Hackers and cybercrime prevention

How Dutch hackers are working to make the internet safe

We hear how the personal mission of a Dutch hacker grew into a serious organisation with international ambitions Continue Reading

European Commission proposes new cyber security regulations

New cyber and information security regulations have been proposed by the European Commission to create a minimum set of standards in both areas Continue Reading

London police arrest seven in connection to Lapsus$

Seven people arrested by London police over cyber attacks carried out by Lapsus$ group, which is responsible for a number of recent, high profile attacks Continue Reading

Anonymous claims it has hacked the Central Bank of Russia

Hackers operating under the Anonymous banner claim to have stolen more than 35,000 sensitive files from the Central Bank of Russia as part of its cyber war against the Russian state Continue Reading

Ransomware demands and payments increase with use of leak sites

Ransomware demands and payments continue to climb as gangs increasingly turn to Dark Web leak sites to add pressure on victims Continue Reading

How India organisations can mitigate cyber threats

Organisations in India will need to invest more in cloud security, gain more visibility into their systems and improve security awareness among employees to fend off cyber attacks Continue Reading

Biden issues warning about Russian cyber attacks

President Biden has said that US companies running critical infrastructure should immediately harden their defences in anticipation of potential cyber attacks from Russia Continue Reading

Details of Conti ransomware affiliate released

Information about a new Conti affiliate has been released by eSentire and BreakPoint Lab after a joint investigation into the group’s indicators of compromise Continue Reading

Revised scope of UK security strategy reflects digitised society

The omission of the word ‘security’ from the title of the UK government’s new National Cyber Strategy is a telling one, reflecting our increasingly digitised society, say Maximillian Brook and Arunoshi Singh of the ISF Continue Reading

UK Cyber Strategy a welcome injection of progress

The National Cyber Strategy should be seen as a welcome injection of both focus and investment in bettering cyber defence for everyone, says Turnkey Consulting senior consultant Louise Barber Continue Reading

Dark web littered with Ukraine crypto scammers

Cryptocurrency scammers are actively targeting people trying to donate funds to support Ukraine Continue Reading

Ukrainian cyber defences prove resilient

Thanks to a combination of prior experience and global support, Ukraine’s defences against cyber incidents are holding strong in the face of Russian attacks Continue Reading

National Cyber Strategy will enhance UK’s cyber power status

The UK punches above its weight when it comes to wielding cyber power around the world, but challenges to this status are clear. The National Cyber Strategy has a clear role to play in maintaining and enhancing this status, writes Paddy Francis of Airbus Cybersecurity Continue Reading

NCSC catches 10 million phishes

Nation Cyber Security Centre’s scam email reporting service enjoys great success as government embarks on new cyber awareness campaign Continue Reading

Alarm raised over ‘trickster’ LokiLocker ransomware

The new LokiLocker ransomware is, like its namesake, adept at tricks and misdirection, say BlackBerry researchers Continue Reading

FCSA takes steps to help umbrella company members protect themselves better from cyber attacks

After a spate of suspected ransomware attacks on its members, the Freelance and Contractor Services Association is partnering with a cyber security firm that can coach its umbrella firms on how to protect themselves better Continue Reading

Biden signs ransomware reporting mandate into law

CNI operators in the US must now report cyber attacks within 72 hours, and ransomware payments within 24 hours Continue Reading

Two men convicted after using EncroChat cryptophones to plot killing

Evidence from the encrypted phone network EncroChat led to the conviction of two men for conspiracy to murder Continue Reading

CaddyWiper is fourth new malware linked to Ukraine war

ESET’s cyber security analysts have identified yet another destructive wiper malware being used against targets in Ukraine Continue Reading

How cyber security teams can conquer the four-day working week

The four-day week may be an idea whose time has come, but for always-on cyber security professionals, the impact of squeezing more work into fewer days is a tricky proposition Continue Reading

