IT security

Russia plumbs new depths in cyber war on Ukraine

 Continue Reading

China using top consumer routers to hack Western comms networks

An advisory from US cyber authorities shares details of multiple vulnerabilities exploited by Chinese state actors to hack into Western telecoms networks Continue Reading

Using A SASE Platform approach: What Are The Real Cost Benefits?

Following on from my previous blog - where I talked about the real costs of going down the DIY/product portfolio integration route, rather than opting for a “here’s one they made earlier” solution ... Continue Reading

ProxyLogon, ProxyShell may have driven increase in dwell times

The median network intruder dwell time was up 36% to 15 days last year, thanks to massive exploitation of the ProxyLogon and ProxyShell vulnerabilities by IABs, according to new Sophos data Continue Reading

Weak IT and SecOps collaboration in ANZ opens doors to cyber attacks

The weak collaboration between IT and security teams in Australia and New Zealand is exposing their organisations to data loss, business disruption and other potential consequences of cyber attacks Continue Reading

Contemporary IT: Off the Shelf Vs Bolt-On Approach? It's a No Brainer!

We’ve talked before in this ‘ere blog about the options available nowadays in terms of buying into a platform-based approach, versus integrating a portfolio of specialist products and services – or ... Continue Reading

Software house Mega achieves holistic SaaS security with Synopsys

Mega International, a supplier of IT management software, turned to Synopsys’s Coverity and Black Duck products to reassure both itself and its customers that its software-as-a-service offerings were built to the best possible security standards Continue Reading

APAC buyer’s guide to backup and recovery software

In this buyer’s guide, learn more about the market for backup and recovery software and key data protection capabilities to look for Continue Reading

How has the UK response to ransomware worked?

Ransomware gangs begin with their own due diligence - to calculate how much the victim (or insurer) will pay before reporting. They are likely to move on and find a victim who will not report, ... Continue Reading

Time to act on the DCMS Select Committee 2016 Recommendations

Prepare for when losses from impersonation replace whiplash and PPI as the target income stream of ambulance-chasing lawyers, so that you can rapidly sort the genuine claims from the rest. Continue Reading

IT departments need holistic circular economies to fight climate change

With sustainability moving up the boardroom agenda, IT managers should revamp procurement strategies to align with the principles of the circular economy, but what does this mean for managing the IT lifecycle? Continue Reading

EU must stand ground on cyber security, says Finland’s WithSecure

Russian threat is serving to focus minds on cyber security across Europe, say executives at enterprise security company’s inaugural conference Continue Reading

Executive interview: Jeetu Patel, general manager of collaboration and security, Cisco

Anyone with an idea can help solve a problem if geography and distance don’t matter when bringing in talent, says Cisco’s collaboration and security chief Continue Reading

Security leaders call for more observability for cloud native apps

New research highlights the challenges CISOs face securing modern, cloud native applications Continue Reading

What does the EU’s NIS 2 cyber directive cover?

We run the rule over the European Union’s updated NIS2 security directive Continue Reading

The importance of making information security more accessible

Robin Smith, CSO of Aston Martin Lagonda, talks about how an accessible approach to cyber is helping him to keep the organisation secure Continue Reading

Researchers discover zero-day Microsoft vulnerability in Office

Malicious Word documents have been used to invoke a previously undisclosed vulnerability in Microsoft Office without user interaction through Windows utility functions Continue Reading

Attack of the clones: the rise of identity theft on social media

The proliferation of social media has resulted in the rise of identity theft on these platforms, with accounts copied for fraudulent or malicious purposes. What can be done to mitigate it? Continue Reading

Industrial systems not safe for the future, say Dutch ethical hackers

Ethical hackers in the Netherlands say operational technology and IT networks need to be integrated to prevent cyber attacks penetrating their operations Continue Reading

Singapore doubles down on quantum technology

The city-state is shoring up its quantum talent and quantum device manufacturing capabilities in a bid to advance its knowhow in the emerging technology Continue Reading

