IT security

US authorities charge two Chinese spies over telco security probe

Two Chinese nationals have been charged with attempting to obstruct the criminal prosecution of a prominent Chinese telecoms firm Continue Reading

Germany: European Court of Justice asked to rule on legality of hacked EncroChat phone evidence

Berlin’s Regional Court has asked the European Court of Justice to answer questions about whether the use of hacked EncroChat phone evidence complies with European law Continue Reading

Global digital trust market to double by 2027

The global market for digital trust technology is expected to double to $537bn by 2027, up from $270bn today as demand for cyber security and other capabilities continues to grow Continue Reading

Digital-first businesses more willing to accept some fraud

Companies founded in the past 20 years appear more willing to accept higher levels of fraudulent activity during the customer onboarding process, according to a report Continue Reading

Complacency biggest cyber risk to UK plc, says ICO

Information commissioner John Edwards warns against complacency as his office issues a multimillion-pound fine to a building company that failed to prevent a ransomware attack Continue Reading

Half of staff might quit after a cyber attack, report says

Findings from a survey of CISOs, IT leaders and staffers reveal how experiencing a cyber incident may take a larger-than-thought toll on employee retention Continue Reading

Microsoft slams external researchers over its own data leak

Microsoft inadvertently leaked customer data after misconfiguring an Azure Blob, but has hit out at the organisation that discovered its error, claiming it is exaggerating the scope of the issue Continue Reading

What do the US’s new software security rules mean for UK organisations?

The White House announced recently that all software supplied to the US government and its agencies needs to be secure, so what does this mean for the UK and EU security sectors? Continue Reading

The Security Interviews: Why now for ZTNA 2.0?

With organisations facing escalating online threats, security teams need to improve their defences using zero-trust network access to preserve the integrity of their systems. Palo Alto Networks’ Simon Crocker shares his views on zero-trust network access Continue Reading

Cyber professional shortfall hits 3.4 million

Shortage of cyber security professionals continues to grow and shows no signs of abating, says report Continue Reading

NatWest data breach whistleblower demands bank pay data controller fee to ICO

Whistleblower calls for NatWest to pay the Information Commissioner’s Office annual data controller fee, as the personal details of 1,600 current and former NatWest customers remain under her bed Continue Reading

Singapore extends cyber security labelling scheme to medical devices

The Cyber Security Agency of Singapore is extending its cyber security labelling scheme to medical devices to encourage medical device manufacturers to adopt a security-by-design approach to product development Continue Reading

Ransomware crews regrouping as LockBit rise continues

Overall ransomware activity dropped off in the third quarter of 2022, but increasing attack volumes in September may herald a difficult few months ahead Continue Reading

Treat cyber crime as a ‘strategic threat’, UK businesses told

The government’s new National Cyber Advisory Board aims to help elevate cyber discussion and spur action in the business community Continue Reading

Apache vulnerability a risk, but not as widespread as Log4Shell

A newly disclosed Apache Commons Text vulnerability may put many at risk, but does not appear to be as impactful or widespread as Log4Shell Continue Reading

Virtually all vulnerable open source downloads are avoidable

Some 96% of known vulnerable open source downloads could have been avoided altogether, according to a report Continue Reading

How Russia hacked a former MI6 spy chief

In this week’s Computer Weekly, Russian hackers leaked emails and documents from British government, military, and intelligence officials – we examine the implications. New EU laws will govern online safety and the use of AI, but what do they mean for organisations? And we look at the growth in checkout-free shopping. Read the issue now. Continue Reading

How Russian intelligence hacked the encrypted emails of former MI6 boss

Hack by Russian-linked ColdRiver group exposed former MI6 chief Richard Dearlove’s contacts and email communications with government, military, intelligence and political officials. Continue Reading

API management: Assessing reliability and security

Once an API is published, its developer then has responsibility to ensure it is kept up to date and is secure Continue Reading

Malicious WhatsApp add-on highlights risks of third-party mods

Kaspersky researchers discovered a malicious version of a widely used WhatsApp messenger mod, highlighting the risks of using so-called mods Continue Reading

