Michael Hill

UK Editor

Michael Hill is the UK editor of CSO Online. He has spent the past five-plus years covering various aspects of the cybersecurity industry, with particular interest in the ever-evolving role of the human-related elements of information security. A keen storyteller with a passion for the publishing process, he enjoys working creatively to produce media that has the biggest possible impact on the audience.

BadUSB explained: How rogue USBs threaten your organization

INTERPOL and Nigerian Police bust business email compromise ring, arrest 11

INTERPOL and Nigerian Police bust business email compromise ring, arrest 11

Operation Falcon II focused on malware skills and knowledge to track suspects thought to be members of the SilverTerrier BEC network that has harmed thousands of companies globally.

UK government proposes changes to NIS Regulations and cybersecurity qualifications

UK government proposes changes to NIS Regulations and cybersecurity qualifications

The UK government has announced two new consultation periods aimed at strengthening the nation’s cybersecurity posture with focus on bolstering cyber resilience and embedding new career pathways across the profession.

Supply chain vulnerability allows attackers to manipulate SAP transport system

Supply chain vulnerability allows attackers to manipulate SAP transport system

The vulnerability permits malicious interference in the SAP change management and software deployment processes. SAP issues patch to protect file system from exploitation.

4 ways cybercriminals hide credential stuffing attacks

4 ways cybercriminals hide credential stuffing attacks

Cybercriminals adopt tactics to disguise credential stuffing activity and avoid basic prevention schemes like CAPTHCAs.

New Log4Shell-like vulnerability impacts H2 Java SQL database

New Log4Shell-like vulnerability impacts H2 Java SQL database

Researchers warn of critical Java flaw impacting the console of the H2 Java SQL database. Users are advised to update their H2 database to mitigate remote code execution risk.

The Apache Log4j vulnerabilities: A timeline

The Apache Log4j vulnerabilities: A timeline

The Apache Log4j vulnerability has impacted organizations around the globe. Here is a timeline of the key events surrounding the Log4j exploit as they have unfolded.

UK NCSC updates Cyber Essentials technical controls requirements and pricing structure

UK NCSC updates Cyber Essentials technical controls requirements and pricing structure

Technical controls update includes revisions surrounding the use of cloud services, multi-factor authentication, and password management. New pricing structure better reflects organisational size and complexity.

Exploit chains explained: How and why attackers target multiple vulnerabilities

Exploit chains explained: How and why attackers target multiple vulnerabilities

Here is what you need to know about exploit chain risks, use cases, and mitigation.

Security lessons from 2021 holiday shopping fraud schemes

Security lessons from 2021 holiday shopping fraud schemes

Here are four ways fraudsters targeted the 2021 shopping period with insight into how retailers can prevent and defend against exploitation.

Second Log4j vulnerability carries denial-of-service threat, new patch available

Second Log4j vulnerability carries denial-of-service threat, new patch available

The fallout from the Apache Log4j vulnerability continues as researchers discover a second exploit that could lead to denial-of-service attacks. A patch is available to fix the issue.

UK government's new National Cyber Strategy focuses on workforce diversity, cyber offense

UK government's new National Cyber Strategy focuses on workforce diversity, cyber offense

The UK government’s new National Cyber Strategy outlines plans for protecting the UK from cyberthreats and solidifying its position as a global cyber power.

Load More