Hackers and cybercrime prevention

Securing UK’s critical national infrastructure is a 2021 priority

Government outlines the UK’s strategic cyber security policies for the coming 12 months, with critical national infrastructure a clear priority Continue Reading

Use of abusive stalkerware against women skyrocketed in 2020

Rise in the use of malicious stalkerware correlates closely to increased domestic violence during lockdown Continue Reading

Belgian security researcher hacks Tesla with Raspberry Pi

Belgian security researcher Lennert Wouters once again succeeds in hacking a Tesla vehicle, this time by exploiting the Bluetooth Low Energy standard Continue Reading

Nominet introduces new resources for cyber scam victims

Domain name registrar is working with law enforcement to provide new information, guidance and resources for potential victims of online scams Continue Reading

Telcos could face huge fines under new security laws

Government boasts of unprecedented powers to boost the security standards of the UK’s critical national infrastructure Continue Reading

NCSC issues retail security alert ahead of Black Friday sales

National Cyber Security Centre issues refreshed guidance as cyber criminals turn their eyes to the holiday shopping season Continue Reading

Manchester United praised for swift response to cyber attack

Manchester United’s systems were attacked last week, and the club has been praised for a swift and decisive response Continue Reading

MPs subjected to over 22 million malicious email attacks in 2020

Members of Parliament are targeted by millions of spam and phishing emails every month, according to a Freedom of Information disclosure Continue Reading

Security pros fear prosecution under outdated UK laws

CyberUp, a group of campaigners who want to reform the Computer Misuse Act, finds 80% of security professionals are concerned that they may be prosecuted just for doing their jobs Continue Reading

CW APAC: Expert advice on zero-trust security

Zero trust is a security model that eliminates the traditional perimeter and assumes that no user or device can be trusted until proven otherwise. In this handbook, Computer Weekly looks at how enterprises can take a zero-trust approach to securing their network, devices and workforce. Continue Reading

Security sector broadly backs Boris Johnson’s Cyber Force

Security community says the presence of a robust cyber defence force alongside a robust physical one will be vital to the UK’s national security Continue Reading

2021 the year of commodity ransomware, says Sophos

Sophos researchers anticipate a trickle-down effect in the cyber criminal underground Continue Reading

US cyber security chief fired for contradicting Trump

CISA chief Chris Krebs ousted for doing his job fighting disinformation in an apparent purge of officials deemed disloyal to president Donald Trump Continue Reading

The case of Julian Assange as he faces US extradition bid – Computer Weekly Downtime Upload podcast

In this episode of the Computer Weekly Downtime Upload podcast, Bill Goodwin, investigations editor, joins Caroline Donnelly, Clare McDonald and Brian McKenna to discuss the case of Julian Assange, whose recent extradition hearing at the Old Bailey Bill reported on Continue Reading

How Aarogya Setu is addressing scale and security challenges

India’s contact-tracing platform leverages microservices, encryption techniques and cloud-based visibility tools to address scale and security requirements Continue Reading

Kaspersky shuts down data-processing activities in Russia

Cyber security provider’s data storage and processing activities for customers in Europe, the US and Canada, have now been fully relocated to Switzerland Continue Reading

HMRC warns over uptick in Self Assessment tax scams

HMRC issues updated warnings as 2021 Self Assessment deadlines loom Continue Reading

Ransomware stats overload risks confusing buyers

UK-based organisations are either more, or less, likely to pay ransoms, depending on which cyber security supplier you want to believe Continue Reading

How to build an effective vulnerability management programme

As cyber criminals increasingly look to exploit vulnerabilities in software and hardware, businesses must build and implement an effective vulnerability management programme to counter this growing threat Continue Reading

How Standard Chartered approaches cyber security

Bank uses security-by-design principles and conducts red-teaming exercises among other measures to fend off cyber breaches Continue Reading

Resident Evil studio Capcom confirms scale of Ragnar Locker breach

Videogame studio says the data of up to 350,000 people was likely to have been compromised in a Ragnar Locker ransomware attack Continue Reading

