News

Hackers and cybercrime prevention

January 12, 2023 12 Jan'23
Guardian confirms Christmas 2022 cyber attack was ransomware

Guardian Media Group bosses confirm the 20 December cyber attack that left staff locked out of its London office and disrupted several key systems was an untargeted ransomware attack
January 11, 2023 11 Jan'23
Royal Mail services hit by major cyber attack

UK postal service Royal Mail is asking customers not to send any overseas letters or parcels while it deals with the impact of an ongoing cyber attack
January 11, 2023 11 Jan'23
Should we be worried about malicious use of AI language models?

WithSecure research into GPT-3 language models, used by the likes of ChatGPT, surfaces concerning findings about how easy it is to use large language models for malicious purposes. Should security teams be concerned?
January 11, 2023 11 Jan'23
Microsoft fixes EoP zero-day on January Patch Tuesday

On the first Patch Tuesday of 2023, Microsoft fixed an elevation of privilege vulnerability in Windows Advanced Local Procedure Call, which has been actively exploited in the wild and may be co-opted into ransomware campaigns

January 11, 2023 11 Jan'23
Davos 2023: Pervasive cyber crime and cyber security gaps pose severe risk to organisations

Governments and organisations face tough trade-offs as they balance immediate problems caused by economic recession, energy shortages and rising interest rates with longer-term risks, including the impact of global warming
January 10, 2023 10 Jan'23
New APT group targets ASEAN governments and militaries

The Dark Pink advanced persistent threat group used custom malware to exfiltrate data from high-profile targets through spear-phishing emails last year, according to Group-IB
January 10, 2023 10 Jan'23
Insurer Beazley introduces catastrophe bond to ease cyber risk

Insurance company Beazley says that its $45m cyber catastrophe bond will help to protect its balance sheet and enable it to offer more cyber insurance cover
January 09, 2023 09 Jan'23
JPMorgan ordered to face lawsuit over cyber attack on Ray-Ban maker

US banking giant JPMorgan forced to respond to accusations that it failed to inform a business customer about suspicious transactions
January 08, 2023 08 Jan'23
Vulnerable organisations to get free Cyber Essentials support

Charities and legal aid firms are among those to be offered free security checks and certifications from the National Cyber Security Centre
January 06, 2023 06 Jan'23
Proposed digital fraud refund rules risk excluding many victims

Proposals to establish a fraud refund mechanism in the UK risk excluding many victims of digitally enabled fraud, a major bank has warned

January 06, 2023 06 Jan'23
Russia’s Turla falls back on old malware C2 domains to avoid detection

Mandiant says it has observed the Russian APT UNC2410, also known as Turla, re-registering expired or sinkholed domains previously used by financially motivated cyber criminals
January 06, 2023 06 Jan'23
Vice Society cyber gang targeted multiple UK schools

The Vice Society ransomware gang has made a habit of attacking educational institutions, and now appears to have struck multiple schools, colleges and universities in the UK
January 06, 2023 06 Jan'23
Meta to appeal £345m fine for Facebook and Instagram privacy breaches

Social media company Meta is to appeal after the Irish Data Protection Commission fined the company for breaching GDPR
January 05, 2023 05 Jan'23
Cyber gang abused free trials to exploit public cloud CPU resources

A South Africa-based cyber crime gang exploited free trials and introductory offers to run cryptominers via public cloud services, then did a runner without paying
January 05, 2023 05 Jan'23
Warning over ransomware attacks spreading via Fortinet kit

Following the disclosure of a critical vulnerability in October 2022, Fortinet VPN devices were exploited in two known ransomware attacks, with access likely sold on the dark web
January 05, 2023 05 Jan'23
Fallout from Guardian cyber attack to last at least a month

The Guardian newspaper’s offices remained shut into the New Year following a supposed ransomware attack, with disruption likely to last some time
January 05, 2023 05 Jan'23
Cashless Denmark has no bank robberies in a year for first time

Denmark saw no bank robberies in a single year for the first time ever, but online fraud continues to increase
January 02, 2023 02 Jan'23
China and India governments among top targets for cyber attackers

Chinese and Indian governments targeted by hacktivists and ransomware groups out to make statement or expose flaws in their respective security postures
December 28, 2022 28 Dec'22
Complaints that NCA failed in duty of candour over EncroChat warrants ‘incredible’, court hears

NCA lawyers argue that a decision by an NCA intelligence officer to disclose notes of a key meeting after two-and-a-half years boosts her credibility as a witness
December 27, 2022 27 Dec'22
Top 10 ASEAN IT stories of 2022

Despite the challenges over the past year, ASEAN businesses have taken things in stride as they press on with digital transformation, whether it is empowering citizen developers or building cloud-native applications
December 22, 2022 22 Dec'22
Top 10 India IT stories of 2022

We recap the top 10 stories in India, including the digitisation work undertaken by global firms in the country and the progress made by local enterprises in harnessing technology
December 22, 2022 22 Dec'22
NCA ‘wrong-footed’ defence lawyers after agreeing to take expert evidence on EncroChat ‘as read’

The National Crime Agency argued at the Investigatory Powers Tribunal that expert evidence it agreed to ‘take as read’ is limited, flawed and often based on an incorrect interpretation of the law
December 22, 2022 22 Dec'22
Mitiga researchers disclose AWS Elastic IP hijacking vulnerability

Cloud incident response supplier Mitiga has said a new AWS feature has led to a vulnerability that could allow hackers to access and steal Elastic IP addresses and gain control over AWS accounts
December 22, 2022 22 Dec'22
Top 10 cyber security stories of 2022

