Endpoint security

Russian cyber criminal pleads guilty to running IPStorm botnet

Sergey Manikin faces years in jail after his illicit proxy botnet service was taken down by US law enforcement Continue Reading

How Gigamon is making its mark in deep observability

Gigamon CEO Shane Buckley talks up the company’s ability to inspect encrypted network traffic for malicious activity, how it stands out with its deep observability capabilities and the tailwinds that are fuelling its growth Continue Reading

The UK AI Safety Summit – what did it achieve?

In this week’s Computer Weekly, we look back at the UK government’s AI Safety Summit and assess what it achieved – and what it didn’t. Our latest buyer’s guide examines the future of business software and modernising legacy applications. And we find out how the UK Product Security and Telecommunications Infrastructure Act aims to protect your smart devices. Read the issue now. Continue Reading

Lloyds Bank warns over rising threat of crypto scams

Report by Lloyds Banking Group finds there has been a 23% increase in cryptocurrency scams in 2023 compared with last year, targeting mostly younger investors Continue Reading

Revealed: How Russia’s Sandworm ramped up attacks on Ukraine’s critical infrastructure

New Mandiant intelligence reveals how the APT known as Sandworm has been evolving its playbook, twisting legitimate executables known as LoLBins into malicious tools as it seeks to disrupt daily life in Ukraine Continue Reading

Researchers ‘break’ rule designed to guard against Barracuda vulnerability

Vectra AI researchers found that a Suricata rule designed to detect exploitation of a dangerous Barracuda Email Security Gateway flaw was not entirely effective Continue Reading

Shadow IT use at Okta behind series of damaging breaches

Okta now believes the initial access vector in a series of damaging breaches was one of its own employees who used a corporate device to sign into their personal Google account Continue Reading

How Trellix’s CISO keeps threat actors at bay

Trellix’s chief information security officer, Harold Rivas, outlines how the company mitigates security threats through containment and by helping security analysts to respond faster to cyber incidents Continue Reading

How Elastic manages cyber security threats

Mandy Andress, CISO at Elastic, highlights the company’s approach to tackling evolving cyber threats through the use of AI tools and enhanced security measures while strengthening the capabilities of its security offerings Continue Reading

Demystifying the top five OT security myths

Goh Eng Choon, president of ST Engineering’s cyber business, outlines the common myths around OT security in a bid to raise awareness of the security challenges confronting OT systems Continue Reading

Kaspersky opens up over spyware campaign targeting its staffers

Kaspersky has shared more details of the TriangleDB spyware that was used against its own workforce by an unknown APT group Continue Reading

Secure printing: The foundation of multi-layered security

Implementing secure print solutions is an easy way to ensure neither network data nor printed documents fall into the wrong hands. RFID readers and mobile authentication technology solutions help ... Continue Reading

Sellafield local authority unsure if data was stolen six years on from North Korea ransomware attack

Senior managers at an ‘Achilles heel’ local authority for Europe’s biggest nuclear site ‘still don’t know what was lost’ in a 2017 cyber attack, according to a council source Continue Reading

Loughborough Uni to create five cyber AI research posts

Supported by Darktrace, Loughborough University is to recruit five doctoral researchers focusing on cross-disciplinary research in AI and cyber security Continue Reading

Alert sounded over dangerous Cisco IOS XE zero-day

Cisco warns customers using its IOS XE software of a newly discovered vulnerability that could enable a threat actor to take over their systems Continue Reading

CIISec scores DSIT funding to expand successful CyberEPQ scheme

DSIT has committed to enhanced funding to expand CIISec’s CyberEPQ education programme after recording excellent results to date Continue Reading

Where next for quantum computing?

In this week’s Computer Weekly, we talk to the head of Amazon’s Braket quantum computing services about how the technology is progressing. We go behind the scenes at an ethical hacker event to find out how bug bounty programmes work. And we analyse the offerings of the major players in software-defined storage. Read the issue now. Continue Reading

Security and risk management spending to grow 14% next year

Growth in public cloud services will stand out over the next 12 months, as Gartner projects an overall 14% increase in cyber spending in 2024 Continue Reading

Apple fixes three vulnerabilities found by spyware researchers

Apple has patched three more vulnerabilities uncovered by spyware and surveillance researchers at The Citizen Lab Continue Reading

