News

Network security management

• March 13, 2020 13 Mar'20

  UK’s security sector failing on most diversity measures

  A DCMS report on the state of the UK’s cyber security workforce highlights a huge lack of diversity and a substantial skills gap

• March 11, 2020 11 Mar'20

  Microsoft locks down new vulnerability with EternalBlue echoes

  Microsoft has moved to get ahead of a serious remote code execution vulnerability in Microsoft Server Message Block 3.1.1, which was accidentally disclosed then missed in its March Patch Tuesday update

• March 05, 2020 05 Mar'20

  Huawei: MPs air concerns over security risks in code and managed contracts

  The risk Huawei poses to the UK's 5G network roll out was raised during a recent Westminster Hall debate

• March 04, 2020 04 Mar'20

  5G security is a concern for most companies

  A study has found that decision-makers fear that 5G technology will make organisations more vulnerable to cyber attacks and will raise security-related costs

• March 03, 2020 03 Mar'20

  Horangi and Tokio Marine team up on cyber security services

  Singapore-based Horangi will provide penetration testing, among other cyber security services, to Tokio Marine Insurance Singapore’s cyber risk insurance clients

• March 02, 2020 02 Mar'20

  The Security Interviews: Inside the world of bug bounties

  You may not make a million as a bug bounty hunter, but you might help remove some of the stigma that persists around cyber security, says HackerOne’s Shlomie Liberow

• February 27, 2020 27 Feb'20

  Redcar & Cleveland Council confirms ransomware attack

  Local authority’s systems are still offline nearly three weeks after being attacked

• February 27, 2020 27 Feb'20

  Kr00k vulnerability compromises billions of Wi-Fi devices

  Billions of Wi-Fi chips used in IoT devices, laptops, smartphones and tablets are vulnerable to a serious vulnerability

• February 26, 2020 26 Feb'20

  Fake CDNs obscuring credit card fraudsters

  Fake content delivery networks and ngrok servers are being pressed into service to obscure credit card skimming activities

• February 26, 2020 26 Feb'20

  Cloud Snooper firewall bypass may be work of nation state

  Cloud Snooper deploys a combination of specialised techniques to sneak past enterprise firewalls, warns Sophos

• February 26, 2020 26 Feb'20

  WikiLeaks founder Julian Assange cannot be legally extradited for ‘political offences’, say lawyers

  Lawyers for WikiLeaks founder Julian Assange argue that he has been charged with political offences and cannot be legally extradited to the US under the US-UK extradition treaty

• February 25, 2020 25 Feb'20

  Sports retailer Decathlon left employee data exposed

  More than 123 million records were accidentally exposed on an unsecured ElasticSearch server

• February 25, 2020 25 Feb'20

  The Security Interviews: Gil Shwed’s 10-year vision for security

  Check Point founder Gil Shwed discusses his new Infinity Next concept and how he plans to remodel the world of cyber security in the next 10 years

• February 25, 2020 25 Feb'20

  Cloud data leaks compounded by lack of automation tools

  Data leaks caused by misconfigured clouds are being compounded because security teams lack appropriate automation and integration tools, according to a report

• February 24, 2020 24 Feb'20

  WikiLeaks founder Assange ‘put lives at risk’ by disclosing names in leaked documents, court hears

  WikiLeaks founder Julian Assange ‘put lives of US informants at risk’ by publishing unredacted documents, lawyers for the US argued at the first day of a week-long extradition hearing

• February 24, 2020 24 Feb'20

  Open security group unveils common OpenDXL language

  Open Cybersecurity Alliance announces the availability of OpenDXL Ontology, the first open source language for connecting disparate security tools through a common messaging framework

• February 24, 2020 24 Feb'20

  Cisco goes all-in on security integration with SecureX platform

  CISOs are struggling to stitch together disparate cyber security products and services – Cisco believes its cloud-native SecureX platform will change their working lives for the better

• February 20, 2020 20 Feb'20

  UK and US accuse Russian spooks of Georgia cyber attacks

  Foreign secretary describes 2019 campaign of cyber attacks as reckless, brazen and unacceptable

• February 20, 2020 20 Feb'20

  Facilities firm ISS World crippled by ransomware attack

  An apparent ransomware attack has compromised some IT and email systems at Danish facilities firm ISS World

