News

IT security

• December 27, 2022 27 Dec'22

  Top 10 ASEAN IT stories of 2022

  Despite the challenges over the past year, ASEAN businesses have taken things in stride as they press on with digital transformation, whether it is empowering citizen developers or building cloud-native applications

• December 22, 2022 22 Dec'22

  Top 10 India IT stories of 2022

  We recap the top 10 stories in India, including the digitisation work undertaken by global firms in the country and the progress made by local enterprises in harnessing technology

• December 22, 2022 22 Dec'22

  NCA ‘wrong-footed’ defence lawyers after agreeing to take expert evidence on EncroChat ‘as read’

  The National Crime Agency argued at the Investigatory Powers Tribunal that expert evidence it agreed to ‘take as read’ is limited, flawed and often based on an incorrect interpretation of the law

• December 22, 2022 22 Dec'22

  Mitiga researchers disclose AWS Elastic IP hijacking vulnerability

  Cloud incident response supplier Mitiga has said a new AWS feature has led to a vulnerability that could allow hackers to access and steal Elastic IP addresses and gain control over AWS accounts

• December 22, 2022 22 Dec'22

  Top 10 cyber security stories of 2022

  The war in Ukraine loomed large over the cyber security news agenda, but 2022 also saw growing awareness of open source security, discussion around cyber insurance, and more besides

• December 22, 2022 22 Dec'22

  Top 10 crime, national security and law stories of 2022

  Here are Computer Weekly’s top 10 crime, national security and law stories of 2022

• December 22, 2022 22 Dec'22

  Top 10 cyber crime stories of 2022

  Cyber crime continued to hit the headlines in 2022, with impactful cyber attacks abounding, digitally enabled fraud ever more widespread and plenty of ransomware incidents

• December 21, 2022 21 Dec'22

  Top 10 ANZ IT stories of 2022

  We recap the top 10 stories in Australia and New Zealand, including the opportunities and challenges that organisations in the region have faced over the past year

• December 20, 2022 20 Dec'22

  Top 10 software development stories of 2022

  We look at how software development has adapted to the changing economic climate over the past 12 months

• December 16, 2022 16 Dec'22

  Shiseido data breach victims plan legal action over fake companies

  Employees and former employees of cosmetics firm Shiseido whose data was stolen in a recent breach are planning group legal action after their information was used to establish fraudulent companies in their names

• December 16, 2022 16 Dec'22

  Defence lawyers claim NCA witness gave unreliable evidence on EncroChat hacking operation

  National Crime Agency argues that the lawfulness of surveillance warrants issued to hack the EncroChat phone network should only be considered in the light of facts and assessments known at the time

• December 16, 2022 16 Dec'22

  UK unis implement new IP traffic policies to combat ransomware

  Jisc will introduce new measures to protect UK universities and research institutions from ransomware attacks that exploit the Remote Desktop Protocol remote-access feature

• December 15, 2022 15 Dec'22

  Lego fixes dangerous API vulnerability in BrickLink service

  The Lego Group has remediated two potentially serious API vulnerabilities in its BrickLink digital resale platform, just in time for Christmas

• December 15, 2022 15 Dec'22

  Cops dismantle 48 DDoS-for-hire websites

  An operation combining law enforcement from the UK, US, Netherlands and Europol has disrupted 48 of the world’s most popular DDoS booter websites

• December 15, 2022 15 Dec'22

  NCA officer questioned in Investigatory Powers Tribunal over failure to disclose EncroChat notes

  EncroChat hacking warrant was unlawful and in breach of human rights law, the Investigatory Powers Tribunal hears

• December 14, 2022 14 Dec'22

  Private health provider data could be shared with NHS England

  Plans are advancing to create a single source of healthcare data in England combining both private providers and the NHS to avoid a repeat of the Ian Paterson scandal

• December 14, 2022 14 Dec'22

  Advanced Azov data wiper likely to become active threat

  Check Point deep dives into an emergent data wiper strain known as Azov, which is making waves with hundreds of new samples being submitted to VirusTotal daily

• December 14, 2022 14 Dec'22

  NHS gets new guidance on public benefits of data sharing

  NHS national data guardian Nicola Byrne has published new guidance on how health and social care bodies should approach the task of evaluating public benefit when using data for purposes beyond individual care

• December 14, 2022 14 Dec'22

  Ethical hackers flex their muscles in 2022

  Ethical hackers working through HackerOne programmes found 21% more vulnerabilities in 2022 than in 2021

• December 14, 2022 14 Dec'22

  Microsoft fixes two zero-days in final Patch Tuesday of 2022

  December’s Patch Tuesday is typically a light month for Microsoft, and this year proved no exception, but there are still several critical issues worth addressing, and two zero-days for defenders to pore over

• December 14, 2022 14 Dec'22

  New cyber approaches ease Registers of Scotland’s AWS migration

  As the holder of the oldest national public land register in the world, Registers of Scotland has a storied history dating back centuries. Find out how Palo Alto Networks is keeping its processes and data secure as it goes all-in on Amazon Web ...