Supreme Court refuses Julian Assange extradition appeal

The case will be referred to the home secretary Priti Patel to make a decision. The WikiLeaks founder has yet to say whether he will file further appeals Continue Reading

How the tech sector is supporting Ukraine

In this week’s Computer Weekly, we examine the global tech sector response to the invasion of Ukraine, and how hackers are responding to calls for an IT army to target Russia. Our latest buyer’s guide looks at cloud-based ERP and other business applications. And IBM’s UK chief tells us how Big Blue is reinventing itself. Read the issue now. Continue Reading

Direct action is a risky business for Ukraine's volunteer hackers

Hackers have been responding to Ukraine’s call to create an IT army, but there are many reasons why taking direct action in a kinetic conflict is a bad idea Continue Reading

Ukraine: Cyber warfare and IT industry boycott of Russia – Computer Weekly Downtime Upload podcast

Alex Scroxton joins the team to discuss the cyber war dimension of the conflict arising from Russia’s invasion of Ukraine, and the IT industry’s response to Putin’s war Continue Reading

How can I avoid an exodus of cyber talent linked to stress and burnout?

Cyber security professionals have played a crucial role during the pandemic, yet many feel like their employers aren’t providing adequate mental health support and have considered quitting their jobs as a result. What can employers do to help them? Continue Reading

Encryption myths versus realities of Online Safety Bill

The UK government can’t legislate the impossible – a safer society depends on encryption, not breaking it Continue Reading

Kaspersky forced to deny source code leak

Kaspersky says an alleged leak of its source code was in fact material anyone could have gleaned from its public servers Continue Reading

Police EncroChat cryptophone hacking implant did not work properly and frequently failed

Surveillance operation against EncroChat encrypted phone network had repeated technical failures Continue Reading

National Cyber Strategy misses the mark in one important way

The National Cyber Strategy is full of fine words, says Petra Wenham, but as the old expression goes, fine words butter no parsnips, and it misses the mark in one very important way Continue Reading

Tech brands sign on to HackerOne responsible security drive

Tech companies sign HackerOne’s new corporate security responsibility pledge to bring cyber out of the shadows and promote effective, secure development practices Continue Reading

Government to force tech firms to stop fraudsters using their platforms for scams

Changes to legislation will make social media and search engine firms responsible for preventing fraudsters using their platforms to commit crimes Continue Reading

Paid-for advertising measures included in Online Safety Bill

New measures to deal with fraudulent paid-for advertising have been included in the government’s draft Online Safety Bill, marking the fourth extension in two months Continue Reading

Strategic Review of Policing: Police tech needs better ethical scrutiny

The Strategic Review of Policing confirms the central role that tech will be playing going forward, but warns of the need for greater ethical scrutiny to ensure public trust Continue Reading

China’s APT41 exploited Log4j within hours

APT41 compromised multiple government organisations via the Log4Shell exploit within hours of its initial disclosure, Mandiant claims Continue Reading

How APAC organisations can mitigate edge security threats

The move to the edge expands an organisation’s attack surface. Here are some measures that organisations can take to minimise their edge security risks Continue Reading

When more is too much in security

The view that more security tools equals better protection still persists, but security researcher Etay Maor argues that success in cyber lies in simplicity Continue Reading

Ukraine joins Nato cyber knowledge hub

Ukraine is to become a contributing participant in Nato’s Cooperative Cyber Defence Centre of Excellence Continue Reading

Microsoft stops sales of products and services to Russia

Citing sanctions and cyber security concerns, Microsoft has become the latest company to withdraw from the Russian market Continue Reading

Universities need better protection from email-based cyber attacks

The need to educate university staff and students on avoiding email-based cyber attacks is more acute than ever, says Proofpoint’s Adenike Cosgrove Continue Reading

Boardroom does not see ransomware as a priority

Less than a quarter of company directors think ransomware is a top priority for their security teams, according to Egress Continue Reading

