Hackers and cybercrime prevention
-
News
28 Jun 2024
How Recorded Future is operationalising threat intelligence
Recorded Future is investing in APIs to enable automated security workflows, among other measures, to help organisations overcome the hurdles of operationalising threat intelligence Continue Reading
-
News
02 May 2024
How Okta is fending off identity-based attacks
Okta has been bolstering the security of its own infrastructure and building new tools to scan customer environments for vulnerable identities, among other efforts to fend off identity-based attacks Continue Reading
-
News
23 Jul 2024
NCA seizes thousands of social media accounts used by people smugglers
A three-year campaign has seen thousands of social media posts and accounts used to advertise the services of illegal people smugglers taken down Continue Reading
-
News
22 Jul 2024
NCA cracks digitalstress DDoS-for-hire operation
The UK authorities have taken down a major component of the multinational DDoS cyber attack-for-hire ecosystem, hacking into the digitalstress.su service and exfiltrating data on its users, who now face arrest Continue Reading
-
News
22 Jul 2024
NCSC: Beware of criminal CrowdStrike opportunists
Financially motivated cyber criminals are already conducting opportunistic attacks on organisations that leverage the CrowdStrike incident, and more targeted attacks are sure to follow Continue Reading
-
News
18 Jul 2024
Growth in nude image sharing heightens cyber abuse risk
The normalisation of sharing self-created intimate content with others is putting great numbers of people at risk of online abuse, says Kaspersky Continue Reading
-
News
17 Jul 2024
UK Cyber Bill teases mandatory ransomware reporting
In the Cyber Security and Resilience Bill introduced in the King's Speech, the UK's new government pledges to give regulators more teeth to ensure compliance with security best practice and to mandate incident reporting Continue Reading
-
News
17 Jul 2024
Hackney Council reprimanded over 2020 ransomware attack
The London Borough of Hackney has been reprimanded by the ICO over a series of failures that led to a devastating cyber attack, but at the same time, the regulator praised the local authority for its response and commitment to making improvements Continue Reading
-
News
17 Jul 2024
Labour government plans new laws around cyber security, data sharing and skills
The King's Speech outlined the legislative agenda for the new Parliament, including several bills that will impact the tech community Continue Reading
-
News
17 Jul 2024
How iProov is fending off deepfake fraud
Facial biometrics and controlled illumination can detect liveness, verify identities and help prevent deepfake attacks Continue Reading
-
News
16 Jul 2024
Strategic Defence Review must emphasise cyber security, says industry
Cyber security leaders say the new government's Strategic Defence Review needs to put digital security front and centre Continue Reading
-
News
15 Jul 2024
NHS Trusts cancelled over 6,000 appointments after Qilin cyber attack
The two NHS Trusts most heavily impacted by the Qilin ransomware attack on pathology services provider Synnovis have cancelled over 6,000 appointments and procedures in the past five weeks Continue Reading
-
News
12 Jul 2024
AT&T loses ‘nearly all’ phone records in Snowflake breach
Hackers have stolen records of virtually every call made by AT&T's customers during a six-month period in 2022, after compromising the US telco's Snowflake data environment Continue Reading
-
News
12 Jul 2024
Public awareness of ID security grows, but big obstacles remain
Consumers are improving their awareness of the issues around digital identity security, but there are still some big issues preventing many from doing better, according to an Okta report Continue Reading
-
News
11 Jul 2024
Dutch research firm TNO pictures the SOC of the future
In only a few years, security operations centres will have a different design and layout, and far fewer will remain Continue Reading
-
News
11 Jul 2024
Inside Israel’s cyber security operations
An emergency phone line allows cyber security analysts at the Israel Computer Emergency Response Team to map threats against national infrastructure Continue Reading
-
News
09 Jul 2024
Chinese spies target vulnerable home office kit to run cyber attacks
China’s APT40 is ramping up targeting of victims using vulnerable small and home office networking kit as command and control infrastructure, according to an international alert Continue Reading
-
News
09 Jul 2024
Lessons from war: How Israel is fighting Iranian state-backed hacking
The general director of the Israel National Cyber Directorate talks about the rise in cyber attacks and what lessons the country has gleaned to defend against hacking from foreign parties Continue Reading
-
News
09 Jul 2024
Atos jumps on ‘moving train’ for Euro 2024
Atos provides the IT supporting major recurring sporting events including Uefa’s European Football Championship Continue Reading
-
News
08 Jul 2024
Synnovis attack highlights degraded, outdated state of NHS IT
More cyber attacks against the health service are likely, and will succeed if something isn’t done to address the increasingly elderly NHS IT estate, experts are warning Continue Reading
-
Feature
05 Jul 2024
How do cybercriminals steal credit card information?