Annual costs of Hackney ransomware attack exceed £12m

Hackney Council reveals new insight into the ongoing cost of a ransomware attack that devastated its systems two years ago Continue Reading

Office 365 email encryption flaw could pose risk to user privacy

A vulnerability in Microsoft Office 365 Message Encryption could leave the contents of emails dangerously exposed, but with no fix coming it’s up to users to decide how at risk they are Continue Reading

Advanced: Healthcare data was stolen in LockBit 3.0 attack

Advanced has revealed a total of 16 of its health and social care sector customers had their data exfiltrated in a recent ransomware attack Continue Reading

Protecting children by scanning encrypted messages is ‘magical thinking’, says Cambridge professor

Ross Anderson argues in a rebuttal to GCHQ experts that using artificial intelligence to scan encrypted messaging services is the wrong approach to protecting children and preventing terrorism Continue Reading

Australia becoming hotbed for cyber attacks

Research by Imperva shows an 81% increase in cyber security incidents in Australia between July 2021 and June 2022, including automated attacks that doubled in frequency Continue Reading

Cyber training firm KnowBe4 bought by private equity firm

Acquisition of KnowBe4 supposedly reflects the success the company has seen since its spring 2021 IPO Continue Reading

Unsung Heroes Awards celebrate diversity in cyber community

The seventh annual Security Serious Unsung Heroes Awards recognise those trying to improve diversity and mental health in cyber for the first time Continue Reading

Dutch influence standards for post-quantum cryptography

Cryptology group at Dutch research institute is involved in the two primary algorithms of the next NIST portfolio comprising four new standards Continue Reading

Gartner: Remote work, zero trust, cloud still driving cyber spend

Security leaders are eager to spend on categories including remote and hybrid cyber offerings, zero-trust network access, and cloud Continue Reading

CW Middle East: Qatar strengthens cyber defences ahead of FIFA World Cup

Being the first Arab country to host the World Cup is pressure enough on Qatar, but there is also a massive cyber security challenge associated with any event of this magnitude. Read about its preparations. Also in this issue, find out about the unique challenges of hiring IT professionals in Saudi Arabia. Continue Reading

Saudi Arabian organisations choose to outsource to improve cyber security posture

 Continue Reading

Qatar bolsters cyber security in preparation for World Cup

 Continue Reading

NCSC urges organisations to secure supply chains

NCSC’s latest guidance package centres supply chain security, helping medium to large organisations assess and mitigate cyber risks from suppliers Continue Reading

French Supreme Court rejects EncroChat verdict after lawyers question secrecy over hacking operation

France’s Supreme Court has sent a case back to the court of appeal after police failed to disclose technical details of EncroChat hacking operation Continue Reading

Microsoft fixes lone zero-day on October Patch Tuesday

Microsoft patched a solitary zero-day vulnerability in its latest monthly drop, but fixes for two others disclosed in the past few weeks are nowhere to be seen Continue Reading

ICO selectively discloses reprimands for data protection breaches

Data protection experts question ICO’s selective approach to publishing formal reprimands for contravening the law, after FoI request reveals the Cabinet Office was among the organisations reprimanded Continue Reading

Reducing the cyber stack with API security

Budgets are tight, making it difficult to secure spend, but is there an argument for jettisoning fragmented approaches to securing APIs in favour of a dedicated end-to-end approach? Doubling down on API security could help businesses not just reduce risk, but also costs Continue Reading

Contractor left Toyota source code exposed for five years

Source code related to Toyota’s T-Connect service was left exposed on GitHub for over five years by a contractor Continue Reading

How Cloudflare is staying ahead of the curve

Cloudflare co-founder and CEO Matthew Prince talks up what has changed since the company’s first business plan was written in 2009 and how it keeps pace with the fast-moving network security landscape Continue Reading

Ukraine and EU explore deeper cyber collaboration

A Ukrainian delegation has met with officials from the EU’s ENISA cyber agency to explore deeper cooperation on cyber security issues Continue Reading