Mobile digital transformation – from fast to deep

The first half of 2022 has been a busy time, with much happening in the mobile industry. We consider what the rest of year might hold Continue Reading

Trial and error – why the law on computer evidence must change

In this week’s Computer Weekly, the Post Office IT scandal highlighted the problem with computer evidence – we examine the need for legal reform. We assess the nuclear option for sustainable datacentre power. And we find out how IT experts can improve their soft skills and boost their career prospects as a result. Read the issue now. Continue Reading

ICO calls for police to end ‘excessive collection’ of personal data from rape and assault victims

The UK’s information commissioner, John Edwards, has called for prosecutors and police to end the excessive collection of personal data from victims of rape and serious sexual assault Continue Reading

Log4Shell: How friendly hackers rose to the challenge

HackerOne CISO Chris Evans looks back at how the security community successfully rose to the challenge of Log4Shell, and saved end-user organisations millions Continue Reading

Strong internal foundations are key to withstanding external threats

The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back Continue Reading

Consistency is key to mitigate outsourcing risk

The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back Continue Reading

Consultation launched on datacentre, cloud security

The government is seeking views on how to boost the security and resilience of the UK’s datacentres and online cloud platforms Continue Reading

Security Think Tank: Core security processes must adapt in a complex landscape

The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back Continue Reading

Two-thirds of UK organisations defrauded since start of pandemic

Nearly two out of three UK companies say they have experienced some form of fraud or economic crime in the past two years, according to a report Continue Reading

Most CFOs being left out of ransomware conversations

Barely a tenth of CFOs are actively involved in planning for cyber attacks, according to a report Continue Reading

New inquiry looks at the state of UK chips

Foreign Affairs Committee is fishing for evidence in a new inquiry assessing skills, security and end-to-end semiconductor supply chain concerns Continue Reading

Rubrik charts data security path

Backup and recovery software provider Rubrik now sees itself as a cyber security company that helps organisations recover from ransomware and other data security threats Continue Reading

Building a pathway to commercial quantum computing

The shortage of expertise in quantum technologies will drive up salaries. A new report from TechUK assesses the route to commercialisation Continue Reading

ICO orders facial recognition firm Clearview AI to delete all data about UK residents

UK data watchdog fines facial recognition company Clearview AI £7.5m for multiple privacy breaches. The firm, which offers services to law enforcement, faces growing pressure from regulators and legal action around the world Continue Reading

Ransomware volumes grew faster than ever in 2021

Verizon’s annual DBIR assessment of the security landscape highlights an unprecedented boom in ransomware volumes, to the surprise of nobody Continue Reading

Bad bots make up a quarter of APAC’s web traffic

Bots that run automated tasks have been responsible for stealing personal information among other malicious activities in the Asia-Pacific region, study finds Continue Reading

Need a CISO? No need to look for that tech boffin

This is a guest post by Yvette Lejins, resident CISO at Proofpoint Asia-Pacific and Japan The role of the CISO (chief information security officer) has become increasingly important as more ... Continue Reading

Did the Conti ransomware crew orchestrate its own demise?

Analysts examining the shutdown of the Conti ransomware syndicate suggest the cyber crime collective orchestrated its own demise Continue Reading

Security Think Tank: Understanding attack paths is a question of training

The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back Continue Reading

How Ivanti views patch management with a security lens

Bringing development, operations and security teams together will help organisations to improve their visibility of IT assets and vulnerabilities while keeping threat actors at bay Continue Reading

Applying international law to cyber will be a tall order

Many in the security community have voiced their support for the UK government’s ambitions to work towards agreement with other countries on the application of international law to cyber space, but not without some reservations Continue Reading

Microsoft drops emergency patch after Patch Tuesday screw up

Microsoft fixed a certificate mapping issue that caused server authentication failures on domain controllers for users that had installed the most recent Patch Tuesday updates Continue Reading

Former Welsh steelworks becomes ‘living’ cyber lab

ResilientWorks security centre in Ebbw Vale provides an education hub for students and a testbed for industry Continue Reading

