Hackers and cybercrime prevention

Qualcomm chip vulnerability puts millions of phones at risk

Qualcomm has patched multiple vulnerabilities in its chip hardware that left hundreds of millions of smartphones open to compromise by malicious actors Continue Reading

Canon said to be latest Maze ransomware victim

Canon may have had up to 10TB of its data exfiltrated by the Maze ransomware gang Continue Reading

GCHQ seeks researchers to tackle deep fakes and misinformation

A GCHQ research fellowship based at its Manchester office will explore various national security priorities such as deep fakes, fake news and the impact of AI Continue Reading

Second wave of Covid-19 cyber attacks locked in

More cyber attacks exploiting the pandemic seem likely, says Interpol Continue Reading

Five signs you’re about to get hit with ransomware

A series of Sophos reports on the ransomware threat landscape shows how security professionals can sniff out a potential ransomware attack before it happens Continue Reading

Liam Fox hack raises questions over government security

The hack of a former cabinet minister’s emails casts doubt over the effectiveness of safeguards and security training processes at the highest levels of the British government Continue Reading

The UK’s $500m space technology gamble

In this week’s Computer Weekly we ask why the UK government is spending $500m on a bankrupt satellite technology company. After a European court quashes the EU-US data sharing agreement, we examine the implications for a UK-EU data protection deal after Brexit. And how have small cloud suppliers coped in the pandemic? Read the issue now. Continue Reading

New foundation to bolster security of open source software

The Open Source Security Foundation will bring together key open source security initiatives across the industry to improve and support the security of open source software Continue Reading

More data breaches from ransomware attacks in Australia

The number of data breaches caused by ransomware rose to 33 in the first half of 2020 from 13 in the previous six-month period, according to the latest report from the Office of the Australian Information Commissioner Continue Reading

Labour Party is latest victim of Blackbaud ransomware attack

Widening Blackbaud data breach ensnares the Labour Party as the cloud software firm continues to duck questions about its behaviour Continue Reading

Twitter confirms it was hit by targeted spearphishing attack

Investigation into 15 July 2020 hack of a number of high-profile accounts by cryptocurrency scammers has found evidence of a targeted spearphishing incident Continue Reading

EU sanctions China and Russia over cyber attacks

The EU is applying restrictive measure to six individuals and three entities accused of conducting disruptive cyber attacks in Europe, including the Russian GRU Continue Reading

Former UC Global staff confirm Embassy surveillance operation against Julian Assange

Spanish court investigates claims that security company illegally recorded meetings between Julian Assange, politicians, lawyers and celebrities at the Ecuadorian Embassy in London Continue Reading

Diversity in cyber improving but inclusion needs work, says NCSC

Study into diversity and inclusion in the cyber security sector has found that diversity is off to a good start, but inclusion is lacking Continue Reading

List of Blackbaud breach victims tops 120

More than 120 education and third-sector organisations may have had their data compromised through the breach of Blackbaud’s cloud platform Continue Reading

Serious BootHole vulnerability puts millions of systems at risk

BootHole is a GRUB2 bootloader vulnerability and puts millions of PCs, servers and other devices at risk of compromise Continue Reading

Majority of organisations at risk of cloud data exposure

Report casts doubt on the effectiveness of the shared responsibility model of cloud security Continue Reading

Bank of Ireland fined for six-year-old IT breach

Bank of Ireland fined by regulator for its failings to prevent fraud six years ago Continue Reading

De Montfort, KCL, Newcastle universities join list of Blackbaud victims

Embattled cloud services provider now has big questions to answer over its handling of data belonging to UK universities and charities Continue Reading

Garmin may have paid hackers ransom, reports suggest

Garmin’s services are coming back online, but the company remains tight-lipped about what exactly happened to it Continue Reading

Digital bank customer data breached through third party

FBI is investigating digital bank customer data breach that occurred via a former third-party supplier Continue Reading