Security Think Tank: Design security in to reap container benefits

Provided container security basics are built into your development and runtime environment from the start, containerised services and applications can provide rapid – and secure – achievement of business objectives Continue Reading

Australia to amend telecoms regulations following Optus breach

Amendments to Australia’s telecoms regulations are in the works to temporarily allow sharing of individuals’ identifier information between telcos and financial institutions Continue Reading

EU rolling out measures for online safety and AI liability

The European Council has approved the passage of the Digital Services Act to protect people’s rights online, while the European Commission has announced proposals to help those negatively affected by artificial intelligence to claim compensation Continue Reading

Proposals for scanning encrypted messages should be cut from Online Safety Bill, say researchers

Automatic scanning of messaging services for illegal content could lead to one billion false alarms each day in Europe Continue Reading

Air gaps for backup and how they help against ransomware

The air gap is a basic of backups and storage. We look at what’s meant by an air gap, the rise of the logical air gap, and its place in the fight against ransomware Continue Reading

Italian Supreme Court calls for prosecutors to disclose information on Sky ECC hacking operation

Italy’s Supreme Court says Italian prosecutors and police should disclose information on how they obtained intercepted messages from the Sky ECC cryptophone network Continue Reading

Forrester: US set to dominate AI enterprise software market

Artificial intelligence is the fastest growth area in software. This is driving adoption, which will make AI mainstream technology in business software Continue Reading

Use site reliability engineering to address cloud instability

How do you prepare for a worst-case scenario, when the public cloud hosting critical components of your IT infrastructure fails? Continue Reading

Inside Dell Technologies’ zero-trust approach

Dell Technologies’ zero-trust reference model starts with defining business controls and having a central control plane that manages all the security aspects of an organisation’s infrastructure Continue Reading

Tories to replace GDPR

IT industry reacts to the government’s plan to replace the pan-European data protection regulation Continue Reading

France extradites Spanish EncroChat cryptophone distributors for complicity with organised crime

Three phone sellers have been extradited from Spain to France to face charges that they were complicit in the activities of criminal EncroChat phone users   Continue Reading

Digital right to work checks officially go live

Under the new government guidance, employers can choose between 16 certified identity service providers to digitally check their employees legal right to work in the UK Continue Reading

How to protect against SMS mobile security weakness

The simple messaging service provides two-factor authentication in banking and e-commerce, but what happens if your SIM card is stolen? Continue Reading

Security regulation cuts online payment fraud at 73% of retailers

New online payments security standard, Strong Customer Authentication (SCA), sees immediate fall in fraudulent payments to retailers Continue Reading

CIO interview: James Fleming, Francis Crick Institute

Francis Crick Institute CIO discusses how Europe’s largest biomedical research institute has co-developed a framework for data sharing Continue Reading

Surveillance tech firms complicit in MENA human rights abuses

Research finds companies are profiting from surveillance technologies that facilitate human rights abuses against migrants, asylum seekers and refugees in the Middle East and North Africa, with little to no oversight Continue Reading

Dutch PhD project aims to automate discovery and deciphering of steganography

Meike Kombrink, a PhD student in the Netherlands, is focused on detecting hidden messages on the internet Continue Reading

Five startups to join NCSC for Startups initiative

The NCSC has invited five startups to join its NCSC for Startups programme to help the government with pressing cyber challenges facing the UK Continue Reading

Failure of Russia’s cyber attacks on Ukraine is most important lesson for NCSC

Russia has so far failed in its attempts to destabilise Ukraine through cyber attacks due to strength of Ukrainian, security industry and international efforts Continue Reading

Optus breach casts spotlight on cyber resilience

The massive data breach that affected more than 10 million Optus customers has cast the spotlight on API security and other factors that contribute to the cyber resilience of organisations in Australia Continue Reading

UK suffers third highest number of ransomware attacks globally

Based on an analysis of around 5,000 ransomware incidents, NordLocker has found that UK businesses, and small businesses in particular, are a priority target for ransomware gangs Continue Reading