Chinese cyber spooks exploit western sanctions on Russia

The actor behind an ongoing Chinese espionage campaign targeting Russian defence research bodies is taking advantage of the Ukraine war in their phishing lures Continue Reading

Defensive cyber attacks may be justified, says attorney general

Speaking ahead of a speech at the Chatham House think tank, the UK’s attorney general has suggested defensive cyber attacks against hostile countries may be legally justifiable Continue Reading

Top cyber criminal earnings outpace those of business leaders

Cyber crime can pay significantly better than leading a FTSE 100 organisation, according to a report Continue Reading

Nature of cyber war evolving in real time, says Microsoft president

The past three months have seen the rapid evolution of the very nature warfare to incorporate cyber attacks, Microsoft’s Brad Smith tells the audience at its Envision conference in London Continue Reading

Deliveroo accused of ‘soft union busting’ with GMB deal

Smaller grassroots unions have criticised Deliveroo and GMB for making a “hollow” deal that will ultimately undermine workers’ self-organising efforts Continue Reading

Red teaming will be standard in Dutch governmental organisations by 2025

The Dutch government wants to include the testing of the digital security of systems, processes and people – also known as red teaming – in all of its governmental organisations’ test planning and budgeting by 2025 at the latest Continue Reading

Security Think Tank: Yes, zero trust can help you understand attack paths

The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back Continue Reading

Singapore opens security testing centre

Joint centre set up by the Cyber Security Agency of Singapore and a local university will facilitate security testing and train security evaluation talent Continue Reading

Security Think Tank: To follow a path, you need a good map

The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back Continue Reading

Mastercard biometric programme will allow payment authentication by smile

Mastercard is inviting banks and merchants to join a programme to set standards for biometric payments technology Continue Reading

Veeam outlines data protection vision

Veeam is looking to achieve an “outsized market leading position” by tapping its strengths in data protection and doubling down on innovation to help enterprises secure emerging workloads Continue Reading

(ISC)² to train 100,000 cyber pros in UK

Security association (ISC)² unveils ambitious UK training programme Continue Reading

Australian CISOs least prepared for cyber attacks

Australian CISOs are under pressure and feel the least prepared globally to deal with the consequences of a cyber attack, study finds Continue Reading

Digitally transforming UK power networks for renewable energy

In this week’s Computer Weekly, we find out how the UK’s power networks need to be digital transformed to be ready for renewable energy – and the role of open source. Wi-Fi 6 was meant to give a boost to wireless connectivity – we examine why adoption has stalled. And we look at what a quantum datacentre might be like. Read the issue now. Continue Reading

Europol gears up to collect big data on European citizens after MEPs vote to expand policing power

The European Parliament has voted to expand Europol’s role, legalising its processing of bulk datasets containing personal information and endorsing research into predictive policing technologies Continue Reading

Keeping Singapore’s critical systems secure

Tracy Thng offers a glimpse into her work in strengthening the cyber resilience of 11 essential service sectors in Singapore Continue Reading

Open source community sets out path to secure software

A 10-point plan to improve the security and resilience of open source software was presented this week at a summit in the US Continue Reading

Mind the gap: public and private sector disparity in cybersecurity

Amidst increasingly sophisticated cyber attacks and a constantly shifting threat landscape, cyber security partnerships across the private and public sector are essential in tackling these threats. ... Continue Reading

GPDPR data scrape a ‘mistake’, says leading scientist

Giving evidence to the Science and Technology Committee, academic, physician and science writer Ben Goldacre has expressed serious misgivings about the on-hold GPDPR NHS data scrape Continue Reading

The limits and risks of backup as ransomware protection

Backups can provide a sound means of recovery from ransomware infection, but they are not 100% certain to foil attackers. We look at the limits and risks of depending on backups Continue Reading

