IT security

Tata Communications grows IoT footprint

India’s Tata Communications has been shoring up its IoT capabilities through a handful of acquisitions and partnerships with telcos Continue Reading

Agent Tesla trojan finds new ways to sneak past defences

Updated versions of Agent Tesla Rat include new techniques that fiddle with code to disable endpoint protection tools on target systems Continue Reading

Serco confirms Babuk ransomware attack

Outsourcing firm was hit by the ransomware last week but insists most of its operations are running as normal Continue Reading

UKRI suspends services after ransomware attack

UK Research and Innovation was hit by an undisclosed strain of ransomware at the end of January Continue Reading

CISOs invisible to their organisations, says BT report

Ignorance of cyber issues is leading to misplaced confidence in security in many organisations, as CISOs struggle to make themselves seen and heard Continue Reading

‘Victory for free speech and openness’ after tribunal confirms no territorial restrictions to FOIA

Freedom of information tribunal rules that investigative journalists and others can use the Freedom of Information Act if they live outside the UK or are not British citizens Continue Reading

SBRC picks Check Point to support cyber helpline

The Scottish Business Resilience Centre has enlisted Check Point as the first security supplier to join its incident response partnership programme Continue Reading

Indian firms see growing value of data

Half of Indian IT leaders see a permanent increase in value of data as their organisations come under threat from mounting cyber attacks amid the pandemic Continue Reading

Hunting and anti-hunting groups locked in tit-for-tat row over data gathering

The leaking of internal documents has prompted a row between pro- and anti-hunting groups about the legality of the other’s data collection practices Continue Reading

Biometrics ethics group addresses public-private use of facial recognition

Home Office’s Biometrics and Forensics Ethics Group releases briefing note on the use of live facial recognition in public–private collaborations following a year-long investigation Continue Reading

Revealed: Brits who fuelled ‘vicious’ conspiracy theory by Trump supporters

Trump supporters have apologised and paid millions in damages to the family of murdered Democratic Party staffer Seth Rich for promoting false allegations that Rich – not Russian agents – stole emails from the Democratic National Committee Continue Reading

Manufacturing particularly at risk of Solorigate-linked breaches

Every fifth victim of the SolarWinds Solorigate/Sunburst attack was a manufacturing organisation, say researchers Continue Reading

Human factor dominates Australia’s latest data breach numbers

The number of data breaches resulting from human error increased by 18% in the second half of 2020, according to Australian government’s latest notifiable data breaches report Continue Reading

Apprenticeships may be a solution to cyber skills shortage, say insiders

Cyber security professionals are open to new approaches to finding sorely needed talent, according to a poll Continue Reading

End of Emotet: A blow to cyber crime, but don’t drop your guard

The takedown of Emotet is a huge event with repercussions that will reverberate across the cyber criminal world, but unfortunately that’s not to say there will be much of a long-term impact Continue Reading

Pandemic response has improved privacy posture, says Cisco

Data privacy seems to be ‘coming of age’ to some extent and organisational responses to Covid-19 may be partly responsible, according to a report Continue Reading

Mimecast breach was work of SolarWinds attackers

Mimecast’s investigation into a January 2021 breach of its systems turns up evidence that the culprit was the same group that targeted SolarWinds in December Continue Reading

Emotet botnet goes offline as cops seize servers

The Emotet botnet has been disrupted and knocked offline after a major international effort by law enforcement Continue Reading

Grindr complaint results in €9.6m GDPR fine

Norway’s data protection authority plans to apply a fine totalling 10% of LGBTQ+ dating app Grindr’s revenues over its data sharing practices Continue Reading

Emergency Apple updates patch exploited zero-days

Three vulnerabilities could give attackers full control of their target Apple devices, and must be patched immediately Continue Reading

Global VPN downloads surge in 2020

Repressive regimes’ regulatory demands and remote working see virtual private network usage rocket over the past 12 months Continue Reading

The ransomware routine: pages from the Secret IR Insider’s diary

The Secret Incident Response Insider shares behind-the-scenes stories of what really happens after organisations are hit by cyber attacks – and shows how they could have been avoided Continue Reading