The war in Ukraine loomed large over the cyber security news agenda, but 2022 also saw growing awareness of open source security, discussion around cyber insurance, and more besides
December 22, 2022 22 Dec'22
Top 10 crime, national security and law stories of 2022

Here are Computer Weekly’s top 10 crime, national security and law stories of 2022
December 22, 2022 22 Dec'22
Top 10 cyber crime stories of 2022

Cyber crime continued to hit the headlines in 2022, with impactful cyber attacks abounding, digitally enabled fraud ever more widespread and plenty of ransomware incidents
December 21, 2022 21 Dec'22
Top 10 ANZ IT stories of 2022

We recap the top 10 stories in Australia and New Zealand, including the opportunities and challenges that organisations in the region have faced over the past year
December 16, 2022 16 Dec'22
Defence lawyers claim NCA witness gave unreliable evidence on EncroChat hacking operation

National Crime Agency argues that the lawfulness of surveillance warrants issued to hack the EncroChat phone network should only be considered in the light of facts and assessments known at the time
December 16, 2022 16 Dec'22
UK unis implement new IP traffic policies to combat ransomware

Jisc will introduce new measures to protect UK universities and research institutions from ransomware attacks that exploit the Remote Desktop Protocol remote-access feature
December 15, 2022 15 Dec'22
Lego fixes dangerous API vulnerability in BrickLink service

The Lego Group has remediated two potentially serious API vulnerabilities in its BrickLink digital resale platform, just in time for Christmas
December 15, 2022 15 Dec'22
Cops dismantle 48 DDoS-for-hire websites

An operation combining law enforcement from the UK, US, Netherlands and Europol has disrupted 48 of the world’s most popular DDoS booter websites
December 15, 2022 15 Dec'22
NCA officer questioned in Investigatory Powers Tribunal over failure to disclose EncroChat notes

EncroChat hacking warrant was unlawful and in breach of human rights law, the Investigatory Powers Tribunal hears
December 14, 2022 14 Dec'22
Advanced Azov data wiper likely to become active threat

Check Point deep dives into an emergent data wiper strain known as Azov, which is making waves with hundreds of new samples being submitted to VirusTotal daily
December 14, 2022 14 Dec'22
Ethical hackers flex their muscles in 2022

Ethical hackers working through HackerOne programmes found 21% more vulnerabilities in 2022 than in 2021
December 13, 2022 13 Dec'22
Crime Stoppers Tasmania debuts new reporting portal

Reporting tool will enable the public to share crime-related information with law enforcement agencies to support policing in Tasmania
December 13, 2022 13 Dec'22
Finnish government launches information security voucher scheme

Finland’s government is offering businesses financial support to help them improve their cyber security
December 13, 2022 13 Dec'22
More Uber data exposed in possible supply chain attack

A second incident affecting ride-sharing app Uber appears to have originated through a third party in a supply chain attack
December 13, 2022 13 Dec'22
Customer frustrations mount as Rackspace investigation proceeds

Rackspace says it is making progress on restoring services following a ransomware attack on its Hosted Exchange business, but customers are becoming frustrated with a lack of communication
December 12, 2022 12 Dec'22
Top IT predictions in APAC in 2023

Robotics, cross-cloud data mobility and cyber insurance are some of the key trends that will shape Asia-Pacific’s technology landscape in 2023
December 11, 2022 11 Dec'22
How Zscaler is cracking APAC’s cloud security market

Zscaler’s head in Asia-Pacific and Japan talks up the company’s growth momentum in the region and what it is doing to address areas where it can do better
December 09, 2022 09 Dec'22
CIISec, DCMS to fund vocational cyber courses for A-level students

The Chartered Institute of Information Security and the Department for Digital, Culture, Media and Sport plan to fund vocational cyber qualifications for 300 teenagers
December 09, 2022 09 Dec'22
Iranian APT seen exploiting GitHub repository as C2 mechanism

A subgroup of the Iran-linked Cobalt Mirage APT group has been caught taking advantage of the GitHub open source project as a means to operate its latest custom malware
December 08, 2022 08 Dec'22
Apple to tap third party for physical security keys

Apple is launching a number of new security protections, including the addition of third-party-provided hardware security keys
December 08, 2022 08 Dec'22
Australia to develop new cyber security strategy

New strategy to be developed by top cyber security experts aims to turn Australia into a global cyber leader, among other goals
December 07, 2022 07 Dec'22
Rackspace email outage confirmed as ransomware attack

An ongoing outage affecting Rackspace email customers is the result of a ransomware attack
December 07, 2022 07 Dec'22
Google, MS, Oracle vulnerabilities make November ’22 a big month for patching

Vulnerabilities affecting the likes of Google, Microsoft and Oracle proved particularly troublesome in November
December 06, 2022 06 Dec'22
Industrial IoT focus of next NCSC startup challenge

The NCSC for Startups programme is looking for innovative ideas to encrypt and secure the industrial internet of things
December 06, 2022 06 Dec'22
Don’t become an unwitting tool in Russia’s cyber war

Researchers have turned up evidence that enterprise networks are being co-opted by Russian threat actors to launch attacks against targets in Ukraine. How can you avoid becoming an unwitting tool in a state-backed attack?
December 05, 2022 05 Dec'22
Fake investment ads persist on Meta’s social networks

Online adverts for investment scams relating to property and crypto assets are still getting past measures designed to stop them
December 05, 2022 05 Dec'22
Cohesity doubles down on cyber-defence failings via backup

Datahawk service and Data Security Alliance bring clean data restores, ransomware artefact detection, data vaulting and data audit for a clearer understanding of attack impact