News
IT risk management
-
January 23, 2023
23
Jan'23
Trellix automates patching for 62,000 vulnerable open source projects
Since revealing startling statistics about the prevalence of a 15-year-old Python vulnerability, Trellix says it has helped fix almost 62,000 vulnerable projects in the past four months
-
January 23, 2023
23
Jan'23
Royal Society calls on public sector to pilot privacy tech
The Royal Society says public sector bodies should lead the way in piloting privacy-enhancing technologies to unlock the value of data without compromising privacy and data rights, but lack of standards and incentives mean adoption is slow
-
January 23, 2023
23
Jan'23
NCSC warning over cyber risk to charity sector
Cash-strapped charities without the resource to tackle their resilience deficit are increasingly at risk from malicious actors, says the NCSC
-
January 22, 2023
22
Jan'23
Royal Mail making limited progress on ransomware recovery
Royal Mail asks customers to hold back from sending post overseas as some services get back on track, while a report warns that disruptive attacks on critical infrastructure are set to become more common
-
January 20, 2023
20
Jan'23
Veeam survey finds ransomware blocks digital transformation
Annual report shows secular trend to the cloud and increased use of containers, but prevalence of ransomware attacks means digital transformation is hindered
-
January 20, 2023
20
Jan'23
WhatsApp’s £4.8m fine raises questions for organisations using behavioural advertising
The Irish Data Protection Commissioner has fined WhatsApp, owned by Meta, in a case that will raise questions for organisations that rely on contracts rather than consent to comply with GDPR when offering behavioural advertising
-
January 19, 2023
19
Jan'23
Outdated IT infrastructure poses growing risk to UK Security Vetting
Delays to UKSV’s important work in safeguarding the country’s national security are in part down to a legacy IT estate in dire need of modernisation, says the NAO
-
January 18, 2023
18
Jan'23
Ukraine CERT leaders touch down in London for talks
The UK’s NCSC has been hosting Ukrainian cyber security leaders for a round of bilateral talks on improving resilience
-
January 18, 2023
18
Jan'23
Ukraine cyber teams responded to more than 2,000 attacks in 2022
The Ukrainian authorities responded to more than 2,000 major cyber incidents during 2022, and are blocking thousands more potential attacks every day
-
January 17, 2023
17
Jan'23
Crest throws support behind CyberUp CMA reform campaign
Cyber accreditation association Crest International has lent its support to the CyberUp campaign for reform to the Computer Misuse Act of 1990
-
January 14, 2023
14
Jan'23
Experts concerned over silence around government obligation to review UK surveillance laws
The government is required to review the UK’s surveillance law, the Investigatory Powers Act, but experts say they are in the dark about its plans. The National Crime Agency’s operation Venetic has highlighted the need for urgent reforms
-
January 12, 2023
12
Jan'23
Companies warned to step up cyber security to become ‘insurable’
Investing in better IT security to protect against cyber crime will make businesses more resilient against other risks
-
January 12, 2023
12
Jan'23
Chrome vulnerability could have led to widespread data theft
A dangerous vulnerability in Google Chrome and Chromium-based browsers could have put billions of users’ files at risk of being stolen
-
January 11, 2023
11
Jan'23
Should we be worried about malicious use of AI language models?
WithSecure research into GPT-3 language models, used by the likes of ChatGPT, surfaces concerning findings about how easy it is to use large language models for malicious purposes. Should security teams be concerned?
-
January 11, 2023
11
Jan'23
Internet shutdowns cost global economy $24bn in 2022
Deliberate disruption of people’s access to the internet by governments is having a substantial economic impact and contributing to a range of human rights abuses, primarily against protestors
-
January 11, 2023
11
Jan'23
Davos 2023: Pervasive cyber crime and cyber security gaps pose severe risk to organisations
Governments and organisations face tough trade-offs as they balance immediate problems caused by economic recession, energy shortages and rising interest rates with longer-term risks, including the impact of global warming
-
January 11, 2023
11
Jan'23
What’s happening with quantum-safe cryptography?
Chinese researchers claim quantum technology is reaching a point where a quantum device will soon be able to crack RSA 2048 public key encryption
-
January 10, 2023
10
Jan'23
New APT group targets ASEAN governments and militaries
The Dark Pink advanced persistent threat group used custom malware to exfiltrate data from high-profile targets through spear-phishing emails last year, according to Group-IB
-
January 10, 2023
10
Jan'23
Insurer Beazley introduces catastrophe bond to ease cyber risk
Insurance company Beazley says that its $45m cyber catastrophe bond will help to protect its balance sheet and enable it to offer more cyber insurance cover
-
January 08, 2023
08
Jan'23
Vulnerable organisations to get free Cyber Essentials support
Charities and legal aid firms are among those to be offered free security checks and certifications from the National Cyber Security Centre
-
January 06, 2023
06
Jan'23
Proposed digital fraud refund rules risk excluding many victims
Proposals to establish a fraud refund mechanism in the UK risk excluding many victims of digitally enabled fraud, a major bank has warned
-
January 06, 2023
06
Jan'23
Russia’s Turla falls back on old malware C2 domains to avoid detection
Mandiant says it has observed the Russian APT UNC2410, also known as Turla, re-registering expired or sinkholed domains previously used by financially motivated cyber criminals
-
January 05, 2023
05
Jan'23
Warning over ransomware attacks spreading via Fortinet kit
Following the disclosure of a critical vulnerability in October 2022, Fortinet VPN devices were exploited in two known ransomware attacks, with access likely sold on the dark web
-
January 05, 2023
05
Jan'23
Cashless Denmark has no bank robberies in a year for first time
Denmark saw no bank robberies in a single year for the first time ever, but online fraud continues to increase
-
January 02, 2023
