IT security

Sophos soaks up SOC.OS

Sophos says acquisition of BAE spinout SOC.OS will enhance its managed threat and extended detection and response services Continue Reading

Mimecast makes deeper push into ASEAN

Mimecast opens regional office in Singapore and is looking at setting up a datacentre in Southeast Asia as it makes a deeper push into the region Continue Reading

Top 7 metaverse tech strategy do's and don'ts

Technology and business leaders must be strategic when entering the new world of metaverse projects. Here are critical tips that help provide guidance. Continue Reading

What’s up with Conti and REvil, and should we be worrying?

New intelligence on some of the world’s most prolific ransomware gangs suggests recent disruption to their activities was like water off a duck’s back Continue Reading

Singing the key management blues

We need cryptographic keys, but who is going to manage them? How do you make an obscure topic like cryptographic key management interesting? And can you then persuade people to move this security ... Continue Reading

How Adnovum is leveraging its Swiss roots

Software company Adnovum is leveraging its strengths in identity and access management and its Swiss heritage as it expands into new markets and areas such as zero-trust security Continue Reading

UAE bolsters cyber security

The United Arab Emirates has successfully improved its security posture amid mounting cyber threats Continue Reading

Finance regulator identifies challenger bank financial crime weaknesses

Financial Conduct Authority review finds challenger banks need to do more to prevent their platforms being used to commit financial crime, such as money laundering Continue Reading

Zoom adds new round of cyber security enhancements

Videoconferencing platform Zoom adds multiple third-party security certifications and service enhancements Continue Reading

Five Eyes in new Russia cyber warning

Latest cross-body alert warns of Russian threat to utilities and other core elements of national infrastructure Continue Reading

Impact of Lapsus$ attack on Okta less than feared

Okta’s investigation into Lapsus$ breach of its systems via a Sitel workstation has concluded that the impact was significantly less than the maximum potential Continue Reading

Check Point seeks to plug cyber security gap

The cyber security software provider is shoring up its sales force and partner ecosystem to address the security needs of small and mid-sized businesses in a region that is highly targeted by threat actors Continue Reading

India’s cyber security industry doubles in size during the Covid-19 pandemic

India’s revenues from cyber security products and services reached $9.85bn in 2021 thanks to rapid digitisation and regulatory attention on data and privacy Continue Reading

How to mitigate edge security threat

The move to the edge expands an organisation’s attack surface. Aaron Tan highlights some measures that organisations can take to minimise their edge security risks Continue Reading

CW APAC: Trend Watch: Cyber security

Protection from malicious actors has become a critical consideration for organisations in recent years. In this handbook, focused on cyber security in the Asia-Pacific region, Computer Weekly looks at how to minimise edge security risks, India’s rise in cyber security revenues, Check Point’s sales force and partner ecosystem processes, and Trellix’s decision to democratise XDR access Continue Reading

One-third of scams that hit TSB are impersonation fraud

TSB reports an increase in fraudsters impersonating trusted organisations to trick consumers into making payments to them Continue Reading

Home secretary Priti Patel to decide whether to extradite Assange

Home secretary will decide in four weeks whether to approve Julian Assange’s extradition to the US, where he faces espionage and hacking charges Continue Reading

AWS fixes vulnerabilities in Log4Shell hot patch

AWS issues fixes for a series of Log4Shell hot patches after they turned out to leave its services vulnerable to further exploitation Continue Reading

NSO Group faces court action after Pegasus spyware used against targets in UK

Three human rights activists whose phones were targeted by spyware traced to Saudi Arabia and the United Arab Emirates have begun legal action against both countries and Israel’s NSO Group Technologies Continue Reading

Median threat actor ‘dwell time’ dropped during 2021

Security teams appear to be getting better at detecting attackers within their networks, according to a report Continue Reading

Hammers sign Acronis as backup and security in one

West Ham United set to replace separate backup from Veeam and a variety of security products with Acronis Cyber Protect to have backup, data protection and file share on a single platform Continue Reading