Cyber experts set out plan to secure future US elections

A group of experts are setting out to enhance election cyber security in the United States, and restore public faith in a process tainted by interference and misinformation in the past Continue Reading

Securing Eurovision’s online voting system against cyber attacks

In this week’s Computer Weekly, we discover how Once.net and Cloudfare defended the 2023 Eurovision Song Contest against cyber attacks. Our buyer’s guide continues to look at integrating software-as-a-service applications, with the governance of SaaS connectivity to the fore. Also, HCLTech’s Ashish Gupta relates how the company has embraced a new, pandemic-influenced, remote working model. And we find out how retail tech leaders influence their boards on transformation projects. Read the issue now. Continue Reading

As vehicle safety regulations loom, carmakers fret over cyber risks

Global, UN-backed car safety and security regulations come into force next year, and automotive bosses say they are not only unprepared, but “swamped” by a tide of compliance and security risks Continue Reading

Storm-0324 gathers over Microsoft Teams

An initial access broker associated with several different ransomware operations is now conducting Microsoft Teams phishing attacks Continue Reading

Podcast: ‘Data first’ a key principle of digital transformation

Chris Gorton of Syniti says organisations should put data first during digital transformation projects, and that means getting data quality, access rights and governance right Continue Reading

The dangers of breaking encryption

In this week’s Computer Weekly, we detail the concerns of the BCS and other IT experts about the UK’s Online Safety Bill’s proposals to weaken end-to-end message encryption. Our buyer’s guide continues to look at the issues around integrating software-as-a-service applications, with a particular eye to the proliferation of SaaS during the Covid pandemic. Red Hat’s CEO Matt Hicks retails the company’s efforts to support generative AI. And we discover how immersive technologies can shape a brave new world of training and design. Read the issue now. Continue Reading

Polish election questioned after Pegasus spyware used to smear opposition, investigation finds

Senate committee alerts prosecutors over potential crimes by public officials involved in purchasing Pegasus spyware used to monitor and smear political opponents Continue Reading

Apple patches Blastpass exploit abused by spyware makers

Apple has patched two vulnerabilities that formed an exploit chain which has been allegedly abused by spyware company NSO Continue Reading

Finnish government to bolster spending on cyber-AI defences

Finland’s government will increase spending on cyber security amid heightened threats from artificial intelligence-based attacks Continue Reading

French supreme court dismisses legal challenge to EncroChat cryptophone evidence

Defence lawyers plan to appeal to the European Court of Human Rights after the French supreme court disallowed an appeal over the legality of EncroChat evidence Continue Reading

German court unclear whether intercepted EncroChat cryptophone messages are legally admissible

Germany’s Federal Constitutional Court is waiting to hear five complaints that could decide whether data from the hacked EncroChat phone network can be lawfully used in German courts, but situation remains unclear for now Continue Reading

Plymouth Uni spearheads research into wind farm cyber resilience

Project hosted at the University of Plymouth in Devon aims to develop cyber security measures to protect the UK’s increasingly important offshore wind farm assets Continue Reading

IT experts issue new warnings over Online Safety Bill plans to weaken end-to-end encryption

BCS, The Chartered Institute for IT, argues the government is seeking a technical fix to terrorism and child abuse without understanding the risks and implications Continue Reading

The quantum threat: Implications for the Internet of Things

The Security Think Tank assesses the state of encryption technology, exploring topics such as cryptographic techniques, data-masking, the legal ramifications of end-to-end encryption, and the impact of quantum Continue Reading

Sandworm attacks Ukraine with Infamous Chisel malware

The UK and its allies have attributed a novel malware campaign against Ukrainian state targets to the Russian intelligence-backed Sandworm APT Continue Reading

Zero-day that forced Barracuda users to bin kit was exploited by China

Mandiant has published details of how a Chinese threat actor targeted high-profile users of Barracuda Networks' Email Security Gateway appliances, including government agencies of interest to Beijing's intelligence goals Continue Reading

AI and supply chain visibility key to mitigating OT security threats

Leveraging AI and maintain visibility into the security of your software supply chain are key to mitigating cyber attacks against operational technology systems Continue Reading

Singapore to bolster OT security capabilities

Cyber Security Agency of Singapore teams up with Dragos and the US Cybersecurity and Infrastructure Security Agency to bolster the country’s OT security capabilities Continue Reading