CW Benelux: Meta shelves hyperscale datacentre plan in Netherlands

Meta’s plan for a hyperscale datacentre in the Netherlands which was to serve the metaverse world has been halted following a campaign by environmentalists and the Dutch parliament’s call for the government to do everything in its power to stop the facility being built. Also read how the Dutch arm of customer services supplier Teleperformance has led the entire organisation to adopt robotic process automation software. Continue Reading

Security Think Tank: Your path to understanding attack paths

The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back Continue Reading

APAC career guide: Becoming a cyber security pro

The region’s burgeoning cyber security industry has attracted more talent last year, but it takes more than just technical knowhow to succeed in the field Continue Reading

Nerbian RAT enjoys using Covid-19 phishing lures

The world is slowly coming to terms with Covid-19, but fear of the coronavirus is no less useful to cyber criminals because of it, as Proofpoint researchers have discovered Continue Reading

Emotet has commanding lead on Check Point monthly threat chart

Emotet remains by some margin the most prevalent malware, according to Check Point’s latest monthly statistics Continue Reading

CyberUK 22: Five Eyes focuses on MSP security

The western intelligence community has set out practical steps IT service providers and their customers can take to protect themselves Continue Reading

CyberUK 22: Data-sharing service to protect public from scams

A new data-sharing service set up by the NCSC and industry partners will give ISPs access to real-time threat data that they can use to block fraudulent websites Continue Reading

Analysts confirm return of REvil ransomware gang

Secureworks CTU analysis has found that the REvil ransomware is undergoing active development, possibly heralding a new campaign of cyber attacks Continue Reading

Cyber accreditation body Crest forges new training partnerships

Crest says partnerships with Hack The Box and Immersive Labs will enhance its members’ defensive and offensive security skills Continue Reading

Nationwide stops thousands more attempted frauds with Strong Customer Authentication

Nationwide Building Society is blocking an additional 2000 attempted online shopping frauds a month through extra checks Continue Reading

Microsoft fixes three zero-days on May Patch Tuesday

It’s the second-to-last Patch Tuesday as we know it, and Microsoft has fixed a total of 75 bugs, including three zero-days Continue Reading

EU plans to police child abuse raise fresh fears over encryption and privacy rights

Draft regulation unveiled today will require internet and messaging firms to use algorithms to identify grooming and child abuse or face heavy fines Continue Reading

‘Spy cops’ inquiry delves into police relationship with MI5

There was ‘no filter’ on the information that undercover police officers were collecting on activists throughout the 1970s, despite senior managers and officials involved in directing the surveillance questioning the appropriateness of the information gathering and sharing Continue Reading

CyberUK 22: Cyber leaders affirm UK’s whole-of-society strategy

On the opening day of CyberUK 2022, GCHQ director Jeremy Fleming and NCSC CEO Lindy Cameron have spoken of their commitment to the government’s ambition for a whole-of-society cyber strategy Continue Reading

NCSC pins Viasat cyber attack on Russia

UK authorities have attributed the 24 February cyber attack on the network of satellite comms company Viasat to Russia Continue Reading

CyberUK 22: NCSC refreshes cloud security guidance

The National Cyber Security Centre is revising its cloud guidance as increasing uptake of potentially vulnerable cloud services puts more organisations at risk of compromise Continue Reading

CyberUK 22: Wales splashes £9.5m on cyber innovation hub

A new innovation hub hopes to spur on cyber security innovation in Wales Continue Reading

NSO Group faces court action after Pegasus spyware used against targets in UK

Three human rights activists whose phones were targeted by spyware traced to Saudi Arabia and the United Arab Emirates have begun legal action against both countries and Israel’s NSO Group Technologies Continue Reading

The spies who hack you – the growing threat of spyware

In this week’s Computer Weekly, after 10 Downing Street was hit by a spyware attack, fears about targeted mobile phone hacks are increasing. Our salary survey highlights the diversity challenge in IT, with men’s support for women in IT declining. And we look at how datacentre heat reuse can help reduce carbon emissions. Read the issue now. Continue Reading