Whistleblower Peter Duffy calls for oversight of NHS records to prevent evidence tampering

A whistleblower has called for greater oversight in the handling of ‘safety-critical digital information’ across the NHS, in light of a number of cases that raise questions about data governance and record-keeping within the health service Continue Reading

Data protection in Finland, four years after GDPR came into force

Data privacy has always been a big concern in Finland, so the country naturally has a lot to say about the General Data Protection Regulation four years on Continue Reading

Security Think Tank: Three steps to a solid DevSecOps strategy

Read about how buyers can manage third-party risk when procuring applications, how to secure the software development process, and even how to affect cultural change among developers not used to thinking cyber first Continue Reading

Most hackers exfiltrate data within five hours of gaining access

Insights from more than 300 sanctioned adversaries, otherwise known as ‘ethical’ hackers, reveal that around two-thirds are able to collect and exfiltrate data within just five hours of gaining access Continue Reading

Fraudsters adapt phishing scams to exploit cost-of-living crisis

Around 80,000 Brits a month are falling victim to phishing attacks as fraudsters switch up tactics to take advantage of cost-of-living crisis and behavioural changes prompted by pandemic Continue Reading

Why identity security is the cornerstone of ASEAN's digital economy

This is a guest post by Chern-Yue Boey, senior vice-president for Asia-Pacific at SailPoint Southeast Asia has been heralded as the up-and-coming region, and with good reason. Over the past decade, ... Continue Reading

Bank warns of spike in online cost-of-living scams

Fraudsters are exploiting the cost-of-living crisis by tricking people into sending money to help friends and relatives pay bills, TSB has warned Continue Reading

How Russian intelligence hacked the encrypted emails of former MI6 boss Richard Dearlove

Hack by Russian-linked ColdRiver group exposed former MI6 chief Richard Dearlove’s contacts and email communications with government, military, intelligence and political officials Continue Reading

More than 30 startups to join Plexal’s Cyber Runway accelerator

Now in its second year, the Cyber Runway accelerator has been designed to support firms at various stages of growth, as well as help the cyber security sector to improve on its diversity, inclusion and regional representation Continue Reading

Conversation between two police officers formed basis of EncroChat warrant, court hears

The National Crime Agency did not seek a written explanation of a French hacking technique before applying for a surveillance warrant to use French “intercept” in the UK, a court heard Continue Reading

It’s time for engineering teams to own DevSecOps

It may seem counterintuitive, but maybe organisations should consider delegating responsibility for DevSecOps to engineering teams, not security teams, argues Elastic’s Mandy Andress Continue Reading

NCA ‘deliberately concealed’ information when it applied for EncroChat warrants, tribunal hears

Investigatory Powers Tribunal hears that the National Crime Agency made ‘serious and fundamental errors’ Continue Reading

Threat actors abused lack of MFA, OAuth in spam campaign

Microsoft threat researchers have reported on a series of cyber attacks in which enterprises with lax IAM policies had their systems hijacked to conduct spam email campaigns Continue Reading

How Great Eastern is transforming its IT organisation

Singapore-based insurer Great Eastern made painstaking efforts to rid itself of legacy systems and transformed its IT organisation to become nimbler by building up its cloud and DevOps capabilities Continue Reading

Nordic private equity firms pursue cyber security acquisitions

Increasing interest in the security sector from Nordic private equity firms is a reflection of growing threats and increasing enterprise security budgets Continue Reading

Inside SolarWinds’ observability playbook

SolarWinds’ CEO Sudhakar Ramakrishna talks up the company’s observability playbook and offers a glimpse into its technology roadmap Continue Reading

ALPHV/BlackCat ransomware family becoming more dangerous

Researchers from Symantec share fresh insight into the ongoing development of the ransomware-as-a-service family known variously as ALPHV, BlackCat and Noberus Continue Reading

Privacy Pledge signatories dream of alternative internet

A group of privacy-focused organisations have come together to establish a set of principles for taking the internet back from big tech and surveillance capitalism Continue Reading

