IT for media and entertainment industry

Apple security updates fix 33 iPhone vulnerabilities

A larger-than-usual update to Apple’s mobile operating system fixes more than 30 distinct vulnerabilities, including two serious issues that may potentially affect device kernels Continue Reading

Ransomware attacks up 45% in February, LockBit responsible

NCC Group says it observed a surge in ransomware attacks in February, with LockBit, BlackCat and BianLian all highly active Continue Reading

National Crime Agency sting operation infiltrates cyber crime market

The UK National Crime Agency has tricked thousands of potential cyber criminals into registering with a fake website pretending to offer tools for creating DDoS attacks Continue Reading

Ransomware gangs harass victims to ‘bypass’ backups

Analysis reveals how cyber criminal gangs are turning to extensive, targeted harassment campaigns to force victims to pay up, even if their backups are in good order Continue Reading

BBC cracks down on TikTok after review

The BBC is asking staff not to install TikTok on corporate-owned devices without a justified business purpose, although its use will still be allowed to share media content with its audiences Continue Reading

UK TikTok ban gives us all cause to consider social media security

The UK government’s ban on TikTok should give all organisations cause to look into what information social media platforms are collecting on us, and what they are using it for Continue Reading

BEC attacks doubled in 2022, outstripping ransomware

Massive growth in the volume of Business Email Compromise or BEC attacks was linked to a surge in successful phishing campaigns, according to data from Secureworks Continue Reading

Mandiant: Dangerous MS Outlook zero-day widely used against Ukraine

A zero-day vulnerability in Microsoft Outlook that was fixed in the March Patch Tuesday update has likely been actively exploited by Russian actors for a year or more, and its use will now spread rapidly Continue Reading

Chinese Silkloader cyber attack tool falls into Russian hands

A loader tool used by Chinese cyber criminals seems to have been enthusiastically taken up in recent weeks by Russian ransomware operators Continue Reading

Microsoft patches Outlook zero-day for March Patch Tuesday

A highly dangerous privilege escalation bug in Outlook is among 80 different vulnerabilities patched in Microsoft’s March Patch Tuesday update Continue Reading

As Covid fades away, what’s the future of remote work in Europe?

Many IT leaders are still supporting some form of work from home, and a trend is beginning to take shape in Europe Continue Reading

Liverpool Football Club signs Wasabi in on-premise-to-cloud storage transition

Liverpool Football Club has transitioned from lead-footed on-premise infrastructure to Wasabi cloud storage that’s well-suited to its video production and distribution requirements Continue Reading

MI5 to oversee new National Protective Security Authority

The new National Protective Security Authority will address various national security threats including state-sponsored cyber espionage against UK targets Continue Reading

Security Think Tank: Training can no longer be a compliance exercise

Historically, security training has tended to take a compliance-based focus, a ‘tick-box’ exercise using generic, off-the-shelf courses. This needs to change, says Hayley Watson of Turnkey Consulting. Continue Reading

The race to net zero

In this week’s Computer Weekly, we examine the role of green technology in helping businesses contribute to the government’s 2050 net-zero targets. We talk to Spotify about the importance of open source technologies in the music streaming service. And we look at the way hybrid working is evolving as the post-pandemic workplace continues to change. Read the issue now. Continue Reading

Cyber training in 2023 needs to drive measurable change

2023 will see more focus on security training programmes that not only provide employees with an understanding of the risks they face but more importantly drive measurable behavioural change, says PA Consulting’s Richard Allen Continue Reading

WithSecure proposes ‘undo’ button for ransomware

WithSecure’s Activity Monitor technology supposedly overcomes the shortcomings of sandbox test environments, and may be able to stop ransomware attacks from ever happening Continue Reading

Santander SME platform harnesses Salesforce

Bank platform that helps UK small and medium-sized enterprises expand export opportunities is built on cloud technology from Salesforce Continue Reading

Researchers find new bug ‘class’ in Apple devices

A group of vulnerabilities in Apple products that stem from the ForcedEntry exploit used by spyware firm NSO constitutes a whole new class of bug, say researchers at Trellix Continue Reading