02
Jan'23
China and India governments among top targets for cyber attackers
Chinese and Indian governments targeted by hacktivists and ransomware groups out to make statement or expose flaws in their respective security postures
-
December 28, 2022
28
Dec'22
Complaints that NCA failed in duty of candour over EncroChat warrants ‘incredible’, court hears
NCA lawyers argue that a decision by an NCA intelligence officer to disclose notes of a key meeting after two-and-a-half years boosts her credibility as a witness
-
December 22, 2022
22
Dec'22
Top 10 cyber security stories of 2022
The war in Ukraine loomed large over the cyber security news agenda, but 2022 also saw growing awareness of open source security, discussion around cyber insurance, and more besides
-
December 22, 2022
22
Dec'22
Top 10 crime, national security and law stories of 2022
Here are Computer Weekly’s top 10 crime, national security and law stories of 2022
-
December 22, 2022
22
Dec'22
Top 10 cyber crime stories of 2022
Cyber crime continued to hit the headlines in 2022, with impactful cyber attacks abounding, digitally enabled fraud ever more widespread and plenty of ransomware incidents
-
December 16, 2022
16
Dec'22
Defence lawyers claim NCA witness gave unreliable evidence on EncroChat hacking operation
National Crime Agency argues that the lawfulness of surveillance warrants issued to hack the EncroChat phone network should only be considered in the light of facts and assessments known at the time
-
December 16, 2022
16
Dec'22
UK unis implement new IP traffic policies to combat ransomware
Jisc will introduce new measures to protect UK universities and research institutions from ransomware attacks that exploit the Remote Desktop Protocol remote-access feature
-
December 15, 2022
15
Dec'22
NCA officer questioned in Investigatory Powers Tribunal over failure to disclose EncroChat notes
EncroChat hacking warrant was unlawful and in breach of human rights law, the Investigatory Powers Tribunal hears
-
December 14, 2022
14
Dec'22
Private health provider data could be shared with NHS England
Plans are advancing to create a single source of healthcare data in England combining both private providers and the NHS to avoid a repeat of the Ian Paterson scandal
-
December 14, 2022
14
Dec'22
Advanced Azov data wiper likely to become active threat
Check Point deep dives into an emergent data wiper strain known as Azov, which is making waves with hundreds of new samples being submitted to VirusTotal daily
-
December 14, 2022
14
Dec'22
NHS gets new guidance on public benefits of data sharing
NHS national data guardian Nicola Byrne has published new guidance on how health and social care bodies should approach the task of evaluating public benefit when using data for purposes beyond individual care
-
December 14, 2022
14
Dec'22
Ethical hackers flex their muscles in 2022
Ethical hackers working through HackerOne programmes found 21% more vulnerabilities in 2022 than in 2021
-
December 14, 2022
14
Dec'22
Microsoft fixes two zero-days in final Patch Tuesday of 2022
December’s Patch Tuesday is typically a light month for Microsoft, and this year proved no exception, but there are still several critical issues worth addressing, and two zero-days for defenders to pore over
-
December 13, 2022
13
Dec'22
Crime Stoppers Tasmania debuts new reporting portal
Reporting tool will enable the public to share crime-related information with law enforcement agencies to support policing in Tasmania
-
December 13, 2022
13
Dec'22
EU issues draft data adequacy decision in favour of US
The European Commission has concluded that the United States does ensure an adequate level of protection for personal data transferred from the European Union and will now launch the process towards the adoption of an adequacy decision
-
December 13, 2022
13
Dec'22
The nature of the CISO role will be in flux in 2023
As cyber risk outpaces organisational defences, and cyber attacks and breaches cause more and more damage, the nature of the CISO role is entering a state of flux, according to a report
-
December 13, 2022
13
Dec'22
Finnish government launches information security voucher scheme
Finland’s government is offering businesses financial support to help them improve their cyber security
-
December 13, 2022
13
Dec'22
More Uber data exposed in possible supply chain attack
A second incident affecting ride-sharing app Uber appears to have originated through a third party in a supply chain attack
-
December 12, 2022
12
Dec'22
Top IT predictions in APAC in 2023
Robotics, cross-cloud data mobility and cyber insurance are some of the key trends that will shape Asia-Pacific’s technology landscape in 2023
-
December 11, 2022
11
Dec'22
How Zscaler is cracking APAC’s cloud security market
Zscaler’s head in Asia-Pacific and Japan talks up the company’s growth momentum in the region and what it is doing to address areas where it can do better
-
December 08, 2022
08
Dec'22
Australia to develop new cyber security strategy
New strategy to be developed by top cyber security experts aims to turn Australia into a global cyber leader, among other goals
-
December 07, 2022
07
Dec'22
Rackspace email outage confirmed as ransomware attack
An ongoing outage affecting Rackspace email customers is the result of a ransomware attack
-
December 07, 2022
07
Dec'22
Google, MS, Oracle vulnerabilities make November ’22 a big month for patching
Vulnerabilities affecting the likes of Google, Microsoft and Oracle proved particularly troublesome in November
-
December 06, 2022
06
Dec'22
Legacy IT magnifies cyber risk for Defra, says NAO
Some 30% of Defra’s applications are currently unsupported, magnifying cyber risk as the government department struggles to make progress on a digital transformation programme
-
December 06, 2022
06
Dec'22
Industrial IoT focus of next NCSC startup challenge
The NCSC for Startups programme is looking for innovative ideas to encrypt and secure the industrial internet of things
-
December 06, 2022
06
Dec'22
EU fails to protect human rights in surveillance tech transfers
Transfers of surveillance technology from the European Union to African governments are carried out without due regard for the human rights impacts, the European Ombudsman has found after a year-long investigation into the European Commission’s ...