News

IT risk management

• February 25, 2021 25 Feb'21

  NCSC Cyber Action Plan emphasises SME security

  NCSC self-assessment tool launched to help sole traders and micro-businesses tackle their cyber security challenges

• February 25, 2021 25 Feb'21

  GCHQ sets out rules of the road for AI in cyber

  A paper produced by GCHQ shows how the intelligence agency can use artificial intelligence responsibly as a tool to protect the UK’s national security

• February 25, 2021 25 Feb'21

  MHRA and other agencies to offer new resources for scam victims

  New landing page resources will replace .uk domains suspended for criminal activity to help members of the public access appropriate guidance

• February 24, 2021 24 Feb'21

  Transport for NSW hit by Accellion breach

  Australian state agency Transport for New South Wales is the latest victim of the supply chain attack against Accellion’s legacy file transfer system

• February 24, 2021 24 Feb'21

  Vaccine passports prove an ethical minefield

  Privacy campaigners warn that vaccine passports may turn out to be discriminatory and invasive, while technologists agree careful consideration must be given to their design

• February 24, 2021 24 Feb'21

  Is Clubhouse safe, and should CISOs stop its use?

  With more concerns being raised over the privacy and security of social media app Clubhouse, we consider whether security teams should consider restricting or stopping employees from using it

• February 24, 2021 24 Feb'21

  Babuk ransomware unsophisticated, but highly dangerous

  Intelligence gathered through McAfee’s Mvision service reveals more insight into the emerging Babuk ransomware

• February 24, 2021 24 Feb'21

  Warning on security risk from virtual events platforms

  Vulnerabilities found in virtual events platforms could form part of a variant supply chain attack

• February 23, 2021 23 Feb'21

  XDR makes cyber a Stroll in the park for Aston Martin F1

  Aston Martin Cognizant Formula One team will run SentinelOne’s Singularity XDR platform under the bonnet

• February 23, 2021 23 Feb'21

  AI powers reputational damage insurance policy

  Reputational damage has an immediate impact on a company’s share price, and brand loyalty built over many years can be lost in an instant

• February 23, 2021 23 Feb'21

  CyberScotland offers centralised security resource hub

  Newly launched partnership brings together security resources for individuals and organisations across Scotland

• February 22, 2021 22 Feb'21

  Microphones, smartphones, laptops among items stolen from BBC

  A total of 105 devices have been stolen from the BBC in the past two years, some of which may have been spirited away by remote workers

• February 22, 2021 22 Feb'21

  Pandemic has exposed fractures in cyber fraud strategy

  RUSI report urges a bolder and more coordinated response to cyber-enabled fraud as the pandemic lays bear the scale of the problem

• February 19, 2021 19 Feb'21

  NCSC cyber defence scheme blocked thousands of scams in 2019

  The NCSC has reported another productive year for its Active Cyber Defence programme

• February 18, 2021 18 Feb'21

  2020 a record year for cyber, thanks to Covid

  The UK’s cyber industry now employs close to 50,000 people and contributes billions to the economy

• February 17, 2021 17 Feb'21

  Security pros agree: We need to take a break

  As many as 85% of security staff engage in leisure activities during working hours, but they have excellent reasons for doing so

• February 17, 2021 17 Feb'21

  Emotional intelligence, empathy increasingly valued in CISOs

  The pandemic has highlighted the value of soft skills, rather than technical ones, in security

• February 16, 2021 16 Feb'21

  North Korea accused of Pfizer Covid vaccine cyber attack

  South Korean intelligence pins a recent attack on Pfizer, targeting information on coronavirus vaccines, on its neighbour

• February 16, 2021 16 Feb'21

  RDP, SSH exposures off the charts thanks to remote working

  The Covid-19 pandemic has had an impact on the prevalence of certain vulnerabilities in the wild, according to a report

• February 15, 2021 15 Feb'21

  Post Office to offer digital ID services to customers

  Post Office partnership with Yoti is intended to expand customer choice as to how people prove their identity when accessing services

• February 11, 2021 11 Feb'21

  Low-complexity CVEs a growing concern

  Analysis of thousands of CVEs logged with NIST in 2020 reveals some unwelcome developments

