News

IT security

• January 26, 2021 26 Jan'21

  Gartner: IT budgets shift to mature processes around remote business

  The pandemic forced businesses to work remotely. Now, almost a year on, CIOs must consider the IT to run long-term remote business strategies

• January 25, 2021 25 Jan'21

  Cracking the message in a bottle

  Between 2016 and 2019, a number of bottles washed ashore in Hamburg, each containing an ‘uncrackable’ message

• January 25, 2021 25 Jan'21

  Are banks overburdened with responsibility for money lost to online scams?

  Bank boss calls for cross-industry cooperation to reduce scams that trick people into making instant payments online

• January 22, 2021 22 Jan'21

  ICO resumes adtech investigation

  The UK Information Commissioner’s Office was criticised for ending its investigation into alleged malpractice in advertising technology, but has now resumed its probe

• January 22, 2021 22 Jan'21

  Sepa data leaks as agency resists ransom demands

  The Scottish Environment Protection Agency is resisting extortion demands from a ransomware gang, but has suffered a data leak in retaliation

• January 22, 2021 22 Jan'21

  Google threatens to cut off Australia

  Google’s threat to end its Australian Search operation comes in the face of new legislation that would force it to pay media publishers for news content

• January 21, 2021 21 Jan'21

  Hackney Council tenders for cyber security upgrade

  Suppliers are being invited to tender for enhanced cyber security capabilities at ransomware victim Hackney Council

• January 21, 2021 21 Jan'21

  Immigration exemption in data protection law faces further legal challenge

  Human rights groups set to take legal challenge against immigration exemption to Court of Appeal on the basis that everyone, regardless of their nationality or residence, should have their fundamental rights and freedoms protected as stated in the ...

• January 21, 2021 21 Jan'21

  Gamarue malware found on government-issued school laptops

  Devices handed out by the government to support vulnerable children contain malware that appears to be contacting C2 infrastructure in Russia

• January 21, 2021 21 Jan'21

  Two-thirds of CISOs say they’ll be cyber attack victims this year

  Security professionals are ever alert to the threats they face, but some still seem to think it is unlikely they will be attacked

• January 21, 2021 21 Jan'21

  Interview: Tony Porter, chief privacy officer, Corsight AI

  Tony Porter speaks to Computer Weekly about the changes in facial-recognition during his time as surveillance camera commissioner, the ethics of using the technology, and his new role as chief privacy officer at Corsight AI

• January 21, 2021 21 Jan'21

  Incompetent cyber criminals leak data in opsec failure

  Even cyber criminals need to pay attention to their information security posture, as this cautionary tale uncovered by Check Point reveals

• January 20, 2021 20 Jan'21

  Should I be worried about MFA-bypassing pass-the-cookie attacks?

  Malicious actors bypassed multi-factor authentication using so-called pass-the-cookie attacks, but how worrying is this and what is the risk to organisations?

• January 20, 2021 20 Jan'21

  Malwarebytes also hit by SolarWinds attackers

  The nation state group that attacked SolarWinds in December got inside Malwarebytes by exploiting privileged access to its Microsoft Office 365 tenant, the firm reveals

• January 19, 2021 19 Jan'21

  Legacy security architectures threaten to disrupt remote working

  Annual survey of IT leaders finds network security is of prime concern as most companies continue with work-from-home policies

• January 19, 2021 19 Jan'21

  Questions raised by New Zealand central bank boss, following cyber attack investigation

  The governor of New Zealand’s central bank said the organisation must answer questions about its security following a ‘significant’ attack

• January 19, 2021 19 Jan'21

  UK fraud agency deploys ArcGIS dashboard for data sharing

  The National Fraud Intelligence Bureau says it has achieved improved transparency with the public, as well as saving 3,500 staff hours and £100,000

• January 19, 2021 19 Jan'21

  Value of GDPR fines shows dramatic increase in 2020

  European regulators imposed almost €160m worth of fines during the past 12 months, a substantial rise

• January 19, 2021 19 Jan'21

  Click fraud levels reach new heights in pandemic

  Small companies risk losing £10,000 a year, and enterprises as much as £520,000, to cyber criminals as click fraud volumes spike

• January 19, 2021 19 Jan'21

  Criminals fiddled stolen Covid-19 vaccine data to damage trust

  Malicious actors manipulated stolen Covid-19 data in a way clearly intended to damage public trust in vaccines, says the EMA

