

Michael Hill
UK Editor
Michael Hill is the UK editor of CSO Online. He has spent the past five-plus years covering various aspects of the cybersecurity industry, with particular interest in the ever-evolving role of the human-related elements of information security. A keen storyteller with a passion for the publishing process, he enjoys working creatively to produce media that has the biggest possible impact on the audience.

Foreign states already using ChatGPT maliciously, UK IT leaders believe
Most UK IT leaders are concerned about malicious use of ChatGPT as research shows how its capabilities can significantly enhance phishing and BEC scams.

New “MITRE ATT&CK-like” framework outlines software supply chain attack TTPs
The OSC&R Framework aims to help security professionals better understand and measure software supply chain risk.

Tech Nation to close as UK government pulls key funding
Tech Nation will cease operations after a decade of supporting and transforming the UK’s scaleup tech ecosystem through programmes including Tech Nation Cyber.

UK Cyber Security Council, ISACA partner for chartered Audit and Assurance pilot
ISACA will act as the UK Cyber Security Council’s awarding body for Audit and Assurance professional titles as a chartered standard for the UK cybersecurity sector edges closer.

IoT, connected devices biggest contributors to expanding application attack surface
New report shines light on application security challenges impacting global businesses.

Threat actors abuse Microsoft’s “verified publisher” status to exploit OAuth privileges
Proofpoint discovers threat actors targeting verified status in the Microsoft environment to abuse OAuth privileges and lure users into authorizing malicious apps.

How to survive below the cybersecurity poverty line
The security poverty line has become the benchmark of acceptable cybersecurity for businesses. Here are the factors that determine that benchmark and advice for those below it.

UK NCSC warns businesses of ongoing Russian, Iranian spear-phishing campaigns
The National Cyber Security Centre security advisory explains why spear-phishing campaigns by Russia-based SEABORGIUM and Iran-based TA453 threat group pose a risk.

Cyber Essentials technical requirements updated with changes to malware protection, device management
UK National Cyber Security Centre says Cyber Essentials version 3.1 will take effect from April 24, 2023.

Timeline of the latest LastPass data breaches
Attackers apparently used data taken in an August attack on the password management firm to enable another attack in November.

UK NCSC ends Logging Made Easy support, warns businesses against continued use
The UK’s National Cyber Security Centre is ending support for the LME project to divert resources to new initiatives designed to help protect the UK’s cyber infrastructure.