Hackers and cybercrime prevention
-
News
30 Apr 2025
Current SaaS delivery model a risk management nightmare, says CISO
JPMorgan Chase security chief Patrick Opet laments the state of SaaS security in an open letter to the industry and calls on software providers to do more to enhance resilience Continue Reading
-
News
30 Apr 2025
Co-op shuts off IT systems to contain cyber attack
A developing cyber incident at Co-op has forced the retailer to pull the plug on some of its IT systems as it works to contain the attack Continue Reading
-
E-Zine
07 Dec 2023
CW EMEA: Prepare for cyber war
When the war between Hamas and Israel began in October, cyber security professionals and major government and private organisations braced for an inevitable accompanying online war. In this issue of CW EMEA, we outline cyber war, patterns of threat activity, and find out what security teams can do to protect their organisations. We also look at Finland’s advances in quantum computing, how Belgian researchers have developed technology to help datacentres process data faster, and the secrets of KPN’s successful business transformation. Read the issue now. Continue Reading
-
News
06 Dec 2023
Government launches UK-wide Cyber Explorers Cup
Schoolkids across the UK are being called on to team up and defeat Herbert the Hacker in a new government-backed competition Continue Reading
-
Definition
05 Dec 2023
offensive security
Offensive security is the practice of actively seeking out vulnerabilities in an organization's cybersecurity. Continue Reading
-
Feature
05 Dec 2023
How to recover systems in the event of a cyber attack
Recovering compromised systems after a cyber attack isn’t easy, but understanding industry best practice offers a template for the key processes to follow Continue Reading
-
News
05 Dec 2023
Operator of Sellafield nuclear facility denies hacking claims
The operator of the Sellafield nuclear site has denied allegations that senior managers covered up a series of cyber security lapses that enabled Chinese and Russian threat actors to compromise its networks Continue Reading
-
E-Zine
05 Dec 2023
Technologies to support hybrid working
In this week’s Computer Weekly, our latest buyer’s guide looks at technologies to support hybrid working – even when your business is as unique as farming. We examine the new guidelines on AI cyber security published by G7 government security chiefs. And we find out how the Jaguar Formula E racing team is using digital twins to improve electric vehicle performance. Read the issue now. Continue Reading
-
News
04 Dec 2023
Rhysida ransomware gang hits hospital holding royal family’s data
Ransomware gang boasts of having stolen data on the royal family in an attack on a private London hospital Continue Reading
-
04 Dec 2023
What are the cyber risks from the latest Middle Eastern conflict?
The outbreak of war between Hamas and Israel in October 2023 has seen a wide variety of accompanying cyber attacks from hacktivists and other groups. We look at the risks to organisations Continue Reading
-
01 Dec 2023
Supporting a hybrid workforce
The now permanent shift to cloud services and the necessity of dealing with a hybrid workforce have changed modern IT Continue Reading
-
News
01 Dec 2023
Report reveals sorry state of cyber security at UK football clubs
Football clubs up and down the country are putting staff, players and fans alike at risk through outdated attitudes to cyber security, according to a report Continue Reading
-
Opinion
30 Nov 2023
Prepare for your worst day: How to create a cyber incident response plan
What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading
-
News
30 Nov 2023
Government’s Online Fraud Charter welcomed
The government has corralled 11 of the largest tech platforms in the world to commit to its Online Fraud Charter, designed to tackle online scams, fake adverts, and more Continue Reading
-
News
30 Nov 2023
Rhysida gang stole hundreds of gigabytes of British Library data
The Rhysida ransomware gang behind the cyber attack on the British Library has published almost 600GB of stolen data to its dark web leak site Continue Reading
-
News
29 Nov 2023
Law enforcement dismembers major ransomware operation in Ukraine
A joint law enforcement operation between the Ukrainian authorities, Europol and Eurojust has seem five ransomware operators taken into custody Continue Reading
-
News
29 Nov 2023
Scope of Okta helpdesk breach widens to impact all users
Okta has widened the scope of the October breach of its systems to include every customer that has used its helpdesk service, after new information came to light Continue Reading
-
Definition
28 Nov 2023
timing attack
