Hackers and cybercrime prevention

Phishing back in vogue as ransomware vector

Researchers have observed an increase in phishing as a means to deliver ransomware payloads – and organisations don’t appear to be prepared Continue Reading

Evil Corp’s latest ransomware project spreading fast

A new ransomware strain dubbed WastedLocker is spreading rapidly and targeting major corporations Continue Reading

GCHQ launches Manchester accelerator programme to help firms leverage tech for citizen well-being

Innovation Co-Lab will mentor companies to grow, prevent crime and improve online safety Continue Reading

Making the case for cloud-based security

Cloud-based security tools can hasten threat detection and response, but adoption will depend on where an enterprise is on the cloud readiness scale Continue Reading

Out of date security laws leave UK plc at risk during pandemic

The CyberUp coalition has written to Boris Johnson to urge him to reform the UK’s 30 year-old cyber crime laws Continue Reading

Coronavirus: Cyber crime landscape evolving as lockdown eases

As some countries begin to gradually ease Covid-19 lockdown measures, cyber criminals’ tactics are changing, but the pandemic remains a tempting lure Continue Reading

Australian government has failed on cyber security

The federal government’s current approach of allowing each agency to make its own cyber decisions is not working and more needs to be done to hunt down adversaries Continue Reading

NCSC catches a million phishes in its nets

The NCSC has racked up a million suspicious email reports from the public just two months after launching a reporting service, but the lucky sender won’t be receiving a grand prize Continue Reading

APT groups’ mobile momentum finally faces resistance

State-backed APT groups are increasingly targeting mobile devices as Covid-19 puts the spotlight on remote working infrastructure security. We explore how the industry is fighting back Continue Reading

Neurodiversity on the rise among career hackers

More diverse hackers enhance the ability of both traditional and cutting-edge cyber security solutions to find and fix vulnerabilities, according to a new report from Bugcrowd Continue Reading

Twitter contacts business users over data exposure

Issue relates to how web browsers cached confidential data entered in Twitter’s ads and analytics services, but is unlikely to have resulted in compromise Continue Reading

Flash-based MacOS malware hides in plain sight

By masquerading as a legitimate Adobe web application, the new malware strains can trick Mac users into bypassing their on-board defences Continue Reading

Concern over digital risk falls dramatically during pandemic

Brits are understandably more worried about the NHS than personal cyber security Continue Reading

APAC still hotbed for cyber attacks

Individuals and organisations in APAC are encountering malware more frequently than the rest of the world, study finds Continue Reading

Online shopping fraud hits £16m during lockdown

A quarter of victims were aged between 18 and 26, says Action Fraud Continue Reading

Australian prime minister confirms country is suffering repeated nation-state cyber attacks

Concern over critical national infrastructure as cyber attackers repeatedly try to gain access to network of organisations operating in multiple sectors Continue Reading

CW APAC: Trend Watch – data protection

Asia-Pacific organisations see the importance of having good data protection practices, even as they are still grappling with organisational and operational challenges. In this handbook, Computer Weekly looks at the different levels of preparedness across the region and what firms can do to plug any gaps. Continue Reading

Cisco patches dangerous Webex vulnerability

CVE-2020-3347 bug enables cyber criminals to steal meeting records from within Cisco’s Webex service Continue Reading

Check Point uncovers targeted Microsoft Office 365 phishing campaign

Organised criminal campaign exploited Adobe, Oxford University and Samsung web domains to trick users into giving up their passwords Continue Reading

Zoom U-turns on end-to-end encryption

Embattled video-conferencing provider Zoom backtracks on previous refusals to provide end-to-end encryption to free users Continue Reading

Cosmetics company Avon offline after cyber attack

Representatives left unable to place orders after company’s back-end systems went offline over a week ago Continue Reading

Activists call on Zoom to implement encryption for all

A coalition of tech organisations and nonprofits have urged Zoom CEO Eric Yuan to make end-to-end encryption available to all users Continue Reading

Banking trojans roar back to prominence in May

Check Point sees an upswing in malicious activity around a number of classic banking trojan malware variants Continue Reading

NatWest develops behavioural biometrics as additional authentication

Bank is working with Visa to develop behavioural biometrics technology as an extra layer of invisible authentication Continue Reading

Accessories store Claire’s hit by Magecart credit card fraudsters

Attackers gained access to retailer’s website as long ago as March Continue Reading

NHS email service users ensnared in phishing attack

More than 100 accounts on the NHSmail service were affected by attack, but health service says no patient data was accessed Continue Reading

Fake contact-tracing apps delivering banking trojans

Spoof government coronavirus apps are popping up all over the world, says the Anomali Threat Research team Continue Reading

