IT security

Tech firms flag risk to end-to-end encryption as Online Safety Bill gets royal assent

Technology organisations remain concerned that the newly implemented Online Safety Act could undermine end-to-end encryption, despite government reassurances that it will ensure online safety. Continue Reading

SolarWinds hack explained: Everything you need to know

Hackers targeted SolarWinds by deploying malicious code into its Orion IT monitoring and management software used by thousands of enterprises and government agencies worldwide. Continue Reading

Incident response planning requires constant testing

What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading

Admins told to take action over F5 Big-IP platform flaws

Two vulnerabilities in the widely used F5 Networks Big-IP platform are now being exploited in the wild Continue Reading

UK workers exhibit poor security behaviours, report reveals

Report by KnowBe4 has found that four in five UK workers do not make security-conscious choices, whether in-office, remote or hybrid working Continue Reading

Use existing structures to build your incident response plan

What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading

How the UK crime agency repurposed Amazon cloud platform to analyse EncroChat cryptophone data

UK crime agency repurposed AWS-based analytics platform to triage EncroChat data and identify threats to life in messages sent on encrypted phone network Continue Reading

EU digital ID reforms should be ‘actively resisted’, say experts

Over 300 cyber security experts have called for the EU to rethink its proposals for eIDAS digital identity reforms, saying some of the provisions risk damaging user privacy and security Continue Reading

Incident response planning is vulnerable to legacy thinking

What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading

Lloyds bank kicks off Hyderabad operation

Lloyds Banking Group has opened its latest tech operation in Hyderabad, with plans to recruit around 600 IT experts Continue Reading

Darktrace CEO Poppy Gustafsson on her AI Safety Summit goals

As the AI Safety Summit at Bletchley Park takes place, Computer Weekly caught up with Darktrace CEO Poppy Gustafsson to find out what one of the UK’s most prominent AI advocates wants from proceedings Continue Reading

British Library falls victim to cyber attack

The British Library is experiencing a major IT outage following a cyber incident of an undisclosed nature Continue Reading

Biden’s AI plans focus on US workers’ protection

The US president has issued an Executive Order that sets out his administration’s strategy for AI safety and security Continue Reading

SEC sues SolarWinds, alleging serious security failures

SolarWinds and its CISO have been charged with fraud and internal control failures by the US authorities amid allegations of a series of cyber security failings leading up to the 2020 Sunburst attacks Continue Reading

The implications of biased AI models on the financial services industry

The Bank of England has warned of the risk artificial intelligence models present in creating bias that could pose a threat to the UK’s financial services sector. How do those risks emerge and how they might be mitigated?   Continue Reading

Frontier AI Taskforce starts recruitment drive

The second progress report from the Frontier AI Taskforce reveals new hires plus vacancy posts for software and research engineers Continue Reading

FDM Group partners with ISACA to boost cyber training programme

The FDM Group has announced a partnership with ISACA to help develop and boost their cyber training programmes and credentials Continue Reading

Reported major cyberattacks are falling – but watch out for the massive threats posed by gen AI

 The number of reported major cyberattacks is falling. Are we just getting used to them? Continue Reading

Greek data watchdog to rule on AI systems in refugee camps

A forthcoming decision on the compliance of surveillance and security systems in Greek refugee camps could set a precedent for how AI and biometric systems are deployed for ‘migration management’ in Europe Continue Reading

Tech firms cite risk to end-to-end encryption as Online Safety Bill gets royal assent

Tech firms continue to be concerned that the Online Safety Bill could undermine end-to-end encryption despite government reassurances Continue Reading

Domestic abuse charities surface fresh worries over NHS data sharing

With new NHS data access options coming into effect at the end of October, a group of campaigners including womens' charities and the BMA have warned that the revived GP-patient data sharing scheme risks putting vulnerable people at risk Continue Reading

Microsoft warns over growing threat from Octo Tempest gang

The English-speaking Octo Tempest extortion gang – which became an ALPHV/BlackCat affiliate recently – presents one of the most significant and rapidly growing threats to large organisations at this time, says Microsoft Continue Reading