• February 18, 2020 18 Feb'20

  Untrusted security teams being left out of business decisions

  Only a third of organisations are involving their cyber security function at the planning stage of business initiatives

• February 17, 2020 17 Feb'20

  Australians more savvy about cyber security

  More Australians look out for signs of security features such as SSL encryption even as they remain sceptical of the data protection capabilities of small businesses

• February 17, 2020 17 Feb'20

  Mastercard opens European security resilience unit

  Mastercard’s European Cyber Resilience Centre will bring together its partners and other industry bodies to support enterprise resilience

• February 17, 2020 17 Feb'20

  Ex-soldiers to become ethical hackers

  A new programme will give armed forces veterans in Scotland a grounding in cyber security skills, including penetration testing and ethical hacking

• February 11, 2020 11 Feb'20

  Chinese military personnel accused of Equifax hack

  A US federal grand jury has indicted four Chinese army personnel over the 2017 Equifax breach

• February 10, 2020 10 Feb'20

  Norway braces for possible China backlash over 5G loss

  Norway fears trading relationship with China will suffer as a result of Huawei losing 5G contract to Ericsson

• February 06, 2020 06 Feb'20

  Stressed, overworked CISOs losing £23k a year in unpaid overtime

  Nominet’s latest CISO Stress Report has revealed the extent to which organisations are taking advantage of their security staff, and the deleterious effects of overwork and stress on mental health

• February 05, 2020 05 Feb'20

  Darktrace signs to McLaren for 2020 F1 season

  McLaren Racing has enlisted Darktrace to become its official artificial intelligence cyber security partner

• February 05, 2020 05 Feb'20

  Web app ubiquity gives cyber criminals new opportunities

  The popularity and ubiquity of web-based apps such as Office 365 and Salesforce is a temptation too good to miss for cyber criminals

• February 05, 2020 05 Feb'20

  Check Point pledges end to security updates

  Check Point’s Gil Shwed expands on a vision for the next 10 years of cyber security, which he calls Infinity Next

• February 05, 2020 05 Feb'20

  IoT network flaw left Philips Hue bulbs open to attack

  Vulnerabilities in the ZigBee internet of things networking protocol have left market-leading smart devices, including Philips Hue lightbulbs, open to exploitation

• February 03, 2020 03 Feb'20

  NHS adds supplier security audits to procurement platform

  A new feature in the NHS’s Edge4Health procurement platform will help NHS suppliers improve their cyber security posture and NHS organisations make better buying decisions

• January 30, 2020 30 Jan'20

  NCSC launches study on cyber security diversity

  The UK’s National Cyber Security Centre wants to improve the diversity of the cyber security sector

• January 29, 2020 29 Jan'20

  UK cyber security sector worth more than £8bn

  The UK’s cyber security industry employs 43,000 full-time workers, and contributed nearly £4bn to the UK economy in 2019, according to DCMS

• January 29, 2020 29 Jan'20

  NHS suffers fewer ransomware attacks, but threat persists

  Ransomware attacks against the NHS have tapered off dramatically, according to statistics obtained under FoI legislation, but this does not mean the threat has diminished

• January 28, 2020 28 Jan'20

  Data privacy benefits outweigh spend, says Cisco

  Cisco’s 2020 data privacy study shows organisations can generate substantial returns on their data privacy and protection spending

• January 27, 2020 27 Jan'20

  UK in catch-22 decision over Huawei security

  The UK’s final decision on whether to permit mobile operators to use Huawei equipment is expected imminently, and its decision will have ramifications far beyond the technology sphere

• January 27, 2020 27 Jan'20

  Government tightens law around IoT cyber security

  New legislation developed by DCMS and the NCSC may help guarantee the security and privacy of users of consumer IoT devices

• January 27, 2020 27 Jan'20

  SANS Institute calls on Manchester security pros

  Manchester will play host to a week-long cyber security training event during February

• January 24, 2020 24 Jan'20

  Milan hosts Cisco’s first European security innovation unit

  Cisco has cut the ribbon on its first Cyber Security Co-Innovation Centre in Europe, at Milan’s Leonardo da Vinci Science and Technology Museum

• January 23, 2020 23 Jan'20

  Travelex hackers shut down German car parts company Gedia in massive ‘cyber attack’

  Car parts manufacturer says cyber attack will have far-reaching consequences for its business, and it has put emergency plans in place to continue deliveries