NCSC names national security expert Lindy Cameron as new CEO

New National Cyber Security Centre head joins from the Northern Ireland Office and has spent 20 years in government at home and abroad Continue Reading

Scotland’s security resilience centre concept goes national

Based on the success of the Scottish Business Resilience Centre, a series of regional Cyber Resilience Centres are now launching across the rest of the UK Continue Reading

NCSC inducts six security startups to Cyber Accelerator

10-week programme will guide some of the UK’s most innovative security startups as they scale their businesses for future growth Continue Reading

Meet the CIO connecting IT in the most inhospitable environments

In this week’s Computer Weekly, we discuss the challenges of running global IT in the world of copper mining. We look at how tech suppliers are adapting their products to meet the lockdown demands of working from home. And we exam-ine how zero-trust methods can help secure container tech-nology. Read the issue now. Continue Reading

MI6 apologises after attempt to interfere with intelligence court

The UK Secret Intelligence Service, MI6, has apologised after attempting to persuade the secretary of Britain’s most secret court to withhold documents from senior judges in a case about crimes by undercover agents Continue Reading

Intelligent ways to tackle cyber attack

Artificial intelligence-powered security tools should enable IT security teams to achieve more with less Continue Reading

Court adjourns hearing into Assange extradition as US delays serving new indictment

Westminster Magistrates Court suspends scheduled extradition hearing into WikiLeaks founder after it emerged the US had failed to serve a second superseding indictment against him Continue Reading

Australia issues new cloud computing guidelines

The new guidance, which comes after the expiry of the government’s cloud services certification programme, will help to bolster Australia’s cyber security resilience Continue Reading

Garmin outage prompts ransomware attack speculation

Details are thin on the ground following a major service outage at Garmin, prompting industry speculation that the firm has fallen victim to a ransomware attack Continue Reading

Investment in neurodiverse talent a win-win for security

Current careers guidance and recruitment processes for security jobs are not working for people with ADHD, autism, dyslexia and dyspraxia, but the problem is fixable with a little attention to detail Continue Reading

A question of trust: University and supplier on the hook for data breach

Data on students at the University of York was stolen in a ransomware attack on a supplier two months ago, and the response of both parties raises serious questions Continue Reading

The secret managing director

The managing director of a Premier League side almost cost their club £1m when their email address was hacked during a transfer negotiation – but who could it be? Our first guess was Richard Arnold ... Continue Reading

NCSC reveals scale of cyber attacks on UK sports industry

The UK’s sports industry is under near constant cyber attack, according to new statistics from the National Cyber Security Centre Continue Reading

No let-up in cyber attacks as lockdown eases

Cyber attacks are up by one-third as the coalescence of cyber activity and nation state-linked threats around the pandemic bears fruit for bad actors Continue Reading

US charges Chinese nationals with Covid-19 research hacking

The two hackers allegedly worked with the Chinese Ministry of State Security, targeting intellectual property and confidential business information Continue Reading

Coronavirus: Government drags its feet on online misinformation

Online misinformation about Covid-19 continues to spread unchecked, according to a DCMS committee report which has accused the government of dragging its feet over online harms Continue Reading

Russia Report reveals long-running cyber warfare campaign against UK

Russia has been hacking the UK for years and the British government has also known about it for years, according to the Intelligence and Security Committee’s report Continue Reading

Australian industry panel calls for ‘clear consequences’ of cyber attacks

A government-appointed panel recommends strong deterrence and other measures to be implemented in Australia’s next cyber security strategy Continue Reading

Automating IT security

IT security’s battle with the hacking community has always been a game of cat and mouse, but it’s becoming increasingly automated Continue Reading

Twitter hack fallout: Investigators on trail of cyber criminals

Investigators are hunting the cyber criminals who broke into Twitter’s systems to hijack prominent accounts, amid concerns that more attacks may come Continue Reading