• December 13, 2022 13 Dec'22

  Crime Stoppers Tasmania debuts new reporting portal

  Reporting tool will enable the public to share crime-related information with law enforcement agencies to support policing in Tasmania

• December 13, 2022 13 Dec'22

  EU issues draft data adequacy decision in favour of US

  The European Commission has concluded that the United States does ensure an adequate level of protection for personal data transferred from the European Union and will now launch the process towards the adoption of an adequacy decision

• December 13, 2022 13 Dec'22

  The nature of the CISO role will be in flux in 2023

  As cyber risk outpaces organisational defences, and cyber attacks and breaches cause more and more damage, the nature of the CISO role is entering a state of flux, according to a report

• December 13, 2022 13 Dec'22

  Finnish government launches information security voucher scheme

  Finland’s government is offering businesses financial support to help them improve their cyber security

• December 13, 2022 13 Dec'22

  More Uber data exposed in possible supply chain attack

  A second incident affecting ride-sharing app Uber appears to have originated through a third party in a supply chain attack

• December 13, 2022 13 Dec'22

  Customer frustrations mount as Rackspace investigation proceeds

  Rackspace says it is making progress on restoring services following a ransomware attack on its Hosted Exchange business, but customers are becoming frustrated with a lack of communication

• December 12, 2022 12 Dec'22

  Top IT predictions in APAC in 2023

  Robotics, cross-cloud data mobility and cyber insurance are some of the key trends that will shape Asia-Pacific’s technology landscape in 2023

• December 12, 2022 12 Dec'22

  Cloud-based fingerprint system for UK police nears completion

  Police Digital Service announces that a new cloud-based fingerprint system developed under its Transforming Forensics programme is nearly complete, but data protection concerns around the use of US-based cloud providers remain

• December 11, 2022 11 Dec'22

  How Zscaler is cracking APAC’s cloud security market

  Zscaler’s head in Asia-Pacific and Japan talks up the company’s growth momentum in the region and what it is doing to address areas where it can do better

• December 09, 2022 09 Dec'22

  CIISec, DCMS to fund vocational cyber courses for A-level students

  The Chartered Institute of Information Security and the Department for Digital, Culture, Media and Sport plan to fund vocational cyber qualifications for 300 teenagers

• December 09, 2022 09 Dec'22

  Iranian APT seen exploiting GitHub repository as C2 mechanism

  A subgroup of the Iran-linked Cobalt Mirage APT group has been caught taking advantage of the GitHub open source project as a means to operate its latest custom malware

• December 09, 2022 09 Dec'22

  Online Safety Bill returns to Parliament

  MPs and online safety experts have expressed concern about encryption-breaking measures contained in the Online Safety Bill as it returns to Parliament for the first time since its passage was paused in July

• December 09, 2022 09 Dec'22

  IT system limitations a factor in passport delays

  Limitations in the UK’s passport office IT system led to delays in applicants receiving their documents during a recent period of high demand

• December 08, 2022 08 Dec'22

  Consumers to get new protections against dodgy apps

  Government’s new code of practice will impose new privacy and security measures on app store operators and developers

• December 08, 2022 08 Dec'22

  Apple to tap third party for physical security keys

  Apple is launching a number of new security protections, including the addition of third-party-provided hardware security keys

• December 08, 2022 08 Dec'22

  Australia to develop new cyber security strategy

  New strategy to be developed by top cyber security experts aims to turn Australia into a global cyber leader, among other goals

• December 07, 2022 07 Dec'22

  Rackspace email outage confirmed as ransomware attack

  An ongoing outage affecting Rackspace email customers is the result of a ransomware attack

• December 07, 2022 07 Dec'22

  Google, MS, Oracle vulnerabilities make November ’22 a big month for patching

  Vulnerabilities affecting the likes of Google, Microsoft and Oracle proved particularly troublesome in November

• December 06, 2022 06 Dec'22

  Legacy IT magnifies cyber risk for Defra, says NAO

  Some 30% of Defra’s applications are currently unsupported, magnifying cyber risk as the government department struggles to make progress on a digital transformation programme

• December 06, 2022 06 Dec'22

  Industrial IoT focus of next NCSC startup challenge

  The NCSC for Startups programme is looking for innovative ideas to encrypt and secure the industrial internet of things

• December 06, 2022 06 Dec'22

  EU fails to protect human rights in surveillance tech transfers

  Transfers of surveillance technology from the European Union to African governments are carried out without due regard for the human rights impacts, the European Ombudsman has found after a year-long investigation into the European Commission’s ...

• December 06, 2022 06 Dec'22

  Don’t become an unwitting tool in Russia’s cyber war

  Researchers have turned up evidence that enterprise networks are being co-opted by Russian threat actors to launch attacks against targets in Ukraine. How can you avoid becoming an unwitting tool in a state-backed attack?

• December 05, 2022 05 Dec'22

  Fake investment ads persist on Meta’s social networks

  Online adverts for investment scams relating to property and crypto assets are still getting past measures designed to stop them

• December 05, 2022 05 Dec'22

  Cohesity doubles down on cyber-defence failings via backup

  Datahawk service and Data Security Alliance bring clean data restores, ransomware artefact detection, data vaulting and data audit for a clearer understanding of attack impact

• December 05, 2022 05 Dec'22

  French cyber consultancy Hackuity sets up UK operation

  Risk-based vulnerability management company is to establish a UK base of operations in the hope of expanding its enterprise client base

• December 02, 2022 02 Dec'22

  Twitter ‘replacement’ Hive Social shuts off service in privacy alert

  Hive Social, a recently established social media network, has temporarily closed its servers to address deep structural privacy issues identified by ethical hackers

• December 01, 2022 01 Dec'22

  MI6 chief’s hacked emails attacked MI5 and betrayed British spy operations in China

  Former UK spy boss Richard Dearlove leaked names of MI6 secret agent recruiters in China to back an aggressive right-wing US campaign against tech company Huawei. His emails were hacked and then leaked – probably by Russian intelligence

• December 01, 2022 01 Dec'22

  LastPass probes new cyber incident related to August attack

  The August 2022 cyber attack on LastPass seems to have begat another incident, according to company CEO Karim Toubba

• November 30, 2022 30 Nov'22

  Microsoft 365 banned in German schools over privacy concerns

  German schools cannot legally use Microsoft Office 365 over lack of clarity about how data is collected, shared and used, as well as the potential for unlawful transfer of European citizens’ personal data to the US