IT security
-
News
22 Sep 2023
Annual Security Serious Awards nominations announced
Annual Security Serious Awards will recognise the professionals and organisations doing the most to safeguard and advance cyber security, as well as those committed to diversity and mental health in the industry Continue Reading
-
News
22 Sep 2023
UK-US data bridge to open to traffic on 12 October
Government forges ahead with the implementation of the UK-US data bridge, which will come into effect for real just under three weeks from now Continue Reading
-
News
15 Sep 2022
US charges three Iranians over CNI cyber attacks
Three Iranian nationals have been indicted over a spate of ransomware attacks against organisations in the US, UK, Israel and Iran Continue Reading
-
News
14 Sep 2022
FormBook knocks Emotet off top of malware chart
FormBook emerged as the most widely seen malware in August, according to Check Point’s latest data Continue Reading
-
News
14 Sep 2022
Ex-CISA head Krebs: Disrupt ransomware support networks to win the war
Speaking at an event hosted by data protection specialist Rubrik, former CISA director Chris Krebs calls for the security community to work collectively to kick out the supports from under ransomware gangs Continue Reading
-
News
14 Sep 2022
Microsoft patches 64 vulnerabilities on September Patch Tuesday
Microsoft drops fixes for five critical vulnerabilities and one zero-day in its latest monthly update Continue Reading
-
News
14 Sep 2022
NCSC warns public of potential Queen-related phishing attacks
The National Cyber Security Centre is urging users to be on guard against phishing attacks during the period of national mourning for the Queen Continue Reading
-
News
14 Sep 2022
DDoS attacks on UK financial sector surged during Ukraine war
A quarter of cyber security incidents reported to the Financial Conduct Authority in the first six months of 2022 involved DDoS, with a likely link to events in Ukraine Continue Reading
-
News
13 Sep 2022
Cloud compromise a doddle for threat actors as victims attest
Two separate studies into the state of public cloud security reveal insight into the ease with which threat actors can compromise vast numbers of targets, and some of the challenges security teams are facing in the cloud Continue Reading
-
News
13 Sep 2022
Users warned over Azure Active Directory authentication flaw
Secureworks researchers found what they say is a serious vulnerability in an Azure Active Directory authentication method, but Microsoft says it should not pose a serious risk to users Continue Reading
-
News
13 Sep 2022
Cisco confirms leaked data was stolen in Yanluowang ransomware hit
Cisco has confirmed that data leaked last week by the Yanluowang ransomware gang was that stolen during a May 2022 cyber attack Continue Reading
-
News
13 Sep 2022
Blancco works with charity to provide IT for African schools
Blancco is providing data sanitisation and erasure software to The Turing Trust so that old IT equipment can be securely reused by school children in Sub-Saharan Africa, instead of adding to world’s growing e-waste problem Continue Reading
-
News
13 Sep 2022
Multi-persona impersonation adds new dimension to phishing
Iranian APT used multiple personas on a single email thread to convince targets of the legitimacy of its phishing lures Continue Reading
-
13 Sep 2022
How Okta is working to regain customer trust after a cyber attack
Earlier this year, cyber firm Okta was one of several tech companies hit by the Lapsus$ gang. Vice-president of customer trust Ben King describes how he has been working to rebuild confidence after the incident. Continue Reading
-
E-Zine
13 Sep 2022
Source responsibly: Tech sector efforts to root out forced labour are failing
In this week’s Computer Weekly, we analyse the technology industry’s failure to extirpate forced labour and slavery from its supply chains. We find out how cyber security firm Okta is rebuilding customer trust after a major security incident. And we discover how Caterpillar is modernising its data management to offer better customer service. Read the issue now. Continue Reading
-
Opinion
12 Sep 2022
How data security posture management complements CSPM
Data security posture management can provide comprehensive defense-in-depth security for cloud data. Find out more about how DSPM policies move with the data. Continue Reading
-