CW APAC: Trend Watch – security

It wasn’t that long ago when DevSecOps was little more than a mispronunciation of DevOps. Fast forward to today, the notion of embedding security into the development process is not only accepted, but increasingly championed. In this handbook, Computer Weekly looks at what organisations in the Asia-Pacific region are doing to secure their systems, from adopting a DevSecOps approach, to preparing for cyber attacks and ensuring the privacy of Covid-19 contact-tracing app users. Continue Reading

CW ANZ: Expert advice on security

Supply chain risks are invisible to many organisations, which means they are often not prioritised from an IT security perspective, partly because supply chain risk management is often seen as a procurement issue. In this handbook, Computer Weekly looks at how organisations in Australia and New Zealand can better protect themselves against supply chain attacks and other evolving cyber threats. Continue Reading

Russian state hackers attacking Covid-19 researchers

Kremlin-linked APT29 group, also known as Cozy Bear, is conducting a campaign against Covid-19 researchers around the world Continue Reading

Bazar malware may be new tool in Trickbot arsenal

Cybereason’s Nocturnus research team uncovers new Bazar malware, which shares some similarities with other varieties Continue Reading

Cryptocurrency scammers attack Twitter in insider breach

Apparent insider breach at Twitter saw so-called “blue tick” accounts of business people, politicians and celebrities hijacked to promote a Bitcoin scam Continue Reading

Coronavirus shines spotlight on cyber security

Programme committee chair of this year's RSA Conference Asia-Pacific and Japan talks up the challenges that IT security professionals in APAC are facing to mitigate security risks amid the Covid-19 pandemic Continue Reading

Government proposes IoT security enforcement body

The government is today publishing new proposals concerning planned legislation that will protect users of smart IoT devices from cyber criminals Continue Reading

Patch Tuesday: Microsoft fixes 123 bugs in July 2020 update

The bugs start coming and they don’t stop coming; Microsoft has issued yet another bumper Patch Tuesday update Continue Reading

Video providers slammed by credential stuffing attacks

Attacks on the media sector are spiking as cyber criminals try to gain access to valuable consumer accounts Continue Reading

Check Point unearths critical SigRed bug in Windows DNS

SigRed vulnerability is highly dangerous, but is being fixed as part of the July 2020 Patch Tuesday update Continue Reading

Recon vulnerability puts thousands of SAP customers at risk

Users of multiple SAP products including S4/HANA should apply the security update as soon as possible to protect their systems Continue Reading

Security Think Tank: AI in cyber needs complex cost/benefit analysis

AI and machine learning techniques are said to hold great promise in security, enabling organisations to operate a IT predictive security stance and automate reactive measures when needed. Is this perception accurate, or is the importance of automation being gravely overestimated? Continue Reading

‘Name-and-shame’ ransomware attacks increasing in prevalence

Since emerging at the tail-end of 2019, double extortion, or exfiltration and encryption, ransomware attacks have become highly popular, and now account for a significant number of incidents, according to Emsisoft research Continue Reading

Australian enterprises facing more cyber attacks

The volume of cyber attacks in Australia jumped from 90% in October 2019 and 81% in February 2019, underscoring the worsening threat landscape in the country Continue Reading

Security Think Tank: Ignore AI overheads at your peril

Artificial intelligence and machine learning techniques are said to hold great promise in security, enabling organisations to operate an IT predictive security stance and automate reactive measures when needed. Is this perception accurate, or is the importance of automation being gravely overestimated? Continue Reading

NCSC launches pen testing service for remote workers

An expansion to the successful Exercise in a Box toolkit will enable SMEs to probe the cyber security defences of remote workers Continue Reading

Zoom zero-day a reminder to stop using Windows 7

Researchers have disclosed a newly discovered zero-day vulnerability to videoconferencing service Zoom, which only affects users of Windows 7 systems Continue Reading

How cyber warfare laws limit risk on a digital battleground

Retired Navy cryptologist implores enterprises to build key cyber warfare laws into their infosec strategy to improve survivability on the digital battleground in his new book. Continue Reading

The future of cyber warfare requires infosec's attention

The future of cyber warfare places enterprise security and survivability in the crosshairs. Learn more about cyber warfare threats and capabilities and how infosec can prepare. Continue Reading