Dutch cyber security professionals experience stress akin to soldiers in war zone, claims expert

Cyber attacks are taking a heavy toll on Dutch IT professionals, with over a third reporting that their mental health suffers as a result Continue Reading

Half of cyber leaders to switch jobs by 2025, citing stress

A substantial number of cyber security leaders are plotting their great escape, saying the industry is leaving them too stressed to go on, according to a study Continue Reading

Cyber security training: Insights for future professionals

Future cyber security professionals need soft skills as well as technical ones, says security educator Sudeep Subramanian Continue Reading

Security Think Tank: New trends and drivers in cyber security training

Self-paced, interactive, bite-sized learning is becoming the optimum path for cyber security training in the workplace, says John Tolbert of KuppingerCole Continue Reading

Multi-purpose malwares can use more than 20 MITRE ATT&CK TTPs

Report warns of the development of increasingly sophisticated, multi-purpose malwares, and calls on defenders to play close attention to the MITRE ATT&CK framework to ward them off Continue Reading

Microsoft fixes three zero-days in February update

February’s Patch Tuesday update contains fixes for three previously unpublicised zero-days in Microsoft Office, Windows Graphics Component and Windows Common Log File System Driver Continue Reading

Vidar, nJRAT re-emerge as prominent malware threats in January

Trojans and infostealers once again dominate the list of most commonly observed threats, according to Check Point’s latest telemetry Continue Reading

How to protect your business from fraud during a recession

This winter, the chilly winds of a global recession have fraudsters turning up the heat. PJ Rohall of SEON Fraud Fighters shares some guidance on how to bundle up against fraud Continue Reading

Russian spear phishing campaign escalates efforts toward critical UK, US and European targets

Russian hacking group Seaborgium refines its tactics in a continuation of attacks against targets including not-for-profit organisations with geopolitical affiliations Continue Reading

KPMG launches metaverse and digital twin hub in Saudi Arabia

The Saudi Arabian government’s commitment to investing in metaverse technology has attracted a KPMG centre of excellence to its shores Continue Reading

Security buyers lack insight into threats, attackers, report finds

The majority of cyber security purchasing decisions are made without proper insight into the attackers organisations are facing, according to a Mandiant report Continue Reading

Security Think Tank: Poor training is worse than no training at all

Bad security training is a betrayal of users, a security risk, and ultimately a waste of money, but there are some reasons to be optimistic about the future, say Mike Gillespie and Ellie Hurst of Advent IM Continue Reading

The Security Interviews: How to overcome data protection compliance challenges

Complying with the vast swathe of data protection legislation around the world is complex, especially for smaller organisations without the necessary expertise. Could the compliance process be simplified, and if so, how? Continue Reading

Security Think Tank: In 2023, we need a new way to cultivate better habits

Regular, small adjustments to behaviour offer a better way to keep employees on track and cultivate a corporate culture of cyber awareness, writes Elastic’s Mandy Andress Continue Reading

Security Think Tank: Getting the training and development mix right

Rob Dartnall, CEO at SecAlliance and chair of Crest’s UK Council, describes the need for formal, varied and continuous development in the cyber security sector Continue Reading

Cloud security top risk to enterprises in 2023, says study

A PwC study finds senior executives expect cyber attacks on cloud services to increase significantly this year Continue Reading

UK Cyber Council and ISACA launch audit, assurance programme

The UK Cyber Security Council has teamed up with ISACA to partner on a new audit and assurance programme for security pros Continue Reading

Hive ransomware gang taken down after FBI hacks back

The FBI hacked into Hive’s servers, stole its decryption keys and then took down its servers in a major action that has successfully disrupted a prolific and dangerous ransomware operation Continue Reading

NCSC exposes Iranian, Russian spear-phishing campaign targeting UK

Spear-phishing campaigns likely linked to Iranian and Russian espionage activity are targeting persons of interest in the UK, warns the NCSC Continue Reading

Boards struggle to resolve cyber risk in digital supply chains

Accelerated digitisation of supply chains is introducing more cyber risk for which many organisations seem unprepared, according to the BSI’s annual report on supply chain risk Continue Reading