News
12 Sep 2022
Mandiant floats off into Google Cloud
As planned, the acquisition of Mandiant will see the threat intel and incident response giant become a part of Google’s Cloud business Continue Reading
-
News
12 Sep 2022
CISOs should spend on critical apps, cloud, zero-trust, in 2023
Faced with a global recession next year, security buyers should try to direct investment towards technology that protects customer-facing and revenue-generating workloads, say analysts Continue Reading
-
E-Zine
09 Sep 2022
CW Europe: Why Russia could become the world’s biggest market for illegal IT
Faced with international sanctions and the departure of many global IT suppliers from Russia, companies there are seeking alternative, and sometimes illegal, routes to access IT products. Also read how new requirements are driving scientists and engineers in Europe back to the lab to start developing 6G technology. Continue Reading
-
Opinion
09 Sep 2022
Security Think Tank: Adding trust to AppSec and DevSecOps
When building in trust and assurance into app development through standards, it is critically important not to stifle innovation Continue Reading
-
News
08 Sep 2022
NCSC CyberUK event heads to Belfast in 2023
National Cyber Security Centre’s annual CyberUK roadshow is crossing the Irish Sea to Belfast in April 2023 Continue Reading
-
News
08 Sep 2022
Chinese APT using PlugX malware on espionage targets
China’s Bronze President APT is once again targeting government officials of interest to its paymasters, this time using forged diplomatic correspondence, according to the Secureworks Counter Threat Unit Continue Reading
-
Podcast
08 Sep 2022
Does quantum matter? A Computer Weekly Downtime Upload podcast
In this special edition of the Computer Weekly Downtime Upload podcast, Ilyas Khan, CEO of Quantinuum, discusses the quantum computing revolution Continue Reading
-
News
08 Sep 2022
Dutch cyber security organisations to join forces
Cyber security organisations in the Netherlands are going to merge into a single central expertise centre and information hub, which all organisations in the country will soon be able to tap into Continue Reading
-
Opinion
08 Sep 2022
Security Think Tank: Creating a DevSecOps-friendly cyber strategy
When slowing down is not an option, you need to find a security strategy that is DevSecOps friendly, says Airbus Protect’s Olivier Allaire Continue Reading
-
News
08 Sep 2022
India’s wake-up call on health data privacy
Health app developers and industry watchers in India are keeping an eye on data privacy following the reversal of the Roe vs Wade ruling in the US Continue Reading
-
News
07 Sep 2022
Albania cuts diplomatic ties with Iran after cyber attack
In a global geopolitical first, the Albanian government has severed diplomatic ties with Iran and expelled its ambassador after it was targeted by an APT backed by Tehran Continue Reading
-
News
07 Sep 2022
August ’22 a bumper month for high-impact vulnerabilities
Bugs in products from Apple, Google, Microsoft and VMware dominated the threat landscape in August, says Recorded Future Continue Reading
-
News
07 Sep 2022
Prince’s Trust teams with threat management specialist in skills push
Prince’s Trust hopes to address shortfall in cyber professionals and improve diversity in the industry Continue Reading
-
News
07 Sep 2022
Hotel group IHG confirms cyber attack after two-day outage
IHG, the operator of hotel chains Crowne Plaza, Holiday Inn, Intercontinental and Kimpton, says it has been targeted by an unknown threat actor Continue Reading
-
News
07 Sep 2022
Cyber threats to Europe’s grid: Utilities rethink strategy
The separation of operational and information technology at utilities across Europe is opening doors for cyber criminals Continue Reading
-
Opinion
07 Sep 2022
Security Think Tank: The many dimensions of DevSecOps
It is imperative to make our colleagues and customers know that when we talk DevSecOps, we are facing a multiphase challenge that starts at the very beginning of DevOps, and one that never ends Continue Reading
-
News
07 Sep 2022
Digital identity is key to coping with surge in air travel
The International Air Transport Association’s One ID digital identity initiative will pave the way for seamless air travel from curb to gate and help airports cope with growing passenger traffic Continue Reading
-
News
06 Sep 2022