• February 11, 2021 11 Feb'21

  Singtel falls prey to supply chain attack

  The Singapore telco reveals that its Accellion file sharing system was illegally hacked in a supply chain attack

• February 10, 2021 10 Feb'21

  Dating app users warned to watch out for scammers

  A vast amount of money was lost to romance scammers last year, and with millions of people isolated in lockdown the problem is getting worse, according to a report

• February 10, 2021 10 Feb'21

  Windows 10, Server 2019 users must patch serious zero-day

  Another dangerous zero-day exploit is among 56 vulnerabilities patched by Microsoft in February’s Patch Tuesday update

• February 09, 2021 09 Feb'21

  Oracle claims major win in Australian public sector

  Australian Data Centres will deploy Oracle’s Dedicated Region Cloud@Customer to host cloud services for the federal government

• February 09, 2021 09 Feb'21

  Data breaches are a ticking timebomb for consumers

  Damage from data breaches goes far beyond the impact to the target organisation – an obvious fact that is too often overlooked, says F-Secure

• February 09, 2021 09 Feb'21

  Cyberpunk 2077 developer refuses to pay up after ransomware attack

  Polish video game developer CD Projekt has released details of a ransomware attack on its systems

• February 09, 2021 09 Feb'21

  ‘Batman Begins’ cyber attack is a warning to CNI providers

  A thwarted cyber attack in a Florida town that could have resulted in the poisoning of the water supply is a timely reminder of the vulnerability of critical services

• February 09, 2021 09 Feb'21

  NHS reports fewer phishing emails in 2020

  The NHSmail email service saw a steady decline in suspected phishing emails during the course of 2020

• February 08, 2021 08 Feb'21

  Too few UK organisations offering cyber training for remote work

  Nearly a year into the pandemic, a study reveals a concerning tendency for organisations not to bother offering security training for remote workers

• February 08, 2021 08 Feb'21

  Data of thousands of Dutch citizens leaked from government Covid-19 systems

  Weak access controls and outdated systems blamed for leaking of the personal details of thousands of Dutch citizens tested for Covid-19

• February 08, 2021 08 Feb'21

  Sweden to establish national cyber security centre

  Sweden becomes latest Nordic state to establish a national cyber security centre as the threat landscape grows

• February 05, 2021 05 Feb'21

  Google Chrome update to patch serious zero-day

  A serious heap buffer overflow vulnerability means Google Chrome users should patch their browsers as soon as possible

• February 05, 2021 05 Feb'21

  How Yarra Valley Water is tapping APIs

  The largest water retailer in Melbourne has rolled out application programming interfaces to improve operations and customer service

• February 04, 2021 04 Feb'21

  Fraud and cyber crime still vastly under-reported

  The scale of digitally enabled crime in the UK is dramatically under-reported, new statistics indicate

• February 03, 2021 03 Feb'21

  Crypto malware targets Kubernetes clusters, say researchers

  Newly identified Hildegaard malware targets Kubernetes clusters and seems to herald a new campaign from the TeamTNT gang

• February 03, 2021 03 Feb'21

  ‘Classic’ Cerber ransomware targets health sector in high volumes

  Cerber ransomware-as-a-service seems to have re-emerged as one of the most critical cyber threats facing healthcare organisations, reports VMware Carbon Black

• February 03, 2021 03 Feb'21

  SolarWinds patches two critical CVEs in Orion platform

  New vulnerabilities disclosed as SolarWinds reels from December 2020 Solorigate/Sunburst attack – but do not appear to have been exploited yet

• February 02, 2021 02 Feb'21

  Agent Tesla trojan finds new ways to sneak past defences

  Updated versions of Agent Tesla Rat include new techniques that fiddle with code to disable endpoint protection tools on target systems

• February 01, 2021 01 Feb'21

  Serco confirms Babuk ransomware attack

  Outsourcing firm was hit by the ransomware last week but insists most of its operations are running as normal

• February 01, 2021 01 Feb'21

  CISOs invisible to their organisations, says BT report

  Ignorance of cyber issues is leading to misplaced confidence in security in many organisations, as CISOs struggle to make themselves seen and heard

• January 31, 2021 31 Jan'21

  Indian firms see growing value of data

  Half of Indian IT leaders see a permanent increase in value of data as their organisations come under threat from mounting cyber attacks amid the pandemic