How Elastic manages cyber security threats

Mandy Andress, CISO at Elastic, highlights the company’s approach to tackling evolving cyber threats through the use of AI tools and enhanced security measures while strengthening the capabilities of its security offerings Continue Reading

Google launches bug bounties for generative AI attack scenarios

Google expands its bug bounty programme to encompass generative AI and takes steps to grow its commitment to supply chain security as it relates to the emerging technology Continue Reading

Germany: European Court opinion kicks questions over EncroChat back to national courts

Germany lawfully obtained data on German EncroChat users from France, but whether the evidence is legally admissible is a matter for national courts Continue Reading

ChatGPT, Bard, lack effective defences against fraudsters, Which? warns

Consumer advocacy Which? warns that popular generative AI tools are vulnerable to loopholes that render existing protections against malicious usage easily bypassed Continue Reading

Sunak sets scene for upcoming AI Safety Summit

Prime minister Rishi Sunak has outlined how the UK will approach making AI safe, but experts say there is still too big a focus on catastrophic but speculative risks over real harms the technology is already causing Continue Reading

Boardrooms losing control in generative AI takeover, says Kaspersky

C-suite executives are increasingly fretful about what they perceive as a ‘silent infiltration’ of generative AI tools across their organisations Continue Reading

Exploitation of Citrix NetScaler vulns reaching dangerous levels

Observed activity exploiting two new Citrix NetScaler vulnerabilities disclosed earlier this month is ramping up, and users may be running out of time to patch lest they be attacked Continue Reading

UK Finance paints mixed picture of fraud as losses top £500m

UK losses to fraud in the first six months of the year topped £500m, but a slight decline in overall crime rates was observed, according to UK Finance’s latest data Continue Reading

Demystifying the top five OT security myths

Goh Eng Choon, president of ST Engineering’s cyber business, outlines the common myths around OT security in a bid to raise awareness of the security challenges confronting OT systems Continue Reading

1Password caught up in Okta support breach

After breaches at BeyondTrust and Cloudflare, 1Password, a third customer of Okta operating in the same space, has revealed that it too was impacted in a breach of the IAM house’s support systems Continue Reading

What is cloud security management? Guide and best practices

This cloud security guide explains challenges enterprises face today, best practices for securing and managing SaaS, IaaS and PaaS, and comparisons of cloud-native security tools. Continue Reading

Cisco hackers likely taking steps to avoid identification

Cisco confirms that a drop in detections of devices compromised by two zero-days was likely the result of reactive measures taken by the threat actors to avoid discovery Continue Reading

Research team tricks AI chatbots into writing usable malicious code

Researchers at the University of Sheffield have demonstrated that so-called Text-to-SQL systems can be tricked into writing malicious code for use in cyber attacks Continue Reading

The new data landscape: how will the new UK-US data bridge affect businesses?

With the UK-US data bridge coming into effect on 12 October 2023, find out what steps your organisation can take to take advantage of, and remain compliant with, the new framework Continue Reading

Kaspersky opens up over spyware campaign targeting its staffers

Kaspersky has shared more details of the TriangleDB spyware that was used against its own workforce by an unknown APT group Continue Reading

Customers speak out over Okta’s response to latest breach

Customers of identity specialist Okta have been attacked via a compromise of its systems, and are claiming Okta’s response leaves something to be desired Continue Reading

Suzy Lamplugh Trust treads path to improved cyber resilience

Personal safety charity enlists the support of the London Cyber Resilience Centre to improve staff awareness and strengthen its overall cyber resilience Continue Reading

NetApp ‘unified storage’ adds new ASA block storage at Insight

Las Vegas event sees NetApp continue its evolution to hybrid cloud and data management player announce ASA C-series and Keystone and Kubernetes storage enhancements Continue Reading

Cisco pushes update to stop exploitation of two IOS XE zero-days

Cisco releases updates to thwart exploitation of two flaws affecting users of its IOS XE software Continue Reading

How Ensign is leading the charge in cyber security

Lee Fook Sun, chairman of Ensign InfoSecurity, traces the company’s journey and how it is leading the charge in cyber security by doing things differently, investing in R&D and engaging with the wider ecosystem Continue Reading

Secure printing: The foundation of multi-layered security

Implementing secure print solutions is an easy way to ensure neither network data nor printed documents fall into the wrong hands. RFID readers and mobile authentication technology solutions help ... Continue Reading