Hackney systems could be unavailable for months, says council

A month after a highly disruptive cyber attack on its systems, Hackney Council is still struggling to get back up and running Continue Reading

Ticketmaster fined £1.25m by ICO for failing to protect customer data

Ticket website’s customer data was exposed through an attack on a third-party chatbot Continue Reading

Online kids’ game Animal Jam confirms large breach

Cyber criminals have stolen data on 46 million Animal Jam player accounts via a third-party attack Continue Reading

Company accused of spying on Assange acted for Ecuadorian Intelligence, says ex UC Global manager

Former operations chief of UC Global told Spanish Court the company accused of spying on Assange at the Ecuadorian Embassy in London was acting on the orders of Ecuadorian Intelligence Continue Reading

Security pros coped admirably with remote working transition

Despite facing tight timescales at the onset of the pandemic, security professionals have come through the transition to remote working remarkably well, according to a report Continue Reading

Microsoft drops fix for serious zero-day among 112 Patch Tuesday updates

November’s Patch Tuesday contains fixes for 112 bugs, including a potentially serious zero-day exploit that malicious actors are already taking advantage of Continue Reading

EU aid funds used to train ‘unaccountable intelligence agencies’ in high-tech surveillance

Hundreds of documents obtained by campaign group Privacy International show how the EU is supporting surveillance programmes in the Balkans, the Middle East and Africa Continue Reading

Intel and AMD processors affected by another side-channel exploit

Two years after Spectre and Meltdown, the x86 processor faces another side-channel exploit – only this time, it is based on sensing temperature Continue Reading

Leaky AWS S3 bucket once again at centre of data breach

Prestige Software exposed millions of records after failing to pay attention to the security of its cloud instances Continue Reading

IT Priorities 2020: After Covid-19, security goes back to basics

This year’s transition to remote working highlighted big gaps in the fundamentals of security, as updated TechTarget/Computer Weekly data reveals Continue Reading

Using digital twins to cut costs and improve safety at Shell

In this week’s Computer Weekly, we look at Shell’s digital twin strategy, which combines AI, internet of things and big data to improve safety and cut costs. Our latest buyer’s guide examines the best practices and technologies in business process automation. And we find out why securing DNS is critical to fighting cyber crime. Read the issue now. Continue Reading

EU moves closer to encryption ban after Austria, France attacks

Draft resolution document setting up an EU-wide ban on end-to-end encryption is set to be waved through this week Continue Reading

Credential stuffing: When DDoS isn’t DDoS

Ten years ago, credential stuffing attacks posed a comparatively minor threat, but with an escalating number of data breaches, the threat posed has now increased. What are the solutions to this very human problem? Continue Reading

NHS warned over Ryuk spreading through Trickbot replacements

NHS Digital tells healthcare organisations to be mindful of a marked rise in usage of the Bazar and Buer loaders Continue Reading

Consumer rights organisation warns of computer takeover scams

Consumers warned to be on guard against criminals pretending to be IT support staff to gain access to personal banking information Continue Reading

Singapore government rolls out digital signature service

Individuals and businesses will soon be able to sign documents digitally using a new service on the Singapore government’s SingPass digital identity platform Continue Reading

EU to introduce data-sharing measures with US in weeks

The European Commission is to issue updated standard contractual clauses (SCCs) that will allow organisations in the EU to exchange data with the US, but they may arrive too late to incorporate into UK law Continue Reading

India and Japan report stronger concern over cyber threats

Security operations teams in the two Asian giants see the increased volume of cyber threats as their biggest challenge amid the Covid-19 pandemic Continue Reading

The UK government’s ‘flawed and misleading’ Covid-19 data

In this week’s Computer Weekly, the coronavirus data relied upon by the UK government is ‘flawed and misleading’ say experts – we examine the implications. Ikea talks about how it turned to the cloud to deal with the impact of the pandemic. And we look at the digital transformation underway at credit card giant Capital One. Read the issue now. Continue Reading