HSBC customers targeted in new smishing scam

SMS phishing scam is targeting HSBC customers in the UK to trick them into handing over their bank account details Continue Reading

Clearview AI faces ICO investigation over facial recognition

Controversial company that scraped data from the public internet to build its facial recognition algorithm faces a joint UK-Australian investigation into its practices Continue Reading

More Joker malware apps chucked off Google Play Store

Infamous Joker billing fraud malware continues to sneak past Google’s security controls Continue Reading

Pubs and restaurants failing on cyber fraud protection

Virtually all of the UK’s most popular restaurant and pub brands are failing to proactively block fraudulent emails from reaching their targets Continue Reading

Use of spyware apps linked to domestic abuse soars in lockdown

The rise in domestic violence during the pandemic has been linked to increase use of stalkerware apps by abusers Continue Reading

Cosmic Lynx cyber crime group takes BEC to new heights

Newly identified Russian threat group targets large organisations with increasingly dangerous business email compromise attacks Continue Reading

Over 15 billion credentials for sale on dark web

Research by Digital Shadows reveals the scale of the security threat facing consumers as it uncovers 15 billion usernames and passwords stolen in more than 100,000 different data breaches Continue Reading

Security Think Tank: The past and future of security automation

Artificial intelligence and machine learning techniques are said to hold great promise in security, enabling organisations to operate an IT predictive security stance and automate reactive measures when needed. Is this perception accurate, or is the importance of automation being gravely overestimated? Continue Reading

Security funding soars despite Covid-19 slump, but problems lie ahead

The overall cyber security funding ecosystem in the UK is healthier than ever despite Covid-19, but the figures mask stark and concerning disparities in where the money is going Continue Reading

Cyber4Summer scheme to divert young people from cyber crime

Cyber4Summer platform will offer 100 different tracks covering a range of security skills to divert them from falling into a life of cyber crime Continue Reading

MSP Xchanging attacked in ransomware incident

Specialist managed services provider is restoring customer access to systems after an unspecified ransomware incident Continue Reading

Lorca scale-ups bring diverse security to the fore

London Office for Rapid Cybersecurity Advancement announces the cyber security scale-ups that will make up its fifth cohort Continue Reading

North Korea behind spate of Magecart attacks

The Magecart credit card skimmer found on the website of retailer Claire’s Accessories was likely put there by the Lazarus or Hidden Cobra North Korean APT group, reports Sansec Continue Reading

Security Think Tank: SIEM and AI – a match made in heaven?

Artificial intelligence and machine learning techniques are said to hold great promise in security, enabling organisations to operate an IT predictive security stance and automate reactive measures when needed. Is this perception accurate, or is the importance of automation gravely overestimated? Continue Reading

Security Think Tank: Artificial intelligence will be no silver bullet for security

AI and machine learning techniques are said to hold great promise in security, enabling organisations to operate an IT predictive security stance and automate reactive measures when needed. Is this perception accurate, or is the importance of automation gravely overestimated? Continue Reading

Cops take out encrypted comms to disrupt organised crime

The UK’s National Crime Agency, alongside other law enforcement agencies in France and the Netherlands, have busted illicit arms and drugs rings after disabling an encrypted comms platform Continue Reading

Locked-down teens flock to NCSC CyberFirst training scheme

A record number of 14 to 17-year-olds have signed up to the National Cyber Security Centre’s CyberFirst summer school Continue Reading

Sodinokibi gang begins dark web celebrity data auctions

Group claims to be auctioning confidential legal data on pop stars Mariah Carey, Nicki Minaj and basketball player LeBron James Continue Reading

Security Think Tank: AI cyber attacks will be a step-change for criminals

AI and machine learning techniques are said to hold great promise in security, enabling organisations to operate an IT predictive security stance and automate reactive measures when needed. Is this perception accurate, or is the importance of automation gravely overestimated? Continue Reading