Computer Weekly contributor named Godfather of UK Security

Advent IM founder Mike Gillespie was among those honoured at the eighth annual Security Serious Unsung Heroes Awards Continue Reading

Five Eyes chiefs warn of Chinese spying campaign to steal high-tech secrets

Intelligence chiefs warn high-tech companies and universities they may be the target of attempts by the Chinese Communist Party to steal technology secrets Continue Reading

Five key questions about disaster recovery as a service

Disaster recovery as a service builds recovery data and systems into the cloud, accessible from anywhere. We look at the difference vs cloud backup, DRaaS use cases, the cost, and the firms that provide it Continue Reading

How to tame the identity sprawl

Organisations should find a comprehensive way to gain full visibility into their digital identities and leverage automation to tame the identity sprawl. Continue Reading

CyberArk eyes growth beyond PAM

Aaron Tan examines CyberArk’s exponential growth in the broader identity security market. Continue Reading

CW APAC: Buyer’s guide to IAM

Identity access management tools are proving pivotal in the race to outwit cyber criminals. In this handbook, focused on IAM in the Asia-Pacific region, Computer Weekly takes a closer look at their capabilities, CyberArk’s growth, the uses of automation and how ForgeRock enhances user experience. Continue Reading

APAC guide to identity and access management

The rise of identity-based attacks is fuelling investments in identity and access management tools. Continue Reading

RagnarLocker cyber gang that pioneered double extortion busted

Europol and the FBI have taken down the RagnarLocker ransomware crew, a long-standing gang that helped pioneer some now common tactics, taking its dark web negotiation and data leak sites offline Continue Reading

Nuclear regulator raps EDF over cyber compliance

The Office for Nuclear Regulation says EDF has come up short on needed measures to improve cyber security standards at several critical UK nuclear facilities Continue Reading

Fears grow over extent of Cisco IOS XE zero-day

Researchers have identified spiking numbers of victims of a recently disclosed Cisco zero-day, as users of the networking supplier’s IOS XE software are urged to take defensive measures Continue Reading

Sellafield local authority unsure if data was stolen six years on from North Korea ransomware attack

Senior managers at an ‘Achilles heel’ local authority for Europe’s biggest nuclear site ‘still don’t know what was lost’ in a 2017 cyber attack, according to a council source Continue Reading

Loughborough Uni to create five cyber AI research posts

Supported by Darktrace, Loughborough University is to recruit five doctoral researchers focusing on cross-disciplinary research in AI and cyber security Continue Reading

DORA: Moving into a new era of digital resilience

The EU’s Digital Operational Resilience Act will come into force in just over a year, the majority of risk management professionals are only at the beginning of their planning journey. Kate Needham-Bennett of Fusion Risk Management explains how to get things moving Continue Reading

What are the cyber risks from the latest Middle Eastern conflict?

The outbreak of war between Hamas and Israel in October 2023 has seen a wide variety of accompanying cyber attacks from hacktivists and other groups. We look at the risks to organisations Continue Reading

Networking and security teams converging

Study finds more than 80% of IT leaders are consolidating security and networking teams or have a management directive to improve collaboration, with 75% believing using one platform for both purposes would provide benefits across the board Continue Reading

Five Eyes issues five tips on thwarting nation state threats

Intelligence chiefs from the UK, Australia, Canada, New Zealand and the US have published guidance on building resilience against nation state cyber threats Continue Reading

10 cybersecurity experts to follow on social media

Cybersecurity experts provide valuable insights into the security landscape. Follow this curated list of recognized authorities to stay informed and safeguard your digital assets. Continue Reading

Hacktivist attacks against Israeli websites mirror attacks following Russian invasion of Ukraine

Hacktivists supporting Gaza and Palestine have launched hundreds of website defacement attacks against Israeli websites, mirroring the pattern of attacks that occurred after Russia’s invasion of Ukraine Continue Reading

Alert sounded over dangerous Cisco IOS XE zero-day

Cisco warns customers using its IOS XE software of a newly discovered vulnerability that could enable a threat actor to take over their systems Continue Reading