Police worker could have put investigation into EncroChat encrypted phone network at risk

A police intelligence analyst admitted tipping-off a criminal contact that police had infiltrated the EncroChat encrypted phone network Continue Reading

Researchers demo fake airplane mode exploit that tricks iPhone users

Exploit chain that tricks a victim into believing their iOS device is offline in airplane mode when it is not could open the door to grave privacy concerns Continue Reading

CyberArk eyes growth beyond PAM

CyberArk is seeing exponential growth in the broader identity security market as the company expands its capabilities beyond privileged access management Continue Reading

ITAM influence on cyber risk becoming a factor in credit ratings

Credit agency S&P Global Ratings warns that organisations that pay inadequate attention to IT asset management as a factor in their cyber risk management processes may find their creditworthiness takes a dive Continue Reading

NHS trust suspends two governors as whistleblower email dispute continues

Governors at an NHS trust have been suspended after asking questions about emails used to bring a General Medical Council investigation against a whistleblower Continue Reading

Ivanti MDM users told to patch against two dangerous flaws

Users of Ivanti’s mobile device management platform have been warned to act now to patch two vulnerabilities that were chained by a threat actor in a series of cyber attacks on the Norwegian government Continue Reading

AI has a place in cyber, but needs effective evaluation

Organisations that don’t leverage AI-based security solutions will find themselves more vulnerable than those that do., but cyber pros still need to ensure they can effectively evaluate AI-enhanced tech to ensure it meets their use case Continue Reading

Lancaster Uni lends cyber support to nuclear decommissioning body

Lancaster University’s cyber team has joined with the Nuclear Decommissioning Authority to help support and protect its 300-year mission, while enhancing its own capabilities in the process Continue Reading

How Indian organisations are keeping pace with cyber security

Indian organisations are shoring up their defences to improve their cyber resilience amid intensifying cyber threats targeted at key sectors such as healthcare and logistics Continue Reading

AI-enhanced cyber has potential, but watch out for marketing hype

As AI is a hot topic right now, it is no surprise there are some cyber solutions coming to market that have been thrown together in haste, but that said, genuine AI-powered security products do exist and their abilities could yet prove transformative. Continue Reading

CIO interview: Sean Green, University of East Anglia

In his role as director of digital and data at the University of East Anglia, Sean Green provides high-performance computing to researchers and manages the diverse needs of a campus with the characteristics of a small town, all while finding the time to study one of his passions Continue Reading

Citrix NetScaler users told to patch new zero-day urgently

A vulnerability disclosed and patched last week by Citrix appears to be being exploited by China-backed threat actors as a zero-day, prompting warnings from government cyber bodies Continue Reading

What the Product Security and Telecommunications Infrastructure Act means for UK industry

For years, many network-connected devices have lacked adequate security, putting their users and others at risk of cyber attacks. The UK’s PSTI Act aims to prevent this by mandating minimum security requirements, but what impact will this have on industry? Continue Reading

Government boosts protection for encryption in Online Safety Bill but civil society groups concerned

House of Lords adopts amendment to require Ofcom to commission a report before requiring technology companies to scan encrypted messages, but drops proposals for judicial oversight Continue Reading

Hackers: We won’t let artificial intelligence get the better of us

AI is changing how ethical hackers go about their work, and will continue to do so, but the community is convinced the technology will never be able to replicate the creativity of a flesh-and-blood hacker Continue Reading

Why we need to research the cybersecurity needs of Micro-Businesses?

Current government policy, from digital inclusion to cyber security is based on allegation, not evidence with regard to the five million microbusinesses and sole traders who account for 30% of the ... Continue Reading

Apple pushes Rapid Response patch to fix WebKit zero-day

Apple deployed an emergency patch under its Rapid Security Response update programme, but had to temporarily suspend delivery after it caused problems for users of the Safari browser Continue Reading

Suspicious email reported every five seconds in UK

National Cyber Security Centre report reveals a suspicious email was reported by UK citizens and organisations every five seconds last year Continue Reading

WithSecure forges ahead with green coding initiative

WithSecure’s W/Sustainability programme kickstarts a number of initiatives, including a commitment to green coding the security supplier hopes will set an example for others to follow Continue Reading

