IT security
-
News
20 Sep 2023
Parliament passes sweeping Online Safety Bill but tech companies still concerned over encryption
Ofcom will consult on standards to enforce new powers, but tech companies remain concerned about the impact of the bill’s ‘spy clause’, which could require them to scan encrypted messages Continue Reading
-
Feature
20 Sep 2023
Toyota car plant outage shows database capacity planning is vital
How could database deletes and re-organisation take out car production for 36 hours at 14 plants? We drill down into the details of database capacity planning Continue Reading
-
News
25 Apr 2022
Sophos soaks up SOC.OS
Sophos says acquisition of BAE spinout SOC.OS will enhance its managed threat and extended detection and response services Continue Reading
-
News
25 Apr 2022
Mimecast makes deeper push into ASEAN
Mimecast opens regional office in Singapore and is looking at setting up a datacentre in Southeast Asia as it makes a deeper push into the region Continue Reading
-
Feature
22 Apr 2022
Top 7 metaverse tech strategy do's and don'ts
Technology and business leaders must be strategic when entering the new world of metaverse projects. Here are critical tips that help provide guidance. Continue Reading
-
News
22 Apr 2022
What’s up with Conti and REvil, and should we be worrying?
New intelligence on some of the world’s most prolific ransomware gangs suggests recent disruption to their activities was like water off a duck’s back Continue Reading
-
Blog Post
22 Apr 2022
Singing the key management blues
We need cryptographic keys, but who is going to manage them? How do you make an obscure topic like cryptographic key management interesting? And can you then persuade people to move this security ... Continue Reading
-
News
22 Apr 2022
How Adnovum is leveraging its Swiss roots
Software company Adnovum is leveraging its strengths in identity and access management and its Swiss heritage as it expands into new markets and areas such as zero-trust security Continue Reading
-
News
22 Apr 2022
UAE bolsters cyber security
The United Arab Emirates has successfully improved its security posture amid mounting cyber threats Continue Reading
-
News
22 Apr 2022
Finance regulator identifies challenger bank financial crime weaknesses
Financial Conduct Authority review finds challenger banks need to do more to prevent their platforms being used to commit financial crime, such as money laundering Continue Reading
-
News
21 Apr 2022
Zoom adds new round of cyber security enhancements
Videoconferencing platform Zoom adds multiple third-party security certifications and service enhancements Continue Reading
-
News
21 Apr 2022
Five Eyes in new Russia cyber warning
Latest cross-body alert warns of Russian threat to utilities and other core elements of national infrastructure Continue Reading
-
News
21 Apr 2022
Impact of Lapsus$ attack on Okta less than feared
Okta’s investigation into Lapsus$ breach of its systems via a Sitel workstation has concluded that the impact was significantly less than the maximum potential Continue Reading
-
20 Apr 2022
Check Point seeks to plug cyber security gap
The cyber security software provider is shoring up its sales force and partner ecosystem to address the security needs of small and mid-sized businesses in a region that is highly targeted by threat actors Continue Reading
-
20 Apr 2022
India’s cyber security industry doubles in size during the Covid-19 pandemic
India’s revenues from cyber security products and services reached $9.85bn in 2021 thanks to rapid digitisation and regulatory attention on data and privacy Continue Reading
-
20 Apr 2022
How to mitigate edge security threat
The move to the edge expands an organisation’s attack surface. Aaron Tan highlights some measures that organisations can take to minimise their edge security risks Continue Reading
-
E-Zine
20 Apr 2022
CW APAC: Trend Watch: Cyber security
Protection from malicious actors has become a critical consideration for organisations in recent years. In this handbook, focused on cyber security in the Asia-Pacific region, Computer Weekly looks at how to minimise edge security risks, India’s rise in cyber security revenues, Check Point’s sales force and partner ecosystem processes, and Trellix’s decision to democratise XDR access Continue Reading
-
News
20 Apr 2022
One-third of scams that hit TSB are impersonation fraud
TSB reports an increase in fraudsters impersonating trusted organisations to trick consumers into making payments to them Continue Reading
-
News
20 Apr 2022
Home secretary Priti Patel to decide whether to extradite Assange