What it takes to succeed in DevSecOps

Providing engineering leadership and balancing between speed and security are some areas that organisations will need to focus on in their DevSecOps journey Continue Reading

US SEC launches probe into mass MOVEit breach

Progress Software is facing an investigation from the SEC for the breach of its MOVEit tool, as well as dozens of legal battles resulting from the exfiltration of personal data from the roughly 2,000 organisations affected Continue Reading

Scottish biometrics watchdog outlines police cloud concerns

Police Scotland’s response to the biometrics commissioner’s formal information notice ‘did not ameliorate’ his concerns about the sovereignty and security of the sensitive biometric information being uploaded to cloud infrastructure that is subject to intrusive US surveillance laws Continue Reading

Why only 1% of the Snowden Archive will ever be published

Speaking to Computer Weekly after we published new revelations from the Snowden archive, the Guardian’s Pulitzer Prize winner, Ewen MacAskill, explains why more of the Snowden trove is unlikely to see the light of day Continue Reading

Preparing IT security for the age of quantum computing

We look at what progress is being made to ensure digital communications remain secure as quantum computers make an entrance Continue Reading

MGM faces £100m loss from cyber attack on its casinos

MGM Resorts has provided further details on the fallout of the hack targeting its casinos in early September, confirming that a range of personal information has been stolen and that it will likely cost the firm around $100m Continue Reading

Security awareness training quiz: Questions and answers

From ransomware to passphrases, find out how much you know about preventing cybersecurity incidents in this security awareness training quiz. Continue Reading

Microsoft: Nation-state cyber espionage on rise in 2023

Microsoft’s latest Digital Defence Report outlines how nation-state cyber activity has largely moved from destructive attacks to espionage and intelligence gathering Continue Reading

Red Cross issues rules of engagement for hackers in conflicts

The digital rules of engagement are the first time cyber activity has been looked at by the conflict watchdog, but a number of hacker groups have already come out and said they will not be following them Continue Reading

Can steel fences halt the march of cyber?

Cyber: for some, it’s a prefix that conjures up images of Dr Who’s silvery cyborg opponents. For others, it’s the equally science-fiction but very different image of Neuromancer-style cyberpunk ... Continue Reading

Policing minister wants to use UK passport data in facial recognition

The policing minister’s plans to integrate the UK’s passport database with police facial-recognition systems have been met with criticism from campaigners, academics, and the biometrics commissioner for England and Wales Continue Reading

Ransomware dwell times now measured in hours, says Secureworks

Ransomware payloads are now being deployed and executed within 24 hours in more than 50% of cases, according to Secureworks’ annual report Continue Reading

Lloyds Bank launches digital identity app

Lloyds Bank has launched a digital identity app with tech startup Yoti, after it invested £10m in the firm Continue Reading

Ransomware: All the ways you can protect storage and backup

We survey the key methods of ransomware protection, including immutable snapshots, anomaly detection, air-gapping, anomaly detection, and supplier monetary guarantees Continue Reading

ICO issues guidance on workplace surveillance

Guidance on employee monitoring covers how employers can conduct their digital surveillance lawfully, transparently and fairly, and warns against businesses intruding on their workers’ private lives Continue Reading

IT decision-makers confident they can handle tech disruptions

The majority of IT decision-makers polled in a recent survey have admitted their organisations has been adversely affected by IT failures Continue Reading

Cyber experts urge EU to rethink vulnerability disclosure plans

The European Union’s proposed cyber security vulnerability disclosure measures are well-intentioned but ultimately counterproductive, as making unmitigated vulnerabilities public knowledge increases the risk of their exploitation by various actors, experts claim Continue Reading

RSA and other crypto systems vulnerable to side-channel attack

A researcher has found that a flaw in RSA is still vulnerable – a quarter of a century after it was first discovered Continue Reading

CIISec scores DSIT funding to expand successful CyberEPQ scheme

DSIT has committed to enhanced funding to expand CIISec’s CyberEPQ education programme after recording excellent results to date Continue Reading

Salesforce and Zoom embrace ethical hackers. You should, too

Software companies Salesforce and Zoom discuss their successful bug bounty programmes, what they learned at a recent in-person hackathon in which they participated, and why others shouldn’t be scared of hackers Continue Reading

Where next for quantum computing?

