Endpoint security

WH Smith staff data accessed in cyber attack

The retailer has said that customer data has not been affected by the incident as it is held in different systems, and that investigations into the attack are ongoing Continue Reading

Data breaches in Australia on the rise, says OAIC

Cyber security incidents were the cause of most data breaches, which rose by 26% in the second half of 2022, according to the Office of the Australian Information Commissioner Continue Reading

WithSecure proposes ‘undo’ button for ransomware

WithSecure’s Activity Monitor technology supposedly overcomes the shortcomings of sandbox test environments, and may be able to stop ransomware attacks from ever happening Continue Reading

Singapore organisations struggle to operationalise threat intelligence

Organisations in the city-state were satisfied with the quality of their threat intelligence, but they struggled to operationalise the information due to talent shortages and other challenges Continue Reading

Twitter 2FA changes bring more risks than benefits

Twitter’s approach to nudging users away from insecure SMS-based 2FA is being questioned over its logic Continue Reading

Why CIOs need to revisit desktop virtualisation

Cloud computing is the next revolution in infrastructure, but desktop IT is still very much on-premise Continue Reading

Enterprise open source: A Computer Weekly Downtime Upload podcast

We speak to Spotify’s open source tech lead, Per Ploug, on supplier relationship management in open source Continue Reading

Security Think Tank: New trends and drivers in cyber security training

Self-paced, interactive, bite-sized learning is becoming the optimum path for cyber security training in the workplace, says John Tolbert of KuppingerCole Continue Reading

Multi-purpose malwares can use more than 20 MITRE ATT&CK TTPs

Report warns of the development of increasingly sophisticated, multi-purpose malwares, and calls on defenders to play close attention to the MITRE ATT&CK framework to ward them off Continue Reading

Where next for NHS IT?

In this week’s Computer Weekly, as NHS Digital is folded into NHS England, we consider what the merger could mean for the future of NHS IT. We find out how data science and analytics has become an increasingly important function for the John Lewis Partnership. And we examine the importance of building empathy into metaverse applications. Read the issue now. Continue Reading

Banking regulatory body wants a ‘tripwire’ to flag APP fraud

Banking code of practice organisation wants banks to monitor where authorised push payment scammers are sending stolen money Continue Reading

How Check Point is keeping pace with the cyber security landscape

Check Point Software CEO Gil Shwed talks up the company’s growth areas, its approach to cloud security and the impact of generative AI on cyber security Continue Reading

APP fraud reimbursement proposal is ‘fundamentally flawed’, say MPs

MPs claim the involvement of a bank-sponsored organisation in reimbursing victims of APP fraud would be a conflict of interest Continue Reading

APAC buyer’s guide to SASE

In this buyer’s guide on secure access service edge services, we look at the benefits of the technology, key considerations and the market landscape Continue Reading

Malware variant can block contactless payments

Kaspersky warns that the latest variant of the Prilex malware can block contactless payments to force people to insert cards, enabling criminals to steal money Continue Reading

Zero-trust implementations remain work in progress

Just one in 10 large enterprises are expected to have mature and measurable zero-trust programmes in place by 2026, study finds Continue Reading

NCSC exposes Iranian, Russian spear-phishing campaign targeting UK

Spear-phishing campaigns likely linked to Iranian and Russian espionage activity are targeting persons of interest in the UK, warns the NCSC Continue Reading

Japan researchers develop new data encryption method

Researchers from Tokyo University of Science have combined the best of homomorphic encryption and secret sharing in a new method to handle encrypted data Continue Reading

Fraudsters and cyber criminals stole more than £4bn in the UK through 2022

The amount of money stolen by fraudsters and cybercriminals in the UK saw a huge increase in 2022 Continue Reading

Thai enterprises spend more on software amid growing digitalisation

The majority of software spending in Thailand during the first half of 2022 went into applications followed by infrastructure software and development tools, according to IDC Continue Reading

