News

IT risk management

• November 30, 2023 30 Nov'23

  Government’s Online Fraud Charter welcomed

  The government has corralled 11 of the largest tech platforms in the world to commit to its Online Fraud Charter, designed to tackle online scams, fake adverts, and more

• November 27, 2023 27 Nov'23

  NCSC publishes landmark guidelines on AI cyber security

  The NCSC and its US counterpart CISA have brought together tech companies and governments to countersign a new set of guidelines aimed at promoting a secure-by-design culture in AI development

• November 23, 2023 23 Nov'23

  Australia ups ante on cyber security

  Australia’s new cyber security strategy will focus on building threat blocking capabilities, protecting critical infrastructure and improving the cyber workforce, among other priorities

• November 21, 2023 21 Nov'23

  Over half of SME cyber incidents now ‘malware-free’

  The age of malware-driven cyber attacks may have peaked, at least when it comes to incidents affecting small and medium sized enterprises

• November 20, 2023 20 Nov'23

  Cubbit DS3 Composer brings DIY cloud to object storage pool

  Cubbit customers can now build and configure S3-compatible clouds from unused capacity and offer MSP-grade services with high levels of resilience, security and data sovereignty

• November 20, 2023 20 Nov'23

  IT not ready for AI, Pure Storage survey finds

  Storage, compute and networking hardware won’t cope without upgrades, and that often means total IT infrastructure overhaul

• November 20, 2023 20 Nov'23

  Defence lawyers seek appeal of tribunal ruling on police EncroChat cryptophone hack

  Defence lawyers are seeking leave to appeal against a tribunal ruling that found the National Crime Agency had lawfully obtained warrants to access messages from 9,000 cryptophones used in the UK

• November 16, 2023 16 Nov'23

  Royal Mail spent £10m on cyber measures after LockBit attack

  Royal Mail has spent approximately £10m on recovery and improved cyber resilience measures in the wake of the January 2023 LockBit ransomware attack

• November 16, 2023 16 Nov'23

  Outgoing police tech watchdog warns of declining oversight

  The outgoing biometrics and surveillance camera commissioner for England and Wales discusses police deployment of powerful new surveillance technologies, and the declining state of oversight in this area

• November 15, 2023 15 Nov'23

  November Patch Tuesday heralds five new MS zero-days

  Microsoft pushes fixes for five new zero-days in its latest monthly update

• November 15, 2023 15 Nov'23

  How Gigamon is making its mark in deep observability

  Gigamon CEO Shane Buckley talks up the company’s ability to inspect encrypted network traffic for malicious activity, how it stands out with its deep observability capabilities and the tailwinds that are fuelling its growth

• November 13, 2023 13 Nov'23

  Rogue state-aligned actors are most critical cyber threat to UK

  The prospect of rogue nation-state-aligned attackers bringing down the UK’s critical infrastructure is keeping the NCSC up at night

• November 13, 2023 13 Nov'23

  Encrypted mail service Tuta says it was wrongly accused of being a front for intelligence services

  German encrypted email service Tuta, formerly known as Tutanota, has denied claims by a former Canadian police intelligence officer accused of passing secrets to criminals that it was compromised by intelligence services

• November 13, 2023 13 Nov'23

  ICO alerted after technical ‘issue’ exposed college files to student barristers

  A training college for barristers has reported a data breach that left sensitive data on hundreds of current and former students accessible to other trainees

• November 10, 2023 10 Nov'23

  APAC cyber security workforce hits record high

  The cyber security workforce in Asia-Pacific now stands at just under a million people, but demand for cyber security talent in the region continues to outpace supply

• November 09, 2023 09 Nov'23

  The Security Interviews: Why cyber needs to integrate better

  Cyber security is an intensely technical field, but we shouldn’t ignore the soft skills of communication and collaboration. Wipro’s Tony Buffomante explains why a robust security posture is dependent on a security team engaging with the wider ...