A timing attack is a type of side-channel attack that exploits the amount of time a computer process runs to gain knowledge about or access a system. Continue Reading
-
News
28 Nov 2023
Scope of British Library data breach widens
Personal data on British Library users has appeared for sale on the dark web following a Rhysida ransomware attack, as the scope of the still-developing incident widens again Continue Reading
-
News
28 Nov 2023
Volume of unique malware samples threatens to overwhelm defenders
A massive increase in malware volumes could cause problems for security teams tasked with adapting their defences against them Continue Reading
-
News
27 Nov 2023
The Security Interviews: Zeki Turedi, field CTO Europe, CrowdStrike
Organisations are racing to keep their security up to date against the latest threats. CrowdStrike’s Zeki Turedi explains how to protect against novel and innovative cyber attacks Continue Reading
-
News
24 Nov 2023
APAC organisations warm to microsegmentation
Nearly two-thirds of organisations in the APAC region see microsegmentation as a way to protect their IT assets, but lack the skills to deploy the technology Continue Reading
-
News
23 Nov 2023
MOVEit incident spurred UK decision makers to spend big on cyber
The MOVEit cyber attacks that unfolded in the spring and summer of 2023 seem to have driven an increase in both ransomware awareness and spend, according to a report Continue Reading
-
News
23 Nov 2023
North Korean APTs go all in on supply chain attacks, warns NCSC
Threat actors linked to the North Korean regime are becoming more adept at targeting software supply chains in the service of their cyber attacks Continue Reading
-
News
23 Nov 2023
Australia ups ante on cyber security
Australia’s new cyber security strategy will focus on building threat-blocking capabilities, protecting critical infrastructure and improving the cyber workforce, among other priorities Continue Reading
-
News
22 Nov 2023
An inside look at a Scattered Spider cyber attack
Threat researchers at ReliaQuest share the inside track on a Scattered Spider cyber attack they investigated Continue Reading
-
News
22 Nov 2023
CISA reveals how LockBit hacked Boeing via Citrix Bleed
As alarm grows around the world about the impact of the so-called Citrix Bleed vulnerability, Boeing has shared details of its experience at the hands of the LockBit ransomware crew Continue Reading
-
News
21 Nov 2023
Over half of SME cyber incidents now ‘malware-free’
The age of malware-driven cyber attacks may have peaked, at least when it comes to incidents affecting small and medium sized enterprises Continue Reading
-
News
21 Nov 2023
Internal documents leaked as Rhysida claims responsibility for British Library ransomware attack
Ransomware group Rhysida threatens to sell documents stolen from the British Library to the highest bidder Continue Reading
-
E-Zine
21 Nov 2023
Can AI take education to a new level?
In this week’s Computer Weekly, we examine how large language models are being used to teach, support and assess students, enhancing education rather than impairing it. We look at how the AI revolution is impacting the semiconductor sector as the big tech companies put off server upgrades. And we find out how generative AI is changing the way enterprise software works. Read the issue now. Continue Reading
-
News
20 Nov 2023
Defence lawyers seek appeal of tribunal ruling on police EncroChat cryptophone hack
Defence lawyers are seeking leave to appeal against a tribunal ruling that found the National Crime Agency had lawfully obtained warrants to access messages from 9,000 cryptophones used in the UK Continue Reading
-
Definition
16 Nov 2023
Automated Clearing House fraud (ACH fraud)
ACH fraud is the theft of funds through the U.S. Department of the Treasury's Automated Clearing House financial transaction network. Continue Reading
-
News
16 Nov 2023
Royal Mail spent £10m on cyber measures after LockBit attack
Royal Mail has spent approximately £10m on recovery and improved cyber resilience measures in the wake of the January 2023 LockBit ransomware attack Continue Reading
-
News
16 Nov 2023
Ransomware gang grasses up uncooperative victim to US regulator
The ALPHV/BlackCat ransomware gang has added a new tactic to its playbook, going to ever more extreme lengths in search of a pay-off Continue Reading
-
News
16 Nov 2023
British Library’s Halloween cyber scare was ransomware
The British Library has provided an update on an ongoing cyber incident affecting its systems, confirming it to be the result of a ransomware attack Continue Reading
-
News
15 Nov 2023
BlackCat affiliate seen using malvertising to spread ransomware
Researchers at eSentire identified a wave activity from an ALPHV/BlackCat ransomware affiliate which has adopted a somewhat unusual approach to delivering its locker Continue Reading