Windows 7 and XP still more popular than Windows 11

Lansweeper audit of Windows devices finds more people are running unsupported Windows operating systems than the newest release Continue Reading

Lack of expertise hurting UK government’s cyber preparedness

UK government bodies and critical infrastructure owners cite a lack of staff resources, and internal and external expertise, as hampering factors when it comes to cyber readiness, according to a report Continue Reading

Kyndryl kindles cyber incident recovery pact with Dell

IBM spin-out Kyndryl hops into bed with Dell Technologies in a joint cyber resilience proposition Continue Reading

Zhadnost DDoS botnet deployed against Finland

A coordinated DDoS attack hit two government ministries in Finland at the same time as Ukrainian president Volodymyr Zelensky delivered a virtual address to the Finnish parliament Continue Reading

Incontroller ICS malware has ‘rare, dangerous’ capabilities, says Mandiant

Mandiant joins a growing chorus of warnings over novel nation state threats to ICS systems Continue Reading

Government agrees bulk surveillance powers fail to protect journalists and sources

Campaign group Liberty to launch legal appeal that will call for journalists to receive stronger legal protections from state surveillance Continue Reading

WatchGuard firewall users urged to patch Cyclops Blink vulnerability

The US authorities have seen fit to add the WatchGuard vulnerability used by Sandworm to build the Cyclops Blink botnet to its list of must-patch vulnerabilities Continue Reading

Microsoft patches two zero-days, 10 critical bugs

Patch Tuesday is here once again. This month, security teams must fix two privilege escalation zero-days in the Windows Common Log File System Driver and the Windows User Profile Service Continue Reading

Criminals researched hacking TTPs post-breach in ‘messy’ cyber attack

Sophos shares details of a cyber attack that saw attackers hang out in their victim environment for five months while they prepared to sow further mischief Continue Reading

More ANZ organisations warm to DevSecOps

About four in 10 organisations in Australia and New Zealand are undertaking the transition to development, security and operations, while a further 36% plan to do so in 2022, study finds Continue Reading

Universal IAM policy failings put cloud environments at risk

Almost all organisations lack appropriate IAM policy controls to effectively secure their data in the cloud, according to a damning study Continue Reading

Multiple arrests made in RaidForums takedown

A Portuguese national and a 21-year-old man from Croydon are among a number of individuals arrested ahead of the closure of RaidForums by police Continue Reading

Sandworm rolls out Industroyer2 malware against Ukraine

A second generation of the Sandworm-linked Industroyer malware has been identified by ESET researchers and Ukraine’s national CERT Continue Reading

AI researcher says police tech suppliers are hostile to transparency

Expert witness in Lords police tech inquiry welcomes committee’s findings but questions whether its recommendations on how to end the ‘Wild West’ of police artificial intelligence and algorithmic technologies in the UK would be implemented Continue Reading

Singapore to start licensing cyber security service providers

Those providing penetration testing and SOC services will need to apply for a licence under a new licensing regime that is expected to safeguard consumer interests and improve service standards Continue Reading

Border IT system fixed after 10-day outage

Post-Brexit border IT system failure fixed after going down at the start of April, allowing traders to once again file customs documents electronically rather than by hand Continue Reading

Open source CMS platform Directus patches XSS bug

A stored cross-site scripting vulnerability in the Directus platform could have enabled malicious actors to gain access to valuable data Continue Reading

We must target a broad church to fill vacant cyber roles

The security industry focuses a lot on cyber-specific specialisms and technical skills, but it could really benefit from widening its search. Take it from a social anthropologist Continue Reading

Raspberry Pi Foundation ditches default username policy

Raspberry Pi owners will no longer be able to use the default ‘pi’ username, as the Raspberry Pi Foundation clamps down on insecure practices Continue Reading

Just How Secure Are You?