Direct action is a risky business for Ukraine's volunteer hackers

Hackers have been responding to Ukraine’s call to create an IT army, but there are many reasons why taking direct action in a kinetic conflict is a bad idea Continue Reading

Use of encrypted Telegram platform soars in Ukraine, Russia

Encrypted messaging service Telegram is proving a valuable asset to both sides in Russia’s war on Ukraine Continue Reading

Cyber companies step up support for Ukraine

Security companies Bitdefender and Vectra AI are both to offer products and services in support of Ukraine Continue Reading

SunSeed malware hits those involved in Ukraine refugee relief

European governments involved in managing the logistics of hundreds of thousands of people fleeing Ukraine have been targeted by a suspected state-backed actor Continue Reading

Toyota production to resume after supply chain attack

Toyota production has been set back by over 10,000 vehicles following a cyber attack on a critical components supplier in Japan Continue Reading

BBC blasted with millions of malicious emails

Responding to an FoI request, the BBC has revealed it receives more than 300,000 malicious email attacks every day Continue Reading

DCMS opens consultation on telecoms cyber standards

Proposed rules will set out the specific measures telecoms providers need to take to fulfil their legal duties under the Telecommunications Security Act Continue Reading

ESET details new IsaacWiper malware used on Ukraine

Having been among the first to report on the HermeticWiper malware used against Ukraine last week, ESET has now identified another destructive malware called IsaacWiper Continue Reading

Ukraine cyber attacks seen spiking, but no destructive cyber war yet

While cyber attacks linked to Russia’s war on Ukraine are taking place, they are having little impact beyond the region Continue Reading

Cloudflare: Our network is our product

Cloudflare’s chief product officer explains why its network is its product and how it protects organisations against cyber threats Continue Reading

Mass phishing attacks against Ukrainian citizens reported

The Ukrainian cyber authorities are alerting people located in the country to be alert to phishing attacks Continue Reading

Darktrace buys attack surface management firm Cybersprint

Emergent AI cyber specialist Darktrace is to pay £39.7m for Netherlands-based Cybersprint Continue Reading

The UK’s cyber security sector is thriving, but our work has only just begun

The government’s Annual Cyber Sector Report painted a positive picture of the UK security industry. CIISec’s Amanda Finch thinks we can go further in developing cyber talent and opening up the sector Continue Reading

Researchers link Dridex botnet to emergent Entropy ransomware

A little-known new ransomware called Entropy contains significant code similarities to the general purpose Dridex botnet, suggesting some kind of link between the two Continue Reading

KnowBe4 cyber drama tackles Colonial Pipeline in fourth season

KnowBe4’s ongoing cyber security training drama, The Inside Man, reaches its fourth season with a plot drawing inspiration from one of the most impactful cyber attacks of 2021 Continue Reading

New wave of cyber attacks on Ukraine preceded Russian invasion

A wave of DDoS attacks, and a second data wiper attack, were seen hitting Ukraine in the hours leading up to the Russian invasion Continue Reading

New cyber guidelines to safeguard construction sector

NCSC launches sector-specific security guidance for organisations in the construction industry, with input from the Chartered Institute of Building Continue Reading

Russia behind dangerous Cyclops Blink malware

Joint NCSC CISA advisory attributes a dangerous malware, dubbed Cyclops Blink, to Russia’s Sandworm APT, likely a GRU unit, with WatchGuard users at particular risk Continue Reading

Nordic companies targeted in wave of cyber attacks

 Continue Reading

Salesforce pays out over £2m in bug bounties

Salesforce says it received more than 4,000 vulnerability reports in 2021 alone as it delivers a rare public update on its bug bounty programme Continue Reading

DCMS launches free cyber skills platform for kids

Government introduces free online cyber skills training for schoolchildren to encourage them into cyber security roles in the future and help address the skills gap Continue Reading

Backups ‘no longer effective’ for stopping ransomware attacks

Traditional methods of mitigating ransomware are less efficacious thanks to the rise in double and triple extortion techniques Continue Reading