NHS weathers cyber crime storm during pandemic, says NCSC

The NCSC dealt with over 700 incidents in the 12 months to August 2020, with over 200 specifically related to Covid-19, and the NHS a critical area of focus Continue Reading

Maze ransomware shuts down with bizarre announcement

The operators of Maze announce they are shutting down, and claim their crime spree was merely intended to demonstrate lax security at their targets Continue Reading

Accidental heroes: How one scaleup pivoted to cyber

Simeon Quarrie designed his business using virtual reality and interactivity as a tool to tell stories that effect cultural change in enterprise environments – then a cyber criminal emptied his bank account Continue Reading

ICO slashes Marriott breach fine to £18.4m

Reduced fine reflects both improvements made to hotel group’s cyber security and impact of coronavirus on the travel and hospitality sector Continue Reading

Surge in Ryuk ransomware attacks has hospitals on alert

Russian cyber criminals are conducting a targeted campaign against hospitals with Ryuk ransomware Continue Reading

Trump supporters targeted by cryptocurrency scammers

The successful breach of Donald Trump’s official website shows up lax security on his campaign team and is yet another timely warning that nobody is immune to cyber crime Continue Reading

Finnish therapy centre accused of covering up cyber attack

Private therapy practice Vastaamo faces questions over its security and business practices in the months leading up to one of the biggest data breaches in Finland’s history Continue Reading

Privacy and online safety are focus of new UKRI research funding

Online safety research centre of excellence will look into technology to boost privacy and tackle disinformation, fake news, conspiracies and other online harms Continue Reading

Calls for clarity over Amazon insider breach

Security experts call for more clarity from Amazon over an apparent leak of customer data Continue Reading

Sopra Steria hit by new version of Ryuk ransomware

IT services company Sopra Steria says it has contained the ransomware virus, but systems will take a few weeks to be fully operational Continue Reading

APAC CISOs warm up to zero trust

Security leaders in Asia-Pacific are adopting zero-trust security, but challenges stand in their way of reaping the full potential of the security model Continue Reading

Highly unusual hacking attack directly threatens therapy patients

A hacker has directly contacted therapy patients to say their highly personal therapy notes will be put on the internet unless they pay the ransom Continue Reading

Cooperation between Norway’s security agencies planned following cyber attack on parliament

Government seeks to develop enhanced national IT infrastructure with an embedded early warning system and defence shield to protect the IT systems of public and private organisations Continue Reading

Cyber attack on Hackney Council is ‘morally repugnant’, says mayor

Mayor of Hackney is ‘incredibly angry’ at the cyber criminals behind the attack, which will continue to disrupt key council services for some time Continue Reading

Securing Australia’s distributed workforce

This is a guest post by Tom Kellermann, head of cyber security strategy at VMware Carbon Black 2020 has been a year like no other. The global pandemic has quickly changed work and business as we ... Continue Reading

NSA’s top CVE list a timely reminder to patch

Many of the CVEs detailed on the NSA’s top 25 chart are golden oldies Continue Reading

Charities warned over ‘Robin Hood’ cyber criminals

Accepting donations from cyber criminal groups could be deemed as profiting from crime, money laundering or handling stolen goods – so don’t do it Continue Reading

Trump and Biden campaign apps easy targets for cyber criminals

You don’t need a stellar IQ to exploit the dangerous StrandHogg Android vulnerability, and users of both Donald Trump’s and Joe Biden’s mobile apps are at risk of falling victim to it Continue Reading

Customer loyalty accounts in danger from cyber criminals

Billions of credential stuffing attacks are harvesting valuable customer data for the dark web economy Continue Reading

Why securing the DNS layer is crucial to fight cyber crime

Domain name system security is often overlooked by organisations, but focusing on this layer could actually improve the effectiveness of cyber security strategies. We explore the latest DNS trends and best practice Continue Reading