Cybercriminals have various methods at their disposal to hack and exploit credit card information. Learn what they are, how to prevent them and what to do when hacked. Continue Reading
-
Opinion
04 Jul 2024
Safeguarding democracy from cyber threat peril
There has been an increase in disturbing activity emerging on the dark web involving the sale of public sector assets, including election data Continue Reading
-
News
03 Jul 2024
NCA’s Operation Morpheus targets illicit Cobalt Strike use
International law enforcement operation targets cyber criminals using the Cobalt Strike penetration testing framework for dodgy purposes Continue Reading
-
Opinion
03 Jul 2024
Cyber Essentials at 10: Success or failure?
The Cyber Essentials scheme passed its 10th anniversary in June 2024. CyberSmart's Adam Pilton reflects on progress and argues that more needs to be done to raise security awareness among Britain's small business community Continue Reading
-
News
28 Jun 2024
How FWD is driving its digital strategy
FWD’s group chief technology and operations officer talks up how the pan-Asian insurer is driving change faster and putting technology at the heart of its services Continue Reading
-
News
28 Jun 2024
How Recorded Future is operationalising threat intelligence
Recorded Future is investing in APIs to enable automated security workflows, among other measures, to help organisations overcome the hurdles of operationalising threat intelligence Continue Reading
-
News
26 Jun 2024
Israel’s cyber chief calls for international front against Iranian hackers
Israel’s cyber chief has called for international action against Iran over state-backed hacking Continue Reading
-
News
25 Jun 2024
WikiLeaks founder Julian Assange freed from prison
A deal reached with US authorities will end the WikiLeaks founder’s years-long legal saga, setting him free if he pleads guilty to a criminal conspiracy charge Continue Reading
-
News
25 Jun 2024
NHS experts raise warning over patient data breach risk in registries project
Clinicians warn that the NHS England Outcome Registries Platform has poor security and is vulnerable to cyber attack, putting critical patient data at risk of being exposed Continue Reading
-
News
24 Jun 2024
Sellafield pleads guilty to criminal charges over cyber security
Nuclear Decommissioning Authority-backed organisation Sellafield Ltd pleads guilty to criminal charges brought over significant cyber security failings that could have compromised sensitive nuclear information Continue Reading
-
News
21 Jun 2024
Qilin ransomware gang publishes stolen NHS data online
The ransomware gang behind a major cyber attack on NHS supplier Synnovis has published a 400GB trove of private healthcare data online Continue Reading
-
News
13 Jun 2024
Black Basta ransomware crew may be exploiting Microsoft zero-day
A Microsoft vulnerability that was addressed without fanfare in March may in fact have been exploited as a zero-day by the notorious Black Basta ransomware gang, threat hunters warn Continue Reading
-
News
12 Jun 2024
RCE flaw and DNS zero-day top list of Patch Tuesday bugs
An RCE vulnerability in a Microsoft messaging feature and a third-party flaw in a DNS authentication protocol are the most pressing issues to address in Microsoft’s latest Patch Tuesday Continue Reading
-
News
11 Jun 2024
Pure Storage hit by Snowflake credential hackers
Pure Storage emerges as the latest victim of a fast-spreading breach of Snowflake customers targeting users with lax credential security measures in place Continue Reading
-
News
11 Jun 2024
More than 160 Snowflake customers hit in targeted data theft spree
Mandiant reports that more than 160 Snowflake customers have been hit in a broad data theft and extortion campaign targeting organisations that have failed to pay proper attention to securing valuable credentials Continue Reading
-
News
10 Jun 2024
General election 2024: Liberal Democrats thread digital commitments throughout manifesto
The Lib Dems have promised a new industrial strategy and emphasised the importance of the digital sector, skills and regulating AI, as they lay out plans for the UK general election Continue Reading
-
News
10 Jun 2024
NHS blood stocks running low after ransomware attack
The NHS is appealing for people with O Positive and O Negative blood types to come forward to donate as hospitals in London struggle to keep critical services running after ransomware attack Continue Reading
-
News
07 Jun 2024
DDoS gang threatens to disrupt European elections
Russian hacktivists are threatening to disrupt the European Parliament elections, while the BBC reports on new deepfake threats to the UK’s electoral process Continue Reading
-
News
07 Jun 2024