• January 19, 2021 19 Jan'21

  MAS offers guidance on mitigating supply chain threats

  Monetary Authority of Singapore revises its technology risk management guidelines to help the financial sector guard against supply chain attacks

• January 18, 2021 18 Jan'21

  MoD reports 18% rise in data loss incidents

  The Ministry of Defence reported more than five hundred data security incidents in 2019-20, with seven serious enough to warrant disclosure to the ICO

• January 18, 2021 18 Jan'21

  Australians lost A$176m to scams in 2020

  Investment scams topped the list of scams, which grew by 23.1% in 2020 as criminals exploited human psychology using social engineering

• January 17, 2021 17 Jan'21

  NCSC CyberFirst Girls 2021 contest kicks off

  UK’s national cyber agency says it has already had hundreds of entrants in spite of the challenges presented by the pandemic

• January 15, 2021 15 Jan'21

  150,000 records accidentally wiped from police systems

  Home Office claims data wiped from national police systems only relates to people who have never been convicted of a crime or had further police action taken against them following an arrest

• January 15, 2021 15 Jan'21

  US cyber security agencies get $9bn in Biden plan

  New funding proposals come as US government reels from the impact of the December 2020 SolarWinds attack

• January 15, 2021 15 Jan'21

  Coalition proposes secure standard model for Covid-19 passports

  Vaccination Credential Initiative is working to ensure that people vaccinated against Covid-19 can access their records in a secure, verifiable and privacy-preserving way

• January 14, 2021 14 Jan'21

  All EU states can take data protection cases against Facebook, says EU court

  An opinion from the European Court of Justice has the potential to lead to a flood of privacy complaints against Facebook if upheld

• January 14, 2021 14 Jan'21

  Experian calls for less bureaucratic data regulations

  Open banking requires cross-industry collaboration, but sharing personal data requires explicit consent, which can become a bottleneck

• January 14, 2021 14 Jan'21

  Old, on-premise systems targeted in Hackney ransomware attack

  Council reveals some more insight into how the Pysa ransomware gang infiltrated its systems by exploiting legacy technology

• January 14, 2021 14 Jan'21

  Unforeseen consequences of new technologies put UK at risk

  Lords committee told that the risks associated with various emerging digital technologies must be assessed together, with input from UK citizens, if the government is to avoid ‘siloisation’ of fundamentally interconnected problems

• January 14, 2021 14 Jan'21

  APAC firms grapple with cyber security amid pandemic

  Some aspects of cyber security have taken a backseat as companies across the Asia-Pacific region rush to shore up their infrastructure to cope with the demands of remote work

• January 13, 2021 13 Jan'21

  Court to rule on Facebook data sharing after Schrems drops legal challenge against Irish regulator

  Irish High Court says it will issue a judgment as soon as possible over a draft decision by Ireland’s data protection commissioner to order Facebook to stop the transfer of data about EU citizens to datacentres in the US

• January 13, 2021 13 Jan'21

  Three-quarters of finance firms report more potentially criminal activity in their networks

  Fears of failing to comply with strict regulations grow as financial services firms identify more suspicious financial activity on their networks

• January 13, 2021 13 Jan'21

  World’s largest dark web market disrupted in major police operation

  Coordinated international operation including Europol and the UK’s National Crime Agency has successfully taken DarkMarket offline

• January 13, 2021 13 Jan'21

  Covid-19 immunity passport tests to begin in UK

  A Covid-19 immunity and vaccination passport developed by two UK firms and backed by Innovate UK has entered the live testing phase

• January 13, 2021 13 Jan'21

  Stolen Pfizer/BioNTech Covid-19 vaccine data leaked

  Data dump understood to include screenshots of emails, peer review information, PDFs and PowerPoint presentations

• January 13, 2021 13 Jan'21

  Critical zero-day features in first Patch Tuesday of 2021

  Microsoft releases fixes for 84 bugs on the first Patch Tuesday of 2021, including a critical zero-day vulnerability in Microsoft Defender

• January 12, 2021 12 Jan'21

  Palo Alto Networks opens Australia cloud location

  The cyber security company’s Australia cloud location will address data localisation requirements amid growing adoption of cloud-based security services

• January 12, 2021 12 Jan'21

  Mimecast latest security firm to be compromised

  Users of a specific Mimecast certificate used to authenticate services to Microsoft Office 365 may be at risk of compromise in an attack that may relate to the ongoing SolarWinds incident

