An article by Computing magazine has reported that controls that Microsoft rolled out to protect Windows 11 from hackers seeking to exploit security vulnerabilities in hardware and device drivers are inadequate, security researchesrs at VMware claimed last week.

Several countries have pledged never to pay cyber criminal ransoms and to collectively work toward disrupting their financial systems.  The members affirmed their joint commitment to building their collective resilience to ransomware.  They will share data on ransomware perpetrators and techniques and establish a blacklist of information about digital wallets used to facilitate ransomware payments.

The NCSC has recently published an article about creating resistant cloud backups as a way to be more resistant to the effects of destructive ransomware.

We all know that backups are an essential part of an organisation's cyber strategy and making regular backups is the most effective way to recover from a destructive ransomware attack, where an attacker's aim is to destroy or erase a victim's data. 

The NSA and CISA Red and Blue teams recently shared the top ten cyber security misconfigurations.  The schools we have worked with that have suffered a cyber attack often find that there are configurations, upgrades or user access controls that were missed.  This advisory highlights all of those and more - these are not in-depth configurations, but often ones that are set up incorrectly and then not checked or updated as time goes by. Although the advisory is aimed at larger organisati

Recently the ICO reprimanded a company that suffered a ransomware attack.  The attack resulted in a data breach - learning lessons from real-life incidents is a valuable way to promote knowledge sharing and improve.

The UK Online Safety Bill became law on Thursday 26th October.  The UK Government says the Online Safety Act will protect people, particularly children, on the internet.  The Act should make social media companies keep the internet safe for children and give adults more choice over what they see online.  Ofcom will immediately begin work on tackling illegal content and protecting children's safety.

We previously reported on some schools that had sufferred ransomware attacks, namely Thomas Hardye in Dorset.  It has since been discovered the attack was by the hacker group that goes by the name "Rhysida".  
The attack methodology used was by exploiting a known vulnerability in PaperCut.  Other schools have reportedly suffered the same attack from the group.

As we have seen an increase in the number of cyber attacks on schools we wanted to highlight a white paper that has been produced by the National Cyber Security Centre (NCSC), part of GCHQ and the National Crime Agencey (NCA).  The UK is currently a high value target for cyber criminals, not just in terms of business but against the UK citizens as well.

We wanted to highlight an organisation called the National Cyber Resilience Centre Group which consists of nine regional centres in the UK that were set up to strenghten the reach of cyber resilience across the business community.

A coalitiion of police, government, large employers and organisations and academia are supporting the growth of the Cyber Resilience Centre Network.

The ICO has recently published new guidance about bulk email communications following a number of data breaches caused by the incorrect usage of CC and BCC (carbon copy and blind carbon copy). 

Emails sent to the wrong person or emails copied rather than blind copied to customers/parents are the most common data breaches seen and are often because someone is rushing or under pressure.

We've produced a document to provide help and guidance in the event of a cyber attack.  The document is part of our Information and Cyber Security Best Practice Area and covers:

This document gives a list of who to contact and what to do just after a cyber attack.  It covers:

For those outside the computing world, it feels as though AI (Artificial Intelligence) has suddenly appeared and having a huge impact on the rest of the world.  Artificial intelligence is intelligence demonstrated by computers, as opposed to human or animal intelligence.  'Intelligence' encompasses the ability to learn to reason, to generalise and to infer meaning.