Generative AI: Data privacy, backup and compliance

We look at generative AI and the risks it poses to data privacy for the enterprise, implications for backup, and potentially dangerous impacts on compliance Continue Reading

Phishing and ransomware dominate Singapore’s cyber threat landscape

Phishing and ransomware attacks continued apace in Singapore last year amid signs of improving cyber hygiene Continue Reading

How Fastly thinks differently about CDNs and the edge

Fastly is counting on its developer chops and different approaches towards security and other areas to compete with its rivals Continue Reading

Nakivo adds ransomware scanning and new restore options

Backup maker adds malware scanning with big names in security to immutable backup copy functionality. “Tape’s not dead” either, with restore from the venerable medium now possible Continue Reading

Exploitation of Barracuda ESG appliances linked to Chinese spies

Intelligence from Mandiant links exploitation of a flaw in a subset of Barracuda ESG appliances to a previously untracked China-nexus threat actor Continue Reading

No zero-days for June Patch Tuesday, but plenty to chew over

On the face of it, Microsoft’s monthly round of updates is a lighter-than-usual load for security teams, with no zero-days in evidence, but there are still plenty of issues needing attention Continue Reading

TSB calls on Meta to intervene and protect users from fraud losses of £250m this year

TSB is the latest bank to demand more action from social media sector in helping to reduce online fraud Continue Reading

Google launches hacker-backed SME security training scheme

Citing research that shows almost half of SMEs are struggling to recruit cyber security specialists, Google is launching a programme designed to upskill more people to fill thousands of vacant roles Continue Reading

Bank of International Settlement sets up channel secure from quantum breach

The Bank of International Settlement has worked with two of Europe's central banks to explore preventing the security risks posed by quantum computers Continue Reading

Why we need advanced malware detection with AI-powered tools

AI-powered cyber security tools have now developed to a point where they are becoming an effective approach to protecting the organisation. Learn how you can benefit from adopting them Continue Reading

Almost all ransomware attacks target backups, says Veeam

Some 93% of ransomware attacks go for backups and most succeed, with 60% of those attacked paying the ransom, according to a Veeam survey Continue Reading

Kuwait bank introduces biometric payments card

Middle East bank launches payment cards with fingerprint sensor technology embedded Continue Reading

How to secure your software supply chain

In this week’s Computer Weekly, our latest buyer’s guide looks at secure coding, and kicks off by examining the challenges of securing your software supply chain. Cyber law enforcement leaders are calling on firms to end the secrecy around ransomware attacks. And we find out how facial recognition technology is being adopted by retailers. Read the issue now. Continue Reading

CW EMEA: The future of work

In this month’s CW EMEA, we look at the future of work in Europe after the pandemic forced a change in entrenched human behaviour. For years, people talked about flexible working being the way forward, but scepticism within the management of large companies held it back. This all changed when Covid-19 began to spread out of control and governments and businesses quickly told people to work from home where possible. We also look at the increasing problem of IT failures in Dutch hospitals and how they are affecting patient care, highlighting the need to improve IT security in hospitals. Read the issue now. Continue Reading

Secure Boot vulnerability causes Patch Tuesday headache for admins

Applying the fix for a security bypass zero-day affecting the Windows Secure Boot feature will be a long process that will drag into 2024, but for good reason, says Microsoft Continue Reading

Nebulon aims Tripline at ransomware detection in storage

Tripline claims ransomware detection from samples every 30 seconds and works in conjunction with snapshots to deliver recovery from an attack in four minutes Continue Reading

How datacentre operators can fend off cyber attacks

Applying zero-trust principles in the form of strong authentication controls and network segmentation can help datacentre operators to mitigate cyber threats Continue Reading

Santander reports increase in scams and admits fraud head was impersonated

Santander has reported an increase in impersonation scams, and admitted its own head of fraud was impersonated by a fraudster Continue Reading

Google debuts passwordless login options for users

Launch of Google’s passkey service hailed as a great leap forward for passwordless technology Continue Reading

Inside BlackBerry’s cyber security playbook

BlackBerry’s president of cyber security discusses the company’s cyber security strategy and what it is doing to deliver an integrated set of capabilities for enterprises Continue Reading

Cyber Action Plan for Wales launched

The devolved Welsh government has set out four priorities in an action plan designed to foster cyber resilience, talent and innovation across the country Continue Reading