Conservatives broke data law to racially profile millions

The Conservative Party acted illegally in collecting data that inferred voters’ ethnicity and religious background, a Select Committee has heard Continue Reading

North Korean state attacks legitimate security researchers

Threat researchers specialising in vulnerability research and development appear to be being targeted by a North Korean state-backed group Continue Reading

Saudi IT spending to hit $11bn in 2021

Saudi Arabian organisations will spend about $11bn on IT this year, with emerging technologies high on shopping lists Continue Reading

Juggling data silos, privacy and fraud

Among the uncomfortable truths about the government’s response to the pandemic is the fact that some people have and will continue to play the system. At the time it was introduced, the furlough ... Continue Reading

ICO extends commissioner Denham’s term of office

Extension of Elizabeth Denham’s tenure as information commissioner will give the government more time to appoint her successor Continue Reading

Cyber fraud a national security issue, says Rusi report

A report from the Rusi think tank calls for fresh approaches to how we think about fighting fraud Continue Reading

Security Think Tank: Are security teams the unsung heroes of 2020?

After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be selling like hotcakes? Continue Reading

Gartner: IT budgets shift to mature processes around remote business

The pandemic forced businesses to work remotely. Now, almost a year on, CIOs must consider the IT to run long-term remote business strategies Continue Reading

Salad as a service: How tech could revolutionise farming

In this week’s Computer Weekly, we find out how new technologies are supporting the rise of vertical farming, and could revolutionise food supply chains. We examine one of the biggest trends in the cloud – serverless computing. And Brexit has not yet ended the debate about UK-EU data protection. Read the issue now. Continue Reading

Cracking the message in a bottle

Between 2016 and 2019, a number of bottles washed ashore in Hamburg, each containing an ‘uncrackable’ message Continue Reading

Are banks overburdened with responsibility for money lost to online scams?

Bank boss calls for cross-industry cooperation to reduce scams that trick people into making instant payments online Continue Reading

Security Think Tank: Time to rethink stopgap solutions

After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be selling like hot cakes? Continue Reading

Government Gateway at 20 – looking back at the UK’s most successful digital identity system

Not all legacy IT systems in government cause problems – one has been at the heart of many of the most important online public services for 20 years Continue Reading

ICO resumes adtech investigation

The UK Information Commissioner’s Office was criticised for ending its investigation into alleged malpractice in advertising technology, but has now resumed its probe Continue Reading

Sepa data leaks as agency resists ransom demands

The Scottish Environment Protection Agency is resisting extortion demands from a ransomware gang, but has suffered a data leak in retaliation Continue Reading

Google threatens to cut off Australia

Google’s threat to end its Australian Search operation comes in the face of new legislation that would force it to pay media publishers for news content Continue Reading

Hackney Council tenders for cyber security upgrade

Suppliers are being invited to tender for enhanced cyber security capabilities at ransomware victim Hackney Council Continue Reading

Immigration exemption in data protection law faces further legal challenge

Human rights groups set to take legal challenge against immigration exemption to Court of Appeal on the basis that everyone, regardless of their nationality or residence, should have their fundamental rights and freedoms protected as stated in the GDPR Continue Reading

Gamarue malware found on government-issued school laptops

Devices handed out by the government to support vulnerable children contain malware that appears to be contacting C2 infrastructure in Russia Continue Reading

How can healthcare organisations fight increased cyber crime in 2021?

As the Covid-19 pandemic enters what may be its most dangerous phase, we explore how healthcare organisations can ward off cyber threats while preserving their ability to deliver critical care Continue Reading

Two-thirds of CISOs say they’ll be cyber attack victims this year

Security professionals are ever alert to the threats they face, but some still seem to think it is unlikely they will be attacked Continue Reading

Interview: Tony Porter, chief privacy officer, Corsight AI

Tony Porter speaks to Computer Weekly about the changes in facial-recognition during his time as surveillance camera commissioner, the ethics of using the technology, and his new role as chief privacy officer at Corsight AI Continue Reading

Incompetent cyber criminals leak data in opsec failure

Even cyber criminals need to pay attention to their information security posture, as this cautionary tale uncovered by Check Point reveals Continue Reading

Should I be worried about MFA-bypassing pass-the-cookie attacks?