-
News
15 Nov 2023
Russian cyber criminal pleads guilty to running IPStorm botnet
Sergey Manikin faces years in jail after his illicit proxy botnet service was taken down by US law enforcement Continue Reading
-
News
15 Nov 2023
US government reinforces ICBC hack link to Citrix Bleed
US Treasury adds weight to reports that a ransomware gang gained access to the systems of Chinese bank ICBC by exploiting a critical Citrix flaw Continue Reading
-
News
15 Nov 2023
How Gigamon is making its mark in deep observability
Gigamon CEO Shane Buckley talks up the company’s ability to inspect encrypted network traffic for malicious activity, how it stands out with its deep observability capabilities and the tailwinds that are fuelling its growth Continue Reading
-
News
14 Nov 2023
Fast-acting cyber gangs increasingly disabling telemetry logs
Sophos guidance for security practitioners and defenders highlights a growing trend for threat actors to disable or wipe telemetry logs to cover their tracks Continue Reading
-
E-Zine
14 Nov 2023
The UK AI Safety Summit – what did it achieve?
In this week’s Computer Weekly, we look back at the UK government’s AI Safety Summit and assess what it achieved – and what it didn’t. Our latest buyer’s guide examines the future of business software and modernising legacy applications. And we find out how the UK Product Security and Telecommunications Infrastructure Act aims to protect your smart devices. Read the issue now. Continue Reading
-
News
13 Nov 2023
Rogue state-aligned actors are most critical cyber threat to UK
The prospect of rogue nation-state-aligned attackers bringing down the UK’s critical infrastructure is keeping the NCSC up at night Continue Reading
-
News
13 Nov 2023
Lloyds Bank warns over rising threat of crypto scams
Report by Lloyds Banking Group finds there has been a 23% increase in cryptocurrency scams in 2023 compared with last year, targeting mostly younger investors Continue Reading
-
News
13 Nov 2023
Encrypted mail service Tuta says it was wrongly accused of being a front for intelligence services
German encrypted email service Tuta, formerly known as Tutanota, has denied claims by a former Canadian police intelligence officer accused of passing secrets to criminals that it was compromised by intelligence services Continue Reading
-
News
13 Nov 2023
Victims’ legal action over 2015 Carphone Warehouse breach moves forward
A class action against Currys Retail over the 2015 data breach of Carphone Warehouse customers has been granted permission to move forward in the courts Continue Reading
-
News
10 Nov 2023
Ransomware attack on major Chinese lender disrupts financial markets
The financial services arm of one of the world’s largest banks was taken offline by a supposed LockBit ransomware attack, causing problems for US markets Continue Reading
-
News
10 Nov 2023
APAC cyber security workforce hits record high
The cyber security workforce in Asia-Pacific now stands at just under a million people, but demand for cyber security talent in the region continues to outpace supply Continue Reading
-
News
09 Nov 2023
Revealed: How Russia’s Sandworm ramped up attacks on Ukraine’s critical infrastructure
New Mandiant intelligence reveals how the APT known as Sandworm has been evolving its playbook, twisting legitimate executables known as LoLBins into malicious tools as it seeks to disrupt daily life in Ukraine Continue Reading
-
News
09 Nov 2023
NCSC makes annual Black Friday plea to consumers
Ahead of the annual festival of retail avarice, the NCSC is once again asking consumers to do the bare minimum to avoid falling victim to scams Continue Reading
-
News
09 Nov 2023
Suspected ransomware attack hits Scottish council
Systems at Comhairle nan Eilean Siar were downed on 7 November in a suspected ransomware attack Continue Reading
-
E-Zine
09 Nov 2023
Heineken lets the data flow
In this month’s CW EMEA ezine, we find out about Heineken’s mission to make the most out of the data it holds through an enterprise-wide data ecosystem. We also look at how the UK has turned its back on the German government-funded Gaia-X data platform, why cyber experts are urging the EU to rethink vulnerability disclosure plans, and how the IT industry is responding to the software developer skills shortfall. Read the issue now. Continue Reading
-
Opinion
08 Nov 2023
The plan for the inevitable cyber attack: Get the gist of NIST
What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading
-
News
08 Nov 2023
Iconic Singapore hotel caught up in major data breach
The Marina Bay Sands resort in Singapore uncovered a data breach of its guest loyalty programme last month Continue Reading
-
News
08 Nov 2023