Mystery Apple security update sparks speculation

Apple releases its first Rapid Security Response update for iPhone, iPad and Mac devices, but users are in the dark about what security problems they have fixed Continue Reading

Cyber security and analytics propel jobs boost in Scotland’s tech sector

A tech industry survey from ScotlandIS indicates the country’s tech sector is set to grow, with cyber security as the hottest domain Continue Reading

Global finance firms take part in NATO cyber attack simulation

Global financial services organisations take part in NATO annual event which simulates cyber attacks on critical infrastructure Continue Reading

How organisations can succeed with zero trust

By starting small, taking a long-term view and prioritising the most critical assets in their zero-trust implementations, organisations will be able to reap returns from their investments in the security paradigm Continue Reading

Restaurants hit by IT problems after BlackCat attack on supplier NCR

Ransomware attack on systems of payments giant causing service outages for restaurants around the world Continue Reading

UK joins key allies to launch secure-by-design guidelines

The UK has joined international partners in sharing new advice to help technology companies embed security into the product design and development process Continue Reading

April Patch Tuesday fixes zero-day used to deliver ransomware

A zero-day in the Microsoft Common Log File System that has been abused by the operator of the Nokoyawa ransomware is among 97 vulnerabilities fixed in April’s Patch Tuesday update Continue Reading

Prioritise automated hardening over traditional cyber controls, says report

A report from strategic risk specialist Marsh McLennan advises security buyers to funnel their budgets towards automated cyber security hardening techniques, saying they have a much better chance of reducing risk in a meaningful way Continue Reading

Reactive approach to cyber procurement risks damaging businesses

Too many organisations are following a reactive approach to cyber security, which WithSecure believes is stifling security teams ability to demonstrate value and align with business outcomes Continue Reading

3CX unified comms users hit by supply chain attacks

Ongoing supply chain attacks against customers of UC firm 3CX appear to be linked to North Korean threat actors Continue Reading

Apple security updates fix 33 iPhone vulnerabilities

A larger-than-usual update to Apple’s mobile operating system fixes more than 30 distinct vulnerabilities, including two serious issues that may potentially affect device kernels Continue Reading

Inside Group-IB’s cyber security playbook

A focus on threat intelligence, fraud protection and its work with Interpol has enabled Group-IB to compete against bigger rivals in the market Continue Reading

JP Morgan pilots palm and face-recognition technology in US

JP Morgan is testing out its biometric payment technology in selected retailer stores and at the upcoming Formula 1 Grand Prix in Miami Continue Reading

Nordics move towards common cyber defence strategy

Nordic countries agree to work together to improve their cyber defences amid increasing threat Continue Reading

How Mimecast thinks differently about email security

Mimecast CEO Peter Bauer believes the company’s comprehensive approach towards email security has enabled it to remain relevant to customers for two decades Continue Reading

NCSC launches cyber check-up tools for SMEs

The NCSC has launched two new security services aimed at SMEs that lack the resources to address cyber issues, and may underestimate their vulnerability to attack Continue Reading

UK TikTok ban gives us all cause to consider social media security

The UK government’s ban on TikTok should give all organisations cause to look into what information social media platforms are collecting on us, and what they are using it for Continue Reading

Dutch hospitals underestimate impact of cyber attack

IT failures in acute care organisations in the Netherlands have increased considerably since 2010, affecting patient care and stressing the need to improve IT security in hospitals Continue Reading

WH Smith staff data accessed in cyber attack

The retailer has said that customer data has not been affected by the incident as it is held in different systems, and that investigations into the attack are ongoing Continue Reading

Data breaches in Australia on the rise, says OAIC

Cyber security incidents were the cause of most data breaches, which rose by 26% in the second half of 2022, according to the Office of the Australian Information Commissioner Continue Reading

WithSecure proposes ‘undo’ button for ransomware

WithSecure’s Activity Monitor technology supposedly overcomes the shortcomings of sandbox test environments, and may be able to stop ransomware attacks from ever happening Continue Reading

Singapore organisations struggle to operationalise threat intelligence

Organisations in the city-state were satisfied with the quality of their threat intelligence, but they struggled to operationalise the information due to talent shortages and other challenges Continue Reading

Twitter 2FA changes bring more risks than benefits

Twitter’s approach to nudging users away from insecure SMS-based 2FA is being questioned over its logic Continue Reading