UK insurers need to up their game on cyber gaps, says PRA

Gaps and limitations in how insurers respond to cyber risk need to be addressed, according to the Bank of England regulator, the Prudential Regulation Authority Continue Reading

SSRF attacks hit 100,000 businesses globally since November

There has been a dramatic increase in attacks exploiting the ProxyNotShell/OWASSRF exploit chains to target Microsoft Exchange servers Continue Reading

Fake online contest makes Yahoo! most phished brand of Q4 2022

Yahoo! was the most frequently phished brand during the last three months of 2022, according to a report Continue Reading

The rise of fraud in pop culture is impacting consumers’ digital trust

Shows such as The Tinder Swindler and Inventing Anna were big money-earners for Netflix in 2022, but Onfido’s Mike Tuchen says their popularity risks damaging consumer trust Continue Reading

Cloudflare urged to clamp down on pirates, counterfeiters

A whitepaper produced by brand protection specialist Corsearch calls on Cloudflare to do more to stop online content piracy and sales of counterfeit goods Continue Reading

Crest throws support behind CyberUp CMA reform campaign

Cyber accreditation association Crest International has lent its support to the CyberUp campaign for reform to the Computer Misuse Act of 1990 Continue Reading

The Security Interviews: Protecting your digital self

Our digital self – the virtual presence of who we are online – has a pervasive influence in the real world. People make judgements based on these digital depictions, so what can be done to ensure positive representation? Continue Reading

UK government completes trials of age estimation technology

Government-led trials of age estimation and verification technologies for the sale of alcohol in nightlife venues and supermarkets have been completed, with both government and retail lobbyists pushing for legislation that would allow retailers to adopt the tools for alcohol sales Continue Reading

Guardian confirms Christmas 2022 cyber attack was ransomware

Guardian Media Group bosses confirm the 20 December cyber attack that left staff locked out of its London office and disrupted several key systems was an untargeted ransomware attack Continue Reading

Microsoft fixes EoP zero-day on January Patch Tuesday

On the first Patch Tuesday of 2023, Microsoft fixed an elevation of privilege vulnerability in Windows Advanced Local Procedure Call, which has been actively exploited in the wild and may be co-opted into ransomware campaigns Continue Reading

Insurer Beazley introduces catastrophe bond to ease cyber risk

Insurance company Beazley says that its $45m cyber catastrophe bond will help to protect its balance sheet and enable it to offer more cyber insurance cover Continue Reading

Fallout from Guardian cyber attack to last at least a month

The Guardian newspaper’s offices remained shut into the New Year following a supposed ransomware attack, with disruption likely to last some time Continue Reading

Test of digital ID tech at Surrey nightclub proclaimed success

The majority of visitors to a Camberley venue who piloted a digital identification app developed by 1account said they found it easy to use and preferred it to standard physical ID Continue Reading

Cyber security professionals share their biggest lessons of 2022

In the run-up to 2023, cyber security professionals are taking the time to reflect on the past few months and share their biggest lessons of 2022 Continue Reading

Top 10 Nordic IT stories of 2022

Here are Computer Weekly's top 10 Nordic IT articles of 2022 Continue Reading

How does red teaming test the ultimate limits of cyber security?

An expert ethical hacker reveals how he goes about carrying out a red team exercise Continue Reading

Top 10 cyber security stories of 2022

The war in Ukraine loomed large over the cyber security news agenda, but 2022 also saw growing awareness of open source security, discussion around cyber insurance, and more besides Continue Reading

Top 10 cyber crime stories of 2022

Cyber crime continued to hit the headlines in 2022, with impactful cyber attacks abounding, digitally enabled fraud ever more widespread and plenty of ransomware incidents Continue Reading

Four-day working week set to stay at Atom bank

Challenger bank Atom has formalised a four-day working week policy after a successful trial Continue Reading

Security Think Tank: 2022 brought plenty of learning opportunities in cyber

At the end of another busy 12 months, Turnkey Consulting’s Andrew Morris sums up some of the most important takeaways for cyber pros Continue Reading