Dr Martens goes feetfirst into cloud-to-cloud backup

Iconic bootmaker laces up for a strategy to move all applications to the cloud, beginning with cloud-to-cloud backup for Microsoft 365 apps plus on-site VMware operations Continue Reading

NCSC publishes cyber guidance for retailers

The NCSC has published tailored advice to support online retailers, hospitality providers and utility services in protecting themselves and their customers from cyber crime Continue Reading

15-year-old Python bug present in 350,000 open source projects

A Python tarfile vulnerability first disclosed in 2007 still persists to this day, according to analysis from Trellix Continue Reading

ANZ organisations using antiquated backup and recovery systems

Nearly half of ANZ organisations are still using backup and recovery systems from over a decade ago, hampering their ability to protect their data assets and recover from ransomware attacks Continue Reading

Thousands of customers affected in Revolut data breach

Digital challenger bank has warned its customers to be vigilant after their data was exposed in a cyber attack Continue Reading

IHG attackers phished employee to deploy destructive wiper

A couple from Vietnam who claim to be behind a destructive wiper cyber attack on hotel operator IHG told the BBC how they orchestrated their operation Continue Reading

Reports Uber and Rockstar incidents work of same attacker

Rockstar Games was hit over the weekend by an attacker who claimed to have accessed its Slack channel to steal data on an upcoming release, and may be the same person who compromised Uber Continue Reading

A gold medal performance for networking

In this week’s Computer Weekly, we find out how the IT team behind the 2022 Commonwealth Games in Birmingham delivered a winning performance. We also look at how the centuries-old London insurance market is going digital, thanks to Lloyd’s of London. And we find out how low-cost high street stores succumbed to the inevitable and are going online. Read the issue now. Continue Reading

Six new vulnerabilities added to CISA catalogue

CISA adds six new vulnerabilities to its most-wanted list, including one that dates back to 2010 Continue Reading

Uber suffers major cyber attack

Details are trickling out of an apparent ‘near total’ compromise of ride-sharing service Uber by an alleged teenage hacktivist Continue Reading

Cloudflare: Our network is our product

Cloudflare’s chief product officer explains why its network is its product and how it protects organisations against cyber threats. Continue Reading

EU Cyber Resilience Act sets global standard for connected products

European Commission lays out proposed security regulations on device and software security to better protect consumers and drive global standards Continue Reading

Nominations closing soon for annual cyber awards

Nominations for the annual Security Serious Unsung Heroes Awards closes 16 September Continue Reading

New player pioneers ‘active cyber insurance’ for UK market

Arrival of US-based insurer Coalition in London will supposedly offer SMEs more options when it comes to cyber security insurance Continue Reading

Organisations failing to account for digital trust

The vast majority of businesses are well aware of the importance of digital trust, yet very few have a dedicated staff role responsible for it, report finds Continue Reading

US charges three Iranians over CNI cyber attacks

Three Iranian nationals have been indicted over a spate of ransomware attacks against organisations in the US, UK, Israel and Iran Continue Reading

FormBook knocks Emotet off top of malware chart

FormBook emerged as the most widely seen malware in August, according to Check Point’s latest data Continue Reading

Ex-CISA head Krebs: Disrupt ransomware support networks to win the war

Speaking at an event hosted by data protection specialist Rubrik, former CISA director Chris Krebs calls for the security community to work collectively to kick out the supports from under ransomware gangs Continue Reading

Microsoft patches 64 vulnerabilities on September Patch Tuesday

Microsoft drops fixes for five critical vulnerabilities and one zero-day in its latest monthly update Continue Reading

NCSC warns public of potential Queen-related phishing attacks

The National Cyber Security Centre is urging users to be on guard against phishing attacks during the period of national mourning for the Queen Continue Reading

DDoS attacks on UK financial sector surged during Ukraine war

A quarter of cyber security incidents reported to the Financial Conduct Authority in the first six months of 2022 involved DDoS, with a likely link to events in Ukraine Continue Reading