Retailers get access to new security toolkit

The British Retail Consortium has worked with the NCSC to develop a new cyber security toolkit pitched at retailers Continue Reading

Security Think Tank: Essential tools to mitigate double extortion attacks

The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cyber crime heighten risk for the enterprise, and what steps can we take to safeguard the personal data we hold? Continue Reading

Hackney Council services to be disrupted ‘for some time’

Inability to make housing benefit payments is likely to sting some tenants as Hackney cyber attack drags on Continue Reading

Resilient Trickbot down but not yet knocked out

Global, Microsoft-led effort to disrupt the Trickbot botnet has seen some success, but new command and control servers continue to pop up Continue Reading

Podcast: Cybersecurity Awareness Month, Covid-19 and storage

We look at how organisations can use Cybersecurity Awareness Month as an opportunity to revisit their handling of data and compliance, especially with changes brought by Covid-19 and home working Continue Reading

Six Russians charged over NotPetya and other attacks

Six members of the APT group known as Sandworm have been charged in the US over a series of attacks including the destructive NotPetya incident Continue Reading

Why is IBM splitting in two and what does it mean for CIOs?

In this week’s Computer Weekly, IBM is splitting in two, hiving off its services business to focus on hybrid cloud – we examine what it means for CIOs. Our new buyer’s guide looks at how intelligent workload management can cut cloud complexity. And we analyse how getting backup right can help tackle ransomware threats. Read the issue now. Continue Reading

Security Think Tank: Safeguarding PII in the current threat landscape

The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cybercrime heighten risk for the enterprise, and what steps can we take to safeguard the personal data we hold? Continue Reading

BA argues ICO data breach fine down to £20m

Information Commissioner’s Office levies fine of £20m on British Airways for failing to protect the personal data of hundreds of thousands of passengers – a vast reduction on the initial £183m penalty Continue Reading

Spanish court to question witnesses over ‘illegal surveillance’ of WikiLeaks founder Julian Assange

The Spanish National Court in Madrid is to hear evidence from information security expert Andy Müller-Maguhn and two lawyers who were subject to ‘illegal surveillance’  of their meetings with Julian Assange at the Ecuadorian Embassy in London Continue Reading

Arrests and indictments made in cyber money laundering ring

The NCA has revealed six men were arrested in the UK as part of an international investigation into a money laundering network which handled transactions for some of the world’s most prolific cyber criminal groups Continue Reading

Cloud data protection keeps the Crick’s medical research Covid-secure

Cloud data management services from Rubrik gave the Francis Crick Institute a data protection edge and have helped keep its vital work going through the pandemic Continue Reading

Security Think Tank: Essential tools to mitigate data loss and identity theft

The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cybercrime heighten risk for the enterprise, and what steps can we take to safeguard the personal data we hold? Continue Reading

Hackney services still offline in ongoing cyber attack

Services remain disrupted two days after council was hit by a serious incident, as residents are warned to be on their guard Continue Reading

US Elections: Malicious internet domains spike as campaigns heat up

Internet domains related to the US presidential election are 56% more likely to be malicious than regular ones Continue Reading

Security Think Tank: Adapting defences to evolving ransomware and cyber crime

The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cyber crime heighten risk for the enterprise, and what steps can we take to safeguard the personal data we hold? Continue Reading

Double extortion ransomware attacks and how to stop them

As ransomware attacks increase, hackers are diversifying their tactics to get victims to hand over larger sums of money. We investigate the rise of double extortion attacks Continue Reading

The future of storage

In this week’s Computer Weekly, we examine emerging technologies in storage such as helium disks and DNA. Ransomware is becoming more sophisticated and the attackers more tactical. And as the EU’s top court challenges the UK over surveillance, we ask what this means for data privacy after Brexit. Read the issue now. Continue Reading

Hackney Council services offline after ‘serious’ cyber attack

Services to residents of the London borough of Hackney are being disrupted by a cyber attack Continue Reading

Security Think Tank: What you need to know about addressing the doxing threat

The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cybercrime heighten risk for the enterprise, and what steps can we take to safeguard the personal data we hold? Continue Reading