100,000 cheap wireless cameras vulnerable to hacking

Active devices built by Chinese firm HiChip have been sold in the UK as webcams and connected baby monitors Continue Reading

UN secretary general calls for global digital cooperation

Antonio Guterres launches roadmap for digital cooperation and calls for world leaders to come together to “connect, respect and protect people in the digital age” Continue Reading

Twitter kills thousands of misinformation accounts

The accounts were linked to the governments of China, Russia and Turkey, and engaged in systematic operations against pro-democracy activists, political opponents and dissidents Continue Reading

Coronavirus: Bungled British response leads to rise in security risks

Covid-19 cyber security threats are evolving over the course of the pandemic, becoming more targeted to virus hotspots such as the UK Continue Reading

CW Europe: 5G rush in Russia

Russian mobile operators are pooling their resources to help them overcome the technical challenges of creating 5G networks. Also read why Swedbank is rebuilding its anti-money laundering systems, and how a public-private partnership in the Netherlands is combating business email compromise fraud. Continue Reading

Decade-old vulnerability among 129 Patch Tuesday fixes

A 10 year-old bug in Windows Group Policies could easily enable attackers to gain highly privileged user status on target systems, opening the doors to a wave of cyber attacks Continue Reading

Unsecured Elasticsearch server breached in eight hours flat

Comparitech’s Bob Diachenko wanted to find out how long it would take for hackers to find and attack an unsecured, public internet-facing database, so he set up a honeypot Continue Reading

Coronavirus: How to go back to the office safely and securely

Security teams should be used to supporting remote workers effectively by now, but what’s going to happen when people start returning to their offices? We look at the risks and how to address them. Continue Reading

Nasty surprises lurking in furloughed employees’ inboxes

Research conducted by KnowBe4 points to a looming email security problem as furloughed employees head back to work Continue Reading

How Australian firms can defend against supply chain attacks

Supply chain security risks can wreak havoc if measures are not taken to deter cyber attackers from exploiting a supplier’s security gaps to target another firm Continue Reading

Honda investigates suspected Snake ransomware attack

Attack disrupts global operations at carmaker, with assembly lines falling silent and sales suspended Continue Reading

Poorly-secured AWS buckets used to launch Magecart attacks

Cyber criminals are exploiting misconfigured AWS S3 buckets to run credit card fraud and malvertising campaigns, according to new data Continue Reading

How retailers are staying connected during their coronavirus shutdown

In this week’s Computer Weekly, we look at how the hard-hit retail sector has turned to technology to stay connected with staff during the coronavirus lockdown. Our latest buyer’s guide examines best practice in data quality and how to avoid “garbage in garbage out” syndrome. And we look at how remote working affects software development teams. Read the issue now. Continue Reading

What it takes to get DevSecOps right

DevSecOps will drive at least 50% of new applications in Asia-Pacific by 2024, but getting it right will require change management, a collaborative mindset and the right automation tools Continue Reading

Police chiefs working with Public Health England on contact-tracing security

Police force representatives are in talks with Public Health England over operational security concerns arising from the NHS Test and Trace coronavirus contact-tracing scheme Continue Reading

Ministry of Defence forms new cyber security regiment

The 13th Signal Regiment brings together personnel from across the armed forces to provide specialist security services Continue Reading

Black Lives Matter activists targeted by cyber attacks

Civil liberties organisations are being targeted by far-right trolls as protests over the murder of George Floyd spread worldwide Continue Reading

Coronavirus: Cyber criminals target laid-off workers

Malicious actors are targeting workers laid-off or furloughed during the coronavirus pandemic Continue Reading

Sodinokibi data auctions highlight changing criminal tactics

The operators of the Sodinokibi ransomware strain are auctioning off swathes of stolen data in an apparent bid to raise cash. What is motivating this new tactic? Continue Reading

Security procurement framework goes live for NHS and public sector

Cyber Security Services Framework, developed by NHS Shared Business Services, has formally launched Continue Reading

Infosec 2020: Covid-19 an opportunity to change security thinking

The annual Infosecurity Europe is being held virtually this year, and speakers at an online panel session have been considering the impact of the pandemic on security awareness Continue Reading

VMware vulnerability leaves private clouds open to takeover

Ethical hackers from Citadelo uncovered a vulnerability in VMware Cloud Director that left private cloud owners open to takeover Continue Reading

What will be the IT security priorities of the post-coronavirus world?