Home secretary will decide in four weeks whether to approve Julian Assange’s extradition to the US, where he faces espionage and hacking charges Continue Reading
-
News
20 Apr 2022
AWS fixes vulnerabilities in Log4Shell hot patch
AWS issues fixes for a series of Log4Shell hot patches after they turned out to leave its services vulnerable to further exploitation Continue Reading
-
News
20 Apr 2022
NSO Group faces court action after Pegasus spyware used against targets in UK
Three human rights activists whose phones were targeted by spyware traced to Saudi Arabia and the United Arab Emirates have begun legal action against both countries and Israel’s NSO Group Technologies Continue Reading
-
News
19 Apr 2022
Median threat actor ‘dwell time’ dropped during 2021
Security teams appear to be getting better at detecting attackers within their networks, according to a report Continue Reading
-
News
19 Apr 2022
Hammers sign Acronis as backup and security in one
West Ham United set to replace separate backup from Veeam and a variety of security products with Acronis Cyber Protect to have backup, data protection and file share on a single platform Continue Reading
-
News
19 Apr 2022
Windows 7 and XP still more popular than Windows 11
Lansweeper audit of Windows devices finds more people are running unsupported Windows operating systems than the newest release Continue Reading
-
News
14 Apr 2022
Lack of expertise hurting UK government’s cyber preparedness
UK government bodies and critical infrastructure owners cite a lack of staff resources, and internal and external expertise, as hampering factors when it comes to cyber readiness, according to a report Continue Reading
-
News
14 Apr 2022
Kyndryl kindles cyber incident recovery pact with Dell
IBM spin-out Kyndryl hops into bed with Dell Technologies in a joint cyber resilience proposition Continue Reading
-
News
14 Apr 2022
Zhadnost DDoS botnet deployed against Finland
A coordinated DDoS attack hit two government ministries in Finland at the same time as Ukrainian president Volodymyr Zelensky delivered a virtual address to the Finnish parliament Continue Reading
-
News
14 Apr 2022
Incontroller ICS malware has ‘rare, dangerous’ capabilities, says Mandiant
Mandiant joins a growing chorus of warnings over novel nation state threats to ICS systems Continue Reading
-
News
14 Apr 2022
Government agrees bulk surveillance powers fail to protect journalists and sources
Campaign group Liberty to launch legal appeal that will call for journalists to receive stronger legal protections from state surveillance Continue Reading
-
News
13 Apr 2022
WatchGuard firewall users urged to patch Cyclops Blink vulnerability
The US authorities have seen fit to add the WatchGuard vulnerability used by Sandworm to build the Cyclops Blink botnet to its list of must-patch vulnerabilities Continue Reading
-
News
13 Apr 2022
Microsoft patches two zero-days, 10 critical bugs
Patch Tuesday is here once again. This month, security teams must fix two privilege escalation zero-days in the Windows Common Log File System Driver and the Windows User Profile Service Continue Reading
-
News
13 Apr 2022
Criminals researched hacking TTPs post-breach in ‘messy’ cyber attack
Sophos shares details of a cyber attack that saw attackers hang out in their victim environment for five months while they prepared to sow further mischief Continue Reading
-
News
13 Apr 2022
More ANZ organisations warm to DevSecOps
About four in 10 organisations in Australia and New Zealand are undertaking the transition to development, security and operations, while a further 36% plan to do so in 2022, study finds Continue Reading
-
News
12 Apr 2022
Universal IAM policy failings put cloud environments at risk
Almost all organisations lack appropriate IAM policy controls to effectively secure their data in the cloud, according to a damning study Continue Reading
-
News
12 Apr 2022
Multiple arrests made in RaidForums takedown
A Portuguese national and a 21-year-old man from Croydon are among a number of individuals arrested ahead of the closure of RaidForums by police Continue Reading
-
News
12 Apr 2022
Sandworm rolls out Industroyer2 malware against Ukraine
A second generation of the Sandworm-linked Industroyer malware has been identified by ESET researchers and Ukraine’s national CERT Continue Reading
-
News
12 Apr 2022
AI researcher says police tech suppliers are hostile to transparency
Expert witness in Lords police tech inquiry welcomes committee’s findings but questions whether its recommendations on how to end the ‘Wild West’ of police artificial intelligence and algorithmic technologies in the UK would be implemented Continue Reading
-
News
11 Apr 2022