• November 09, 2023 09 Nov'23

  Why IT governance is a coding issue

  Two new pieces of research point to benefits of policy as code

• November 08, 2023 08 Nov'23

  Data-sharing management gap highlights cyber risk, says report

  Organisations are struggling to secure their use of communications tools to share data with third-party partners and suppliers, and in the process are exposing themselves to heightened levels of risk, according to a report

• November 08, 2023 08 Nov'23

  The Security Interviews: ISC2’s Clar Rosso on cyber diversity and policy

  Computer Weekly catches up with ISC2 CEO Clar Rosso to talk about diversifying the cyber workforce and supporting cyber pros as they keep up with growing compliance and security policy demands

• November 07, 2023 07 Nov'23

  AI Safety Summit review

  Computer Weekly takes stock of the UK government’s AI Safety Summit and the differing perspectives around its success

• November 06, 2023 06 Nov'23

  How Trellix’s CISO keeps threat actors at bay

  Trellix’s chief information security officer, Harold Rivas, outlines how the company mitigates security threats through containment and by helping security analysts to respond faster to cyber incidents

• November 02, 2023 02 Nov'23

  UK workers exhibit poor security behaviours, report reveals

  Report by KnowBe4 has found that four in five UK workers do not make security-conscious choices, whether in-office, remote or hybrid working

• November 01, 2023 01 Nov'23

  Darktrace CEO Poppy Gustafsson on her AI Safety Summit goals

  As the AI Safety Summit at Bletchley Park takes place, Computer Weekly caught up with Darktrace CEO Poppy Gustafsson to find out what one of the UK’s most prominent AI advocates wants from proceedings

• October 30, 2023 30 Oct'23

  FDM Group partners with ISACA to boost cyber training programme

  The FDM Group has announced a partnership with ISACA to help develop and boost their cyber training programmes and credentials

• October 27, 2023 27 Oct'23

  Microsoft warns over growing threat from Octo Tempest gang

  The English-speaking Octo Tempest extortion gang – which became an ALPHV/BlackCat affiliate recently – presents one of the most significant and rapidly growing threats to large organisations at this time, says Microsoft

• October 27, 2023 27 Oct'23

  How Elastic manages cyber security threats

  Mandy Andress, CISO at Elastic, highlights the company’s approach to tackling evolving cyber threats through the use of AI tools and enhanced security measures while strengthening the capabilities of its security offerings

• October 27, 2023 27 Oct'23

  Google launches bug bounties for generative AI attack scenarios

  Google expands its bug bounty programme to encompass generative AI and takes steps to grow its commitment to supply chain security as it relates to the emerging technology

• October 27, 2023 27 Oct'23

  Germany: European Court opinion kicks questions over EncroChat back to national courts

  Germany lawfully obtained data on German EncroChat users from France, but whether the evidence is legally admissible is a matter for national courts

• October 26, 2023 26 Oct'23

  ChatGPT, Bard, lack effective defences against fraudsters, Which? warns

  Consumer advocacy Which? warns that popular generative AI tools are vulnerable to loopholes that render existing protections against malicious usage easily bypassed

• October 26, 2023 26 Oct'23

  Sunak sets scene for upcoming AI Safety Summit

  Prime minister Rishi Sunak has outlined how the UK will approach making AI safe, but experts say there is still too big a focus on catastrophic but speculative risks over real harms the technology is already causing

• October 26, 2023 26 Oct'23

  Boardrooms losing control in generative AI takeover, says Kaspersky

  C-suite executives are increasingly fretful about what they perceive as a ‘silent infiltration’ of generative AI tools across their organisations

• October 25, 2023 25 Oct'23

  Demystifying the top five OT security myths

  Goh Eng Choon, president of ST Engineering’s cyber business, outlines the common myths around OT security in a bid to raise awareness of the security challenges confronting OT systems

• October 24, 2023 24 Oct'23

  Research team tricks AI chatbots into writing usable malicious code

  Researchers at the University of Sheffield have demonstrated that so-called Text-to-SQL systems can be tricked into writing malicious code for use in cyber attacks

• October 24, 2023 24 Oct'23

  Suzy Lamplugh Trust treads path to improved cyber resilience

  Personal safety charity enlists the support of the London Cyber Resilience Centre to improve staff awareness and strengthen its overall cyber resilience