• January 29, 2021 29 Jan'21

  Hunting and anti-hunting groups locked in tit-for-tat row over data gathering

  The leaking of internal documents has prompted a row between pro- and anti-hunting groups about the legality of the other’s data collection practices

• January 29, 2021 29 Jan'21

  Revealed: Brits who fuelled ‘vicious’ conspiracy theory by Trump supporters

  Trump supporters have apologised and paid millions in damages to the family of murdered Democratic Party staffer Seth Rich for promoting false allegations that Rich – not Russian agents – stole emails from the Democratic National Committee

• January 29, 2021 29 Jan'21

  Manufacturing particularly at risk of Solorigate-linked breaches

  Every fifth victim of the SolarWinds Solorigate/Sunburst attack was a manufacturing organisation, say researchers

• January 29, 2021 29 Jan'21

  Human factor dominates Australia’s latest data breach numbers

  The number of data breaches resulting from human error increased by 18% in the second half of 2020, according to Australian government’s latest notifiable data breaches report

• January 28, 2021 28 Jan'21

  End of Emotet: A blow to cyber crime, but don’t drop your guard

  The takedown of Emotet is a huge event with repercussions that will reverberate across the cyber criminal world, but unfortunately that’s not to say there will be much of a long-term impact

• January 27, 2021 27 Jan'21

  Pandemic response has improved privacy posture, says Cisco

  Data privacy seems to be ‘coming of age’ to some extent and organisational responses to Covid-19 may be partly responsible, according to a report

• January 27, 2021 27 Jan'21

  Grindr complaint results in €9.6m GDPR fine

  Norway’s data protection authority plans to apply a fine totalling 10% of LGBTQ+ dating app Grindr’s revenues over its data sharing practices

• January 26, 2021 26 Jan'21

  Saudi IT spending to hit $11bn in 2021

  Saudi Arabian organisations will spend about $11bn on IT this year, with emerging technologies high on shopping lists

• January 26, 2021 26 Jan'21

  ICO extends commissioner Denham’s term of office

  Extension of Elizabeth Denham’s tenure as information commissioner will give the government more time to appoint her successor

• January 26, 2021 26 Jan'21

  Cyber fraud a national security issue, says Rusi report

  A report from the Rusi think tank calls for fresh approaches to how we think about fighting fraud

• January 21, 2021 21 Jan'21

  Hackney Council tenders for cyber security upgrade

  Suppliers are being invited to tender for enhanced cyber security capabilities at ransomware victim Hackney Council

• January 21, 2021 21 Jan'21

  Two-thirds of CISOs say they’ll be cyber attack victims this year

  Security professionals are ever alert to the threats they face, but some still seem to think it is unlikely they will be attacked

• January 21, 2021 21 Jan'21

  Incompetent cyber criminals leak data in opsec failure

  Even cyber criminals need to pay attention to their information security posture, as this cautionary tale uncovered by Check Point reveals

• January 20, 2021 20 Jan'21

  Should I be worried about MFA-bypassing pass-the-cookie attacks?

  Malicious actors bypassed multi-factor authentication using so-called pass-the-cookie attacks, but how worrying is this and what is the risk to organisations?

• January 19, 2021 19 Jan'21

  Questions raised by New Zealand central bank boss, following cyber attack investigation

  The governor of New Zealand’s central bank said the organisation must answer questions about its security following a ‘significant’ attack

• January 19, 2021 19 Jan'21

  Value of GDPR fines shows dramatic increase in 2020

  European regulators imposed almost €160m worth of fines during the past 12 months, a substantial rise

• January 19, 2021 19 Jan'21

  MAS offers guidance on mitigating supply chain threats

  Monetary Authority of Singapore revises its technology risk management guidelines to help the financial sector guard against supply chain attacks

• January 18, 2021 18 Jan'21

  MoD reports 18% rise in data loss incidents

  The Ministry of Defence reported more than five hundred data security incidents in 2019-20, with seven serious enough to warrant disclosure to the ICO

• January 18, 2021 18 Jan'21

  Australians lost A$176m to scams in 2020

  Investment scams topped the list of scams, which grew by 23.1% in 2020 as criminals exploited human psychology using social engineering