CyberUK 22: NCSC’s ACD programme blocks 2.7 million scams

On the opening day of its annual CyberUK event, the NCSC reveals how organisations around the country have used its Active Cyber Defence programme to their advantage Continue Reading

UK digital markets regulator to be given statutory powers

Digital Markets Unit will be put on statutory footing by UK government to ensure technology giants do not abuse market power, but announcement comes with no clear indication of when legislation will be introduced Continue Reading

IT infrastructure used to launch DDoS attack on Russian targets

Organisations could unwittingly be participating in hostile activity against the Russian government as compromised IT infrastructure is used without their knowledge to launch denial of service attacks Continue Reading

How to retain cyber talent in the Great Resignation

The cyber security industry is experiencing alarming rates of resignations, leaving organisations vulnerable to cyber attacks. How can we better retain cyber talent? Continue Reading

Disaster recovery is an essential service for EDF with Phenix-IT

EDF has built disaster recovery tracking, planning and testing software on a six-month upgrade cycle based on governance, risk and compliance functionality in Mega’s Hopex platform Continue Reading

Five companies join NCSC for Startups to deal with ransomware

The NCSC has invited five startups to join the NCSC for Startups programme to develop tech that can help deal with the threat of ransomware Continue Reading

Security Think Tank: Identify, assess and monitor to understand attack paths

The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back Continue Reading

NHS email accounts hijacked for phishing campaign

Microsoft credentials targeted in phishing operation using hijacked NHSMail accounts Continue Reading

Intellectual property theft operation attributed to Winnti group

Winnti conducted a prolonged cyber espionage campaign that went undetected for years, allowing it to exfiltrate massive amounts of corporate data and intellectual property Continue Reading

UK government puts pressure on IT sector to clean up app security

Apps can be exploited to carry malicious payloads that steal personal information and cause financial loss – and not enough is being done to secure them Continue Reading

Security Think Tank: Defenders must get out ahead of complexity

The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to better understand these attack pathways to fight back Continue Reading

PeerGFS to add AI/ML anomaly detection to distributed file system product

Peer will add AI/ML-based anomaly detection as it ramps up security protection in its PeerGFS distributed file management software, with Linux server support also to come in 2022 Continue Reading

Five TLS comms vulnerabilities hit Aruba, Avaya switching kit

Five new vulnerabilities in the implementation of transport layer security communications leave several popular switches vulnerable to remote code execution Continue Reading

Security Think Tank: Solving for complexity in the network

The modern-day abundance of IT platforms, apps and tools gives the bad guys ample opportunity to move rapidly through the network to hit critical assets. Security teams must understand these attack pathways better in order to fight back Continue Reading

Information security in 2022 – managing constant change

It’s been an unprecedented couple of years for everyone – but a particularly frantic one for cyber security leaders. The pandemic led to a huge rise in remote working, with all the extra risks involved in putting users outside the corporate perimeter. The home environment then became a new attack vector, and as a result there was a huge increase in ransomware, affecting individuals and enterprises. And then, just as lockdowns started to ease, Russia’s invasion of Ukraine brought new nation-state threats that may yet become even more serious. For chief information security officers (CISOs), managing constant change and emerging threats is becoming the norm. In this essential guide to information security in 2022, we examine the key strategies, latest innovations and leadership insights – and highlight the importance of collaboration across the cyber community to keep everyone secure. Continue Reading

Podcast: War, geo-political risk, data storage and compliance

We talk to Mathieu Gorge, CEO of Vigitrust, about impacts on compliance and data storage from instability in geo-political events, such as the Russian invasion of Ukraine Continue Reading

Attackers enlist cloud providers in large HTTPS DDoS hit

A recent large-scale DDoS incident shows how cyber criminals are switching up their tactics to conduct more sophisticated attacks Continue Reading

Orange Business Services delivers global SD-WAN to Siemens

Digital services company and global enterprise division of the global telco teams with leading German technology firm to complete what is said to be one of the largest software-defined wide area network deployments in the world, covering 1,168 worldwide locations across 94 countries Continue Reading