Companies House to introduce digital ID system
Companies House will introduce a digital identity verification process for people wanting to register and run a company in the UK Continue Reading
-
News
06 Sep 2022
Campaigners call on Truss to change UK’s archaic hacking laws
The CyberUp coalition, a campaign to reform the Computer Misuse Act, has called on Liz Truss to push ahead with needed changes to protect cyber pros from potential prosecution Continue Reading
-
News
06 Sep 2022
Bus company Go-Ahead fighting off cyber attack
Go-Ahead Group, which operates bus companies around the UK, says it is in the process of dealing with a cyber attack that may cause disruption to services Continue Reading
-
News
06 Sep 2022
Saudi Arabian organisations choose to outsource to improve cyber security posture
Overwhelmed by rising threats and a growing number of government mandates, many organisations in Saudi Arabia are looking for outside help to take care of cyber security Continue Reading
-
E-Zine
06 Sep 2022
Out with the old at Asda
In this week’s Computer Weekly, we talk to Asda’s CIO, Carl Dawson, about the supermarket’s cloud-oriented renovation of its technology stack. We narrate the security woes at Twitter. And we examine best practices for data backup. Read the issue now. Continue Reading
-
05 Sep 2022
Alleged Twitter security failings spell trouble
Twitter’s former security head, Peiter Zatko, has alleged a number of serious cyber failures at the social media company, raising the spectre of investigations and sanctions. Continue Reading
-
Opinion
05 Sep 2022
Data-driven government needs practical steps
We should build data platforms for government with the same techniques used in creating anything digital, argues Jim Stamp, head of data at Made Tech Continue Reading
-
News
05 Sep 2022
Russian-speaking cyber criminals feel economic pinch
Russian-speaking cyber criminals are being forced to refine and adapt their techniques as Vladimir Putin’s invasion of Ukraine makes current methods redundant Continue Reading
-
News
05 Sep 2022
How Okta is regaining customer trust after a cyber attack
In early 2022, cyber firm Okta was among several tech companies hit by the Lapsus$ gang. Vice-president of customer trust Ben King talks about how he has been working behind the scenes to rebuild confidence after the incident Continue Reading
-
Opinion
05 Sep 2022
Security Think Tank: Good procurement practices pave the way to app security
Application security is as much a question of good procurement practice as it is good development practice, says Petra Wenham of the BCS Continue Reading
-
News
02 Sep 2022
Dutch government finally allowed to use public cloud
Public cloud is finally within reach for Dutch public services. Previously, the Dutch government was only allowed to use private clouds due to risks concerning privacy and security Continue Reading
-
Opinion
02 Sep 2022
Security Think Tank: Shift left, shift right. What about shift everywhere?
The concepts of shift left and shift right are highly effective in securing the development process, but for those who want to take things that step further there is shift everywhere Continue Reading
-
News
01 Sep 2022
Space nerds beware: James Webb images used to spread malware
Astronomy and space aficionados are being targeted by cyber criminals exploiting some of the now-famous images captured by Nasa’s James Webb Space Telescope to distribute malware Continue Reading
-
News
01 Sep 2022
Local authorities experience 10,000 attempted cyber attacks every day
Local authorities across the UK face a daily deluge of cyber incidents, with phishing and DDoS attacks the most prevalent, according to an insurance broker Continue Reading
-
News
01 Sep 2022
Swedish Electronics Protection Act coincides with major cyber spend
Swedish cyber security law comes at a time of heavy government investment Continue Reading
-
News
01 Sep 2022
New (ISC)² cyber careers schemes go live
(ISC)² has opened up two new global cyber careers schemes to applicants to try to help organisations fill 2.7 million vacant roles worldwide Continue Reading
-
Opinion
01 Sep 2022
Security Think Tank: Effective DevSecOps requires collaboration
Application security and effective DevSecOps can only be achieved through collaboration with the business – the ultimate goal is to make it safer to do business, which requires considering integrated risk management and identity and access management alongside cyber security and application security Continue Reading