• October 24, 2023 24 Oct'23

  NetApp ‘unified storage’ adds new ASA block storage at Insight

  Las Vegas event sees NetApp continue its evolution to hybrid cloud and data management player announce ASA C-series and Keystone and Kubernetes storage enhancements

• October 23, 2023 23 Oct'23

  How Ensign is leading the charge in cyber security

  Lee Fook Sun, chairman of Ensign InfoSecurity, traces the company’s journey and how it is leading the charge in cyber security by doing things differently, investing in R&D and engaging with the wider ecosystem

• October 20, 2023 20 Oct'23

  Computer Weekly contributor named Godfather of UK Security

  Advent IM founder Mike Gillespie was among those honoured at the eighth annual Security Serious Unsung Heroes Awards

• October 19, 2023 19 Oct'23

  Nuclear regulator raps EDF over cyber compliance

  The Office for Nuclear Regulation says EDF has come up short on needed measures to improve cyber security standards at several critical UK nuclear facilities

• October 19, 2023 19 Oct'23

  Sellafield local authority unsure if data was stolen six years on from North Korea ransomware attack

  Senior managers at an ‘Achilles heel’ local authority for Europe’s biggest nuclear site ‘still don’t know what was lost’ in a 2017 cyber attack, according to a council source

• October 18, 2023 18 Oct'23

  What are the cyber risks from the latest Middle Eastern conflict?

  The outbreak of war between Hamas and Israel in October 2023 has seen a wide variety of accompanying cyber attacks from hacktivists and other groups. We look at the risks to organisations

• October 17, 2023 17 Oct'23

  Five Eyes issues five tips on thwarting nation state threats

  Intelligence chiefs from the UK, Australia, Canada, New Zealand and the US have published guidance on building resilience against nation state cyber threats

• October 17, 2023 17 Oct'23

  Hacktivist attacks against Israeli websites mirror attacks following Russian invasion of Ukraine

  Hacktivists supporting Gaza and Palestine have launched hundreds of website defacement attacks against Israeli websites, mirroring the pattern of attacks that occurred after Russia’s invasion of Ukraine

• October 17, 2023 17 Oct'23

  What it takes to succeed in DevSecOps

  Providing engineering leadership and balancing between speed and security are some areas that organisations will need to focus on in their DevSecOps journey

• October 13, 2023 13 Oct'23

  US SEC launches probe into mass MOVEit breach

  Progress Software is facing an investigation from the SEC for the breach of its MOVEit tool, as well as dozens of legal battles resulting from the exfiltration of personal data from the roughly 2,000 organisations affected

• October 10, 2023 10 Oct'23

  MGM faces £100m loss from cyber attack on its casinos

  MGM Resorts has provided further details on the fallout of the hack targeting its casinos in early September, confirming that a range of personal information has been stolen and that it will likely cost the firm around $100m

• October 05, 2023 05 Oct'23

  Microsoft: Nation-state cyber espionage on rise in 2023

  Microsoft’s latest Digital Defence Report outlines how nation-state cyber activity has largely moved from destructive attacks to espionage and intelligence gathering

• October 05, 2023 05 Oct'23

  Red Cross issues rules of engagement for hackers in conflicts

  The digital rules of engagement are the first time cyber activity has been looked at by the conflict watchdog, but a number of hacker groups have already come out and said they will not be following them

• October 05, 2023 05 Oct'23

  Policing minister wants to use UK passport data in facial recognition

  The policing minister’s plans to integrate the UK’s passport database with police facial-recognition systems have been met with criticism from campaigners, academics, and the biometrics commissioner for England and Wales

• October 05, 2023 05 Oct'23

  Ransomware dwell times now measured in hours, says Secureworks

  Ransomware payloads are now being deployed and executed within 24 hours in more than 50% of cases, according to Secureworks’ annual report

• October 04, 2023 04 Oct'23

  ICO issues guidance on workplace surveillance

  Guidance on employee monitoring covers how employers can conduct their digital surveillance lawfully, transparently and fairly, and warns against businesses intruding on their workers’ private lives