Chrome vulnerability could have led to widespread data theft

A dangerous vulnerability in Google Chrome and Chromium-based browsers could have put billions of users’ files at risk of being stolen Continue Reading

New APT group targets ASEAN governments and militaries

The Dark Pink advanced persistent threat group used custom malware to exfiltrate data from high-profile targets through spear-phishing emails last year, according to Group-IB Continue Reading

Vulnerable organisations to get free Cyber Essentials support

Charities and legal aid firms are among those to be offered free security checks and certifications from the National Cyber Security Centre Continue Reading

China and India governments among top targets for cyber attackers

Chinese and Indian governments targeted by hacktivists and ransomware groups out to make statement or expose flaws in their respective security postures Continue Reading

Cyber security professionals share their biggest lessons of 2022

In the run-up to 2023, cyber security professionals are taking the time to reflect on the past few months and share their biggest lessons of 2022 Continue Reading

Mitiga researchers disclose AWS Elastic IP hijacking vulnerability

Cloud incident response supplier Mitiga has said a new AWS feature has led to a vulnerability that could allow hackers to access and steal Elastic IP addresses and gain control over AWS accounts Continue Reading

Top 10 cyber security stories of 2022

The war in Ukraine loomed large over the cyber security news agenda, but 2022 also saw growing awareness of open source security, discussion around cyber insurance, and more besides Continue Reading

Top 10 ANZ IT stories of 2022

We recap the top 10 stories in Australia and New Zealand, including the opportunities and challenges that organisations in the region have faced over the past year Continue Reading

Security Think Tank: 2022 brought plenty of learning opportunities in cyber

At the end of another busy 12 months, Turnkey Consulting’s Andrew Morris sums up some of the most important takeaways for cyber pros Continue Reading

Microsoft fixes two zero-days in final Patch Tuesday of 2022

December’s Patch Tuesday is typically a light month for Microsoft, and this year proved no exception, but there are still several critical issues worth addressing, and two zero-days for defenders to pore over Continue Reading

New cyber approaches ease Registers of Scotland’s AWS migration

As the holder of the oldest national public land register in the world, Registers of Scotland has a storied history dating back centuries. Find out how Palo Alto Networks is keeping its processes and data secure as it goes all-in on Amazon Web Services Continue Reading

Finnish government launches information security voucher scheme

Finland’s government is offering businesses financial support to help them improve their cyber security Continue Reading

How Zscaler is cracking APAC’s cloud security market

Zscaler’s head in Asia-Pacific and Japan talks up the company’s growth momentum in the region and what it is doing to address areas where it can do better Continue Reading

Apple to tap third party for physical security keys

Apple is launching a number of new security protections, including the addition of third-party-provided hardware security keys Continue Reading

Australia to develop new cyber security strategy

New strategy to be developed by top cyber security experts aims to turn Australia into a global cyber leader, among other goals Continue Reading

Security Think Tank: As cyber pros, we need to articulate our needs better

There is always a lot to learn about security, but one of the most important lessons may not relate to technology at all, says Petra Wenham Continue Reading

Security Think Tank: The more you buy, the less you protect

The most important lesson learned this year is that the more controls you have in place, the less secure you become, argues 2-sec’s Tim Holman Continue Reading

Latest LockBit ransomware versions have wormable capabilities

Sophos researchers have reverse-engineered the Lockbit 3.0 ransomware, shedding new light on its evolving capabilities and firming up links with BlackMatter Continue Reading

Think technology, process, human risk to manage ransomware

Effective ransomware handling boils down to three core areas – technology, process and human risk Continue Reading

How gamifying cyber training can improve your defences

Security training is the cornerstone of any cyber defence strategy. With ever-escalating online threats, it is now more important than ever that this training is an engaging experience Continue Reading

Plexal inducts six into cyber leadership scheme

Tech innovation hub Plexal is expanding its Cyber Runway programme with a new Ignite strand dedicated to supporting high-potential security leaders Continue Reading