• January 23, 2020 23 Jan'20

  Seven projects funded to explore CAV security

  The winners of the Cyber Securities Feasibility Studies contest, exploring cyber security for self-driving cars, have been revealed

• January 22, 2020 22 Jan'20

  Citrix releases IoC scanner for ADC and Gateway vulnerabilities

  As patches for its compromised NetScaler ADC and Gateway products begin to roll out, Citrix enlists FireEye Mandiant to develop an indicator of compromise scanner for end-users

• January 22, 2020 22 Jan'20

  Internal error left Microsoft customer service data exposed

  Customer service and support records of nearly 250 million Microsoft customers left exposed after database misconfiguration

• January 21, 2020 21 Jan'20

  5G builders test vulnerabilities in Finnish hackathon

  University hackathon puts 5G security to the test as new wireless technology’s roll-out nears

• January 15, 2020 15 Jan'20

  Lorca announces new cohort of 20 security scaleups

  20 scaleups will focus their attention on automation, zero trust and supply chain security

• January 15, 2020 15 Jan'20

  Threat landscape grew in complexity in 2019, no respite in sight

  Check Point’s annual state of security report shares some 2019 trends and looks ahead to 2020

• January 14, 2020 14 Jan'20

  Two-thirds of UK healthcare organisations breached last year

  The majority of healthcare organisations in the UK experienced a cyber security incident during 2019, with almost half the result of viruses and malware introduced on third party devices

• January 14, 2020 14 Jan'20

  Cyber criminals spend three months lurking in target networks

  Cyber criminals are spending longer hiding in target networks before launching their attacks, as more organised groups turn to business disruption to achieve their objectives

• January 14, 2020 14 Jan'20

  Citrix NetScaler vulnerabilities won’t be patched until end of January

  Some vulnerabilities identified in Citrix products will not be fully patched until the end of January 2020

• January 13, 2020 13 Jan'20

  Travelex to begin restoring foreign exchange services two weeks after ‘Sodinokibi’ attack

  Travelex says it is making “good progress” in its recovery and is to begin restoring electronic foreign exchange services, but is silent about whether it has agreed to pay hackers a $6m ransom to decrypt computer files

• January 09, 2020 09 Jan'20

  Don’t become the next Travelex: Get ready for ransomware

  With Travelex’s IT still in disarray and banks and travellers left without access to funds more than a week after it was hit by a ransomware attack, we ask what others can learn from the foreign exchange services company’s response to the incident

• January 09, 2020 09 Jan'20

  PowerTrick backdoor used to target high-value businesses

  Threat actors are exploiting a PowerShell-based backdoor called PowerTrick to go after high-value targets, warns SentinelLabs

• January 07, 2020 07 Jan'20

  Broadcom flogs Symantec enterprise security unit to Accenture

  Acquisition is set to make Accenture a global leader in managed cyber security services

• January 06, 2020 06 Jan'20

  Cyber gangsters demand payment from Travelex after ‘Sodinokibi’ attack

  Cyber criminals are demanding payment to decrypt Travelex’s computer files after a devastating malware attack. New questions have been raised about the security of Travelex’s computer network after it emerged the company waited eight months to patch...

• January 06, 2020 06 Jan'20

  Iran likely to hit back with cyber attacks, security experts warn

  The possibility of cyber attack by threat groups acting on behalf of the Iranian government has dramatically increased following US actions in Iraq

• December 24, 2019 24 Dec'19

  Top 10 cyber crime stories of 2019

  Here are Computer Weekly’s top 10 cyber crime stories of 2019

• December 23, 2019 23 Dec'19

  Top 10 cyber security stories of 2019

  Here are Computer Weekly’s top 10 cyber security stories of 2019

• December 20, 2019 20 Dec'19

  Finnish government supports local authorities in cyber security initiative

  The Finnish government has committed resources to a cyber security project aimed at local authorities

• December 17, 2019 17 Dec'19

  Group-IB CEO talks up global threat landscape

  Public attribution of cyber attacks could backfire while a global cyber norms framework won’t emerge until a catastrophic incident occurs, says the head of Singapore-based Group-IB

• December 16, 2019 16 Dec'19

  Barco fixes ClickShare wireless flaw, but users still at risk

  Supplier patches a major vulnerability in its popular ClickShare wireless presentation system with a firmware upgrade, but experts warn that users are not out of the woods yet