• January 12, 2021 12 Jan'21

  Parler collapse opens door to phishing attacks

  The shutdown of controversial social media site Parler, and the publication of huge amounts of user data scraped by ethical hackers, is giving cyber crime experts cause for concern

• January 12, 2021 12 Jan'21

  Former ministers speak out on Mike Lynch extradition

  As Mike Lynch, founder and former CEO of Autonomy, awaits his US extradition hearing, several former Tory MPs have expressed their concerns

• January 12, 2021 12 Jan'21

  Early stage UK security startups face funding crisis

  Overall cyber security funding since the advent of the pandemic is well up, but investment is dominated by safe, later-stage firms while those raising capital for the first time fall away

• January 11, 2021 11 Jan'21

  New SolarWinds CEO sets out rescue plan

  Customers can expect to see more regular and thorough checks on SolarWinds products, alongside greater engagement with the security community

• January 11, 2021 11 Jan'21

  Kaspersky claims link between Solorigate and Kazuar backdoors

  Researchers say they have found specific code similarities between the Solorigate/Sunburst malware and the Kazuar backdoor, suggesting some relationship

• January 11, 2021 11 Jan'21

  New Zealand central bank IT system breached in cyber attack

  Bank is responding to a cyber attack after hackers breached the system of a third-party supplier

• January 08, 2021 08 Jan'21

  Government use of 'general warrants' to authorise computer and phone hacking is unlawful

  A court has ruled that the security and intelligence services can no longer rely on ‘general warrants’ to authorise the hacking of large numbers of computers and phones belonging to UK citizens

• January 08, 2021 08 Jan'21

  Which? online banking investigation reveals ‘worrying gaps’ in security

  Consumer rights organisation has ranked the security of UK online current account providers

• January 07, 2021 07 Jan'21

  Biden picks cyber veteran to reinvigorate security response

  Appointment of career intelligence operative Anne Neuberger signals refreshed security approach for the US government under Joe Biden's administration

• January 07, 2021 07 Jan'21

  Trump bans Chinese payment apps

  US president signs executive order banning the use of Chinese payments app, citing national security risks

• January 07, 2021 07 Jan'21

  Hackney Council data leaked by Pysa ransomware gang

  Council data stolen in October is leaked online in a double extortion attack

• January 06, 2021 06 Jan'21

  WikiLeaks founder Julian Assange to remain in prison despite winning extradition battle

  Judge cites Assange’s support of NSA whistleblower as one of the reasons for him being at high risk of absconding. He will remain in Belmarsh prison until the US government completes its appeal

• January 06, 2021 06 Jan'21

  SolarWinds attack almost certainly work of Russian spooks

  Investigations into the far-reaching SolarWinds Solorigate attack did not let up during the holidays

• January 05, 2021 05 Jan'21

  Scammers impersonating the ACSC on the prowl

  The Australian Cyber Security Centre warns of scammers who are using its name to gain control of personal computers and trick users into revealing personal information

• January 05, 2021 05 Jan'21

  Banking trade body calls for increased contactless payment limit

  UK Finance proposes an increase in the limit on spending using contactless cards

• January 04, 2021 04 Jan'21

  WikiLeaks founder Julian Assange cannot be extradited to face charges in US, court rules

  Court rules it would be oppressive to send Julian Assange to the US to face trial after finding he is at high risk of suicide. US government says it will appeal

• January 04, 2021 04 Jan'21

  Journalists’ FOI bids stayed as court reconsiders freedom of information rights of people outside UK

  Tribunal questions whether people without a British passport or Britons living overseas are eligible to use the UK’s Freedom of Information Act

• December 31, 2020 31 Dec'20

  Top 10 networking stories of 2020

  Here are Computer Weekly’s top 10 networking stories of 2020

• December 31, 2020 31 Dec'20

  Top 10 investigations and national security stories of 2020

  Here are Computer Weekly’s top 10 investigations and national security stories of 2020

• December 31, 2020 31 Dec'20

  Top 10 technology and ethics stories of 2020

  Here are Computer Weekly’s top 10 technology and ethics stories of 2020

• December 30, 2020 30 Dec'20

  Top 10 ASEAN IT stories of 2020

  Here are Computer Weekly’s top 10 ASEAN IT stories of 2020

• December 30, 2020 30 Dec'20

  UK-EU Brexit deal passes Commons with six-month data adequacy bridge

  IT industry trade body TechUK has welcomed a six-month data adequacy bridge, in the wake of the EU-UK trade deal that the House of Commons has voted for