Singapore to start licensing cyber security service providers
Those providing penetration testing and SOC services will need to apply for a licence under a new licensing regime that is expected to safeguard consumer interests and improve service standards Continue Reading
-
News
11 Apr 2022
Border IT system fixed after 10-day outage
Post-Brexit border IT system failure fixed after going down at the start of April, allowing traders to once again file customs documents electronically rather than by hand Continue Reading
-
News
11 Apr 2022
Open source CMS platform Directus patches XSS bug
A stored cross-site scripting vulnerability in the Directus platform could have enabled malicious actors to gain access to valuable data Continue Reading
-
Opinion
11 Apr 2022
We must target a broad church to fill vacant cyber roles
The security industry focuses a lot on cyber-specific specialisms and technical skills, but it could really benefit from widening its search. Take it from a social anthropologist Continue Reading
-
News
11 Apr 2022
Raspberry Pi Foundation ditches default username policy
Raspberry Pi owners will no longer be able to use the default ‘pi’ username, as the Raspberry Pi Foundation clamps down on insecure practices Continue Reading
-
Blog Post
11 Apr 2022
Just How Secure Are You?
Back in the autumn of last year, I talked about a vendor – Bugcrowd – that doesn’t simply rely on AI and ML within a microchip, but actually uses real flesh and bone people (AKA ethical hackers) to ... Continue Reading
-
News
11 Apr 2022
Nordic countries discuss joint cyber defence capability
Nordic countries are in talks to increase their cyber defences in the face of the threat from Russia Continue Reading
-
News
08 Apr 2022
EncroChat: France says ‘defence secrecy’ in police surveillance operations is constitutional
Constitutional court finds that invoking ‘defence secrecy’ to withhold information about the state hacking of EncroChat cryptophones is constitutional. Defence lawyers now head for the supreme court Continue Reading
-
News
08 Apr 2022
Ukrainian cyber criminal gets five years in jail
A US court has sentenced Denys Iarmak, who worked as a penetration tester for the FIN7 cyber crime group, to a five-year prison sentence Continue Reading
-
News
08 Apr 2022
Was Spring4Shell a lot of hot air? No, but...
Find out why Spring4Shell was apparently not as impactful a security problem as many had at first feared, and why it’s on the cyber community as a whole to do better Continue Reading
-
Opinion
07 Apr 2022
Online Safety Bill: Collaborating to make the internet safer for all
The UK government's plan to regulate the internet and social media includes some positive and progressive measures – but by working with industry, a lot more could be achieved Continue Reading
-
News
07 Apr 2022
US shuts down Russia’s Cyclops Blink botnet operation
Operation by US authorities has taken the Russia-attributed Cyclops Blink botnet ‘off the board’ Continue Reading
-
News
07 Apr 2022
MPs and editors sound alarm over threat to Freedom of Information
Government secrecy and trend for departments to block Freedom of Information requests pose a long-term risk to accountability Continue Reading
-
E-Zine
07 Apr 2022
CW Middle East: UAE and UK researchers work on ‘trustworthy’ cloud OS for datacentres
Imperial College London is embarking on a three-year project with an Abu Dhabi-based group of researchers to find ways for datacentre operators and cloud providers to secure their infrastructure. Also read how Dubai is positioning itself to reap the benefits of a promising global market for drone technology. Continue Reading
-
Video
07 Apr 2022
The rise and rise of blockchain technology
The growing use of blockchain across Asia-Pacific is set to continue, with spending on the technology slated to hit $2.4bn this year, according to IDC Continue Reading
-
News
06 Apr 2022
Apple criticised over unpatched CVEs in Catalina, Big Sur
Apple patched two zero-days in macOS Monterey last week, but did not address the same issue in Catalina or Big Sur, raising questions Continue Reading
-
News
06 Apr 2022
Denonia malware may be first to target AWS Lambda
The newly discovered Denonia malware appears to be custom designed to target AWS Lambda environments, and may be the first of its kind Continue Reading
-
News
06 Apr 2022
Hydra takedown merely shifts cyber criminal problem elsewhere
The seizure of the Hydra dark web marketplace is a positive development in the fight against cyber crime, but will only be a temporary setback for determined criminals Continue Reading
-
Blog Post
06 Apr 2022
Scoop: Zero Trust Network Access Becomes Your Flexible Friend!