Back in the autumn of last year, I talked about a vendor – Bugcrowd – that doesn’t simply rely on AI and ML within a microchip, but actually uses real flesh and bone people (AKA ethical hackers) to ... Continue Reading

Nordic countries discuss joint cyber defence capability

Nordic countries are in talks to increase their cyber defences in the face of the threat from Russia Continue Reading

EncroChat: France says ‘defence secrecy’ in police surveillance operations is constitutional

Constitutional court finds that invoking ‘defence secrecy’ to withhold information about the state hacking of EncroChat cryptophones is constitutional. Defence lawyers now head for the supreme court Continue Reading

Ukrainian cyber criminal gets five years in jail

A US court has sentenced Denys Iarmak, who worked as a penetration tester for the FIN7 cyber crime group, to a five-year prison sentence Continue Reading

Was Spring4Shell a lot of hot air? No, but...

Find out why Spring4Shell was apparently not as impactful a security problem as many had at first feared, and why it’s on the cyber community as a whole to do better Continue Reading

Online Safety Bill: Collaborating to make the internet safer for all

The UK government's plan to regulate the internet and social media includes some positive and progressive measures – but by working with industry, a lot more could be achieved Continue Reading

US shuts down Russia’s Cyclops Blink botnet operation

Operation by US authorities has taken the Russia-attributed Cyclops Blink botnet ‘off the board’ Continue Reading

MPs and editors sound alarm over threat to Freedom of Information

Government secrecy and trend for departments to block Freedom of Information requests pose a long-term risk to accountability Continue Reading

CW Middle East: UAE and UK researchers work on ‘trustworthy’ cloud OS for datacentres

Imperial College London is embarking on a three-year project with an Abu Dhabi-based group of researchers to find ways for datacentre operators and cloud providers to secure their infrastructure. Also read how Dubai is positioning itself to reap the benefits of a promising global market for drone technology. Continue Reading

The rise and rise of blockchain technology

The growing use of blockchain across Asia-Pacific is set to continue, with spending on the technology slated to hit $2.4bn this year, according to IDC Continue Reading

Apple criticised over unpatched CVEs in Catalina, Big Sur

Apple patched two zero-days in macOS Monterey last week, but did not address the same issue in Catalina or Big Sur, raising questions Continue Reading

Denonia malware may be first to target AWS Lambda

The newly discovered Denonia malware appears to be custom designed to target AWS Lambda environments, and may be the first of its kind Continue Reading

Hydra takedown merely shifts cyber criminal problem elsewhere

The seizure of the Hydra dark web marketplace is a positive development in the fight against cyber crime, but will only be a temporary setback for determined criminals Continue Reading

Scoop: Zero Trust Network Access Becomes Your Flexible Friend!

In my last blog, I highlighted the ongoing debate within IT security that is zero trust or, to use the full acronym, ZTNA (Zero Trust Network Access) and that – in theory, at least – it is kind of ... Continue Reading

Does Anyone Trust Zero Trust?

Has there been a more over-used term within IT security over the past few years than “zero trust”? Answers in the virtual black box at the back of the virtual room (in the virtual universe). I ... Continue Reading

Secrecy over police EncroChat hacking is unconstitutional, defence lawyers tell top French court

France’s constitutional court, the Conseil Constitutionnel, has heard arguments that the use of ‘defence secrecy’ to withhold information about police surveillance operations breaches the French constitution Continue Reading

Discount retailer The Works hit by cyber attack

A small number of The Works’ bricks-and-mortar stores were forced to close amid a cyber attack of an undisclosed nature Continue Reading

Triple-threat Borat malware no joke for victims

Unlike its namesake, the newly discovered Borat malware won’t raise a smile for IT security pros Continue Reading

IBM z16 tackles financial fraud and quantum hacks

New addition to Z series mainframe family uses IBM Telum processor to accelerate AI for real-time credit card fraud detection Continue Reading

US offers concessions on surveillance and privacy as EU and US agree successor to Privacy Shield

 Continue Reading

How remote browser isolation can mitigate cyber threats

Remote browser isolation can help to mitigate browser-based attacks by separating a user’s browsing activity from the device Continue Reading

