
Reported Critical Vulnerabilities In Microsoft Software On the Rise
Avecto researchers say removing admin rights from users would mitigate many of the...

Word-based Malware Attack Doesn’t Use Macros
Malicious e-mail attachments used in this campaign don’t display any warnings when opened...

Venerable Unicode Technique Used to Deliver Cryptomining Malware Through Telegram
It's just the latest reported vulnerability for the secure messaging application. ...

Two Nasty Outlook Bugs Fixed in Microsoft’s Feb. Patch Tuesday Update
One of the bugs could allow a successful attack simply by a user...

Home user guidance to manage processor vulnerabilities ‘Meltdown’ and ‘Spectre’
What are Meltdown/Spectre? ‘Meltdown' and 'Spectre' are two security flaws affecting microprocessors. Actions...

'Meltdown' and 'Spectre' guidance
What are Meltdown/Spectre? 'Meltdown' and 'Spectre' are two related, side-channel attacks against modern...

Romance Scams Drive Necurs Botnet Activity in Run Up to Valentine’s Day
Emails try to get recipients to share revealing photos of themselves so scammers...

‘Olympic Destroyer’ Malware Behind Winter Olympics Cyberattack, Researchers Say
The malware's sole purpose was to take down systems, not steal data, Cisco...

4,500 young women race to complete CyberFirst Girls online challenge
We have been blown away by the fantastic response to this year’s CyberFirst Girls...

U.K. and U.S. Government Websites Among Thousands Infected by Cryptocurrency Miner
The attack could have been averted through a technique called subresource integrity, according...

Lenovo Warns Critical WiFi Vulnerability Impacts Dozens of ThinkPad Models
Lenovo issued a security bulletin Friday warning customers of two previously disclosed critical...

Cisco Confirms Critical Firewall Software Bug Is Under Attack
Cisco has issued patches for the vulnerability, which could be up to seven...

Introducing the Mitigating Malware and Preventing Lateral Movement Guidance
Last year, following the global WannaCry incident in May 2017, the NCSC published...

Apple Downplays Impact of iBoot Source Code Leak
Apple said the leak of its iBoot source code will have little...

Insurance Customers’ Personal Data Exposed Due to Misconfigured NAS Server
The vulnerability also exposed login credentials for a massive national insurance claims database,...

Gojdue Variant Eludes Microsoft, Google Cloud Protection, Researchers Say
Researchers have identified a new ransomware strain that went undetected by built-in malware...

Introducing new guidance on Virtual Private Networks (VPNs)
To help you decide on your approach to using a VPN for remote access, we have just released our new VPN guidance.
We know many of you struggle with the multitude of configuration options and products available when making decisions on VPN…

Hotspot Shield Vulnerability Could Reveal ‘Juicy’ Info About Users, Researcher Claims
Hotspot Shield has been downloaded more than 500 million times, according to its...

Cisco Issues New Patches for Critical Firewall Software Vulnerability
The vulnerability has a CVSS base score of 10.0, the highest possible, and...

Announcing the NCSC’s new Phishing Guidance
I'm delighted to announce the publication today of our new guidance, Phishing Attacks: Defending...

Research into dealing with weak domain passwords
Update We are no longer looking for participants for this study, but we...

Active Cyber Defence – one year on
In November 2016, just after the NCSC formally came into existence, and as...

JenX Botnet Has Grand Theft Auto Hook
A GTA hosting site is offering powerful DDoS attacks for $20 a pop,...

New Western Digital My Cloud Bugs Give Local Attackers Root on NAS Devices
Two new WD My Cloud vulnerabilities have been identified, adding to last month’s...

Crypto Miners May Be the ‘New Payload of Choice’ for Attackers
Crypto mining botnets provide a stealthy way to generate big bucks, without the...

Massive Smominru Cryptocurrency Botnet Rakes In Millions
Researchers say Smominru threat actors are in control of 500,000 node botnet and...

Updating our Factory Reset Guidance
We’ve just published new End User Devices Factory Reset Guidance on our website. We hope...

Cisco Patches Critical VPN Vulnerability
Cisco Systems released a patch Monday to fix a critical security vulnerability, with...

NCSC IT: How the NCSC built its own IT system
“When are you going to share the design of the NCSC IT system?”...

Supply chain security collection
Proposing a series of 12 principles, designed to help you establish effective control and...