In my last blog, I highlighted the ongoing debate within IT security that is zero trust or, to use the full acronym, ZTNA (Zero Trust Network Access) and that – in theory, at least – it is kind of ... Continue Reading
-
Blog Post
06 Apr 2022
Does Anyone Trust Zero Trust?
Has there been a more over-used term within IT security over the past few years than “zero trust”? Answers in the virtual black box at the back of the virtual room (in the virtual universe). I ... Continue Reading
-
News
05 Apr 2022
Secrecy over police EncroChat hacking is unconstitutional, defence lawyers tell top French court
France’s constitutional court, the Conseil Constitutionnel, has heard arguments that the use of ‘defence secrecy’ to withhold information about police surveillance operations breaches the French constitution Continue Reading
-
News
05 Apr 2022
Discount retailer The Works hit by cyber attack
A small number of The Works’ bricks-and-mortar stores were forced to close amid a cyber attack of an undisclosed nature Continue Reading
-
News
05 Apr 2022
Triple-threat Borat malware no joke for victims
Unlike its namesake, the newly discovered Borat malware won’t raise a smile for IT security pros Continue Reading
-
News
05 Apr 2022
IBM z16 tackles financial fraud and quantum hacks
New addition to Z series mainframe family uses IBM Telum processor to accelerate AI for real-time credit card fraud detection Continue Reading
- 04 Apr 2022
-
News
04 Apr 2022
How remote browser isolation can mitigate cyber threats
Remote browser isolation can help to mitigate browser-based attacks by separating a user’s browsing activity from the device Continue Reading
-
News
01 Apr 2022
Two teenagers charged with Lapsus$ cyber attacks
City of London Police have charged two teenagers in connection with the Lapsus$ cyber crime spree Continue Reading
-
News
01 Apr 2022
Four moves to ‘checkmate’ critical assets thanks to lax cloud security
Malicious actors can compromise 94% of critical assets within four steps of the initial breach point, according to a report Continue Reading
-
News
01 Apr 2022
Apple drops emergency patches for two zero-days
Apple has fixed two zero-day vulnerabilities that appear to have been actively exploited in the wild Continue Reading
-
News
01 Apr 2022
TechUK calls on government to seize post-Brexit data opportunities
Ahead of the government’s reply to its late 2021 consultation about proposed post-Brexit reforms to the data protection regime, TechUK has published a paper declaring six data governance principles Continue Reading
-
News
31 Mar 2022
Global upheaval shows cyber security isn’t good enough, says GCHQ director
Generational global upheaval has laid bare significant gaps in national cyber strategies, GCHQ chief Jeremy Fleming has said in a speech Continue Reading
-
News
31 Mar 2022
Bank fraud prevention scheme blocked £60m in fraud last year
Scheme to catch fraudsters, including online scammers, before they commit their crimes has reported a significant increase in crimes prevented Continue Reading
-
News
31 Mar 2022
Lapsus$ cyber crime spree continues despite arrests
The arrests of seven people in connection with the Lapsus$ cyber crime group has not dented the gang’s enthusiasm for causing chaos Continue Reading
-
News
31 Mar 2022
Spring4Shell zero-day sprung on security teams
Some are describing a newly disclosed Spring Java framework vulnerability as the next Log4Shell, but what is Spring4Shell, and what can we do about it? Continue Reading
-
News
30 Mar 2022
One-third of UK firms suffer a cyber attack every week
New statistics from the annual DCMS Cyber security breaches survey reveal the extent and frequency with which UK organisations are being attacked by malicious actors Continue Reading
-
Feature
30 Mar 2022
Recruitment risks: Avoiding the dangers of fraudulent candidates
Tech companies are seeing an increase in fraudulent job applications, with associated impacts on risk and cyber security. So how can organisations protect themselves from fraudulent applicants while ensuring they recruit the best talent? Continue Reading