In this week’s Computer Weekly, with the working world after the pandemic set to be very different, we assess the IT security priorities for the ‘new normal’. Facial recognition firms are racing to identify people wearing face masks. And how did Europe’s telecoms networks cope with the switch to remote working? Read the issue now. Continue Reading

Privacy campaigners call for radical changes to contact-tracing app

Liberty, Privacy International and the Open Rights Group join calls for the government to either put in place better data protection policies or abandon its Covid-19 contact-tracing app altogether Continue Reading

WikiLeaks founder Julian Assange misses court hearing due to respiratory problems

The WikiLeaks founder is expected to call 21 witnesses during a three-week extradition hearing in September Continue Reading

The impact of spycraft on how we secure our data

The history of cyber security owes much to the world of espionage, as a recent, pre-lockdown Science Museum exhibition showed Continue Reading

How managed threat hunting helps bust malicious insiders

Managed threat hunting services can help take some of the pressure off security operations centres and help ensure potential breaches don’t escalate into something far worse. We explore one such case with a happy ending Continue Reading

Government launches IoT security funding round

A £400,000 funding pot is on offer for innovators to design schemes that boost internet-of-things security Continue Reading

Test and Trace has not passed data protection impact assessment

Public Health England failed to complete the required impact assessment before launching the Covid-19 Test and Trace programme Continue Reading

How Sega Europe slashed incident response times using cloud SIEM

Gaming company’s SOC radically improves its operational efficiency with Sumo Logic’s cloud SIEM service Continue Reading

Singapore’s contact-tracing app tops privacy study

Singapore’s TraceTogether is least intrusive in terms of privacy communications compared with similar apps in the region, study finds Continue Reading

IoT buyers eye private network deployments for added security

Fully private, segregated networks for IoT deployments are becoming increasingly attractive to many organisations, according to a report Continue Reading

Australia is painting a big red cyber target on its critical infrastructure

Australia’s critical infrastructure is particularly vulnerable to cyber attacks right now because of years of under-investment in cyber security and ageing legacy systems Continue Reading

Enterprise clouds hammered by cyber attacks during pandemic

Remote workers logging onto enterprise cloud service accounts are an easy access point for attackers, says McAfee Continue Reading

Fears contact-tracing app will open the floodgates for cyber criminals

Study of UK consumers reveals worries over an uptick in cyber crime and a lack of trust in government Continue Reading

StrandHogg mobile vulnerability has evil twin

Variant of the dangerous StrandHogg vulnerability affecting Android phones could allow hackers to access almost all apps on a target device Continue Reading

Android security vulnerabilities differ by country, say researchers

Manufacturers of Android devices including Huawei, Samsung and Xiaomi shipped devices with different levels of security in different regions, leaving their users exposed to attack Continue Reading

Can Lady Gaga and Madonna get people to take security seriously?

What does it take to get people to pay attention to cyber security? A celebrity law firm hack may hold some answers. Continue Reading

Can Lady Gaga and Madonna get people to take IT security seriously?

In this week’s Computer Weekly, after hackers threatened to release data from a US law firm’s celebrity clients, will people finally take cyber security seriously? Designing software for older users makes systems better for all – we examine how. And the IT chief at TSB explains how the bank recovered from its 2018 IT disaster. Read the issue now. Continue Reading

Coronavirus: Australia calls for stronger defences amid cyber attacks

The Australian Cyber Security Centre offers guidance for critical infrastructure operators to guard against cyber attacks which have already hit the healthcare sector Continue Reading

EasyJet to be sued over customer data breach

If successful, airline’s potential liability for the loss of millions of customer records could be as high as £18bn Continue Reading

Covid-19 will leave organisations exposed to higher cyber risks

Hacking attacks and phishing emails could become the new norm, according to research by the World Economic Forum Continue Reading

Identification and access management: some possible futures

Learn about how we might be using our heartbeats, brainwaves and eye movements to unlock our mobiles in the future Continue Reading

Responsible Cyber acquires Secucial in S$7m deal

Singapore startup Responsible Cyber plans to bolster its Immune platform with access control management capabilities, and sets out to expand its global footprint Continue Reading

Cancelled NCSC CyberUK event gets green light for 2021

The NCSC’s popular CyberUK event has been rescheduled to next year, and will again take place in Newport in south Wales Continue Reading

GDPR wholly inappropriate to govern contact-tracing data

Human Rights Committee Chair Harriet Harman says current data protection law is not up to the job of governing the data collected by the Covid-19 contact-tracing app Continue Reading

Nine million EasyJet customer details lost in data breach

Cyber attack on EasyJet’s systems originated from a highly sophisticated source, says the airline Continue Reading

Sodinokibi cyber criminals plot to ‘auction’ Madonna data

The cyber criminal gang behind a recent attack on a New York law firm is planning to auction off its client data, one person at a time Continue Reading