Not-for-profit aims to encourage 1,300 girls into cyber careers

CyNam, a not-for-profit cyber security initiative, is collaborating with industry, education providers and government to encourage young women into cyber Continue Reading

Cyber criminals target World Cup Qatar 2022

In this week’s Computer Weekly, as the FIFA World Cup opens in Qatar, we examine the cyber security threats from criminals targeting the event. We report from the Gartner Symposium on the latest predictions for enterprise software development. And we talk to the CIO of Kyiv City Council about managing IT in the shadow of war. Read the issue now. Continue Reading

How to protect against ransomware attacks

In this week’s Computer Weekly, we look at how to prepare for and protect against ransomware, and what to do if you’re hit by an attack. We gauge industry reaction to Ofcom’s plan to investigate the big three cloud providers. And we find out how travel giant TUI is implementing self-service analytics. Read the issue now. Continue Reading

How Google and Mandiant are forging synergies in cyber security

Google’s AI smarts and Mandiant’s intelligence on new and emerging threats could lay the foundation of proactive security Continue Reading

Optus earmarks A$140m to cover cost of data breach

Optus sets aside A$140m as an exceptional expense for a customer remediation programme following a massive data breach that affected 10 million customers Continue Reading

Why Sophos is bullish on managed security services

Sophos has grown its managed detection and response business to more than $100m over the last three years as more organisations grapple with the increasingly complex cyber security landscape Continue Reading

How the US-China chip war will affect IT leaders

In this week’s Computer Weekly, as the US ramps up semiconductor sanctions on China, we examine the ramifications across the tech sector. Cyber criminals are turning to new forms of encryption – we talk to the Dutch researchers trying to catch them. And we look at what cloud providers need to do to improve customer experience. Read the issue now. Continue Reading

Microsoft: Nation-state cyber attacks became increasingly destructive in 2022

The willingness of nation-state actors to conduct destructive cyber attacks is a source of grave concern, as Microsoft’s latest annual Digital Defence Report lays bare Continue Reading

How Elastic is going beyond enterprise search

Elastic has been doubling down on the security and observability capabilities of its open-source platform, going beyond its roots in enterprise search Continue Reading

Apple patches new iPhone zero-day

Apple’s latest patch fixes yet another zero-day, as security issues keep surfacing in its mobile products Continue Reading

Global digital trust market to double by 2027

The global market for digital trust technology is expected to double to $537bn by 2027, up from $270bn today as demand for cyber security and other capabilities continues to grow Continue Reading

Microsoft slams external researchers over its own data leak

Microsoft inadvertently leaked customer data after misconfiguring an Azure Blob, but has hit out at the organisation that discovered its error, claiming it is exaggerating the scope of the issue Continue Reading

Singapore extends cyber security labelling scheme to medical devices

The Cyber Security Agency of Singapore is extending its cyber security labelling scheme to medical devices to encourage medical device manufacturers to adopt a security-by-design approach to product development Continue Reading

Malicious WhatsApp add-on highlights risks of third-party mods

Kaspersky researchers discovered a malicious version of a widely used WhatsApp messenger mod, highlighting the risks of using so-called mods Continue Reading

Australia becoming hotbed for cyber attacks

Research by Imperva shows an 81% increase in cyber security incidents in Australia between July 2021 and June 2022, including automated attacks that doubled in frequency Continue Reading

Gartner: Remote work, zero trust, cloud still driving cyber spend

Security leaders are eager to spend on categories including remote and hybrid cyber offerings, zero-trust network access, and cloud Continue Reading

How Cloudflare is staying ahead of the curve

Cloudflare co-founder and CEO Matthew Prince talks up what has changed since the company’s first business plan was written in 2009 and how it keeps pace with the fast-moving network security landscape Continue Reading

Inside Dell Technologies’ zero-trust approach

Dell Technologies’ zero-trust reference model starts with defining business controls and having a central control plane that manages all the security aspects of an organisation’s infrastructure Continue Reading

Tories to replace GDPR

IT industry reacts to the government’s plan to replace the pan-European data protection regulation Continue Reading