Top 10 storage and backup customer stories of 2022

Here are Computer Weekly’s top 10 storage and backup customer stories of 2022 Continue Reading

Ethical hackers flex their muscles in 2022

Ethical hackers working through HackerOne programmes found 21% more vulnerabilities in 2022 than in 2021 Continue Reading

Microsoft fixes two zero-days in final Patch Tuesday of 2022

December’s Patch Tuesday is typically a light month for Microsoft, and this year proved no exception, but there are still several critical issues worth addressing, and two zero-days for defenders to pore over Continue Reading

EU issues draft data adequacy decision in favour of US

The European Commission has concluded that the United States does ensure an adequate level of protection for personal data transferred from the European Union and will now launch the process towards the adoption of an adequacy decision Continue Reading

The nature of the CISO role will be in flux in 2023

As cyber risk outpaces organisational defences, and cyber attacks and breaches cause more and more damage, the nature of the CISO role is entering a state of flux, according to a report Continue Reading

Security Think Tank: Embrace prioritisation, people, imperfections

Security and IT professionals should try to make peace with their imperfections in 2023, says Nominet CISO Paul Lewis Continue Reading

Iranian APT seen exploiting GitHub repository as C2 mechanism

A subgroup of the Iran-linked Cobalt Mirage APT group has been caught taking advantage of the GitHub open source project as a means to operate its latest custom malware Continue Reading

Security Think Tank: 2022 changed how we thought about resilience

Increasing cyber resilience is at the heart of the people-processes-technology triangle, and 2022 saw shifts in all three of these aspects, says PA Consulting’s Sharon Shochat Continue Reading

Consumers to get new protections against dodgy apps

Government’s new code of practice will impose new privacy and security measures on app store operators and developers Continue Reading

Apple to tap third party for physical security keys

Apple is launching a number of new security protections, including the addition of third-party-provided hardware security keys Continue Reading

Google, MS, Oracle vulnerabilities make November ’22 a big month for patching

Vulnerabilities affecting the likes of Google, Microsoft and Oracle proved particularly troublesome in November Continue Reading

Security Think Tank: As cyber pros, we need to articulate our needs better

There is always a lot to learn about security, but one of the most important lessons may not relate to technology at all, says Petra Wenham Continue Reading

Don’t become an unwitting tool in Russia’s cyber war

Researchers have turned up evidence that enterprise networks are being co-opted by Russian threat actors to launch attacks against targets in Ukraine. How can you avoid becoming an unwitting tool in a state-backed attack? Continue Reading

Ransomware: Is there hope beyond the overhyped?

Up-and-coming cyber concepts attack surface management and security mesh architectures seem to hold some promise in tackling ransomware, but they are a little way off maturity Continue Reading

Latest LockBit ransomware versions have wormable capabilities

Sophos researchers have reverse-engineered the Lockbit 3.0 ransomware, shedding new light on its evolving capabilities and firming up links with BlackMatter Continue Reading

Think technology, process, human risk to manage ransomware

Effective ransomware handling boils down to three core areas – technology, process and human risk Continue Reading

How gamifying cyber training can improve your defences

Security training is the cornerstone of any cyber defence strategy. With ever-escalating online threats, it is now more important than ever that this training is an engaging experience Continue Reading

Protecting children as they spend years in virtual worlds

To protect children online, we must now focus on pre-emptive and robust regulation around immersive technologies Continue Reading

Data management, backup becoming the CISO's responsibility

More and more CISOs are taking on responsibility for wider data management strategies, and this trend looks set to grow next year Continue Reading

Your staff are the frontline in your ransomware fight

As part of a solid cyber defence plan, the CISO must make sure that the frontline within the organisation is prepared for an attack, says Theodore Wiggins of Airbus Protect Continue Reading

South Korea data adequacy pact brings £15m Brexit bonus

UK government finalises a data adequacy agreement with South Korea, saying it will unlock a post-Brexit business bonus of just under £15m Continue Reading

Ducktail spins new tales to hijack Facebook Business accounts

The increasingly active Ducktail cyber crime operation is refining its operations, seeking new methods to compromise its victims’ Facebook Business accounts Continue Reading

C-suite mystified by cyber security jargon

Malware, supply chain attack, zero-day, IoC, TTP and Mitre ATT&CK are just some of the everyday terms that security pros use that risk making the world of cyber incomprehensible to outsiders Continue Reading

Is Elon Musk’s Twitter safe, and should you stop using it?