• December 13, 2019 13 Dec'19

  Alarm bells ring, the IoT is listening

  With Christmas bearing down on us, a series of vulnerability disclosures has drawn attention to the parlous state of IoT security, and serves as a timely warning to people planning to buy smart devices as gifts

• December 10, 2019 10 Dec'19

  Rapid evolution of quantum computing a concern for CISOs

  With the race to achieve so-called quantum supremacy hotting up, security pros are concerned that it will outpace the development of appropriate safeguards, according to a report

• December 09, 2019 09 Dec'19

  China bans foreign computing kit from government contracts

  All government offices and public institutions must eliminate foreign hardware and software within three years, according to a leaked directive dubbed 3-5-2

• December 06, 2019 06 Dec'19

  How commodities firm ED&F Man solved its threat detection challenges

  After a minor server breach, leading commodities trader turned to Vectra’s Cognito service to expose hidden threats, spot privilege misuse, and conduct conclusive investigations

• December 06, 2019 06 Dec'19

  Great Cannon DDoS operation fires on Hong Kong protesters

  AT&T’s security unit has evidence that China is pressing its Great Cannon DDoS tool into service once again, specifically to target pro-democracy protests in Hong Kong

• December 05, 2019 05 Dec'19

  Aviatrix VPN vulnerability left user endpoints wide open

  Immersive Labs has disclosed a serious vulnerability in VPN supplier Aviatrix’s enterprise client that could have granted hackers elevated user privileges across enterprise targets

• December 03, 2019 03 Dec'19

  Biometrics to enable $2.5tn of mobile payments by 2024

  Juniper Research study predicts that biometric technology will be present on 90% of smartphones in five years’ time

• December 03, 2019 03 Dec'19

  Tenable buys Indegy to integrate IT and OT security

  Acquisition of industrial security specialist Indegy will create a unified, risk-based platform spanning both IT and OT security for Tenable

• December 02, 2019 02 Dec'19

  Top Android apps at risk from StrandHogg vulnerability

  Researchers at Promon say all of the 500 most-downloaded Android apps are at risk from a newly discovered vulnerability

• November 28, 2019 28 Nov'19

  The Security Interviews: Do cyber weapons need a Geneva Convention?

  On a cold afternoon in Finland, F-Secure’s Mikko Hypponen discusses cyber weapons and nation state threats, and explains why arms limitations treaties might one day expand to include malware and other threats

• November 28, 2019 28 Nov'19

  Top APAC security predictions for 2020

  More attacks on critical infrastructure, supply chain vulnerabilities and file-less attacks are some of the security threats that enterprises should keep an eye on next year

• November 25, 2019 25 Nov'19

  AI may open dangerous new frontiers in geopolitics

  Truly artificial intelligence has the potential to provoke an international geopolitical crisis, warns F-Secure’s Mikko Hypponen

• November 21, 2019 21 Nov'19

  F-Secure’s Blackfin challenges perceptions of how AIs think

  New research project aims to develop adaptive, autonomous and collaborative AI agents, and challenges the notion that machine intelligence should merely mimic human intelligence

• November 19, 2019 19 Nov'19

  Public sector risks downplayed by senior IT leaders

  Sophos reveals a significant cyber security perception gap between senior IT and security leaders in the public sector and their front-line teams

• November 19, 2019 19 Nov'19

  Huawei shrugs off latest US reprieve

  Chinese tech giant dismisses the latest extension of the US Temporary General Licence and maintains that the US government is harming its own interests in banning it

• November 19, 2019 19 Nov'19

  Managed services fuelling APAC security market

  Spending on managed security services will account for almost half of Asia-Pacific’s cyber security market by 2023, as global and local providers shore up their offerings in the region

• November 15, 2019 15 Nov'19

  Notorious hackers claim responsibility for Labour DDoS

  Hackers claiming to represent Lizard Squad say they were behind a distributed denial of service attack on the UK’s Labour Party

• November 13, 2019 13 Nov'19

  11 new 5G hacks enable user device tracking and monitoring

  Researchers at Purdue University and the University of Iowa publish details of several new 5G mobile network vulnerabilities

• November 13, 2019 13 Nov'19

  Business leaders fibbing to cover up lax security posture

  Nominet study finds evidence that many businesses tout the robustness of their security posture as a selling point even though their security teams lack confidence in themselves