Trickbot forced offline in major cyber security victory

Coalition led by Microsoft obtained a court order enabling them to take down the infamous Trickbot botnet’s back-end server infrastructure Continue Reading

Cyber security skills ad branded ‘crass’ by minister

Security skills campaign advert depicting a ballet dancer comes in for criticism as the arts sector struggles in the pandemic Continue Reading

Software AG caught in double extortion ransomware hit

Data stolen from prominent German software company by Clop ransomware gang appears on the dark web Continue Reading

Making sense of zero-trust security

Implementing zero-trust security is not an easy feat, but enterprises can still get it right if they approach it from a process perspective and get a handle on their infrastructure footprint Continue Reading

Security Think Tank: Tighten data and access controls to stop identity theft

The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cyber crime heighten risk for the enterprise, and what steps can we take to safeguard the personal data we hold? Continue Reading

Magecart strikes website of school payments service Wisepay

Magecart credit card skimmer harvested financial data of users of Wisepay’s platform over a two-day period Continue Reading

NCSC relaunches SME security guide with home working focus

The NCSC is issuing an updated version of its guide to security for SMEs, reflecting the long-lasting changes to the world of work seen in 2020 Continue Reading

Emotet rated September’s ‘most popular’ malware

The current resurgence of Emotet is attracting attention as governments issue new warnings and cyber criminals rush to exploit the chaotic US election Continue Reading

Coronavirus face mask spammer fined by ICO

The director of software company Studios MG spammed members of the public at the height of the pandemic as one of its directors tried to shift a job lot of face masks Continue Reading

Crown Prosecution Service suffers 1,600 data breaches in 12 months

CPS sees a spike in data security incidents, many of them serious enough to be reported to the Information Commissioner’s Office Continue Reading

QiuiAnon

A smart chastity cage that can only be controlled via its app was vulnerable to hackers putting almost 40,000 penises on lockdown, research has revealed. Sex toy manufacturer Qiui muses on its ... Continue Reading

UK accounts for 45% of Europe’s card fraud as criminals target online transactions

Payment card fraudsters steal €1.5bn, with card-not-present attacks accounting for three-quarters of this sum Continue Reading

Southeast Asia remains hotspot for cyber attacks

Geopolitics and Covid-19 have been fodder for cyber criminals to advance their motives in Southeast Asia in 2020 Continue Reading

Ransomware attacks go through the roof

The volume of ransomware attacks has jumped 50% in the past three months, according to data produced at Check Point Continue Reading

John McAfee arrested over cryptocurrency fraud

Erratic tech baron allegedly promoted initial coin offerings without disclosing he was being paid to do so Continue Reading

MosaicRegressor APT campaign using rare malware variant

Kaspersky researchers have shared details of a APT campaign utilising a rarely seen and hard-to-stop variety of malware Continue Reading

HMRC warns locked-down freshers of ‘wave’ of tax scams

New university intake may be being targeted by cyber criminals amid Covid-19 confusion Continue Reading

FBI seized ‘legally privileged’ material from Ecuador Embassy, claims Julian Assange’s lawyer

The US struck a secret deal with Ecuador to seize WikiLeaks founder Julian Assange’s property from the Ecuadorian Embassy in London days before his arrest. The haul included legally privileged documents, says his solicitor Continue Reading

WikiLeaks led the way for newsrooms to use encryption to protect sources, says Italian journalist

Stefania Maurizi says in written evidence that Julian Assange pioneered the use of encryption by journalists to protect sources. Her work shows that the US put pressure on Italy to stop the extradition and prosecution of CIA officers responsible for the extrajudicial kidnapping and torture of an Egyptian cleric Continue Reading

Honesty is the best policy: Forging a security culture in the NHS

Clinician and technologist Sam Shah helped set up NHSX in 2019. Now he’s helping advance digital transformation in healthcare from the outside, and a big part of that is addressing security in the sector Continue Reading