• January 15, 2021 15 Jan'21

  Coalition proposes secure standard model for Covid-19 passports

  Vaccination Credential Initiative is working to ensure that people vaccinated against Covid-19 can access their records in a secure, verifiable and privacy-preserving way

• January 14, 2021 14 Jan'21

  Unforeseen consequences of new technologies put UK at risk

  Lords committee told that the risks associated with various emerging digital technologies must be assessed together, with input from UK citizens, if the government is to avoid ‘siloisation’ of fundamentally interconnected problems

• January 14, 2021 14 Jan'21

  APAC firms grapple with cyber security amid pandemic

  Some aspects of cyber security have taken a backseat as companies across the Asia-Pacific region rush to shore up their infrastructure to cope with the demands of remote work

• January 13, 2021 13 Jan'21

  Three-quarters of finance firms report more potentially criminal activity in their networks

  Fears of failing to comply with strict regulations grow as financial services firms identify more suspicious financial activity on their networks

• January 13, 2021 13 Jan'21

  Covid-19 immunity passport tests to begin in UK

  A Covid-19 immunity and vaccination passport developed by two UK firms and backed by Innovate UK has entered the live testing phase

• January 13, 2021 13 Jan'21

  Critical zero-day features in first Patch Tuesday of 2021

  Microsoft releases fixes for 84 bugs on the first Patch Tuesday of 2021, including a critical zero-day vulnerability in Microsoft Defender

• January 12, 2021 12 Jan'21

  Palo Alto Networks opens Australia cloud location

  The cyber security company’s Australia cloud location will address data localisation requirements amid growing adoption of cloud-based security services

• January 12, 2021 12 Jan'21

  Parler collapse opens door to phishing attacks

  The shutdown of controversial social media site Parler, and the publication of huge amounts of user data scraped by ethical hackers, is giving cyber crime experts cause for concern

• January 11, 2021 11 Jan'21

  New SolarWinds CEO sets out rescue plan

  Customers can expect to see more regular and thorough checks on SolarWinds products, alongside greater engagement with the security community

• January 11, 2021 11 Jan'21

  New Zealand central bank IT system breached in cyber attack

  Bank is responding to a cyber attack after hackers breached the system of a third-party supplier

• January 08, 2021 08 Jan'21

  Which? online banking investigation reveals ‘worrying gaps’ in security

  Consumer rights organisation has ranked the security of UK online current account providers

• January 07, 2021 07 Jan'21

  Biden picks cyber veteran to reinvigorate security response

  Appointment of career intelligence operative Anne Neuberger signals refreshed security approach for the US government under Joe Biden's administration

• January 06, 2021 06 Jan'21

  WikiLeaks founder Julian Assange to remain in prison despite winning extradition battle

  Judge cites Assange’s support of NSA whistleblower as one of the reasons for him being at high risk of absconding. He will remain in Belmarsh prison until the US government completes its appeal

• January 05, 2021 05 Jan'21

  Banking trade body calls for increased contactless payment limit

  UK Finance proposes an increase in the limit on spending using contactless cards

• January 04, 2021 04 Jan'21

  WikiLeaks founder Julian Assange cannot be extradited to face charges in US, court rules

  Court rules it would be oppressive to send Julian Assange to the US to face trial after finding he is at high risk of suicide. US government says it will appeal

• December 31, 2020 31 Dec'20

  Top 10 investigations and national security stories of 2020

  Here are Computer Weekly’s top 10 investigations and national security stories of 2020

• December 24, 2020 24 Dec'20

  Top 10 cyber crime stories of 2020

  Here are Computer Weekly’s top 10 cyber crime stories of 2020

• December 23, 2020 23 Dec'20

  Top 10 cyber security stories of 2020

  Here are Computer Weekly’s 10 top cyber security stories of 2020

• December 22, 2020 22 Dec'20

  Ministry of Justice in the dock for catalogue of serious data breaches

  Annual report reveals major incidents of personal data loss affecting 121,355 people and including misplaced, unencrypted USB stick containing documents from a trial, accidental disclosure of identities, and staff files made visible to ...