No imminent cyber threat to UK from Russia

Intelligence officials say they have no evidence or indication that Russian cyber attackers are preparing offensive assaults on infrastructure or organisations in Britain Continue Reading

IBM opens cyber security hub in India

Big Blue’s new cyber security hub, comprising a cyber range, software development facilities and a security operations centre, will serve enterprises across the Asia-Pacific region Continue Reading

Tech acquisition to be major priority for UK police

Policing minister cites technology as major focus for future of UK police, in comments made ahead of the publication of the Strategic Review of Policing in England and Wales Continue Reading

UK organisations swift to chide phishing victims

While UK organisations are doing better at security training, many are quick to punish employees who fall victim to phishing attacks, whether real or simulated Continue Reading

Security Think Tank: Good training is all about context

In-house or outsourced? What makes a good security training programme, and what questions should buyers ask when procuring training as a service? Continue Reading

Think nation-state cyber attacks won’t hit you? Think again…

In this week’s Computer Weekly, with Russian state cyber attacks in the news, we find out why security professionals in every organisation need to remain alert. Our buyer’s guide looks at the tools and programmes helping improve IT training. And we look at how the traditional sport of golf is undergoing a digital transformation. Read the issue now. Continue Reading

Why security professionals should pay attention to what Russia is doing

Even though the average organisation is an unlikely target for a Russian state cyber attack, here's why security teams still need to watch what Russian threat groups are up to Continue Reading

UK joins US in pinning Ukraine DDoS attacks on Russia

A series of DDoS attacks on Ukrainian defence and banking organisations last week is now being firmly attributed to Russian action Continue Reading

Lawyers say ‘unprecedented’ secrecy deprived EncroChat defendants of fair trials

Lawyers from seven countries say it is impossible for their clients to challenge the accuracy, authenticity, reliability and legality of the evidence against them Continue Reading

UK organisations untroubled by Trickbot surge

A surge in Trickbot infections is targeting some of the world’s most prominent brands, but UK organisations seem thankfully unaffected Continue Reading

It takes a village: Protecting kids online is everyone’s responsibility

The rapid uptake of smartphones among children has contributed to the increasing number of cases of cyber bullying and online grooming. Is this an educational issue or a cultural problem, and can modern enterprise help? Continue Reading

Red Cross cyber attack the work of nation-state actors

The International Committee of the Red Cross now believes the January 2022 attack on its systems to have been the work of an undisclosed nation state Continue Reading

2021 another record year for UK cyber investment

Total revenue generated by the UK’s cyber sector was up 14% last year, and UK-registered security firms raised over £1bn in investment Continue Reading

DDoS attacks hit Ukrainian defence ministry and banks

A further wave of cyber attacks has taken place against targets in Ukraine amid heightened tension in the region Continue Reading

BlackCat ransomware gang claims responsibility for Swissport attack

Ransomware gang is trying to offload 1.6TB of data stolen from aviation services firm Continue Reading

Retrospect Backup refines anomaly detection in ransomware battle

StorCentric backup software brand allows customer fine-tuning of anomaly detection in struggle against ransomware, and adds immutable copies via object locking in Azure Continue Reading

Parasol data breach: Frustrated IT contractors dig into the dark web in search of their data

The emergence on the dark web of passports, payslips and other personal documents belonging to contractors affected by the cyber attack and subsequent data breach at Parasol is prompting group actions and forcing some IT contractors to find out for themselves if their data has been compromised Continue Reading

TA2451 targets aviation and transport sector with tailored lures

Newly designated cyber criminal group favours highly specific lures and a tried-and-tested modus operandi to compromise targets in the aviation, aerospace and transport sectors Continue Reading

China emerges as leader in vulnerability exploitation

Threat actors linked to China are emerging as a significant force in the weaponisation of newly discovered CVEs Continue Reading

Lack of knowledge disastrous for effective security strategy within Dutch companies