Bitdefender makes MDR services free to NHS bodies hit by Qilin
Bitdefender offers NHS bodies affected by a major cyber incident free access to its product suite, as the health service continues to deal with the impact of the Qilin ransomware attack on partner Synnovis Continue Reading
-
News
07 Jun 2024
Sophos uncovers Chinese state-sponsored campaign in Southeast Asia
Sophos found three distinct clusters of activity targeted at a high-level government organisation that appeared to be tied to Chinese interests in the South China Sea Continue Reading
-
News
06 Jun 2024
FBI finds 7,000 LockBit decryption keys in blow to criminal gang
The US authorities say they now have more than 7,000 LockBit decryption keys in their possession and are urging victims of the prolific ransomware gang to come forward Continue Reading
-
News
05 Jun 2024
Qilin ransomware gang likely behind crippling NHS attack
Security experts investigating a major cyber attack on an NHS partner that has caused frontline services across South London to grind to a halt say the Qilin ransomware gang appears to be the culprit Continue Reading
-
News
04 Jun 2024
OAIC files civil penalty action against Medibank
The OAIC alleges that Medibank failed to take reasonable steps to protect the personal information of 9.7 million Australians in the October 2022 data breach Continue Reading
-
Opinion
04 Jun 2024
Security Think Tank: The cloud just got more complicated
This month, the Computer Weekly Security Think Tank considers how CISOs and security practitioners should ensure that the business can make use of public cloud services safely and securely and avoid accidental or deliberate data leakage. Continue Reading
-
Opinion
04 Jun 2024
Building a more secure, and sustainable, open source ecosystem
In April 2024, the discovery of an intentionally-placed backdoor in the open source XZ Utils data compression caused concern. Sentry's Chad Whitacre says a more thoughtful approach is needed to balance the individual freedom and creativity of open source, with more rigorous security practice. Continue Reading
-
News
04 Jun 2024
NHS services at major London hospitals disrupted by cyber attack
A major cyber attack at NHS services provider Synnovis is disrupting frontline care at hospitals across London Continue Reading
-
News
04 Jun 2024
Russia used fake AI Tom Cruise in Olympic disinformation campaign
Microsoft threat researchers report a surge in Russian disinformation campaigns targeting the 2024 Summer Olympics, including AI-enhanced propaganda Continue Reading
-
News
03 Jun 2024
97 FTSE 100 firms exposed to supply chain breaches
Between March 2023 and March 2024, 97 out of 100 companies on the UK’s FTSE 100 list were put at risk of compromise following supply chain breaches at third-party suppliers Continue Reading
-
News
03 Jun 2024
Major breaches allegedly caused by unsecured Snowflake accounts
Significant data breaches at Ticketmaster and Santander appear to have been orchestrated through careful targeting of the victims’ Snowflake cloud data management accounts Continue Reading
-
News
02 Jun 2024
Ticketek Australia hit by data breach
Customer names, dates of birth and email addresses of Ticketek Australia account holders reportedly impacted in latest data breach affecting event ticketing firm Continue Reading
-
News
30 May 2024
Europol sting operation smokes multiple botnets
Malware droppers including Bumblebee and Smokeloader were among those targeted in one of the largest ever joint operations against cyber criminal botnets Continue Reading
-
News
29 May 2024
Proofpoint exposes AFF scammers’ piano gambit
Ransomware and nation state actors dominate the headlines, but fraud and scams still net career cyber criminals thousands from unsuspecting members of the public. Proofpoint reports on a campaign targeting victims of a musical inclination Continue Reading
-
News
24 May 2024
Parliamentarians warn of UK election threat from Russia, China and North Korea
Joint parliamentary security committee chair Margaret Beckett writes to prime minister urging government to prepare for foreign states interfering with 4 July election Continue Reading
-
News
22 May 2024
Rockwell urges users to disconnect ICS equipment
ICS systems maker Rockwell Automation calls on users to take steps to secure their equipment, and reminds them there is no reason to ever have its hardware connected to the public internet, as it tracks an increase in global threat activity Continue Reading
-
News
22 May 2024
ORBs: Hacking groups’ new favourite way of keeping their attacks hidden
Beware the ORB: why attacks on your network could come from a home router down the street Continue Reading
-
News
21 May 2024
The Security Interviews: What is the real cyber threat from China?
