyber rhetoric in a speech at a Nato event, saying Russian advanced persistent threats stand ready to conduct cyber attacks that could ‘turn off the lights for millions’ Continue Reading

By

• Alex Scroxton, Security Editor

Microsoft calls on Trump to ‘push harder’ on cyber threats

Microsoft’s Brad Smith urges president-elect Donald Trump to keep the faith when it comes to fighting back against hostile cyber actors from China, Iran and Russia Continue Reading

By

• Alex Scroxton, Security Editor

Geopolitical strife drives increased ransomware activity

The lines between financially motivated cyber criminals and nation state APTs are rapidly blurring, as geopolitical influences weigh heavily on the threat landscape, according to data from NCC Continue Reading

By

• Alex Scroxton, Security Editor

BianLian cyber gang drops encryption-based ransomware

The Australian and American cyber authorities have published updated intelligence on the BianLian ransomware gang, which has undergone a rapid evolution in tactics Continue Reading

By

• Alex Scroxton, Security Editor

Microsoft slaps down Egyptian-run rent-a-phish operation

Microsoft’s Digital Crimes Unit has conducted a successful takedown of almost 250 malicious websites used in the cyber criminal ONNX phishing-as-a-service operation Continue Reading

By

• Alex Scroxton, Security Editor

Apple addresses two iPhone, Mac zero-days

Two zero-day vulnerabilities uncovered in Apple’s operating systems could have allowed for arbitrary code execution and cross-site scripting attacks Continue Reading

By

• Alex Scroxton, Security Editor

Underfunded, under pressure: We must act to support cyber teams

With almost half of cyber pros experiencing more incidents this year, security leaders say their teams are coming under increasing strain. Businesses must be more proactive approach about building a resilient, future-ready workforce Continue Reading

By

• Chris Dimitriadis, ISACA

Overcoming the cyber paradox: Shrinking budgets – growing threats

The challenging macro environment has left security budgets stretched thin even while new tech like AI presents a threat multiplier. In the face of these challenges, it becomes vital for security leads to do more to maintain funding Continue Reading

By

• Richard Watson, EY

Nationwide Building Society backs HPE GreenLake for hybrid cloud push

Nationwide Building Society's digital transformation efforts are continuing apace, with the company enlisting the help of HPE GreenLake to meet its hybrid cloud goals Continue Reading

By

• Caroline Donnelly, Senior Editor, UK

How banks are navigating the AI landscape

Industry experts discuss the transformative potential of artificial intelligence in banking, while addressing the challenges and governance implications of integrating AI into financial services Continue Reading

By

• Aaron Tan, TechTarget

AWS widening scope of MFA programme after early success

AWS reports strong take-up of multi-factor authentication among customers since making it compulsory for root users earlier this year, and plans to expand the scope of its IAM programme in spring 2025 Continue Reading

By

• Alex Scroxton, Security Editor

Microsoft fixes 89 CVEs on penultimate Patch Tuesday of 2024

High-profile vulns in NTLM, Windows Task Scheduler, Active Directory Certificate Services and Microsoft Exchange Server should be prioritised from November’s Patch Tuesday update Continue Reading

By

• Alex Scroxton, Security Editor

Zero-day exploits increasingly sought out by attackers

Threat actors increasingly favour zero-day exploits to attack their victims before patches become available, according to the NCSC and CISA, which have just published a list of the most widely used vulnerabilities of 2023 Continue Reading

By

• Alex Scroxton, Security Editor