-
Tip
31 Aug 2022
Use ISO/TS 22317:2021 to shape your business impact analysis
ISO/TS 22317:2021 is a useful tool for BCDR practitioners and other personnel tasked with executing a BIA, which can often be a highly complex activity. Continue Reading
-
News
31 Aug 2022
Google debuts open source bug bounty programme
Google is calling on hackers to take pot-shots at its open source projects for the first time through a new vulnerability research programme Continue Reading
-
News
31 Aug 2022
Norway has NOK200m plan to bolster cyber defences
Norway is investing heavily in its cyber defences amid heightened threat from Russia Continue Reading
-
News
31 Aug 2022
NHS staff fall further behind amid ransomware attack
While some NHS bodies are now recovering their services after the ransomware attack on a crucial software supplier, others are still being forced to rely on pen and paper, and some will be waiting months to recover Continue Reading
-
News
31 Aug 2022
Four years into GDPR, Norway hopes for safer data transfer to US
Much of the data on the internet ends up on US servers at some point, and that is not always compatible with the General Data Protection Regulation, says Norwegian data protection authority Continue Reading
-
Blog Post
31 Aug 2022
AI will make you surplus to requirements
We live in an age where it is possible for someone, irrespective of their level of talent, to create an artistic masterpiece, simply by keying a few descriptive words into an AI-powered art ... Continue Reading
-
Blog Post
30 Aug 2022
Breaches You Don’t Hear About
I think it’s fair to say that, over the decades, if the general public had been alerted to all the attempted terrorist attacks tracked down and prevented by intelligence – as opposed to just the ... Continue Reading
-
News
30 Aug 2022
IAM house Okta confirms 0ktapus/Scatter Swine attack
Following last week’s disclosureby Group-IB researchers of a major phishing campaign, Okta has warned its customers to be on their guard Continue Reading
-
News
30 Aug 2022
UK government presses on with new cyber rules for telcos
Government has finalised new security rules for telecoms companies and will move to make them binding in the near future Continue Reading
-
News
30 Aug 2022
LastPass breach limited in scale and well-managed, say experts
A breach of LastPass’s developer environment does not seem to have affected users of the password management service, but it may still be time for a credential reset Continue Reading
-
News
30 Aug 2022
One Login digital identity project makes headway
Government services are lining up to work with the GDS on its One Login digital identity system, according to its director of digital identity, Natalie Jones Continue Reading
-
News
25 Aug 2022
CIOs: Geopolitics impacts your IT strategy
Research from analyst Gartner illustrates how geopolitics is influencing IT strategies Continue Reading
-
News
25 Aug 2022
Criminal 0ktapus spoofed IAM firm in massive phishing attack
Researchers at Group-IB have published research on a major phishing campaign that ensnared victims at the likes of Cloudflare and Twilio Continue Reading
-
Podcast
25 Aug 2022
James Hatch, BAE Systems: Computer Weekly Downtime Upload podcast
We speak to the chief digital officer at BAE Systems’ Digital Intelligence business about the challenges of “digital” in high-trust organisations Continue Reading
-
News
25 Aug 2022
Adaptive RedAlert, Monster ransomwares go cross-platform
Kaspersky researchers have shared new intelligence on two emergent cyber criminal groups that have adapted their ransomwares to target different operating systems at the same time Continue Reading
-
E-Zine
25 Aug 2022
CW Nordics: Norway struggles to keep up with demand for tech specialists
The growing importance of IT in all industries, along with a shortage in skills, make for an excellent high-tech job market for candidates in Norway. Read how recruiters are struggling to keep up with demand. Also read how the Danish government encourages research in strategic fields to attract tech companies. Continue Reading
-
News
25 Aug 2022
Millions of Plex users may be at risk in password breach
Up to half of Plex’s 30 million users may have had their personal data stolen by an unknown threat actor Continue Reading