Former NCSC boss Ciaran Martin talks about nation-state attacks, why the UK has become so exercised about cyber espionage, and how our leaders are in danger of misunderstanding their adversaries Continue Reading
-
Definition
20 May 2024
ATM jackpotting
ATM jackpotting is the exploitation of physical and software vulnerabilities in automated banking machines that result in the machines dispensing cash. Continue Reading
-
News
20 May 2024
WikiLeaks founder Julian Assange granted appeal
Two high court judges granted WikiLeaks founder Julian Assange leave to appeal against extradition to the US after defence lawyers argued that the US had failed to give adequate assurances Continue Reading
-
News
17 May 2024
Why the UK needs to fix its broken IT security market
Ollie Whitehouse, CTO of GCHQ’s National Cyber Security Centre, says the market for secure software is broken. Are new laws required to make software companies liable for poor security? Continue Reading
-
News
15 May 2024
US authorities crack BreachForums for a second time
The BreachForums data leak website has been seized by the FBI and international partners again Continue Reading
-
News
15 May 2024
GCHQ to protect politicians and election candidates from cyber attacks
The National Cyber Security Centre, part of GCHQ, to protect election candidates from hostile state cyber attacks Continue Reading
-
News
15 May 2024
WikiLeaks founder’s extradition case labelled ‘institutional corruption’
Call for Julian Assange to be prosecuted in the US has been condemned as ‘institutional corruption on a judicial level’ with the WikiLeaks founder a ‘political prisoner’ Continue Reading
-
News
14 May 2024
China poses genuine and increasing cyber security risk to UK, says GCHQ director
GCHQ director Anne Keast-Butler uses her first major public speech to warn that China poses a significant cyber security threat to the UK Continue Reading
-
News
14 May 2024
CyberUK 24: UK insurance industry gets tough on ransomware
Three of the UK’s largest insurance associations have signed on to a new initiative spearheaded by the NCSC to try to bring down the number of ransomware payments being made Continue Reading
-
Definition
14 May 2024
bug bounty program
A bug bounty program, also called a vulnerability rewards program (VRP), is a crowdsourcing initiative that rewards individuals like ethical hackers and security researchers for discovering and reporting vulnerabilities and bugs in software. Continue Reading
-
Opinion
13 May 2024
The UK may not have a choice on a ransomware payment ban
In the wake of renewed calls for lawmakers to consider enacting legal bans on ransomware payments, the Computer Weekly Security Think Tank weighs in to share their thoughts on how to tackle the scourge for good. Continue Reading
-
News
10 May 2024
Major breach of customer information developing at Dell
Almost 50 million data records relating to Dell customers appear to have been compromised in a major cyber breach Continue Reading
-
News
09 May 2024
Cyber attack victims need to speak up, says ICO
The Information Commissioner’s Office is urging organisations to be transparent and learn from each other’s mistakes as it reveals most of the cyber attacks it responds to stem from the same core errors Continue Reading
-
News
09 May 2024
Wales gets UK’s first national SOC
The first national security operations centre of its kind in the UK has opened in the south of Wales to safeguard public sector bodies across the country Continue Reading