• December 18, 2020 18 Dec'20

  Finnish government tables laws to protect data from cyber criminals

  Government is strengthening its legal framework to protect data from hackers in the wake of a massive breach at a psychotherapy centre

• December 17, 2020 17 Dec'20

  EU security strategy a ‘step up’ on cyber leadership, says Brussels

  The EU’s new cyber security strategy forms a key component of Shaping Europe’s Digital Future, the Recovery Plan for Europe, and the EU Security Union Strategy

• December 17, 2020 17 Dec'20

  NHS Scotland taps Check Point to secure Covid-19 data

  NHS National Services Scotland is working with security firm Check Point to safeguard its sensitive data in the cloud and support its work on the coronavirus

• December 17, 2020 17 Dec'20

  FireEye and partners release SolarWinds kill-switch

  A so-called kill-switch for the dangerous SolarWinds Sunburst attack should allay some user fears, but is not a full fix for the issue

• December 17, 2020 17 Dec'20

  Danske Bank fights money laundering with AI

  Danske Bank is using artificial intelligence to help it prevent a repeat of the huge money laundering scandal that hit one of its operations in Estonia

• December 17, 2020 17 Dec'20

  AWS brings disaster recovery programme to Australia

  Project Resilience will offer up to $5,000 worth of credits to public sector and community organisations to offset the cost of storing data on Amazon Web Services

• December 15, 2020 15 Dec'20

  SolarWinds cyber attack: How worried should I be, and what do I do now?

  Security teams across the world are on high alert as more details emerge of the widespread SolarWinds ‘Sunburst’ attack. What do defenders need to do next?

• December 15, 2020 15 Dec'20

  Cyber crime victims in the Netherlands not reporting offences

  Dutch victims of online crime rarely report it to the police and when they do, they are often dissatisfied

• December 14, 2020 14 Dec'20

  FireEye identifies flaw in networking monitoring software as US agencies attacked

  Cyber security company says investigations have revealed security breach occurred because of a flaw in a network monitoring software

• December 13, 2020 13 Dec'20

  Singapore trials beacons to bolster police operations

  Police beacons equipped with video cameras, sirens, floodlights and speakers are being deployed at two parks to improve public safety in a year-long trial

• December 11, 2020 11 Dec'20

  The week in ransomware: Foxconn and Randstad are high-profile victims

  Foxconn and Randstad are laid low by cyber criminals, while Sophos spills on Egregor, and prognosticators turn to their crystal balls to divine how ransomware will develop in the next 12 months

• December 11, 2020 11 Dec'20

  Disputed PostgreSQL bug exploited in cryptomining botnet

  PGMiner cryptomining botnet remained unnoticed by exploiting a disputed CVE in PostgreSQL

• December 11, 2020 11 Dec'20

  Surge in Covid-19 vaccine phishing scams reported

  Check Point and KnowBe4 share details of a growing number of phishing campaigns using the prospect of a Covid-19 vaccine as a lure

• December 10, 2020 10 Dec'20

  After critical year, Vodafone trains security sights on CNI market

  Vodafone’s security head Steve Knibbs explains how he plans to bring the lessons of a transformative few years in cyber security to bear on new markets

• December 09, 2020 09 Dec'20

  Amnesia:33 IoT flaws dangerous and patches unlikely, say experts

  The disclosure of multiple flaws by Forescout has raised big questions for the developers of connected products, and for their users

• December 09, 2020 09 Dec'20

  Patch Tuesday: Microsoft presents just 58 CVEs for Christmas

  The final Patch Tuesday of 2020 contains 58 fixes, a minnow compared to some recent drops, but many are still of high importance

• December 09, 2020 09 Dec'20

  There’s no going back to pre-pandemic security approaches

  The cyber security world will probably never return to its pre-pandemic state, and different approaches to security will come to the fore in 2021

• December 09, 2020 09 Dec'20

  Top IT predictions in APAC in 2021

  The Asia-Pacific region will continue to be a cradle for technology innovation in the new year, whether it is 5G services, artificial intelligence, cloud computing or cyber security

• December 08, 2020 08 Dec'20

  Multiple D-Link routers found vulnerable to attack

  Digital Defense discloses a remotely exploitable root command injection flaw in a number of D-Link wireless router devices

• December 08, 2020 08 Dec'20

  Russian state actors exploiting VMware bug to hijack data, users warned

  Russian APT groups are actively exploiting a vulnerability in VMware products to access protected data, according to latest warnings