King’s Speech misses the mark on cyber law reform, says campaign
A group of activists who want to reform the UK’s computer misuse laws to protect bona fide cyber pros from prosecution have been left disappointed by a lack of legislative progress Continue Reading
-
News
07 Nov 2023
Researchers ‘break’ rule designed to guard against Barracuda vulnerability
Vectra AI researchers found that a Suricata rule designed to detect exploitation of a dangerous Barracuda Email Security Gateway flaw was not entirely effective Continue Reading
-
News
07 Nov 2023
Unesco unveils seven-point anti-disinformation plan
United Nations body outlines seven proposals for civil society, governments, regulators and tech platforms to adopt to combat the source of disinformation Continue Reading
-
Opinion
06 Nov 2023
IR plans: The difference between disaster and recovery
What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading
-
News
06 Nov 2023
Shadow IT use at Okta behind series of damaging breaches
Okta now believes the initial access vector in a series of damaging breaches was one of its own employees who used a corporate device to sign into their personal Google account Continue Reading
-
News
06 Nov 2023
How Trellix’s CISO keeps threat actors at bay
Trellix’s chief information security officer, Harold Rivas, outlines how the company mitigates security threats through containment and by helping security analysts to respond faster to cyber incidents Continue Reading
-
Feature
03 Nov 2023
SolarWinds hack explained: Everything you need to know
Hackers targeted SolarWinds by deploying malicious code into its Orion IT monitoring and management software used by thousands of enterprises and government agencies worldwide. Continue Reading
-
News
02 Nov 2023
Admins told to take action over F5 Big-IP platform flaws
Two vulnerabilities in the widely used F5 Networks Big-IP platform are now being exploited in the wild Continue Reading
-
News
02 Nov 2023
How the UK crime agency repurposed Amazon cloud platform to analyse EncroChat cryptophone data
UK crime agency repurposed AWS-based analytics platform to triage EncroChat data and identify threats to life in messages sent on encrypted phone network Continue Reading
-
Opinion
01 Nov 2023
Incident response planning is vulnerable to legacy thinking
What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading
-
News
01 Nov 2023
Lloyds bank kicks off Hyderabad operation
Lloyds Banking Group has opened its latest tech operation in Hyderabad, with plans to recruit around 600 IT experts Continue Reading
-
News
31 Oct 2023
British Library falls victim to cyber attack
The British Library is experiencing a major IT outage following a cyber incident of an undisclosed nature Continue Reading
-
News
31 Oct 2023
SEC sues SolarWinds, alleging serious security failures
SolarWinds and its CISO have been charged with fraud and internal control failures by the US authorities amid allegations of a series of cyber security failings leading up to the 2020 Sunburst attacks Continue Reading
-
Opinion
30 Oct 2023
Reported major cyberattacks are falling – but watch out for the massive threats posed by gen AI
The number of reported major cyberattacks is falling. Are we just getting used to them? Continue Reading
-
News
27 Oct 2023
Tech firms cite risk to end-to-end encryption as Online Safety Bill gets royal assent
Tech firms continue to be concerned that the Online Safety Bill could undermine end-to-end encryption despite government reassurances Continue Reading
-
News
27 Oct 2023
Microsoft warns over growing threat from Octo Tempest gang
The English-speaking Octo Tempest extortion gang – which became an ALPHV/BlackCat affiliate recently – presents one of the most significant and rapidly growing threats to large organisations at this time, says Microsoft Continue Reading
-
News
27 Oct 2023
How Elastic manages cyber security threats
Mandy Andress, CISO at Elastic, highlights the company’s approach to tackling evolving cyber threats through the use of AI tools and enhanced security measures while strengthening the capabilities of its security offerings Continue Reading
-
News
27 Oct 2023
Germany: European Court opinion kicks questions over EncroChat back to national courts
Germany lawfully obtained data on German EncroChat users from France, but whether the evidence is legally admissible is a matter for national courts Continue Reading
-
News
26 Oct 2023
ChatGPT, Bard, lack effective defences against fraudsters, Which? warns
Consumer advocacy Which? warns that popular generative AI tools are vulnerable to loopholes that render existing protections against malicious usage easily bypassed Continue Reading
-
News
26 Oct 2023
Exploitation of Citrix NetScaler vulns reaching dangerous levels
