News

Hackers and cybercrime prevention

• January 21, 2022 21 Jan'22

  Mandiant analysts: Russia-backed APTs likely to ramp up attacks

  More cyber attacks like those perpetrated against targets in Ukraine are to be expected, and they may become more destructive

• January 21, 2022 21 Jan'22

  ICO criticises government-backed campaign to delay end-to-end encryption

  Data protection watchdog warns that delaying end-to-end encryption will put children at risk

• January 21, 2022 21 Jan'22

  Cyber pros: Don’t revel in REvil’s downfall just yet

  The arrests of REvil’s alleged kingpins is a welcome step, but as with any disruption to cyber criminal activity, it is never wise to assume law enforcement action means the threat has passed entirely

• January 20, 2022 20 Jan'22

  Ransomware attacks dropped 37% in December, claims NCC

  Latest monthly data reveals a significant decline in ransomware attacks at the end of 2021, but a new, emergent gang is making waves

• January 20, 2022 20 Jan'22

  Updated cyber security regulations proposed for managed services sector

  The Network and Information Systems regulations are to be updated to include MSPs and outsourcers, following a spate of supply chain attacks

• January 20, 2022 20 Jan'22

  Data of 515,000 vulnerable people stolen in Red Cross attack

  The International Committee of the Red Cross is probing a cyber attack that has already seen the personal data of hundreds of thousands of the world’s most vulnerable people compromised

• January 20, 2022 20 Jan'22

  MoonBounce firmware bootkit shows advances in malicious implants

  MoonBounce firmware bootkit shows evident technical improvements over others, making it a more dangerous threat to organisations. It is being used by Chinese state-backed actors

• January 20, 2022 20 Jan'22

  Delayed pay: Umbrella company cyber attacks disrupt salary payments to thousands of contractors

  Thousands of contractors across the UK are anxiously waiting to see if their payroll cycles will be disrupted for a second week, after two of the umbrella industry's biggest players were targeted by cyber criminals

• January 20, 2022 20 Jan'22

  NCSC for Startups programme seeks ransomware-busters

  Innovative ideas for ransomware-busting technology are being sought by the UK’s National Cyber Security Centre and startup incubator Plexal

• January 20, 2022 20 Jan'22

  Singapore to tighten digital banking security

  Banks in Singapore will have to put in place more stringent measures to combat the rise in online phishing scams targeted at bank customers in the city-state

• January 19, 2022 19 Jan'22

  Investigators find Beijing 2022 app riddled with security flaws

  Security flaws in Olympic app may put personal health data at risk of compromise in a man-in-the-middle attack

• January 19, 2022 19 Jan'22

  Trellix looks to democratise access to XDR in APAC

  The company formed from the merger of FireEye Enterprise and McAfee will team up with managed service providers, among other efforts, to democratise access to extended detection and response capabilities in the region

• January 18, 2022 18 Jan'22

  Police take down VPN linked to multiple ransomware hits

  German police led a multinational effort to seize and take down the LabVPN service, which was allegedly used by cyber criminals to facilitate ransomware attacks

• January 18, 2022 18 Jan'22

  Cobalt Strike still C2 infrastructure of choice

  Its utility and ease of use, coupled with explosive growth in ransomware actions, makes Cobalt Strike Team Servers the C2 infrastructure of choice for malicious actors

• January 17, 2022 17 Jan'22

  ‘Russian-backed’ hackers defaced Ukrainian websites as cover for dangerous malware attack

  Kiev claims that a hacking group in Belarus – a close ally of Russia – was responsible for hacking Ukrainian government websites amid threats of military action

• January 17, 2022 17 Jan'22

  Top three questions about the Log4j vulnerability

  Singapore’s Ensign Infosecurity answers the top three questions about the impact of the Log4j vulnerability

• January 14, 2022 14 Jan'22

  Nato offers tech support after 'massive cyber attack' hits Ukraine

  Speculation mounts that Russia is behind a cyber attack which defaced Ukrainian government websites amid growing international tension

• January 14, 2022 14 Jan'22

  Parasol systems outage leaves umbrella contractors facing late payments

  Multi-day outage leaves umbrella company contractors working for payroll processing firm Parasol facing late salary payments, with the firm remaining tight-lipped over the cause of its technical difficulties

• January 13, 2022 13 Jan'22

  Nordic companies targeted in wave of cyber attacks

  After a slew of cyber attacks hit major companies in the Nordics at the end of last year, we look at how they were affected and how they have recovered