• November 13, 2019 13 Nov'19

  Attack on Labour shows need for DDoS defence but should alarm few

  After being hit by two DDoS attacks in the space of 24 hours, many commentators are convinced the UK’s Labour Party is the victim of foreign interference in the General Election campaign. It probably isn’t

• November 12, 2019 12 Nov'19

  Nordic SMEs lack the money needed for cyber security

  Businesses and governments in Denmark and Norway are working together to address a cyber security shortfall for SMEs in each country

• November 12, 2019 12 Nov'19

  ‘Robust’ security foils cyber attack on Labour Party

  Labour claims to have been the victim of a cyber attack, but says it is confident no data leaked

• November 12, 2019 12 Nov'19

  Shared responsibility model key to solving 5G security problem

  Both buyers and sellers need to cooperate to solve the thorny issues around 5G security

• November 07, 2019 07 Nov'19

  Amazon Ring video doorbell flaw left users open to attack

  A vulnerability in Amazon’s Ring video doorbells left the internet-of-things devices open to a variety of attacks

• November 07, 2019 07 Nov'19

  Saudis recruited Twitter employees to spy on critics

  Court documents reveal how the Saudi Arabian government targeted Twitter employees as part of a coordinated effort to gather information on known dissidents

• November 06, 2019 06 Nov'19

  Trend Micro insider breach exposes need for data-centric protection

  Simple measures could have saved consumer security product supplier from insider breach

• November 06, 2019 06 Nov'19

  Global security workforce must more than double to meet demand

  There are about 2.8 million cyber security professionals working today, and the world needs four million more

• November 05, 2019 05 Nov'19

  Ransomware authors seeking new ways to avoid being spotted

  Sector analysis from Sophos has revealed some insight into how malware authors are adapting to thwart cyber security controls

• November 01, 2019 01 Nov'19

  General Election sees UK government defer ‘high-risk’ 5G tech supplier review

  Decision on allowing so-called high-risk suppliers access to the UK’s market for 5G infrastructure delayed due to 12 December poll

• October 29, 2019 29 Oct'19

  NordVPN enlists ethical hackers, launches bug bounty programme

  Breached consumer VPN supplier details steps it is taking to shore up its cyber security posture after an unknown actor gained access to one of its servers

• October 29, 2019 29 Oct'19

  Fancy Bear resumes Olympic hacks ahead of Tokyo games

  Fancy Bear is back in action and once again targeting anti-doping bodies and sporting organisations, warns Microsoft

• October 24, 2019 24 Oct'19

  Endpoint security is a procurement issue, says HP, IDC study

  Report warns that buyers are falling at the first hurdle on security by not including it in their endpoint RFPs and tenders

• October 23, 2019 23 Oct'19

  Take responsibility for cyber security basics, urges NCSC CEO

  At the launch of its third annual review, NCSC head Ciaran Martin appealed for individuals and businesses to address the fundamentals of cyber security hygiene to help lighten the load

• October 22, 2019 22 Oct'19

  NordVPN blames datacentre provider for server breach

  VPN provider insists no user data was compromised in a March 2018 server breach, and says its datacentre provider failed to inform it of the issue

• October 22, 2019 22 Oct'19

  Attacker hit VPN firm Avast through its VPN

  Avast has published details of how attackers attempted to gain access to its network over a five month period

• October 21, 2019 21 Oct'19

  Alleged state hackers adapting to cover their tracks, says NCSC

  A group called Turla with suspected links to the Russian government stole Iranian tools and infrastructure to obscure the origins of attacks on multiple other countries, according to new evidence

• October 21, 2019 21 Oct'19

  Sodinokibi emerging as a diverse, multi-vector threat to businesses

  McAfee shares insight into the Sodinokibi ransomware campaign gleaned from its network of honeypots

• October 18, 2019 18 Oct'19

  Amazon consumer devices vulnerable to two-year-old exploit

  Millions of older Amazon Echo and Kindle devices are still susceptible to a Wi-Fi vulnerability that was first disclosed in 2017

• October 17, 2019 17 Oct'19

  BEIS launches multimillion-pound security investment package

  Government is making available more than £50m to support a range of new cyber security initiatives and collaborations, including the latest phase of its Digital Security by Design programme

• October 14, 2019 14 Oct'19

  Private equity swoops on Sophos

  British cyber security star picked up by technology sector investors for $3.9bn