Most Dutch companies still haven’t realised that security is an integral part of their IT and company strategy Continue Reading

Why security professionals should pay attention to what Russia is doing

Even though the average organisation is an unlikely target for a Russian state cyber attack, here's why security teams still need to watch what Russian threat groups are up to Continue Reading

Hackney Council could be forced to answer questions about IT security training after Psya ransomware

Council is negotiating with the information commissioner after refusing to reply to questions under the Freedom of Information Act about staff IT and security training during the pandemic Continue Reading

How diplomatic immunity silenced the prosecutor who coordinated Sweden’s EncroChat probe

Defence lawyers claim Swedish court decision not to hear evidence from a Swedish prosecutor leaves important legal questions unanswered over international police operation to hack EncroChat cryptophone network Continue Reading

Phishing tests are a useful exercise, but don’t overdo it

The vast majority of cyber attacks start with a phish, so it’s not surprising that phishing tests form part of cyber training plans. But sometimes these tests go too far. Cyberis’ Gemma Moore looks at how to avoid the pitfalls Continue Reading

Linux-based clouds an open door for attackers, says VMware

Its prevalence as a cloud operating system means Linux is becoming a meal ticket for malicious actors, but the security industry does not seem to have cottoned on to this yet, says VMware Continue Reading

Ransomware ever more sophisticated and impactful, warns NCSC

UK’s National Cyber Security Centre teams up with US and Australian partners in a joint advisory warning organisations of the increasing sophistication exhibited by criminal ransomware gangs Continue Reading

Tech companies risk being compelled by law to protect children, says online safety expert

John Carr, a child safety campaigner backing a government-funded campaign on the dangers of end-to-end encryption to children, says tech companies have no choice but to act Continue Reading

How Dutch hackers are working to make the internet safe

We hear how the personal mission of a Dutch hacker grew into a serious organisation with international ambitions Continue Reading

Five key tech trends for digital leaders in 2022

The past two years have seen a surge in investment that will bring new challenges to digital leaders over the next year Continue Reading

Log4Shell, Ukraine and umbrella firm cyber attacks – Computer Weekly Downtime Upload podcast

Alex Scroxton joins the team to discuss the Log4j vulnerability and Russian pressure on Ukraine. Also discussed are cyber attacks on umbrella companies, neuro-diversity and junk in space Continue Reading

DPD delivers swift fix for serious API flaw

API vulnerability potentially left PII on DPD Group’s customers dangerously exposed, but was rapidly fixed on disclosure Continue Reading

Microsoft to start blocking macros to thwart malware

Microsoft is making changes to web macro permissions across multiple Office apps to help improve user security Continue Reading

The Security Interviews: Building the UK’s future cyber ecosystem

As the government lays out the next iteration of its Cyber Security Strategy, we speak to Plexal and Lorca’s Saj Huq about his work building a cyber ecosystem to support the UK’s future ambitions Continue Reading

Airport services firm thwarts attempted ransomware heist

Aviation services provider Swissport says its systems are mostly back up and running after a ransomware attack Continue Reading

Cyber attacks on European oil facilities spreading

Following a cyber attack on distribution facilities in Germany, more incidents have been reported in Belgium and the Netherlands, but it is too early to necessarily draw a link between them Continue Reading

Check Point looks to plug ASEAN’s cyber security gap

Check Point is shoring up its sales force and partner ecosystem to address the cyber security needs of small and mid-sized businesses in a region that is highly targeted by threat actors Continue Reading

BlackCat crew supposedly behind OilTanking ransomware heist

Preliminary reports from Germany’s national cyber authority indicate the recent OilTanking ransomware attack may have been the work of the BlackCat group Continue Reading

Brookson and Parasol cyber attacks: Contractor complaints about delayed payments continue

Several weeks on from the suspected ransomware attack that blighted two of the umbrella industry’s biggest players, contractors are still chasing their missing money Continue Reading