News

IT security

• January 13, 2023 13 Jan'23

  LockBit cartel suspected of Royal Mail cyber attack

  The still-developing cyber incident at Royal Mail may be the work of the infamous LockBit ransomware operation

• January 12, 2023 12 Jan'23

  Companies warned to step up cyber security to become ‘insurable’

  Investing in better IT security to protect against cyber crime will make businesses more resilient against other risks 

• January 12, 2023 12 Jan'23

  UK government completes trials of age estimation technology

  Government-led trials of age estimation and verification technologies for the sale of alcohol in nightlife venues and supermarkets have been completed, with both government and retail lobbyists pushing for legislation that would allow retailers to ...

• January 12, 2023 12 Jan'23

  Chrome vulnerability could have led to widespread data theft

  A dangerous vulnerability in Google Chrome and Chromium-based browsers could have put billions of users’ files at risk of being stolen

• January 12, 2023 12 Jan'23

  Cloudflare completes SASE offer with Magic WAN Connector

  Software-defined wide-area network functionality released by online application acceleration and infrastructure provider Cloudflare to complete single-supplier secure access service edge offering

• January 12, 2023 12 Jan'23

  Guardian confirms Christmas 2022 cyber attack was ransomware

  Guardian Media Group bosses confirm the 20 December cyber attack that left staff locked out of its London office and disrupted several key systems was an untargeted ransomware attack

• January 11, 2023 11 Jan'23

  Royal Mail services hit by major cyber attack

  UK postal service Royal Mail is asking customers not to send any overseas letters or parcels while it deals with the impact of an ongoing cyber attack

• January 11, 2023 11 Jan'23

  Should we be worried about malicious use of AI language models?

  WithSecure research into GPT-3 language models, used by the likes of ChatGPT, surfaces concerning findings about how easy it is to use large language models for malicious purposes. Should security teams be concerned?

• January 11, 2023 11 Jan'23

  Internet shutdowns cost global economy $24bn in 2022

  Deliberate disruption of people’s access to the internet by governments is having a substantial economic impact and contributing to a range of human rights abuses, primarily against protestors

• January 11, 2023 11 Jan'23

  Microsoft fixes EoP zero-day on January Patch Tuesday

  On the first Patch Tuesday of 2023, Microsoft fixed an elevation of privilege vulnerability in Windows Advanced Local Procedure Call, which has been actively exploited in the wild and may be co-opted into ransomware campaigns

• January 11, 2023 11 Jan'23

  NHS data platform costing £480m to supersede Covid-19 data store underway

  NHS England has invited suppliers to tender for a data platform that will supersede the Covid-19 data store controversial for the involvement of data analytics firm Palantir

• January 11, 2023 11 Jan'23

  Davos 2023: Pervasive cyber crime and cyber security gaps pose severe risk to organisations

  Governments and organisations face tough trade-offs as they balance immediate problems caused by economic recession, energy shortages and rising interest rates with longer-term risks, including the impact of global warming

• January 11, 2023 11 Jan'23

  What’s happening with quantum-safe cryptography?

  Chinese researchers claim quantum technology is reaching a point where a quantum device will soon be able to crack RSA 2048 public key encryption

• January 10, 2023 10 Jan'23

  New APT group targets ASEAN governments and militaries

  The Dark Pink advanced persistent threat group used custom malware to exfiltrate data from high-profile targets through spear-phishing emails last year, according to Group-IB

• January 10, 2023 10 Jan'23

  Insurer Beazley introduces catastrophe bond to ease cyber risk

  Insurance company Beazley says that its $45m cyber catastrophe bond will help to protect its balance sheet and enable it to offer more cyber insurance cover

• January 09, 2023 09 Jan'23

  JPMorgan ordered to face lawsuit over cyber attack on Ray-Ban maker

  US banking giant JPMorgan forced to respond to accusations that it failed to inform a business customer about suspicious transactions