How to protect against SMS mobile security weakness

The simple messaging service provides two-factor authentication in banking and e-commerce, but what happens if your SIM card is stolen? Continue Reading

Security regulation cuts online payment fraud at 73% of retailers

New online payments security standard, Strong Customer Authentication (SCA), sees immediate fall in fraudulent payments to retailers Continue Reading

Failure of Russia’s cyber attacks on Ukraine is most important lesson for NCSC

Russia has so far failed in its attempts to destabilise Ukraine through cyber attacks due to strength of Ukrainian, security industry and international efforts Continue Reading

Optus breach casts spotlight on cyber resilience

The massive data breach that affected more than 10 million Optus customers has cast the spotlight on API security and other factors that contribute to the cyber resilience of organisations in Australia Continue Reading

Most hackers exfiltrate data within five hours of gaining access

Insights from more than 300 sanctioned adversaries, otherwise known as ‘ethical’ hackers, reveal that around two-thirds are able to collect and exfiltrate data within just five hours of gaining access Continue Reading

Conversation between two police officers formed basis of EncroChat warrant, court hears

The National Crime Agency did not seek a written explanation of a French hacking technique before applying for a surveillance warrant to use French “intercept” in the UK, a court heard Continue Reading

NCA ‘deliberately concealed’ information when it applied for EncroChat warrants, tribunal hears

Investigatory Powers Tribunal hears that the National Crime Agency made ‘serious and fundamental errors’ Continue Reading

How Great Eastern is transforming its IT organisation

Singapore-based insurer Great Eastern made painstaking efforts to rid itself of legacy systems and transformed its IT organisation to become nimbler by building up its cloud and DevOps capabilities Continue Reading

Nordic private equity firms pursue cyber security acquisitions

Increasing interest in the security sector from Nordic private equity firms is a reflection of growing threats and increasing enterprise security budgets Continue Reading

ANZ organisations using antiquated backup and recovery systems

Nearly half of ANZ organisations are still using backup and recovery systems from over a decade ago, hampering their ability to protect their data assets and recover from ransomware attacks Continue Reading

Thousands of customers affected in Revolut data breach

Digital challenger bank has warned its customers to be vigilant after their data was exposed in a cyber attack Continue Reading

Six new vulnerabilities added to CISA catalogue

CISA adds six new vulnerabilities to its most-wanted list, including one that dates back to 2010 Continue Reading

EU Cyber Resilience Act sets global standard for connected products

European Commission lays out proposed security regulations on device and software security to better protect consumers and drive global standards Continue Reading

Microsoft patches 64 vulnerabilities on September Patch Tuesday

Microsoft drops fixes for five critical vulnerabilities and one zero-day in its latest monthly update Continue Reading

CISOs should spend on critical apps, cloud, zero-trust, in 2023

Faced with a global recession next year, security buyers should try to direct investment towards technology that protects customer-facing and revenue-generating workloads, say analysts Continue Reading

NCSC CyberUK event heads to Belfast in 2023

National Cyber Security Centre’s annual CyberUK roadshow is crossing the Irish Sea to Belfast in April 2023 Continue Reading

Dutch cyber security organisations to join forces

Cyber security organisations in the Netherlands are going to merge into a single central expertise centre and information hub, which all organisations in the country will soon be able to tap into Continue Reading

August ’22 a bumper month for high-impact vulnerabilities

Bugs in products from Apple, Google, Microsoft and VMware dominated the threat landscape in August, says Recorded Future Continue Reading

Prince’s Trust teams with threat management specialist in skills push

Prince’s Trust hopes to address shortfall in cyber professionals and improve diversity in the industry Continue Reading

Cyber threats to Europe’s grid: Utilities rethink strategy

The separation of operational and information technology at utilities across Europe is opening doors for cyber criminals Continue Reading

Digital identity is key to coping with surge in air travel

The International Air Transport Association’s One ID digital identity initiative will pave the way for seamless air travel from curb to gate and help airports cope with growing passenger traffic Continue Reading