-
News
30 Mar 2022
Australia to spend A$9.9bn on intelligence and cyber capabilities
The Morrison government is investing in a landmark package of measures to shore up the intelligence and cyber security capabilities of the Australian Signals Directorate Continue Reading
-
News
29 Mar 2022
Overhaul of UK police tech needed to prevent abuse
Lords inquiry finds UK police are deploying artificial intelligence and algorithmic technologies without a thorough examination of their efficacy or outcomes, and are essentially ‘making it up as they go along’ Continue Reading
-
News
29 Mar 2022
NCSC: Not necessarily wise to ditch Kaspersky
UK’s National Cyber Security Centre issues refreshed guidance on organisations’ usage of technology and services of Russian origin, but stops short of advising users to expunge all Russian products from their IT estates Continue Reading
-
News
29 Mar 2022
Wave of Log4j-linked attacks targeting VMware Horizon
Sophos issues a new warning to organisations that have so far failed to patch their VMware Horizon servers against Log4Shell Continue Reading
-
News
29 Mar 2022
FCA reports 52% jump in security incidents
The Financial Conduct Authority received 116 cyber incident reports in 2021, a fifth of them involving ransomware Continue Reading
-
E-Zine
29 Mar 2022
Ten years of the Raspberry Pi
In this week’s Computer Weekly, as the Raspberry Pi reaches its 10th anniversary, we look back on how the low-cost computing device went from schools to supercomputers and even into space. Gartner offers tips on how to motivate IT staff in a hybrid working environment. And we meet the Dutch hackers helping to secure the internet. Read the issue now. Continue Reading
-
News
29 Mar 2022
Singapore rolls out cyber security certification scheme
Two new cyber security marks are expected to provide an edge for Singapore businesses with good cyber security practices Continue Reading
-
News
28 Mar 2022
IT professionals wary of government campaign to limit end-to-end encryption
Members of the Chartered Institute of IT, the professional body for technology professionals in the UK, warn against limiting end-to-end encryption Continue Reading
-
News
25 Mar 2022
US offers concessions on surveillance and privacy as EU and US agree successor to Privacy Shield
EU and US agree data privacy framework allowing trans-Atlantic data transfers after US offers concessions on surveillance and new rights of redress for EU citizens Continue Reading
-
25 Mar 2022
How Dutch hackers are working to make the internet safe
We hear how the personal mission of a Dutch hacker grew into a serious organisation with international ambitions Continue Reading
-
News
25 Mar 2022
European Commission proposes new cyber security regulations
New cyber and information security regulations have been proposed by the European Commission to create a minimum set of standards in both areas Continue Reading
-
News
25 Mar 2022
London police arrest seven in connection to Lapsus$
Seven people arrested by London police over cyber attacks carried out by Lapsus$ group, which is responsible for a number of recent, high profile attacks Continue Reading
-
News
25 Mar 2022
How Lapsus$ exploited the failings of multifactor authentication
Attacks on Nvidia and Okta highlight weak MFA and the risk of employees being bribed or falling victim to social engineering Continue Reading
-
Blog Post
25 Mar 2022
Striking a balance between risk and innovation: Lessons from an autonomous ship
I wasn’t sure what to expect when I turned up for an event at the Historic Dockyards in Portsmouth, UK. The planned star of the show - an unmanned ship called Mayflower 400 - couldn’t actually be ... Continue Reading
-
News
24 Mar 2022
Anonymous claims it has hacked the Central Bank of Russia
Hackers operating under the Anonymous banner claim to have stolen more than 35,000 sensitive files from the Central Bank of Russia as part of its cyber war against the Russian state Continue Reading