Observed activity exploiting two new Citrix NetScaler vulnerabilities disclosed earlier this month is ramping up, and users may be running out of time to patch lest they be attacked Continue Reading
-
News
25 Oct 2023
UK Finance paints mixed picture of fraud as losses top £500m
UK losses to fraud in the first six months of the year topped £500m, but a slight decline in overall crime rates was observed, according to UK Finance’s latest data Continue Reading
-
News
25 Oct 2023
Demystifying the top five OT security myths
Goh Eng Choon, president of ST Engineering’s cyber business, outlines the common myths around OT security in a bid to raise awareness of the security challenges confronting OT systems Continue Reading
-
News
25 Oct 2023
1Password caught up in Okta support breach
After breaches at BeyondTrust and Cloudflare, 1Password, a third customer of Okta operating in the same space, has revealed that it too was impacted in a breach of the IAM house’s support systems Continue Reading
-
News
24 Oct 2023
Cisco hackers likely taking steps to avoid identification
Cisco confirms that a drop in detections of devices compromised by two zero-days was likely the result of reactive measures taken by the threat actors to avoid discovery Continue Reading
-
News
24 Oct 2023
Research team tricks AI chatbots into writing usable malicious code
Researchers at the University of Sheffield have demonstrated that so-called Text-to-SQL systems can be tricked into writing malicious code for use in cyber attacks Continue Reading
-
News
24 Oct 2023
Kaspersky opens up over spyware campaign targeting its staffers
Kaspersky has shared more details of the TriangleDB spyware that was used against its own workforce by an unknown APT group Continue Reading
-
News
24 Oct 2023
Customers speak out over Okta’s response to latest breach
Customers of identity specialist Okta have been attacked via a compromise of its systems, and are claiming Okta’s response leaves something to be desired Continue Reading
-
News
24 Oct 2023
NetApp ‘unified storage’ adds new ASA block storage at Insight
Las Vegas event sees NetApp continue its evolution to hybrid cloud and data management player announce ASA C-series and Keystone and Kubernetes storage enhancements Continue Reading
-
News
23 Oct 2023
Cisco pushes update to stop exploitation of two IOS XE zero-days
Cisco releases updates to thwart exploitation of two flaws affecting users of its IOS XE software Continue Reading
-
News
23 Oct 2023
How Ensign is leading the charge in cyber security
Lee Fook Sun, chairman of Ensign InfoSecurity, traces the company’s journey and how it is leading the charge in cyber security by doing things differently, investing in R&D and engaging with the wider ecosystem Continue Reading
-
News
20 Oct 2023
Computer Weekly contributor named Godfather of UK Security
Advent IM founder Mike Gillespie was among those honoured at the eighth annual Security Serious Unsung Heroes Awards Continue Reading
-
News
20 Oct 2023
Five Eyes chiefs warn of Chinese spying campaign to steal high-tech secrets
Intelligence chiefs warn high-tech companies and universities they may be the target of attempts by the Chinese Communist Party to steal technology secrets Continue Reading
-
E-Zine
20 Oct 2023
CW APAC: Buyer’s guide to IAM
Identity access management tools are proving pivotal in the race to outwit cyber criminals. In this handbook, focused on IAM in the Asia-Pacific region, Computer Weekly takes a closer look at their capabilities, CyberArk’s growth, the uses of automation and how ForgeRock enhances user experience. Continue Reading
-
News
20 Oct 2023
RagnarLocker cyber gang that pioneered double extortion busted
Europol and the FBI have taken down the RagnarLocker ransomware crew, a long-standing gang that helped pioneer some now common tactics, taking its dark web negotiation and data leak sites offline Continue Reading
-
News
19 Oct 2023
Fears grow over extent of Cisco IOS XE zero-day
Researchers have identified spiking numbers of victims of a recently disclosed Cisco zero-day, as users of the networking supplier’s IOS XE software are urged to take defensive measures Continue Reading
-
News
19 Oct 2023
Sellafield local authority unsure if data was stolen six years on from North Korea ransomware attack
Senior managers at an ‘Achilles heel’ local authority for Europe’s biggest nuclear site ‘still don’t know what was lost’ in a 2017 cyber attack, according to a council source Continue Reading
-
Definition
18 Oct 2023
antispoofing
Antispoofing is a technique for identifying and dropping packets that have a false source address. Continue Reading
-
News
18 Oct 2023
What are the cyber risks from the latest Middle Eastern conflict?