With a litany of security and compliance issues exposed and in many cases caused by Elon Musk’s takeover of social media platform Twitter, some may be asking if it’s still safe or appropriate to use Continue Reading

Brexit deregulation will make UK next Silicon Valley, vows Hunt

Chancellor vows to revolutionise how the IT industry is regulated to spur competition, investment and innovation in a technological ‘Big Bang’ Continue Reading

Another Log4Shell warning after Iranian attack on US government

The breach of a US federal body by an Iranian threat actor exploiting the Adobe Log4j Log4Shell vulnerability has prompted a fresh flurry of patching Continue Reading

Global network fragmentation a source of increasing risk

Risk consultancy’s report says the weaponisation of cyber space and geopolitical clashes herald a breakdown of global networks into distinct regional or national architectures Continue Reading

Security Think Tank: Ransomware defences: An extended to-do list

Strategies to extend ransomware protection beyond backups and intrusion detection must centre dark web monitoring, among other things Continue Reading

APP fraud volumes expected to double by 2026, says report

Losses to authorised push payment fraud in the UK are expected to climb to over $1.5bn in the next four years. Meanwhile, the NAO accuses the Home Office of lagging on progress to tackle the issue Continue Reading

Security Think Tank: Let’s be transparent about ransomware

Greater transparency regarding ransomware attacks, including details about attack methods used and what kinds of assets were compromised, would likely help the community prevent future attacks Continue Reading

Online scam victims lose an average of £1,000 each

New data from the National Fraud Intelligence Bureau shows victims of online fraud lose an average of £1,000 per person Continue Reading

Cyber insurance: The good, the bad and the ugly

Most cyber insurance contracts are innately flawed because they exclude losses arising from state-backed cyber attacks, and this will make proper attribution even more important in the future, says Cisco Talos’ Martin Lee Continue Reading

Volume of self-reported breaches to ICO jumps 30%

The number of self-reported breaches to the UK’s Information Commissioner’s Office soared by nearly 30% in the 12 months to 30 June 2022 Continue Reading

An encouraging new conversation around sustainable IT, says Nordic CIO

What started as a whisper a decade ago has become distinctly audible chatter among IT leaders sharing best practices on how to protect the environment Continue Reading

Security Think Tank: To stop ransomware, preparation is the best medicine

You can’t ‘stop’ ransomware, but you can do a lot to keep yourself from becoming ensnared when it strikes Continue Reading

Cyber criminals have World Cup Qatar 2022 in their sights

Volumes of malicious cyber activity around the upcoming FIFA World Cup are already starting to tick upwards and are likely to continue to do so Continue Reading

Microsoft serves smorgasbord of six zero-days

November’s Patch Tuesday fixes significantly fewer vulnerabilities of late, but includes six actively-exploited zero-days, three of them of critical severity Continue Reading

Security Think Tank: Anti-ransomware strategies should be as easy as ABC

When developing and implementing ransomware protection strategies, the importance of paying thorough attention to security measures you might consider elementary cannot be understated Continue Reading

Keeping personally identifiable data personal

As it celebrates its 100th birthday, the BBC has begun a pilot looking into its role in enabling the general public to store their personal data Continue Reading

To fight ransomware, we must treat digital infrastructure as critical

Ransomware defence is failing because we don’t view our digital infrastructure in the same way as our physical infrastructure, argues Elastic’s Mandy Andress Continue Reading

Microsoft: Nation-state cyber attacks became increasingly destructive in 2022

The willingness of nation-state actors to conduct destructive cyber attacks is a source of grave concern, as Microsoft’s latest annual Digital Defence Report lays bare Continue Reading