In this week’s Computer Weekly, we talk to the head of Amazon’s Braket quantum computing services about how the technology is progressing. We go behind the scenes at an ethical hacker event to find out how bug bounty programmes work. And we analyse the offerings of the major players in software-defined storage. Read the issue now. Continue Reading

Top science journal faced secret attacks from Covid conspiracy theory group

A conspiratorial group of extreme Brexit lobbyists mounted an extraordinary campaign against one of the world’s most prestigious science journals – part of a series of joint investigations between Byline Times and Computer Weekly Continue Reading

The trust deficit in CNI: How to address a growing concern

When it comes to addressing the trust deficit in CNI, technological advancements, evolving threats, inadequate regulations, insufficient investment, public awareness, and international cooperation are all critical components that need attention Continue Reading

Strasbourg court condemns Turkey for jailing teacher for using ByLock encrypted messaging app

The case is expected to have implications for the use of digital evidence in prosecutions against users of other encrypted phone apps Continue Reading

Businesses disconnected from realities of API security

Business leaders feel confident they’ve got a handle on API security, but at the same time, incidents are through the roof, according to a report Continue Reading

How Akamai is driving growth in APAC

Akamai's managing director for the region outlines the company’s growth journey, how it sets itself apart from competitors, and its strategies to drive the next phase of growth Continue Reading

Automated cloud IR: Empowering cyber with AI-powered playbooks

As cyber threats increasingly target cloud infrastructure, demand for robust and reliable incident response measures is through the roof. Find out why you might want to consider bringing artificial intelligence into play Continue Reading

Security Think Tank: To encrypt or not to encrypt, that is the question

The Security Think Tank assesses the state of encryption technology, exploring topics such as cryptographic techniques, data-masking, the legal ramifications of end-to-end encryption, and the impact of quantum Continue Reading

Security and risk management spending to grow 14% next year

Growth in public cloud services will stand out over the next 12 months, as Gartner projects an overall 14% increase in cyber spending in 2024 Continue Reading

Yahoo picks Intigriti to run crowdsourced bug bounty programme

Digital media brand Yahoo is setting up a crowdsourced bug bounty programme with ethical hacking specialist Intigriti, and is reaching out to the Capture the Flag community to participate Continue Reading

Researchers offer free threat briefings on Vegas casino hackers

Permiso, a cloud detection and response startup, is making its threat intel team available to speak on Scattered Spider, the group behind recent cyber attacks on MGM Resorts and Caesars Entertainment Continue Reading

City of Las Vegas masters cyber incident response with Darktrace

The high-rolling city of Las Vegas experiences unique cyber security challenges rarely seen elsewhere. CIO Mike Sherwood reveals how he turned to Darktrace to help address incidents quicker and with confidence Continue Reading

Sony alleged victim of new extortion gang

A little-known threat actor claims it has breached IT systems and networks at electronics and entertainment giant Sony, and is threatening to release the organisation’s data unless paid off Continue Reading

Cover-ups still the norm in the wake of a cyber incident

Almost half of organisations that have experienced a cyber incident did not report it to the appropriate authorities, according to a report Continue Reading

Crest and IASME to deliver upcoming NCSC Cyber Exercise programme

Crest and IASME have been tasked with assuring that security services providers signing up to a soon-to-launch NCSC Cyber Incident Exercising scheme are up to the job Continue Reading

With cyber attacks on the rise, businesses should prepare for quantum hacks now

Advances in quantum computing have brought the world is on the cusp of a technological revolution, but it is not without risk. Find out why you should start to prepare for post-quantum cryotography today. Continue Reading

Preparing for post-quantum cryptography

In this week’s Computer Weekly, our latest buyer’s guide assesses the challenges for cryptography in the emerging era of quantum computing. Google Cloud experts explain how the internet giant is preparing its datacentres for a world of AI. And we examine the privacy, compliance and backup issues from generative AI. Read the issue now. Continue Reading

Security Think Tank: Three ways to identify the best encryption use cases

The Security Think Tank assesses the state of encryption technology, exploring topics such as cryptographic techniques, data-masking, the legal ramifications of end-to-end encryption, and the impact of quantum Continue Reading