• December 24, 2020 24 Dec'20

  Top 10 cyber crime stories of 2020

  Here are Computer Weekly’s top 10 cyber crime stories of 2020

• December 23, 2020 23 Dec'20

  Top 10 cyber security stories of 2020

  Here are Computer Weekly’s 10 top cyber security stories of 2020

• December 22, 2020 22 Dec'20

  Ministry of Justice in the dock for catalogue of serious data breaches

  Annual report reveals major incidents of personal data loss affecting 121,355 people and including misplaced, unencrypted USB stick containing documents from a trial, accidental disclosure of identities, and staff files made visible to ...

• December 22, 2020 22 Dec'20

  Top 10 end-user computing stories of 2020

  Here are Computer Weekly’s top 10 end-user computing stories of 2020

• December 18, 2020 18 Dec'20

  Finnish government tables laws to protect data from cyber criminals

  Government is strengthening its legal framework to protect data from hackers in the wake of a massive breach at a psychotherapy centre

• December 18, 2020 18 Dec'20

  Utility supplier People’s Energy has entire customer list stolen

  All 270,000 customers of People’s Energy, a renewable energy startup, have had their details compromised in a major data breach incident

• December 18, 2020 18 Dec'20

  SolarWinds cyber attack is ‘grave risk’ to global security

  More victims of the SolarWinds Orion Sunburst cyber attack are being identified as the massive scale of the Russia-linked cyber espionage campaign becomes more clear

• December 17, 2020 17 Dec'20

  Dodgy browser extensions put social media users at risk

  More than three million users of third-party browser extensions for Instagram, Facebook, Vimeo and others have been infected with malware, according to Avast

• December 17, 2020 17 Dec'20

  EU security strategy a ‘step up’ on cyber leadership, says Brussels

  The EU’s new cyber security strategy forms a key component of Shaping Europe’s Digital Future, the Recovery Plan for Europe, and the EU Security Union Strategy

• December 17, 2020 17 Dec'20

  NHS Scotland taps Check Point to secure Covid-19 data

  NHS National Services Scotland is working with security firm Check Point to safeguard its sensitive data in the cloud and support its work on the coronavirus

• December 17, 2020 17 Dec'20

  FireEye and partners release SolarWinds kill-switch

  A so-called kill-switch for the dangerous SolarWinds Sunburst attack should allay some user fears, but is not a full fix for the issue

• December 17, 2020 17 Dec'20

  UK police unlawfully processing over a million people’s data on Microsoft 365

  The roll-out of Microsoft 365 to dozens of UK police forces may be unlawful, because many have failed to conduct data protection checks before deployment and hold no information on their contracts

• December 17, 2020 17 Dec'20

  Danske Bank fights money laundering with AI

  Danske Bank is using artificial intelligence to help it prevent a repeat of the huge money laundering scandal that hit one of its operations in Estonia

• December 17, 2020 17 Dec'20

  AWS brings disaster recovery programme to Australia

  Project Resilience will offer up to $5,000 worth of credits to public sector and community organisations to offset the cost of storing data on Amazon Web Services

• December 16, 2020 16 Dec'20

  Lancashire police integrate body-worn video into digital policing app

  Body-worn video integration will transform Lancashire police’s time-consuming and manual procedures into an efficient digital workflow, but claims that BMV will increase transparency and accountability are not backed by the evidence

• December 15, 2020 15 Dec'20

  SolarWinds cyber attack: How worried should I be, and what do I do now?

  Security teams across the world are on high alert as more details emerge of the widespread SolarWinds ‘Sunburst’ attack. What do defenders need to do next?