UK’s unsung cyber security heroes sought

Nominations have opened for the fifth annual Security Serious Unsung Heroes Awards Continue Reading

Remote workers more aware of security, but still flout the rules

Almost three-quarters of remote workers reckon they have gained in cyber security awareness during lockdown, but don’t seem to be especially bothered about keeping themselves safe Continue Reading

Mysterious EvilQuest macOS ransomware spreads through torrents

A new strain of ransomware, dubbed EvilQuest, is threatening Apple Mac environments, and seems to behave quite oddly Continue Reading

FCA estimates about 2.6 million Brits have bought cryptocurrency

UK financial services regulator says there has been a significant increase in ownership of cryptocurrencies in the UK Continue Reading

FakeSpy Android malware targets Royal Mail app users

The FakeSpy malware was first identified in October 2017 but is now significantly more powerful and dangerous Continue Reading

Australia to invest a record A$1.35bn in cyber security

The Australian government is making its largest ever investment in cyber security over the next decade to identify cyber threats, disrupt foreign cyber criminals and build new capabilities Continue Reading

ReversingLabs makes over 100 Yara rules publicly available

Threat intelligence specialist is making its IP available on GitHub to support malware hunters in their work Continue Reading

BNP Paribas uses biometrics to increase contactless payment limit

French bank BNP Paribas is enabling customers to make higher value contactless payments through fingerprint-recognition technology Continue Reading

The Security Interviews: What CISOs can learn from Covid-19

Mike Lloyd, CTO at Redseal, holds 21 cyber security patents and a PhD in stochastic epidemic modelling from Heriot-Watt University in Edinburgh, so is probably the man to talk to when it comes to cyber security in the world of Covid-19 Continue Reading

Complex security estates hinder incident response

The more disparate security tools in use in an organisation, the harder it becomes to mount an effective incident response Continue Reading

Lawyers learn of fresh US allegations against WikiLeaks founder Julian Assange from press reports

The US has filed an updated indictment against Julian Assange alleging that he conspired with hacking groups to obtain information for WikiLeaks. Defence and prosecution lawyers learned about it from press reports Continue Reading

Phishing back in vogue as ransomware vector

Researchers have observed an increase in phishing as a means to deliver ransomware payloads – and organisations don’t appear to be prepared Continue Reading

Evil Corp’s latest ransomware project spreading fast

A new ransomware strain dubbed WastedLocker is spreading rapidly and targeting major corporations Continue Reading

GCHQ launches Manchester accelerator programme to help firms leverage tech for citizen well-being

Innovation Co-Lab will mentor companies to grow, prevent crime and improve online safety Continue Reading

Making the case for cloud-based security

Cloud-based security tools can hasten threat detection and response, but adoption will depend on where an enterprise is on the cloud readiness scale Continue Reading

Out of date security laws leave UK plc at risk during pandemic

The CyberUp coalition has written to Boris Johnson to urge him to reform the UK’s 30 year-old cyber crime laws Continue Reading

Coronavirus: Cyber crime landscape evolving as lockdown eases

As some countries begin to gradually ease Covid-19 lockdown measures, cyber criminals’ tactics are changing, but the pandemic remains a tempting lure Continue Reading

Australian government has failed on cyber security

The federal government’s current approach of allowing each agency to make its own cyber decisions is not working and more needs to be done to hunt down adversaries Continue Reading

NCSC catches a million phishes in its nets

The NCSC has racked up a million suspicious email reports from the public just two months after launching a reporting service, but the lucky sender won’t be receiving a grand prize Continue Reading

APT groups’ mobile momentum finally faces resistance

State-backed APT groups are increasingly targeting mobile devices as Covid-19 puts the spotlight on remote working infrastructure security. We explore how the industry is fighting back Continue Reading

Neurodiversity on the rise among career hackers

More diverse hackers enhance the ability of both traditional and cutting-edge cyber security solutions to find and fix vulnerabilities, according to a new report from Bugcrowd Continue Reading