Vast majority of cyber attacks are easy to stop, says Verizon

Almost 90% of data breaches are motivated by the prospect of financial gain, but cyber criminals have clearly defined breach pathways, giving the good guys an advantage if they care to use it Continue Reading

Malaysia’s data protection practices still have some way to go

Some Malaysian firms are not using data protection tools to the fullest potential, while others only think about data protection after a breach Continue Reading

Questions raised after UK’s electrical grid shrugs off cyber attack

Attack on Elexon was resolved within hours with no impact on the national electricity supply, but it could have been much worse Continue Reading

Law firm hackers threaten to release dirt on Trump

A new ransom demand of $42m has been made against New York law firm Grubman, Shire, Meiselas and Sacks, and it may be the largest ever, say security experts Continue Reading

China targeting Covid-19 researchers through IT suppliers, claims US

The US CISA says it is seeing targeting and attempted network compromise of Covid-19 research centres by China Continue Reading

UK’s contact-tracing app targeted by scammers

Even though it is only operational on the Isle of Wight as a beta test, the UK government’s coronavirus contact-tracing app has already attracted the attention of cyber criminals Continue Reading

SK Telecom brings quantum security to the masses

The South Korean telco is readying the world’s first 5G smartphone equipped with a quantum random number generator chipset Continue Reading

Report reveals inadequate cyber security at Schiphol Airport

A report has revealed problems with critical security systems in Amsterdam’s Schiphol Airport Continue Reading

Nation state APT groups prefer old, unpatched vulnerabilities

The Cybersecurity and Infrastructure Security Agency and the FBI have published details of the most commonly exploited vulnerabilities of recent years, and there are some “classics” on the list Continue Reading

Can Lady Gaga and Madonna get people to take security seriously?

What does it take to get people to pay attention to cyber security? A celebrity law firm hack may hold some answers Continue Reading

Microsoft fixes 16 critical vulnerabilities on Patch Tuesday

The trend towards mammoth Patch Tuesdays continues as Microsoft fixes 111 vulnerabilities Continue Reading

Pay the ransom and double your recovery costs, report warns

Paying cyber criminals a ransom to recover your data adds over half a million dollars to the cost of organisational recovery, says Sophos Continue Reading

Maze ransomware attack will cost Cognizant at least $50m to $70m

Cognizant’s clients cut off the IT supplier’s access to their networks to contain a Maze ransomware attack – effectively putting projects on hold Continue Reading

Banks failing to protect customers from coronavirus fraud

Just 13 of the 64 banks accredited for the government’s Coronavirus Business Interruption Loan Scheme have implemented Dmarc protection Continue Reading

Pitney Bowes hit by Maze in second ransomware attack in a year

Shipping services firm falls victim to Maze ransomware just seven months after a previous major attack Continue Reading

What are the security priorities for the post-coronavirus world?

The Covid-19 pandemic is forcing massive change across the business world and things may never go back to normal. What does security look like in this new world, and what will buyers be prioritising? Continue Reading

Zoom buys secure messaging service Keybase

Unified comms platform Zoom says the acquisition of Keybase will finally let it bring end-to-end encryption to the table Continue Reading

SilverTerrier cyber crime group targets Covid-19 key workers

Organisations on the front line in the fight against coronavirus are under attack from Nigeria’s SilverTerrier criminal gang Continue Reading

Contact-tracing app fails to protect privacy and human rights

Reassurances over the security and human rights implications of NHSX’s approach to developing its Covid-19 contact-tracing app are insufficient, says the cross-bench Human Rights Committee Continue Reading

FBI search warrants reveal Trump aide’s messages to WikiLeaks founder Julian Assange

FBI search warrants reveal Trump campaigner Roger Stone sent private messages to WikiLeaks founder Julian Assange after the site published thousands of documents that damaged Hillary Clinton’s election campaign Continue Reading

Next round of Zoom updates targets consumer security

Casual consumer users of Zoom will get additional protections in an update to be released over the long weekend Continue Reading

NCSC Covid-19 scam reporting service sees more than 160,000 reports

The general public has taken to the NCSC’s scam reporting service like ducks to water, with thousands of suspicious emails reported to it in just two weeks Continue Reading

Criminal justice system is failing cyber crime victims

Victims of cyber crime face barriers to reporting, receiving support and achieving justice, says a Home Office-backed study Continue Reading

HMRC tackles almost 300 coronavirus phishing websites

Of 292 websites removed since lockdown began on 23 March, 237 were proactively identified by HMRC and 55 were flagged by the public Continue Reading

End-users failing to protect themselves online

Remote workers and stuck-at-home consumers are taking silly risks with their security during the coronavirus pandemic, according to a report Continue Reading