Hackers and cybercrime prevention

NCSC makes final call for entries to CyberFirst Girls contest

Entry to the National Cyber Security Centre’s CyberFirst Girls 2020 competition is about to close Continue Reading

Emotet reinvigorated after Christmas break

The high-volume Emotet campaign is back in action after the Christmas holidays, and is just as dangerous as ever Continue Reading

Cops take down data wholesale operation

The Police Service of Northern Ireland and the Dutch cyber crime unit have made two arrests in an operation targeting a website that provided criminals with access to billions of personal credentials Continue Reading

A quarter of users will fall for basic phishing attacks

Phishing emails that appear to be security alerts are the most effective method of compromise, says KnowBe4 Continue Reading

Lorca announces new cohort of 20 security scaleups

20 scaleups will focus their attention on automation, zero trust and supply chain security Continue Reading

Travelex warns customers to be alert to phone scams

Under-fire forex provider warns that criminals may try to take advantage of its predicament to scam customers Continue Reading

LGBTQ+ social app Grindr accused of breaching GDPR

Norwegian Consumer Council files complaints about LGBTQ+ social networking app, alleging it is in breach of the General Data Protection Regulation Continue Reading

NSA Windows 10 security disclosure raises questions

In an unprecedented move, the NSA has got out in front of a critical cryptographic flaw in Windows 10, but in doing so has raised multiple questions Continue Reading

Threat landscape grew in complexity in 2019, no respite in sight

Check Point’s annual state of security report shares some 2019 trends and looks ahead to 2020 Continue Reading

Two-thirds of UK healthcare organisations breached last year

The majority of healthcare organisations in the UK experienced a cyber security incident during 2019, with almost half the result of viruses and malware introduced on third party devices Continue Reading

Researchers find cryptojacker hiding in Wav audio file

Victim network was compromised by obfuscated malware hiding a Monero cryptominer, lurking inside a Wav audio file Continue Reading

Podcast: The Computer Weekly Downtime Upload – Episode 42

In this week’s episode of the Computer Weekly Downtime Upload podcast, Caroline Donnelly, Clare McDonald and Brian McKenna greet the new decade with reflections on the Travelex ransomware attack and Dominic Cummings’ call for data science to rejuvenate Whitehall. And they take stock of the retail sector’s grim 2019, while remembering to mention the big story of the moment: Harry and Meghan Continue Reading

Cyber criminals spend three months lurking in target networks

Cyber criminals are spending longer hiding in target networks before launching their attacks, as more organised groups turn to business disruption to achieve their objectives Continue Reading

Turn the end of Windows 7 support into a security advantage

CISOs can take advantage of the end of support for Microsoft Windows 7 by making the case for more investment in cyber security Continue Reading

Citrix NetScaler vulnerabilities won’t be patched until end of January

Some vulnerabilities identified in Citrix products will not be fully patched until the end of January 2020 Continue Reading

Sextortion campaign hits Nest home security cameras

Owners of Google’s Nest home security cameras are being targeted in a sextortion scam by criminals playing on fears over IoT security Continue Reading

Travelex to begin restoring foreign exchange services two weeks after ‘Sodinokibi’ attack

Travelex says it is making “good progress” in its recovery and is to begin restoring electronic foreign exchange services, but is silent about whether it has agreed to pay hackers a $6m ransom to decrypt computer files Continue Reading

National Lottery hacker jailed for nine months

Small-time cyber criminal jailed for his role in a cyber attack on lottery operator Camelot that netted him just £5 Continue Reading

Learning from the Travelex cyber attack: Failing to prepare is preparing to fail

The key lesson to take from the Travelex breach is that an effective response to a breach is a critical business function and no longer the sole province of the IT department Continue Reading

Security Think Tank: Hooded hackers? More like ruthless competitors

The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security? Continue Reading

Travelex hackers threaten to sell credit card data on dark web

Sodinokibi cyber gangsters have threatened to sell Travelex customers’ private data on a Russian underground cyber crime forum if it fails to pay a $6m ransom Continue Reading

Retail group Dixons Carphone fined £500,000 over data breach

Dixons Carphone receives maximum possible pre-GDPR fine from the ICO following a 2018 data breach Continue Reading

Don’t become the next Travelex: Get ready for ransomware

With Travelex’s IT still in disarray and banks and travellers left without access to funds more than a week after it was hit by a ransomware attack, we ask what others can learn from the foreign exchange services company’s response to the incident Continue Reading

PowerTrick backdoor used to target high-value businesses

Threat actors are exploiting a PowerShell-based backdoor called PowerTrick to go after high-value targets, warns SentinelLabs Continue Reading

Whisper it… but could a cyber attack be good for your career?