• January 13, 2022 13 Jan'22

  NCSC sounds alarm over Russia-backed hacks

  The UK’s National Cyber Security Centre joins US calls to be wary of Russian state interference in critical national infrastructure IT systems

• January 12, 2022 12 Jan'22

  MEPs demand EU probe into Pegasus spyware abuse

  A group of European Parliament Members has called for an EU-wide investigation into NSO Group’s Pegasus spyware after it emerged EU member states may have used it

• January 12, 2022 12 Jan'22

  Microsoft fixes six zero-days in January Patch Tuesday update

  A larger than of late Patch Tuesday update from Microsoft comes as defenders continue to grapple with Log4Shell

• January 12, 2022 12 Jan'22

  Dutch cyber volunteers receive major funding boost

  The Dutch Institute for Vulnerability Disclosure has received a $100,000 donation to expand the scope of its work

• January 11, 2022 11 Jan'22

  Almost half of Log4j downloads still dangerously exposed

  Whether by error or design is unclear, but a great many IT teams are still exposing themselves by downloading outdated, insecure versions of Apache Log4j

• January 11, 2022 11 Jan'22

  Banks accused of neglecting customer security measures

  Which? singles out Metro Bank, Virgin Money and TSB over insecure online banking processes

• January 11, 2022 11 Jan'22

  Cyber security failure one of biggest risks facing countries and businesses, warns WEF

  Cyber risks are among the top five risks facing organisations and governments over the next two to five years. Digital inequality and the over-crowding of space with communication satellites present further risks 

• January 10, 2022 10 Jan'22

  Ministry of Justice caught up in multiple cyber incidents

  Besides multiple disclosed data breaches, department was also affected by two ransomware attacks

• January 09, 2022 09 Jan'22

  Singapore retailer hit by data breach

  The personal data of OG’s basic and gold members stored in a database managed by a third-party service provider was reportedly compromised

• January 05, 2022 05 Jan'22

  Judges to decide whether Assange can appeal against extradition as he reaches 1,000 days in jail

  Mexican president Andrés Manuel López Obrador urges US to treat WikiLeaks founder Julian Assange with humanity and to consider Mexico’s offer to grant Assange asylum

• January 03, 2022 03 Jan'22

  How APAC firms can stay ahead of cyber threats

  Organisations will need to develop behavioural detection, machine learning and threat hunting capabilities to keep pace with the onslaught of cyber attacks

• December 31, 2021 31 Dec'21

  Top 10 crime, national security and law stories of 2021

  Here are Computer Weekly’s top 10 crime, national security and law stories of 2021

• December 23, 2021 23 Dec'21

  Top 10 cyber security stories of 2021

  Cyber security dominated the headlines in 2021, making it hard to gain a clear picture of what to pay attention to. What is an IT buyer to do?

• December 22, 2021 22 Dec'21

  Top 10 cyber crime stories of 2021

  Cyber crime hit new heights and drew more attention than ever in 2021. We look back at the biggest stories of the year

• December 15, 2021 15 Dec'21

  UK government to take ‘whole-of-society’ approach to cyber

  Second iteration of the UK’s National Cyber Strategy broadens its focus to build a ‘whole-of-society’ security posture

• December 14, 2021 14 Dec'21

  Almost half of networks probed for Log4Shell weaknesses

  Close to half of corporate networks have already been actively targeted by individuals seeking to exploit the critical Log4Shell Apache bug

• December 13, 2021 13 Dec'21

  What is Log4Shell, and why are we panicking about it?

  It’s been described as a ‘design failure of catastrophic proportions’ that threatens the very fabric of the digital world. Find out what the Log4j2 Log4Shell panic is all about, and what you should do about it

• December 10, 2021 10 Dec'21

  Julian Assange can be extradited to the US to face espionage and hacking charges, court rules

  High Court overturns decision not to extradite WikiLeaks founder after US government gives assurances over his treatment

• December 10, 2021 10 Dec'21

  C-suite’s biggest ransomware fear: Post-attack regulatory sanctions

  Exposure to regulatory sanctions such as fines are the biggest worry for C-suite executives in the wake of a ransomware attack

• December 08, 2021 08 Dec'21

  2021 another record-breaker for vulnerability disclosure

  More than 50 CVEs were logged every day in 2021, more than at any time since records began, while ethical hackers continue to prove their value