-
News
24 Mar 2022
Ransomware demands and payments increase with use of leak sites
Ransomware demands and payments continue to climb as gangs increasingly turn to Dark Web leak sites to add pressure on victims Continue Reading
-
News
24 Mar 2022
The Security Interviews: Red gets automated
We speak to Jack Stockdale, CTO of Darktrace, about Cambridge’s strong data analytics and artificial intelligence links and the role of AI in cyber security Continue Reading
-
Blog Post
24 Mar 2022
The Importance of CASB And Its Limitations
It’s been over two years since I introduced the Gartner-defined SASE (“sassy”) to my CW readers – in that time the world has changed somewhat, but the requirement for an intensified, integrated ... Continue Reading
-
News
24 Mar 2022
How India organisations can mitigate cyber threats
Organisations in India will need to invest more in cloud security, gain more visibility into their systems and improve security awareness among employees to fend off cyber attacks Continue Reading
-
News
24 Mar 2022
Hiring and retention challenges in cyber security persist
Latest ISACA report shows that enterprises are struggling to find and retain cyber security talent Continue Reading
-
News
23 Mar 2022
Private equity house spins SSE company out of McAfee Enterprise
The launch of Skyhigh Security completes division of McAfee Enterprise into separate businesses by Symphony Technology Group, which acquired the long-standing cyber security firm for $4bn in March 2021 Continue Reading
-
News
23 Mar 2022
NHS urgent care provider uses ID and access management to reduce complexity for clinicians
Provider of care through NHS 111 is using a cloud-based identity and access management system to remove the need for clinicians to remember multiple passwords Continue Reading
-
News
22 Mar 2022
Biden issues warning about Russian cyber attacks
President Biden has said that US companies running critical infrastructure should immediately harden their defences in anticipation of potential cyber attacks from Russia Continue Reading
-
News
22 Mar 2022
Details of Conti ransomware affiliate released
Information about a new Conti affiliate has been released by eSentire and BreakPoint Lab after a joint investigation into the group’s indicators of compromise Continue Reading
-
Opinion
22 Mar 2022
Revised scope of UK security strategy reflects digitised society
The omission of the word ‘security’ from the title of the UK government’s new National Cyber Strategy is a telling one, reflecting our increasingly digitised society, say Maximillian Brook and Arunoshi Singh of the ISF Continue Reading
-
E-Zine
22 Mar 2022
One year on from IR35 reforms – why IT skills are harder to find
In this week’s Computer Weekly, a year after IR35 tax reforms were introduced, we assess the impact on the UK’s IT talent pool – and it’s not looking good. We examine the rise of industry clouds, and how they are changing the market. And we find out how London councils plan to work together on data and innovation. Read the issue now. Continue Reading
-
News
21 Mar 2022
Siloed data holding back coordinated health responses
Digital health experts discuss the role of data in coordinating the NHS’s pandemic response and how managing privacy and governance issues are key to further success Continue Reading
-
Opinion
21 Mar 2022
How 2022’s most significant data privacy trends affect your organisation
Data privacy and protection are now core responsibilities for most, but as we all know by now, compliance is a moving target. Here, expert Alan Calder looks ahead at what to expect in the coming months Continue Reading
-
Opinion
21 Mar 2022
UK Cyber Strategy a welcome injection of progress
The National Cyber Strategy should be seen as a welcome injection of both focus and investment in bettering cyber defence for everyone, says Turnkey Consulting senior consultant Louise Barber Continue Reading