Saudi Arabian organisations choose to outsource to improve cyber security posture

Overwhelmed by rising threats and a growing number of government mandates, many organisations in Saudi Arabia are looking for outside help to take care of cyber security Continue Reading

How Okta is regaining customer trust after a cyber attack

In early 2022, cyber firm Okta was among several tech companies hit by the Lapsus$ gang. Vice-president of customer trust Ben King talks about how he has been working behind the scenes to rebuild confidence after the incident Continue Reading

Four years into GDPR, Norway hopes for safer data transfer to US

Much of the data on the internet ends up on US servers at some point, and that is not always compatible with the General Data Protection Regulation, says Norwegian data protection authority Continue Reading

NCSC shares cyber guidance for large infrastructure builds

Balfour Beatty and McAlpine are among the large construction firms to have input into latest NCSC guidance for ensuring the security of major infrastructure projects Continue Reading

Apple patches two zero-days in macOs, iOS

Mac users should urgently apply new patches addressing vulnerabilities in its desktop and mobile operating systems Continue Reading

Amazon Ring vulnerability could have been used to spy on users

A now-patched vulnerability in the Amazon Ring mobile app could have been exploited to expose users’ video recordings, but was complex to exploit, according to the researchers who stumbled upon it Continue Reading

How critical infrastructure operators can secure OT data

Cohesity’s CISO discusses the challenges of securing data in operational technology systems and what can be done to mitigate security threats Continue Reading

Researcher finds 10 vulnerabilities in Cisco firewalls

At Black Hat USA, Rapid7 researchers report on 10 security issues in popular Cisco firewall products, many of which do not yet have patches Continue Reading

Cyber insurance getting harder to obtain

Organisations looking to shore up their security postures face more and more barriers to obtaining cyber insurance Continue Reading

UK has biggest card fraud problem in Europe

Social Market Foundation calls on the UK to get a grip on its huge problem with bank card fraud in Europe Continue Reading

Financial services regulator opens digital delivery centre in Leeds

The Financial Conduct Authority is increasing the number of tech experts in its workforce through a new digital delivery centre in Leeds Continue Reading

Shift to remote work sees major rise in cyber crime

Survey finds almost four in five cyber security teams agree that recent changes to working practices have adversely affected their organisation’s cyber security, with one-fifth banning the use of public Wi-Fi by policy Continue Reading

NCSC startups scheme turns focus to operational technology, SME security

NCSC for Startups initiative turns its focus to supporting innovation around securing operational technology and addressing the challenges facing small businesses Continue Reading

Cyber criminals pivot away from macros as Microsoft changes bite

As Microsoft resumes blocking macros by default in its Office application suite, reversing a temporary reversal, analysis from Proofpoint suggests the action has had a remarkable effect Continue Reading

Cyber security training ‘boring’ and largely ignored

Two-thirds of employees don’t bother to pay attention to cyber security training – and the fault does not lie with them Continue Reading

Ducktail infostealer targets Facebook Business users

Newly uncovered Ducktail operation targets individuals with access to Facebook Business service and tries to steal their accounts Continue Reading

Inside Russia’s Ukraine information operations

In this week’s Computer Weekly, we get the inside track on Russia’s disinformation operations attempting to spread propaganda and cyber threats about the invasion of Ukraine. Our new buyer’s guide looks at customer and employee experience management. And we assess 10 top Kubernetes backup suppliers. Read the issue now. Continue Reading

NCSC seeks community input for Cyber Advisor service

The NCSC is proposing to establish a new Cyber Advisor service to train up experts in security guidance, and is inviting interested parties to come forward Continue Reading

The Security Interviews: Why you need to protect abandoned digital assets

The war in Ukraine and subsequent boycott of Russia resulted in a swathe of digital infrastructure being abandoned, becoming a potential vulnerability for many organisations, says Cyberpion’s Ran Nahmias Continue Reading