• December 08, 2021 08 Dec'21

  Russia may be collaborating with US to bring cyber criminals to heel

  Trustwave’s SpiderLabs says its analysis of chatter on underground dark web forums suggests cyber criminals are starting to panic that formerly ‘friendly’ governments are on their case

• December 08, 2021 08 Dec'21

  Most consumers expect banks to cover losses to scams

  Consumers expect banks to cover losses to cyber crime, as the number of attacks grows

• December 08, 2021 08 Dec'21

  Number of .uk domain suspensions at record low

  Statistics from Nominet show how effective law enforcement action against cyber crime in the UK is paying off

• December 07, 2021 07 Dec'21

  Investigation mounted into Spar supermarket cyber attack

  Possible supply chain cyber attack left more than 300 Spar supermarkets unable to process credit card payments

• December 06, 2021 06 Dec'21

  IT Priorities 2022: Pandemic’s long tail for cyber buyers

  Pandemic response has been top of mind for cyber leaders these past 18 months, and as Covid-19 turns two, the TechTarget/Computer Weekly IT Priorities 2022 study shows buyers are still focused on how Covid has upended the workplace

• December 06, 2021 06 Dec'21

  Surge in Nobelium-linked supply chain attacks

  Mandiant’s researchers share new intel on two distinct clusters of Russian APT activity, linked to the Nobelium SolarWinds attackers

• December 02, 2021 02 Dec'21

  Millions of credit card details for sale on dark web for as little as 75p

  The credit card details of millions of people from across the world can be bought by criminals using the dark web for as little as $1

• November 30, 2021 30 Nov'21

  HP patches bugs in over 150 printer models

  More than 150 HP multifunction printers are at risk of compromise through a series of newly disclosed vulnerabilities, one of them wormable

• November 30, 2021 30 Nov'21

  Recovering from ransomware: One organisation’s inside story

  In February 2021, French office equipment supplier Manutan fell victim to a DoppelPaymer ransomware hit. IT ops director Jérôme Marchandiau tells the inside story of the incident

• November 29, 2021 29 Nov'21

  British Army picks Immersive Labs for cyber training

  The British Army will make Immersive Labs’ security training platform available to all serving personnel

• November 26, 2021 26 Nov'21

  UK’s surveillance culture may be normalising use of tech for abuse

  Intense surveillance of public spaces by UK authorities may be playing a part in the normalisation of cyber stalking in intimate relationships

• November 25, 2021 25 Nov'21

  Government must prove its plans to police encryption work, says ex-cyber security chief

  Ciaran Martin, the former UK cyber security chief, says the government must explain how it can access encrypted communications without damaging cyber security and weakening privacy

• November 25, 2021 25 Nov'21

  UK consumers warned of increase in credit card application fraud

  There has been a sharp rise in fraudsters using stolen personal details to open credit card accounts

• November 24, 2021 24 Nov'21

  Consumer cyber bill to protect mobiles, smart devices

  Product Security and Telecommunications Infrastructure Bill will reinforce protections for consumer devices and mandate improvements to default security settings

• November 24, 2021 24 Nov'21

  Apple sues under-fire malware firm NSO

  Lawsuit alleges spyware firm NSO Group targeted Apple’s users, adding to the pressure on the under-fire company

• November 22, 2021 22 Nov'21

  Upcoming holidays prompt ransomware warning from authorities

  Ransomware gangs know how calendars work, and may target their attacks around major holidays to take advantage of more people being off work, according to a new alert

• November 22, 2021 22 Nov'21

  Black Friday cyber warning for 4,000 card-skimming victims

  NCSC warns thousands of small retailers that their websites are being exploited to steal customer data

• November 22, 2021 22 Nov'21

  CIO interview: Karl Hoods, CDIO, Department for Business, Energy and Industrial Strategy

  Moving to the cloud, developing staff skills and responding quickly to the pandemic – from a public sector IT leader’s perspective

• November 19, 2021 19 Nov'21

  Why is Emotet back, and should we be worried about it?

  The sudden reappearance of Emotet this week has security teams on high alert, but do we need to be worried about its return, and what should we be doing about it?