Two teenagers charged with Lapsus$ cyber attacks

City of London Police have charged two teenagers in connection with the Lapsus$ cyber crime spree Continue Reading

Four moves to ‘checkmate’ critical assets thanks to lax cloud security

Malicious actors can compromise 94% of critical assets within four steps of the initial breach point, according to a report Continue Reading

Apple drops emergency patches for two zero-days

Apple has fixed two zero-day vulnerabilities that appear to have been actively exploited in the wild Continue Reading

TechUK calls on government to seize post-Brexit data opportunities

Ahead of the government’s reply to its late 2021 consultation about proposed post-Brexit reforms to the data protection regime, TechUK has published a paper declaring six data governance principles Continue Reading

Global upheaval shows cyber security isn’t good enough, says GCHQ director

Generational global upheaval has laid bare significant gaps in national cyber strategies, GCHQ chief Jeremy Fleming has said in a speech Continue Reading

Bank fraud prevention scheme blocked £60m in fraud last year

Scheme to catch fraudsters, including online scammers, before they commit their crimes has reported a significant increase in crimes prevented Continue Reading

Lapsus$ cyber crime spree continues despite arrests

The arrests of seven people in connection with the Lapsus$ cyber crime group has not dented the gang’s enthusiasm for causing chaos Continue Reading

Spring4Shell zero-day sprung on security teams

Some are describing a newly disclosed Spring Java framework vulnerability as the next Log4Shell, but what is Spring4Shell, and what can we do about it? Continue Reading

One-third of UK firms suffer a cyber attack every week

New statistics from the annual DCMS Cyber security breaches survey reveal the extent and frequency with which UK organisations are being attacked by malicious actors Continue Reading

Recruitment risks: Avoiding the dangers of fraudulent candidates

Tech companies are seeing an increase in fraudulent job applications, with associated impacts on risk and cyber security. So how can organisations protect themselves from fraudulent applicants while ensuring they recruit the best talent? Continue Reading

Australia to spend A$9.9bn on intelligence and cyber capabilities

The Morrison government is investing in a landmark package of measures to shore up the intelligence and cyber security capabilities of the Australian Signals Directorate Continue Reading

Overhaul of UK police tech needed to prevent abuse

Lords inquiry finds UK police are deploying artificial intelligence and algorithmic technologies without a thorough examination of their efficacy or outcomes, and are essentially ‘making it up as they go along’ Continue Reading

NCSC: Not necessarily wise to ditch Kaspersky

UK’s National Cyber Security Centre issues refreshed guidance on organisations’ usage of technology and services of Russian origin, but stops short of advising users to expunge all Russian products from their IT estates Continue Reading

Wave of Log4j-linked attacks targeting VMware Horizon

Sophos issues a new warning to organisations that have so far failed to patch their VMware Horizon servers against Log4Shell Continue Reading

FCA reports 52% jump in security incidents

The Financial Conduct Authority received 116 cyber incident reports in 2021, a fifth of them involving ransomware Continue Reading

Ten years of the Raspberry Pi

In this week’s Computer Weekly, as the Raspberry Pi reaches its 10th anniversary, we look back on how the low-cost computing device went from schools to supercomputers and even into space. Gartner offers tips on how to motivate IT staff in a hybrid working environment. And we meet the Dutch hackers helping to secure the internet. Read the issue now. Continue Reading

Singapore rolls out cyber security certification scheme

Two new cyber security marks are expected to provide an edge for Singapore businesses with good cyber security practices Continue Reading

IT professionals wary of government campaign to limit end-to-end encryption

Members of the Chartered Institute of IT, the professional body for technology professionals in the UK, warn against limiting end-to-end encryption Continue Reading

US offers concessions on surveillance and privacy as EU and US agree successor to Privacy Shield

EU and US agree data privacy framework allowing trans-Atlantic data transfers after US offers concessions on surveillance and new rights of redress for EU citizens Continue Reading

How Dutch hackers are working to make the internet safe

We hear how the personal mission of a Dutch hacker grew into a serious organisation with international ambitions Continue Reading