All too often it’s the CISO who carries the can for an enterprise security failure, but this might not be a bad thing. There’s lots of evidence to suggest that falling victim to a cyber attack may actually enhance your CV Continue Reading

Security Think Tank: Changing attitudes to cyber is a team sport

The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security? Continue Reading

Why the banking industry needs an IT makeover

UK banks face huge challenges keeping their service availability levels at 99.99% Continue Reading

TikTok video-sharing app left user data exposed

Check Point uncovered serious vulnerabilities in the TikTok video-sharing app that left users exposed Continue Reading

Security Think Tank: Hero or villain? Creating a no-blame culture

The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security? Continue Reading

Facebook to ban deepfake videos

New policy closes some loopholes around misinformation, but seems to leave others wide open Continue Reading

Broadcom flogs Symantec enterprise security unit to Accenture

Acquisition is set to make Accenture a global leader in managed cyber security services Continue Reading

Security Think Tank: Get your users to take pride in security

The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security? Continue Reading

Cyber gangsters demand payment from Travelex after ‘Sodinokibi’ attack

Cyber criminals are demanding payment to decrypt Travelex’s computer files after a devastating malware attack. New questions have been raised about the security of Travelex’s computer network after it emerged the company waited eight months to patch vulnerable VPN servers Continue Reading

Iran likely to hit back with cyber attacks, security experts warn

The possibility of cyber attack by threat groups acting on behalf of the Iranian government has dramatically increased following US actions in Iraq Continue Reading

UK cyber security boss Ciaran Martin to step down

NCSC chief Ciaran Martin will leave his post in the summer of 2020 Continue Reading

Security Think Tank: Let’s call time on inciting fear among users

The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security? Continue Reading

Supply chain vulnerabilities rear their ugly head – again

In yet another example of the risks of supply chain vulnerabilities, Singapore’s Ministry of Defence (Mindef) recently disclosed that the confidentiality of its personnel's personal data could have ... Continue Reading

Suspected ransomware attack causes worldwide disruption for Travelex

Travelex switches off computer systems and resorts to cash-only currency sales after malware attack. Insiders claim the currency exchange chain has been hit by ransomware which has left critical files containing customer data encrypted Continue Reading

How Darktrace is riding the AI boom

Cyber security firm known for its artificial intelligence smarts doubled its headcount across Asia-Pacific last year in key markets including Australia and South Korea Continue Reading

California’s CCPA an opportunity for security industry to do better

California’s consumer protection and data privacy laws came into effect on 1 January 2020, and present a golden opportunity for the cyber security practitioners Continue Reading

Top 10 ASEAN IT stories of 2019

Here are Computer Weekly’s top 10 ASEAN IT stories of 2019 Continue Reading

Can the UK government’s efforts solve the cyber skills gap?

There has been an active effort by the UK government to tackle the lack of skills in the cyber security space – but is it enough? Continue Reading

Top 10 enterprise IT in the Benelux region stories of 2019

Here are Computer Weekly’s top enterprise IT stories from the Benelux region over the past year Continue Reading

Top 10 cyber crime stories of 2019

Here are Computer Weekly’s top 10 cyber crime stories of 2019 Continue Reading

Top 10 cyber security stories of 2019

Here are Computer Weekly’s top 10 cyber security stories of 2019 Continue Reading

Finnish government supports local authorities in cyber security initiative

The Finnish government has committed resources to a cyber security project aimed at local authorities Continue Reading

Group-IB CEO talks up global threat landscape

Public attribution of cyber attacks could backfire while a global cyber norms framework won’t emerge until a catastrophic incident occurs, says the head of Singapore-based Group-IB Continue Reading

Barco fixes ClickShare wireless flaw, but users still at risk

Supplier patches a major vulnerability in its popular ClickShare wireless presentation system with a firmware upgrade, but experts warn that users are not out of the woods yet Continue Reading

We can’t allow fake news and disinformation to upend our democracy

Fake news, misinformation and cyber attacks are part of our political process – now is the time to act Continue Reading

Alarm bells ring, the IoT is listening

With Christmas bearing down on us, a series of vulnerability disclosures has drawn attention to the parlous state of IoT security, and serves as a timely warning to people planning to buy smart devices as gifts Continue Reading

Jailed hacker ordered to pay back £270k

An Essex man jailed in April over malware offences dating back years has been ordered to pay back the profits of his crime spree, and sell valuable assets Continue Reading

How commodities firm ED&F Man solved its threat detection challenges

After a minor server breach, leading commodities trader turned to Vectra’s Cognito service to expose hidden threats, spot privilege misuse, and conduct conclusive investigations Continue Reading

Dutch government must facilitate and coordinate a broad eID system

The Dutch government should push for an electronic ID system for its citizens that works across the public and private sectors, according to a report Continue Reading

Cyber security takes its place alongside UK’s armed services

Head of armed services says cyber security will take its place alongside the army, navy and air force as a key pillar of the UK’s defence strategy Continue Reading

Security Think Tank: Is data more or less secure in the cloud?

Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security professionals best work with their teams and cloud providers to resolve the problem? Continue Reading

Great Cannon DDoS operation fires on Hong Kong protesters

AT&T’s security unit has evidence that China is pressing its Great Cannon DDoS tool into service once again, specifically to target pro-democracy protests in Hong Kong Continue Reading

Two Russians indicted over Dridex and Zeus malware

The US Department of Justice has indicted two Russian citizens over their alleged role in the distribution of the virulent Bugat, or Dridex, and Zeus banking trojans Continue Reading

Cyber Girls First volunteers encourage girls to think high-tech

More than 80 schoolgirls spent a day learning about computer hackers and rocket science – Cyber Girls First hopes they will become the next generation of technologists Continue Reading

Aviatrix VPN vulnerability left user endpoints wide open

Immersive Labs has disclosed a serious vulnerability in VPN supplier Aviatrix’s enterprise client that could have granted hackers elevated user privileges across enterprise targets Continue Reading

Hackers primed to exploit 5G to Wi-Fi handover flaws

Warning that attackers will find new vulnerabilities to access voice and data on 5G mobile phones as carriers hand off calls and data to Wi-Fi networks to save bandwidth Continue Reading

RMIT to tackle cyber security challenges

Australia’s Royal Melbourne Institute of Technology has teamed up with Amazon Web Services to launch a Cloud Innovation Centre to solve cyber security challenges Continue Reading

Black Hat Europe: Red teams and blue teams must evolve in the 2020s

The red team versus blue team dichotomy is somewhat arbitrary and risks pigeonholing skilled security professionals into certain roles, says Facebook’s Amanda Rousseau Continue Reading

Tenable buys Indegy to integrate IT and OT security

Acquisition of industrial security specialist Indegy will create a unified, risk-based platform spanning both IT and OT security for Tenable Continue Reading

Chinese web users take more risks than Brits or Americans

A research paper published by the University of Birmingham seems to show that differences in cultural values have an impact both on risky behaviour online and legal regulation Continue Reading

Top Android apps at risk from StrandHogg vulnerability

Researchers at Promon say all of the 500 most-downloaded Android apps are at risk from a newly discovered vulnerability Continue Reading

Cyber criminal RAT busted by cops

Police forces around the UK have arrested nine people as part of an international operation targeting users of a remote access trojan Continue Reading

TfL locks down Oyster accounts to ward off credential stuffing

Mandatory password reset for all travellers who use Oyster and contactless payment systems follows minor breach incident earlier in 2019 Continue Reading

Hack Friday: This Christmas, fight back against cyber criminals

It’s nearly Christmas, and cyber attacks and fraud attempts in the retail sector are ramping up. Is it time to panic? And is there anything we can do beyond hammering home the message around basic cyber security hygiene? Continue Reading

The Security Interviews: Do cyber weapons need a Geneva Convention?

On a cold afternoon in Finland, F-Secure’s Mikko Hypponen discusses cyber weapons and nation state threats, and explains why arms limitations treaties might one day expand to include malware and other threats Continue Reading

Top APAC security predictions for 2020

More attacks on critical infrastructure, supply chain vulnerabilities and file-less attacks are some of the security threats that enterprises should keep an eye on next year Continue Reading

Security skills gap will take a decade to fill

The British education systems cannot move fast enough to address the security skills crisis, and in the absence of government action increased reliance on automation may be the least worst solution Continue Reading

CW500 Interview: Jonathan Moreira, CTO of PrimaryBid.com

In this CW500 video, Jonathan Moreira, CTO of PrimaryBid.com, gives a fintech startup’s perspective on the security challenges small businesses can face when adopting new technologies. Continue Reading

General Election 2019: The Conservatives’ technology policies and digital plans

With the UK gearing up for its third general election in four years, Computer Weekly outlines the Conservative and Unionist Party’s main technology policies and digital plans, as laid out in its manifesto Continue Reading

AI may open dangerous new frontiers in geopolitics

Truly artificial intelligence has the potential to provoke an international geopolitical crisis, warns F-Secure’s Mikko Hypponen Continue Reading

Conservatives propose national cyber crime force

Manifesto also says Tories would “empower the police to safely use new technologies like biometrics and artificial intelligence, along with the use of DNA, within a strict legal framework” Continue Reading