• November 19, 2021 19 Nov'21

  GCHQ, NSA chiefs recommit to counter cyber threats

  UK and US intelligence services reaffirm a joint commitment to disrupt and deter new and emerging cyber threats

• November 18, 2021 18 Nov'21

  Memento ransomware gang quick to retool for ‘optimum’ outcome

  The operators of a new ransomware called Memento are quick to retool for ‘success’ if they run up against a competent defender, says Sophos

• November 18, 2021 18 Nov'21

  Alert over spate of Iran-linked BitLocker attacks

  A joint advisory from western cyber agencies warns of a campaign of ‘ongoing malicious activity’ by an Iran-linked APT group exploiting BitLocker to extort its targets

• November 18, 2021 18 Nov'21

  Sky ECC provided free cryptophones to a Canadian police force

  Internal emails disclosed in a US court show how Sky Global supplied sample encrypted phones to a Canadian police force before its phone users became subject to an international police investigation

• November 18, 2021 18 Nov'21

  Cryptophone supplier Sky Global takes legal action over US government website seizures

  Canadian tech company Sky Global has filed a legal motion claiming that the US government unlawfully seized the company’s internet sites following police investigations into the use of its cryptophones by organised crime

• November 17, 2021 17 Nov'21

  Security startups line up on Cyber Runway

  Some 108 cyber security startups representing the UK’s most cutting-edge innovators are to join Plexal’s Cyber Runway accelerator

• November 17, 2021 17 Nov'21

  Zero-days: The next element of the service-based cyber economy?

  Digital Shadows researchers have reported on the emergence of zero-days as a service, which could be the next big thing in the cyber criminal underworld

• November 17, 2021 17 Nov'21

  Out of the shadows: The rise of ethical hackers in 2021

  Ethical hackers working on the Bugcrowd platform have saved organisations almost $30bn in risk during the Covid-19 pandemic, as the community sheds old stereotypes

• November 16, 2021 16 Nov'21

  One-fifth of NCSC-supported cyber incidents linked to Covid-19

  National Cyber Security Centre has helped to thwart multiple cyber incidents that could have seriously disrupted the UK’s response to the pandemic

• November 15, 2021 15 Nov'21

  UK government proposes new rules for digital supply chain security

  Proposals could see IT service providers legally required to adhere to the NCSC’s Cyber Assessment Framework, among other things

• November 12, 2021 12 Nov'21

  BT applies Covid-19 R number modelling to threat response

  A prototype cyber security tool developed at BT uses epidemiological principles to detect and respond to cyber threats

• November 12, 2021 12 Nov'21

  IT Priorities 2022: APAC enterprises invest in digital future

  Nearly two-thirds of enterprises in Asia-Pacific plan to increase their IT budgets next year in areas such as cloud computing and cyber security to secure their digital future

• November 11, 2021 11 Nov'21

  HPE’s Aruba networking unit hit by cyber attack

  Undisclosed threat actor compromised data buckets used to run the Aruba Central cloud environment using a stolen access key

• November 11, 2021 11 Nov'21

  Finance ombudsman overturns more than three-quarters of bank decisions on APP fraud

  The financial services ombudsman is siding with customers in over 75% of complaints against banks that refuse to repay losses to authorised push payment fraud

• November 11, 2021 11 Nov'21

  Scale of crime-as-a-service economy a growing concern, say researchers

  The cyber criminal underground continues its evolution towards a service-based economy

• November 11, 2021 11 Nov'21

  Bank of England loses 161 computing devices in three years

  Bank cannot account for phones, laptops and tablets that have gone missing over the past three years

• November 09, 2021 09 Nov'21

  US seeks to extradite REvil affiliate who attacked Kaseya

  US Department of Justice unseals charges against a Ukrainian national accused of being behind the summer 2021 REvil ransomware attack on Kaseya

• November 08, 2021 08 Nov'21

  REvil associates arrested in international ransomware crackdown

  Two individuals suspected of conducting 5,000 REvil ransomware attacks were arrested by Romanian police last week as an international crackdown on the crime gang gathers pace

• November 08, 2021 08 Nov'21

  Splunk’s cloud shift is paying off in APAC

  Splunk’s Asia-Pacific business is growing faster than the rest of the company, but it’s not resting on its laurels

• November 05, 2021 05 Nov'21

  US offers $10m reward for intel on DarkSide ransomware gang

  US government puts up a $10m reward for information on the DarkSide ransomware gang, the group that attacked Colonial Pipeline six months ago

• November 04, 2021 04 Nov'21

  The Netherlands works on resilience with large-scale national cyber exercise

  For the Netherlands, the biggest challenge in a large-scale cyber crisis is to maintain speed while exercising due care

• November 03, 2021 03 Nov'21

  Spyware firm NSO and others added to US banned Entity List

  US government bans target Israeli spyware makers and cyber firms in Russia and Singapore