• January 08, 2023 08 Jan'23

  Vulnerable organisations to get free Cyber Essentials support

  Charities and legal aid firms are among those to be offered free security checks and certifications from the National Cyber Security Centre

• January 06, 2023 06 Jan'23

  Proposed digital fraud refund rules risk excluding many victims

  Proposals to establish a fraud refund mechanism in the UK risk excluding many victims of digitally enabled fraud, a major bank has warned

• January 06, 2023 06 Jan'23

  Russia’s Turla falls back on old malware C2 domains to avoid detection

  Mandiant says it has observed the Russian APT UNC2410, also known as Turla, re-registering expired or sinkholed domains previously used by financially motivated cyber criminals

• January 06, 2023 06 Jan'23

  Vice Society cyber gang targeted multiple UK schools

  The Vice Society ransomware gang has made a habit of attacking educational institutions, and now appears to have struck multiple schools, colleges and universities in the UK

• January 06, 2023 06 Jan'23

  Meta to appeal £345m fine for Facebook and Instagram privacy breaches

  Social media company Meta is to appeal after the Irish Data Protection Commission fined the company for breaching GDPR

• January 05, 2023 05 Jan'23

  Cyber gang abused free trials to exploit public cloud CPU resources

  A South Africa-based cyber crime gang exploited free trials and introductory offers to run cryptominers via public cloud services, then did a runner without paying

• January 05, 2023 05 Jan'23

  Warning over ransomware attacks spreading via Fortinet kit

  Following the disclosure of a critical vulnerability in October 2022, Fortinet VPN devices were exploited in two known ransomware attacks, with access likely sold on the dark web

• January 05, 2023 05 Jan'23

  Fallout from Guardian cyber attack to last at least a month

  The Guardian newspaper’s offices remained shut into the New Year following a supposed ransomware attack, with disruption likely to last some time

• January 05, 2023 05 Jan'23

  Cashless Denmark has no bank robberies in a year for first time

  Denmark saw no bank robberies in a single year for the first time ever, but online fraud continues to increase

• January 03, 2023 03 Jan'23

  Test of digital ID tech at Surrey nightclub proclaimed success

  The majority of visitors to a Camberley venue who piloted a digital identification app developed by 1account said they found it easy to use and preferred it to standard physical ID

• January 02, 2023 02 Jan'23

  China and India governments among top targets for cyber attackers

  Chinese and Indian governments targeted by hacktivists and ransomware groups out to make statement or expose flaws in their respective security postures

• December 29, 2022 29 Dec'22

  Top 10 technology and ethics stories of 2022

  Here are Computer Weekly’s top 10 technology and ethics stories of 2022

• December 28, 2022 28 Dec'22

  Complaints that NCA failed in duty of candour over EncroChat warrants ‘incredible’, court hears

  NCA lawyers argue that a decision by an NCA intelligence officer to disclose notes of a key meeting after two-and-a-half years boosts her credibility as a witness

• December 27, 2022 27 Dec'22

  Top 10 ASEAN IT stories of 2022

  Despite the challenges over the past year, ASEAN businesses have taken things in stride as they press on with digital transformation, whether it is empowering citizen developers or building cloud-native applications

• December 22, 2022 22 Dec'22

  Top 10 India IT stories of 2022

  We recap the top 10 stories in India, including the digitisation work undertaken by global firms in the country and the progress made by local enterprises in harnessing technology

• December 22, 2022 22 Dec'22

  NCA ‘wrong-footed’ defence lawyers after agreeing to take expert evidence on EncroChat ‘as read’

  The National Crime Agency argued at the Investigatory Powers Tribunal that expert evidence it agreed to ‘take as read’ is limited, flawed and often based on an incorrect interpretation of the law

• December 22, 2022 22 Dec'22

  Mitiga researchers disclose AWS Elastic IP hijacking vulnerability

  Cloud incident response supplier Mitiga has said a new AWS feature has led to a vulnerability that could allow hackers to access and steal Elastic IP addresses and gain control over AWS accounts