• December 15, 2020 15 Dec'20

  Cyber crime victims in the Netherlands not reporting offences

  Dutch victims of online crime rarely report it to the police and when they do, they are often dissatisfied

• December 14, 2020 14 Dec'20

  FireEye identifies flaw in networking monitoring software as US agencies attacked

  Cyber security company says investigations have revealed security breach occurred because of a flaw in a network monitoring software

• December 13, 2020 13 Dec'20

  Singapore trials beacons to bolster police operations

  Police beacons equipped with video cameras, sirens, floodlights and speakers are being deployed at two parks to improve public safety in a year-long trial

• December 11, 2020 11 Dec'20

  The week in ransomware: Foxconn and Randstad are high-profile victims

  Foxconn and Randstad are laid low by cyber criminals, while Sophos spills on Egregor, and prognosticators turn to their crystal balls to divine how ransomware will develop in the next 12 months

• December 11, 2020 11 Dec'20

  Disputed PostgreSQL bug exploited in cryptomining botnet

  PGMiner cryptomining botnet remained unnoticed by exploiting a disputed CVE in PostgreSQL

• December 11, 2020 11 Dec'20

  Surge in Covid-19 vaccine phishing scams reported

  Check Point and KnowBe4 share details of a growing number of phishing campaigns using the prospect of a Covid-19 vaccine as a lure

• December 10, 2020 10 Dec'20

  French regulators fine Google and Amazon over cookie policies

  Google and Amazon rapped over their use of advertising cookies by the French data protection authorities

• December 10, 2020 10 Dec'20

  Cyber Helpline awarded lottery funding to support victims

  The Cyber Helpline, a UK charity that provides emergency support to victims of cyber crime and online stalking, is to receive funding from the National Lottery

• December 10, 2020 10 Dec'20

  After critical year, Vodafone trains security sights on CNI market

  Vodafone’s security head Steve Knibbs explains how he plans to bring the lessons of a transformative few years in cyber security to bear on new markets

• December 10, 2020 10 Dec'20

  Data on Pfizer/BioNTech Covid-19 vaccine stolen in cyber attack

  The European Medicines Agency has launched a full investigation into an apparent security incident that has seen documents on the Pfizer/BioNTech Covid-19 vaccine stolen

• December 10, 2020 10 Dec'20

  Alan Turing Institute appoints global advisory board to aid digital identity schemes project

  The Alan Turing Institute announces an international advisory board for a project investigating digital identity schemes, with a view to building the technology and organisational infrastructure to sustain them as trustworthy

• December 09, 2020 09 Dec'20

  Amnesia:33 IoT flaws dangerous and patches unlikely, say experts

  The disclosure of multiple flaws by Forescout has raised big questions for the developers of connected products, and for their users

• December 09, 2020 09 Dec'20

  Patch Tuesday: Microsoft presents just 58 CVEs for Christmas

  The final Patch Tuesday of 2020 contains 58 fixes, a minnow compared to some recent drops, but many are still of high importance

• December 09, 2020 09 Dec'20

  FireEye’s ethical hacking tools stolen in state-backed attack

  Hacking tools used to conduct red team penetration testing were stolen in the state-backed attack on security firm FireEye

• December 09, 2020 09 Dec'20

  There’s no going back to pre-pandemic security approaches

  The cyber security world will probably never return to its pre-pandemic state, and different approaches to security will come to the fore in 2021

• December 09, 2020 09 Dec'20

  Top IT predictions in APAC in 2021

  The Asia-Pacific region will continue to be a cradle for technology innovation in the new year, whether it is 5G services, artificial intelligence, cloud computing or cyber security

• December 08, 2020 08 Dec'20

  Multiple D-Link routers found vulnerable to attack

  Digital Defense discloses a remotely exploitable root command injection flaw in a number of D-Link wireless router devices

• December 08, 2020 08 Dec'20

  Russian state actors exploiting VMware bug to hijack data, users warned

  Russian APT groups are actively exploiting a vulnerability in VMware products to access protected data, according to latest warnings

• December 07, 2020 07 Dec'20

  Met Police failed to clear backlog of subject access requests

  Metropolitan Police failed to comply fully with an enforcement notice issued by the Information Commissioner, and despite hundreds of overdue subject access requests the regulator did not take further action

• December 07, 2020 07 Dec'20

  HMRC referred 11 data security incidents to ICO in 2019-20

  HM Revenue & Customs shares details of a number of data security incidents that occurred during the 2019-20 financial year in its annual report

• December 07, 2020 07 Dec'20

  Grindr and others patch critical Android bug

  Fixes for CVE-2020-8913 deployed as app developers shore up their defences against a disclosed Google Play vulnerability

• December 07, 2020 07 Dec'20

  Singapore government to boost blockchain adoption

  Singapore government unveils S$12m programme to promote development and adoption of blockchain applications beyond financial services