• November 03, 2021 03 Nov'21

  UK’s Labour Party hit by third-party data breach

  Data on Labour Party members was recently compromised in an apparent cyber attack on a third-party data processor

• November 03, 2021 03 Nov'21

  BlackMatter ransomware crew shuts down, leaves victims in a bind

  The BlackMatter ransomware gang appears to be winding down its activities, possibly due to pressure from law enforcement

• November 02, 2021 02 Nov'21

  Convicted Silk Road admin stripped of £500k in crypto earnings

  Jailed Silk Road administrator Thomas White, aka Cthulhu, has been ordered to hand over more than £490,000 of illicit earnings

• November 01, 2021 01 Nov'21

  Businesses and governments urged to take action over Trojan Source supply chain attacks

  Businesses and governments have been put on alert to guard against Trojan Source hacking attacks

• October 28, 2021 28 Oct'21

  CIA sought revenge against Julian Assange over hacking tool leaks, court hears

  The CIA discussed kidnapping Julian Assange after WikiLeaks published thousands of documents revealing its arsenal of hacking tools, defence lawyers tell a London court

• October 28, 2021 28 Oct'21

  How ransomware crews pile on the pressure to get victims to pay

  Sophos researchers share some of the more common tactics ransomware gangs use to pressurise their victims into paying up

• October 27, 2021 27 Oct'21

  ‘No-one extradited from UK to US has committed suicide,’ US tells court in Assange appeal

  US government claims that a district judge has given WikiLeaks founder Julian Assange a ‘trump card’ to avoid extradition  

• October 27, 2021 27 Oct'21

  Cyber sector growth exacerbating skills shortage

  Data from security association (ISC)² shows demand for cyber pros is still outpacing supply as the sector continues an upward growth trajectory

• October 26, 2021 26 Oct'21

  DarkMarket takedown results in 150 arrests

  A coordinated operation by law enforcement has seen 150 taken into custody amid allegations of buying or selling illicit goods on the dark web

• October 26, 2021 26 Oct'21

  Cyber experts on how to nobble a Nobelium attack

  A recent spate of attempted Nobelium cyber attacks were mostly unsuccessful, but serve as a reminder to pay attention to some more fundamental aspects of security

• October 25, 2021 25 Oct'21

  Attempted hack causes Tesco website outage

  Retailer’s website and app back after attempted hack caused problems over the weekend

• October 22, 2021 22 Oct'21

  Multi-government operation targets REvil ransomware group

  REvil has been forced offline by a multi-government hacking operation, marking the second time in 2021 that the group has gone dark

• October 21, 2021 21 Oct'21

  Airport operator MAG boosts threat visibility with hybrid SOC

  With budget concerns weighing heavy during the pandemic, Manchester Airports Group ditched an impending capex-heavy cyber investment in favour of a hybrid managed/in-house approach. Learn more about its experience

• October 21, 2021 21 Oct'21

  APAC organisations warm to zero trust

  Two-thirds of APAC organisations have a zero-trust strategy even as they grapple with the lack of skills and other organisational challenges, study finds

• October 20, 2021 20 Oct'21

  US intelligence agencies issue advisory on BlackMatter gang

  Joint advisory on ransomware gang warns about potential of further attacks on critical infrastructure providers

• October 20, 2021 20 Oct'21

  LightBasin hackers breach 13 telcos in two years

  Hackers have obtained an undisclosed volume of subscriber information and call metadata in a sustained campaign against telecommunications firms

• October 18, 2021 18 Oct'21

  How Samlesbury, Lancashire became the home of the National Cyber Force

  The National Cyber Force, a new branch of the military, is gearing up to fight battles in cyber space from the fields of Lancashire. Its presence is expected to bring a high-tech renaissance to the region

• October 14, 2021 14 Oct'21

  Apple scheme to detect child abuse creates serious privacy and security risks, say scientists

  Apple’s plan to automatically scan photos to detect child abuse would unduly risk the privacy and security of law-abiding citizens and could open up the way to surveillance, say the world’s top cryptographic experts

• October 14, 2021 14 Oct'21

  NHS Digital enhances in-house cyber awareness drive

  Keep IT Confidential campaign aims to help NHS staff understand more about security threats and learn how to reduce risk

• October 13, 2021 13 Oct'21

  FCA warns over future hybrid working security risks

  Earlier this week, the Financial Conduct Authority issued fresh guidance to regulated organisations on keeping hybrid workers safe and secure