• December 22, 2022 22 Dec'22

  Top 10 cyber security stories of 2022

  The war in Ukraine loomed large over the cyber security news agenda, but 2022 also saw growing awareness of open source security, discussion around cyber insurance, and more besides

• December 22, 2022 22 Dec'22

  Top 10 crime, national security and law stories of 2022

  Here are Computer Weekly’s top 10 crime, national security and law stories of 2022

• December 22, 2022 22 Dec'22

  Top 10 cyber crime stories of 2022

  Cyber crime continued to hit the headlines in 2022, with impactful cyber attacks abounding, digitally enabled fraud ever more widespread and plenty of ransomware incidents

• December 21, 2022 21 Dec'22

  Top 10 ANZ IT stories of 2022

  We recap the top 10 stories in Australia and New Zealand, including the opportunities and challenges that organisations in the region have faced over the past year

• December 20, 2022 20 Dec'22

  Top 10 software development stories of 2022

  We look at how software development has adapted to the changing economic climate over the past 12 months

• December 16, 2022 16 Dec'22

  Shiseido data breach victims plan legal action over fake companies

  Employees and former employees of cosmetics firm Shiseido whose data was stolen in a recent breach are planning group legal action after their information was used to establish fraudulent companies in their names

• December 16, 2022 16 Dec'22

  Defence lawyers claim NCA witness gave unreliable evidence on EncroChat hacking operation

  National Crime Agency argues that the lawfulness of surveillance warrants issued to hack the EncroChat phone network should only be considered in the light of facts and assessments known at the time

• December 16, 2022 16 Dec'22

  UK unis implement new IP traffic policies to combat ransomware

  Jisc will introduce new measures to protect UK universities and research institutions from ransomware attacks that exploit the Remote Desktop Protocol remote-access feature

• December 15, 2022 15 Dec'22

  Lego fixes dangerous API vulnerability in BrickLink service

  The Lego Group has remediated two potentially serious API vulnerabilities in its BrickLink digital resale platform, just in time for Christmas

• December 15, 2022 15 Dec'22

  Cops dismantle 48 DDoS-for-hire websites

  An operation combining law enforcement from the UK, US, Netherlands and Europol has disrupted 48 of the world’s most popular DDoS booter websites

• December 15, 2022 15 Dec'22

  NCA officer questioned in Investigatory Powers Tribunal over failure to disclose EncroChat notes

  EncroChat hacking warrant was unlawful and in breach of human rights law, the Investigatory Powers Tribunal hears

• December 14, 2022 14 Dec'22

  Private health provider data could be shared with NHS England

  Plans are advancing to create a single source of healthcare data in England combining both private providers and the NHS to avoid a repeat of the Ian Paterson scandal

• December 14, 2022 14 Dec'22

  Advanced Azov data wiper likely to become active threat

  Check Point deep dives into an emergent data wiper strain known as Azov, which is making waves with hundreds of new samples being submitted to VirusTotal daily

• December 14, 2022 14 Dec'22

  NHS gets new guidance on public benefits of data sharing

  NHS national data guardian Nicola Byrne has published new guidance on how health and social care bodies should approach the task of evaluating public benefit when using data for purposes beyond individual care

• December 14, 2022 14 Dec'22

  Ethical hackers flex their muscles in 2022

  Ethical hackers working through HackerOne programmes found 21% more vulnerabilities in 2022 than in 2021

• December 14, 2022 14 Dec'22

  Microsoft fixes two zero-days in final Patch Tuesday of 2022

  December’s Patch Tuesday is typically a light month for Microsoft, and this year proved no exception, but there are still several critical issues worth addressing, and two zero-days for defenders to pore over

• December 14, 2022 14 Dec'22

  New cyber approaches ease Registers of Scotland’s AWS migration

  As the holder of the oldest national public land register in the world, Registers of Scotland has a storied history dating back centuries. Find out how Palo Alto Networks is keeping its processes and data secure as it goes all-in on Amazon Web ...