-
News
25 Aug 2022
Security pros fret about stress and promotion over cyber attacks
CIISec’s annual report on the state of the security profession reveals some home truths for security leaders Continue Reading
-
News
25 Aug 2022
LockBit 3.0 cements dominance of ransomware ecosystem
Ransomware attacks were up 47% in July compared with the previous month, according to the latest threat data from NCC Group, with the LockBit family largely to blame Continue Reading
-
News
24 Aug 2022
Most CISOs think they’ve been attacked by a nation state
Most organisations have made changes to their cyber strategies and policies following Russia’s invasion, and almost two-thirds suspect they have been directly targeted or impacted by a nation-state cyber attack Continue Reading
-
News
24 Aug 2022
Alleged Twitter security failings spell trouble ahead
Twitter’s former security head, Peiter Zatko, has alleged a number of serious cyber failures at the social media platform, raising the spectre of investigations and sanctions Continue Reading
- 24 Aug 2022
-
News
23 Aug 2022
DevSecOps: Software developers lack sufficient security focus
GitLab survey shows developers want to produce high-quality code, but ‘shifting’ security left is hard to achieve Continue Reading
-
News
23 Aug 2022
NCSC shares cyber guidance for large infrastructure builds
Balfour Beatty and McAlpine are among the large construction firms to have input into latest NCSC guidance for ensuring the security of major infrastructure projects Continue Reading
-
E-Zine
23 Aug 2022
How digital technology rescued Merlin
In this week’s Computer Weekly, we talk to the CTO of Merlin Entertainments – operator of Legoland, Sea Life and Alton Towers – to find out how digital saved the company when Covid shut all its theme parks. We look at how software and data analytics can help to track – and reduce – greenhouse gas emissions. And Southern Water explains how data helps to support its most vulnerable customers. Read the issue now. Continue Reading
-
Podcast
22 Aug 2022
State of open source: Computer Weekly Downtime Upload podcast
In this special edition of the Computer Weekly Downtime Upload podcast, OpenUK’s Amanda Brock speaks to Cliff Saran about open source challenges Continue Reading
-
News
22 Aug 2022
Kaspersky threat data added to Microsoft Sentinel service
Microsoft and Kaspersky have agreed a collaboration to integrate Kaspersky’s threat data feeds into Microsoft’s cloud-native SIEM/SOAR service Continue Reading
-
News
22 Aug 2022
Lloyd’s to end insurance coverage for state cyber attacks
Lloyd’s of London has instructed its members to exclude nation state cyber attacks from insurance policies beginning in 2023, saying they pose unacceptable levels of risk Continue Reading
-
News
19 Aug 2022
Cradlepoint unveils networking architecture addressing 5G, SD-WAN, zero-trust intersection
Cloud-delivered LTE and 5G wireless network services provider launches software-based offering to manage remote connections and provide flow-level visibility Continue Reading
-
News
19 Aug 2022
Google employees demand end to collection of abortion data
In the wake of the US Supreme Court rolling back abortion rights, Google employees are calling on the company to stop collecting abortion-related data, so that it can never be shared with police Continue Reading
-
News
19 Aug 2022
Cozy Bear targets MS 365 environments with new tactics
Cozy Bear, or APT29, is trying out new tricks as it seeks access to its targets’ Microsoft 365 environments Continue Reading
-
News
19 Aug 2022
Apple patches two zero-days in macOs, iOS
Mac users should urgently apply new patches addressing vulnerabilities in its desktop and mobile operating systems Continue Reading
-
Opinion
19 Aug 2022
Data sharing: How can we make sure the UK is a world leader?
The UK government risks missing out on the benefits and opportunities laid out in its National Data Strategy – and could lose international competitiveness as a result Continue Reading
-
News
19 Aug 2022
Inside Singapore’s national digital identity journey
Singapore’s national digital identity system has evolved from providing single sign-on to e-government services to pandemic-related and digital document capabilities in recent years Continue Reading
-
Feature
18 Aug 2022
How do cybercriminals steal credit card information?