The outbreak of war between Hamas and Israel in October 2023 has seen a wide variety of accompanying cyber attacks from hacktivists and other groups. We look at the risks to organisations Continue Reading
-
News
17 Oct 2023
Five Eyes issues five tips on thwarting nation state threats
Intelligence chiefs from the UK, Australia, Canada, New Zealand and the US have published guidance on building resilience against nation state cyber threats Continue Reading
-
News
17 Oct 2023
Hacktivist attacks against Israeli websites mirror attacks following Russian invasion of Ukraine
Hacktivists supporting Gaza and Palestine have launched hundreds of website defacement attacks against Israeli websites, mirroring the pattern of attacks that occurred after Russia’s invasion of Ukraine Continue Reading
-
News
17 Oct 2023
Alert sounded over dangerous Cisco IOS XE zero-day
Cisco warns customers using its IOS XE software of a newly discovered vulnerability that could enable a threat actor to take over their systems Continue Reading
-
News
17 Oct 2023
What it takes to succeed in DevSecOps
Providing engineering leadership and balancing between speed and security are some areas that organisations will need to focus on in their DevSecOps journey Continue Reading
-
News
13 Oct 2023
US SEC launches probe into mass MOVEit breach
Progress Software is facing an investigation from the SEC for the breach of its MOVEit tool, as well as dozens of legal battles resulting from the exfiltration of personal data from the roughly 2,000 organisations affected Continue Reading
-
News
11 Oct 2023
Why only 1% of the Snowden Archive will ever be published
Speaking to Computer Weekly after we published new revelations from the Snowden archive, the Guardian’s Pulitzer Prize winner, Ewen MacAskill, explains why more of the Snowden trove is unlikely to see the light of day Continue Reading
-
News
10 Oct 2023
MGM faces £100m loss from cyber attack on its casinos
MGM Resorts has provided further details on the fallout of the hack targeting its casinos in early September, confirming that a range of personal information has been stolen and that it will likely cost the firm around $100m Continue Reading
-
News
05 Oct 2023
Microsoft: Nation-state cyber espionage on rise in 2023
Microsoft’s latest Digital Defence Report outlines how nation-state cyber activity has largely moved from destructive attacks to espionage and intelligence gathering Continue Reading
-
News
05 Oct 2023
Red Cross issues rules of engagement for hackers in conflicts
The digital rules of engagement are the first time cyber activity has been looked at by the conflict watchdog, but a number of hacker groups have already come out and said they will not be following them Continue Reading
-
News
05 Oct 2023
Ransomware dwell times now measured in hours, says Secureworks
Ransomware payloads are now being deployed and executed within 24 hours in more than 50% of cases, according to Secureworks’ annual report Continue Reading
-
Feature
04 Oct 2023
Ransomware: All the ways you can protect storage and backup
We survey the key methods of ransomware protection, including immutable snapshots, anomaly detection, air-gapping, anomaly detection, and supplier monetary guarantees Continue Reading