CW500 Interview: Paddy Francis, CTO, Airbus CyberSecurity

In this CW500 video, Paddy Francis, CTO, Airbus CyberSecurity shares his advice and experiences of keeping tabs on security when trying to introduce emerging digital technologies into large organisations. Continue Reading

Mystery surrounds leak of four billion user records

Threat researchers uncover four billion user records on a wide-open Elasticsearch server but who left them there is a mystery Continue Reading

Some 29,000 UK web domains suspended for criminal activity

Domain suspensions for criminal activity over the past year has dropped for the first time since 2014 Continue Reading

Labour pledges review of NCSC in UK security overhaul

The UK's National Cyber Security Centre may get expanded powers under a Labour government Continue Reading

Security Think Tank: Stopping data leaks in the cloud

Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security professionals best work with their teams and cloud providers to resolve the problem? Continue Reading

F-Secure’s Blackfin challenges perceptions of how AIs think

New research project aims to develop adaptive, autonomous and collaborative AI agents, and challenges the notion that machine intelligence should merely mimic human intelligence Continue Reading

CW Nordics: Automation pays off for Sweden’s social workers

Software robots are freeing up time for social workers in Sweden to help benefits claimants find employment and to receive the money they are entitled to. Also in this issue, read how Sweden’s SEB bank is using a Google-inspired, cloud-native core banking platform, and why India is leading the pack when it comes to IT outsourcing from the Nordic countries. Continue Reading

Mimecast blocked 99 billion suspicious emails in third quarter

Latest threat intelligence report reveals the scale of the threat posed by malicious emails, with the transport, legal and financial sectors hit hardest Continue Reading

Massive increase in fraud attacks on TSB customers during IT meltdown

There was a massive spike in attempts by fraudsters to steal from TSB customers when the bank’s IT systems failed in 2018 Continue Reading

Carbon Black to open Australia datacentre in 2020

Australia datacentre comes on the heels of VMware’s acquisition of Carbon Black and will serve organisations with data sovereignty requirements Continue Reading

Public sector risks downplayed by senior IT leaders

Sophos reveals a significant cyber security perception gap between senior IT and security leaders in the public sector and their front-line teams Continue Reading

Macy’s Magecart breach presages Christmas fraud spike

US retailer Macy’s admits some customer data was accessed by unknown actors during a week-long Magecart attack Continue Reading

Anti-stalkerware coalition calls time on intrusive abusers

New coalition plans to tackle the scourge of stalkerware as a tool of domestic and other forms of abuse Continue Reading

Businesses failing to wipe data from old endpoints

Organisations are not taking adequate precautions to sanitise data held on endpoints when refreshing their PC or mobile device estates Continue Reading

Managed services fuelling APAC security market

Spending on managed security services will account for almost half of Asia-Pacific’s cyber security market by 2023, as global and local providers shore up their offerings in the region Continue Reading

Is facial recognition happening too fast?

In this week’s Computer Weekly, as the information commissioner calls on police forces to slow down the introduction of facial recognition, we examine the issues. We look at what the use of DevOps methods means for storage strategy. And we talk to Microsoft’s global cyber security chief. Read the issue now. Continue Reading

Notorious hackers claim responsibility for Labour DDoS

Hackers claiming to represent Lizard Squad say they were behind a distributed denial of service attack on the UK’s Labour Party Continue Reading

Home Office Brexit app contains multiple security flaws

The Home Office’s Brexit app may be putting EU citizens’ personal data at risk Continue Reading

Cyber criminals tool up for Christmas fraud season

Organised criminals are trying to cash in on the festive retail boom with both brand new and tried-and-tested techniques Continue Reading

Collaborative security approaches underpin container success

Containers are helping organisations to accelerate age-old software development approaches, but success is underpinned by a constant and team-wide attention to security. Continue Reading

What the EU’s decision on Facebook means for social media

Recent ruling by the Court of Justice of the European Union will have global implications for social media companies and any organisations that host online content Continue Reading

11 new 5G hacks enable user device tracking and monitoring

Researchers at Purdue University and the University of Iowa publish details of several new 5G mobile network vulnerabilities Continue Reading

Attack on Labour shows need for DDoS defence but should alarm few

After being hit by two DDoS attacks in the space of 24 hours, many commentators are convinced the UK’s Labour Party is the victim of foreign interference in the General Election campaign. It probably isn’t Continue Reading

Taking responsibility for security in the cloud

From accidental leaks to full-on data breaches, maintaining security across cloud services is becoming a headache for enterprises. What questions should organisations be asking of their cloud service provider and, ultimately, whose responsibility is cloud security anyway? Continue Reading

Cyber risk insurance is more than just insurance

Insurance companies such as Chubb are offering incident response services and security tools to help companies improve their cyber security posture and better cope with cyber attacks Continue Reading