European Commission proposes new cyber security regulations

New cyber and information security regulations have been proposed by the European Commission to create a minimum set of standards in both areas Continue Reading

London police arrest seven in connection to Lapsus$

Seven people arrested by London police over cyber attacks carried out by Lapsus$ group, which is responsible for a number of recent, high profile attacks Continue Reading

How Lapsus$ exploited the failings of multifactor authentication

Attacks on Nvidia and Okta highlight weak MFA and the risk of employees being bribed or falling victim to social engineering Continue Reading

Striking a balance between risk and innovation: Lessons from an autonomous ship

I wasn’t sure what to expect when I turned up for an event at the Historic Dockyards in Portsmouth, UK. The planned star of the show - an unmanned ship called Mayflower 400 - couldn’t actually be ... Continue Reading

Anonymous claims it has hacked the Central Bank of Russia

Hackers operating under the Anonymous banner claim to have stolen more than 35,000 sensitive files from the Central Bank of Russia as part of its cyber war against the Russian state Continue Reading

Ransomware demands and payments increase with use of leak sites

Ransomware demands and payments continue to climb as gangs increasingly turn to Dark Web leak sites to add pressure on victims Continue Reading

The Security Interviews: Red gets automated

We speak to Jack Stockdale, CTO of Darktrace, about Cambridge’s strong data analytics and artificial intelligence links and the role of AI in cyber security Continue Reading

The Importance of CASB And Its Limitations

It’s been over two years since I introduced the Gartner-defined SASE (“sassy”) to my CW readers – in that time the world has changed somewhat, but the requirement for an intensified, integrated ... Continue Reading

How India organisations can mitigate cyber threats

Organisations in India will need to invest more in cloud security, gain more visibility into their systems and improve security awareness among employees to fend off cyber attacks Continue Reading

Hiring and retention challenges in cyber security persist

Latest ISACA report shows that enterprises are struggling to find and retain cyber security talent Continue Reading

Private equity house spins SSE company out of McAfee Enterprise

The launch of Skyhigh Security completes division of McAfee Enterprise into separate businesses by Symphony Technology Group, which acquired the long-standing cyber security firm for $4bn in March 2021 Continue Reading

NHS urgent care provider uses ID and access management to reduce complexity for clinicians

Provider of care through NHS 111 is using a cloud-based identity and access management system to remove the need for clinicians to remember multiple passwords Continue Reading

Biden issues warning about Russian cyber attacks

President Biden has said that US companies running critical infrastructure should immediately harden their defences in anticipation of potential cyber attacks from Russia Continue Reading

Details of Conti ransomware affiliate released

Information about a new Conti affiliate has been released by eSentire and BreakPoint Lab after a joint investigation into the group’s indicators of compromise Continue Reading

Revised scope of UK security strategy reflects digitised society

The omission of the word ‘security’ from the title of the UK government’s new National Cyber Strategy is a telling one, reflecting our increasingly digitised society, say Maximillian Brook and Arunoshi Singh of the ISF Continue Reading

One year on from IR35 reforms – why IT skills are harder to find

In this week’s Computer Weekly, a year after IR35 tax reforms were introduced, we assess the impact on the UK’s IT talent pool – and it’s not looking good. We examine the rise of industry clouds, and how they are changing the market. And we find out how London councils plan to work together on data and innovation. Read the issue now. Continue Reading

Siloed data holding back coordinated health responses

Digital health experts discuss the role of data in coordinating the NHS’s pandemic response and how managing privacy and governance issues are key to further success Continue Reading

How 2022’s most significant data privacy trends affect your organisation

Data privacy and protection are now core responsibilities for most, but as we all know by now, compliance is a moving target. Here, expert Alan Calder looks ahead at what to expect in the coming months Continue Reading

UK Cyber Strategy a welcome injection of progress

The National Cyber Strategy should be seen as a welcome injection of both focus and investment in bettering cyber defence for everyone, says Turnkey Consulting senior consultant Louise Barber Continue Reading