-
Definition
09 May 2024
threat actor
A threat actor, also called a malicious actor or bad actor, is an entity that is partially or wholly responsible for an incident that affects -- or has the potential to affect -- an organization's security. Continue Reading
-
Opinion
09 May 2024
Enhance identity controls before banning ransomware payments
In the wake of renewed calls for lawmakers to consider enacting legal bans on ransomware payments, the Computer Weekly Security Think Tank weighs in to share their thoughts on how to tackle the scourge for good. Continue Reading
-
News
08 May 2024
Police accessed phone records of ‘trouble-making journalists’
The Police Service of Northern Ireland ran a rolling programme to monitor phone records of journalists to identify the source of police leaks, it was claimed today Continue Reading
-
News
08 May 2024
Germany: European Court of Justice ruling on EncroChat could lead to new legal challenges
A ruling by the European Court of Justice could prompt legal challenges in EncroChat prosecutions in Germany and other EU states Continue Reading
-
News
07 May 2024
Chinese APT suspected of Ministry of Defence hack
A cyber attack on the Ministry of Defence is suspected to be the work of threat actors working on behalf of Chinese intelligence Continue Reading
-
News
07 May 2024
NCA unmasks LockBitSupp cyber gangster who toyed with pursuers
The NCA and its partners have named the administrator of the LockBit ransomware gang, LockBitSupp, as Dmitry Khoroshev, who now faces sanctions and criminal charges Continue Reading
-
E-Zine
07 May 2024
Casting a critical eye on HMRC’s IR35 checker tool
In this week’s Computer Weekly, we investigate what has been going on with HMRC’s Check Employment Status for Tax (CEST) tool. We also speak to the CIO of Danfoss about making datacentres greener and explore the issue of restoring data and system backups after a ransomware or cyber attack. Read the issue now. Continue Reading
-
Definition
06 May 2024
social engineering penetration testing
Social engineering penetration testing is the practice of deliberately conducting typical social engineering scams on employees to ascertain the organization's level of vulnerability to this type of exploit. Continue Reading
-
News
06 May 2024
Microsoft beefs up cyber initiative after hard-hitting US report
Microsoft is expanding its recently launched Secure Future Initiative in the wake of a hard-hitting US government report on recent nation state intrusions into its systems Continue Reading
-
News
03 May 2024
Adobe expands bug bounty programme to account for GenAI
Adobe has expanded the scope of its HackerOne-driven bug bounty scheme to incorporate flaws and risks arising from the development of generative artificial intelligence Continue Reading
-
News
03 May 2024
Patch GitLab vuln without delay, users warned
The addition of a serious vulnerability in the GitLab open source platform to CISA’s KEV catalogue prompts a flurry of concern Continue Reading
-
News
03 May 2024
EU calls out Fancy Bear over attacks on Czech, German governments
The European Union, alongside member states Czechia and Germany, have accused Russian government APT Fancy Bear of being behind a series of attacks on political parties and government bodies Continue Reading
-
Definition
02 May 2024
What is the dark web (darknet)?