Cybercriminals have several methods at their disposal to hack and exploit credit card information. Learn about these, how to prevent them and what to do when hacked. Continue Reading
-
News
18 Aug 2022
Growing MFA use spurs ‘pass-the-cookie’ attacks
The exploitation of stolen session cookies by cyber criminals is once again back on the agenda, thanks to the growing popularity of multifactor authentication tools Continue Reading
-
News
18 Aug 2022
Amazon Ring vulnerability could have been used to spy on users
A now-patched vulnerability in the Amazon Ring mobile app could have been exploited to expose users’ video recordings, but was complex to exploit, according to the researchers who stumbled upon it Continue Reading
-
News
18 Aug 2022
It takes a breach to force boards to take notice of cyber, says UK government
Too often, it takes a major incident for business leadership to pay attention to cyber issues, according to a government-commissioned study of victims Continue Reading
-
News
18 Aug 2022
Ukraine war drives DDoS attack volumes ever higher
There has been a boom in distributed denial-of-service attacks in the first six months of 2022, according to a report, with Russia’s war on Ukraine helping to drive activity Continue Reading
-
News
18 Aug 2022
GPS tagging of migrants breaches UK data protection law, says Privacy International complaint
Privacy group files complaints with Information Commissioner’s Office and Forensic Science Regulator over Home Office’s GPS monitoring of migrants Continue Reading
-
Opinion
18 Aug 2022
Why you should start your post-quantum encryption migration now
Some say we have the best part of a decade to prepare for the security risks that quantum computing presents to current encryption tech, but PA Consulting experts believe that timeframe is shrinking dramatically Continue Reading
-
News
16 Aug 2022
Cyber security accelerator launches in Greater Manchester
Accelerator will add to Manchester’s growing cyber security ecosystem, which already includes several tech unicorns, arms companies and the offices of GCHQ Continue Reading
-
News
16 Aug 2022
South Staffs Water is victim of botched Clop attack
South Staffordshire Water moves to reassure customers that their supplies remain safe after its attackers screw up their initial assault Continue Reading
-
News
16 Aug 2022
Why organisations need to harmonise their CIO and CISO roles
Unless properly managed, conflicting responsibilities between the chief information officer and the chief information security officer can cause project delays and budget overruns, says Netskope’s Mike Anderson Continue Reading
-
E-Zine
16 Aug 2022
Broadband reaches for the stars – the new space race
In this week’s Computer Weekly, we look at the latest space race, as satellite firms compete to provide high-speed connectivity. Is the datacentre sector hindering house building in the UK? We find out what’s really going on. And we talk to the IT director of the Mercedes Formula One team about how data helps to win races. Read the issue now. Continue Reading
-
News
15 Aug 2022
Lawyers and journalists sue CIA and Mike Pompeo over Assange surveillance claims
CIA and its former director sued over allegations that they authorised unlawful spying on US citizens when they visited WikiLeaks founder Julian Assange at the Ecuadorian Embassy in London Continue Reading
-
News
15 Aug 2022
Report reveals consensus around Computer Misuse Act reform
A study produced by the CyberUp campaign reveals broad alignment among security professionals on questions around the Computer Misuse Act, which it hopes will give confidence to policymakers as they explore its reform Continue Reading
-
News
12 Aug 2022
Cyber criminal forum targets only Russia
The Digital Shadows Photon Research Team has been investigating a pro-Ukraine cyber criminal forum called Dumps, which appears to be one of a kind Continue Reading
-
News
12 Aug 2022
Microsoft doles out $13.7m in bug bounties
Microsoft’s Bug Bounty programme has paid a total of $13.7m to more than 300 researchers in almost 50 countries Continue Reading
-
News
12 Aug 2022
How critical infrastructure operators can secure OT data
Cohesity’s CISO discusses the challenges of securing data in operational technology systems and what can be done to mitigate security threats Continue Reading
-
News
11 Aug 2022
Researcher finds 10 vulnerabilities in Cisco firewalls
At Black Hat USA, Rapid7 researchers report on 10 security issues in popular Cisco firewall products, many of which do not yet have patches Continue Reading
-
News
11 Aug 2022
Cisco averts cyber disaster after successful phishing attack
A potentially serious cyber attack on Cisco’s systems that began after a threat actor successfully exploited an employee’s carelessly secured credentials was thwarted without major damage Continue Reading