The dark web is an encrypted portion of the internet not visible to the general public via a traditional search engine such as Google. Continue Reading
-
News
02 May 2024
NCSC updates warning over hacktivist threat to CNI
The NCSC and CISA have warned about the evolving threat from Russia-backed hacktivist threat actors targeting critical national infrastructure, after a number of American utilities were attacked Continue Reading
-
News
02 May 2024
Dropbox Sign user information accessed in data breach
Account data belonging to Dropbox Sign users was accessed by an unknown threat actor after they hacked into the organisation’s backend infrastructure Continue Reading
-
News
02 May 2024
Ukrainian national sentenced over REvil ransomware spree
A 24-year-old Ukrainian man has been sentenced to more than 13 years in prison after being convicted of his role in the REvil ransomware attacks Continue Reading
-
News
02 May 2024
How Okta is fending off identity-based attacks
Okta has been bolstering the security of its own infrastructure and building new tools to scan customer environments for vulnerable identities, among other efforts to fend off identity-based attacks Continue Reading
-
News
01 May 2024
EMEA CISOs must address human factors behind cyber incidents
The 17th annual Verizon report on data breaches makes for sobering reading for security pros, urging them to do more to address the human factors involved in cyber incidents, and highlighting ongoing issues with zero-day patching Continue Reading
-
Opinion
01 May 2024
Better hygiene may mitigate the need to ban ransomware payments
In the wake of renewed calls for lawmakers to consider enacting legal bans on ransomware payments, the Computer Weekly Security Think Tank weighs in to share their thoughts on how to tackle the scourge for good. Continue Reading
-
News
30 Apr 2024
Keeper to help Williams F1 keep up with cyber challenges
Keeper Security signs up to support F1 team Williams Racing with credential management ahead of the 2024 Miami Grand Prix Continue Reading
-
News
30 Apr 2024
Bad bot traffic in Australia grew 23% in 2023
Traffic from bad bots that perform malicious tasks accounted for 30.2% of Australia’s internet traffic in 2023 Continue Reading
-
Opinion
29 Apr 2024
Ransomware payment bans need universal buy-in
In the wake of renewed calls for lawmakers to consider enacting legal bans on ransomware payments, the Computer Weekly Security Think Tank weighs in to share their thoughts on how to tackle the scourge for good. Continue Reading
-
Opinion
26 Apr 2024
Security Think Tank: Maybe let's negotiate with terrorists
In the wake of renewed calls for lawmakers to consider enacting legal bans on ransomware payments, the Computer Weekly Security Think Tank weighs in to share their thoughts on how to tackle the scourge for good. Continue Reading
-
News
25 Apr 2024
Zero trust is a strategy, not a technology
Zero-trust security should be seen as a strategy to protect high-value assets and is not tied to a specific technology or product, says the model’s creator John Kindervag Continue Reading
-
Opinion
23 Apr 2024
Security Think Tank: Cyber sector, you have failed this community
In the wake of renewed calls for lawmakers to consider enacting legal bans on ransomware payments, the Computer Weekly Security Think Tank weighs in to share their thoughts on how to tackle the scourge for good. Continue Reading
-
News
23 Apr 2024
GooseEgg proves golden for Fancy Bear, says Microsoft
Microsoft’s threat researchers have uncovered GooseEgg, a never-before-seen tool being used by Forest Blizzard, or Fancy Bear, in conjunction with vulnerabilities in Windows Print Spooler Continue Reading
-
Opinion
23 Apr 2024
Questions for IT and cyber leaders from the CSRB Microsoft report
The US government's CSRB report on last year's state sponsored cyber attacks on Microsoft raises significant concerns for Redmond and its customers. Expert Owen Sayers outlines five key questions IT and cyber security leaders should now consider Continue Reading
-
News
22 Apr 2024
Fujifilm plans to ‘make tape easy’ with Kangaroo SME appliance
Fujifilm to add 100TB SME-focused Kangaroo tape infrastructure in a box to existing 1PB offer, as energy efficiency and security of tape make it alluring to customers Continue Reading
-
News
18 Apr 2024
International police operation infiltrates LabHost phishing website used by thousands of criminals
The Metropolitan Police working with international police forces have shut down LabHost, a phishing-as-a-service website that has claimed 70,000 victims in the UK Continue Reading
-
News
18 Apr 2024
CSA warns of emerging security risks with cloud and AI
Few users appreciate the security risks of cloud and have the expertise to implement the complex security controls, says CSA chief executive David Koh Continue Reading
-
Opinion
18 Apr 2024
Security Think Tank: Approaches to ransomware need a course correction
In the wake of renewed calls for lawmakers to consider enacting legal bans on ransomware payments, the Computer Weekly Security Think Tank weighs in to share their thoughts on how to tackle the scourge for good. Continue Reading
-
News
17 Apr 2024
Mandiant formally pins Sandworm cyber attacks on APT44 group
Mandiant has formally attributed a long-running campaign of cyber attacks by a Russian state actor known as Sandworm to a newly designated advanced persistent threat group to be called APT44 Continue Reading
-
News
16 Apr 2024
US provides assurances over extradition of WikiLeaks founder Julian Assange
Extradition of the WikiLeaks founder moves a step closer after the US government gives diplomatic assurances over his treatment in the US. Assange supporters accuse the US of ‘weasel words’ Continue Reading