Malicious actors bypassed multi-factor authentication using so-called pass-the-cookie attacks, but how worrying is this and what is the risk to organisations? Continue Reading

The Future of Enterprise Networking and Security

If you’re going to ask a customer a question, ask them a proper one! You can’t get much bigger than looking at the future of enterprise networking and security, but that’s what a recent survey by ... Continue Reading

Malwarebytes also hit by SolarWinds attackers

The nation state group that attacked SolarWinds in December got inside Malwarebytes by exploiting privileged access to its Microsoft Office 365 tenant, the firm reveals Continue Reading

Security Think Tank: It’s time to secure the collaboration revolution

After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be selling like hotcakes? Continue Reading

Legacy security architectures threaten to disrupt remote working

Annual survey of IT leaders finds network security is of prime concern as most companies continue with work-from-home policies Continue Reading

Questions raised by New Zealand central bank boss, following cyber attack investigation

The governor of New Zealand’s central bank said the organisation must answer questions about its security following a ‘significant’ attack Continue Reading

UK fraud agency deploys ArcGIS dashboard for data sharing

The National Fraud Intelligence Bureau says it has achieved improved transparency with the public, as well as saving 3,500 staff hours and £100,000 Continue Reading

Value of GDPR fines shows dramatic increase in 2020

European regulators imposed almost €160m worth of fines during the past 12 months, a substantial rise Continue Reading

Security Long Reads: Cyber insiders reveal what’s to come in 2021

In this long read, we gather together the thoughts of cyber security insiders from across the industry to get their take on what will happen in 2021 Continue Reading

The UK’s struggle with digital schooling

In this week’s Computer Weekly, the UK government’s sudden decision to close schools left many unable to provide children with online schooling - we examine the home learning challenges. Cyber security experts give us their forecasts for 2021. And we find out how technology supports the work of the Guide Dogs charity. Read the issue now. Continue Reading

Click fraud levels reach new heights in pandemic

Small companies risk losing £10,000 a year, and enterprises as much as £520,000, to cyber criminals as click fraud volumes spike Continue Reading

Criminals fiddled stolen Covid-19 vaccine data to damage trust

Malicious actors manipulated stolen Covid-19 data in a way clearly intended to damage public trust in vaccines, says the EMA Continue Reading

Security Think Tank: In 2021, enable, empower and entrust your users

After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be selling like hot cakes? Continue Reading

MAS offers guidance on mitigating supply chain threats

Monetary Authority of Singapore revises its technology risk management guidelines to help the financial sector guard against supply chain attacks Continue Reading

MoD reports 18% rise in data loss incidents

The Ministry of Defence reported more than five hundred data security incidents in 2019-20, with seven serious enough to warrant disclosure to the ICO Continue Reading

Australians lost A$176m to scams in 2020

Investment scams topped the list of scams, which grew by 23.1% in 2020 as criminals exploited human psychology using social engineering Continue Reading

NCSC CyberFirst Girls 2021 contest kicks off

UK’s national cyber agency says it has already had hundreds of entrants in spite of the challenges presented by the pandemic Continue Reading

150,000 records accidentally wiped from police systems

Home Office claims data wiped from national police systems only relates to people who have never been convicted of a crime or had further police action taken against them following an arrest Continue Reading

US cyber security agencies get $9bn in Biden plan

New funding proposals come as US government reels from the impact of the December 2020 SolarWinds attack Continue Reading

Coalition proposes secure standard model for Covid-19 passports

Vaccination Credential Initiative is working to ensure that people vaccinated against Covid-19 can access their records in a secure, verifiable and privacy-preserving way Continue Reading

All EU states can take data protection cases against Facebook, says EU court

An opinion from the European Court of Justice has the potential to lead to a flood of privacy complaints against Facebook if upheld Continue Reading

Experian calls for less bureaucratic data regulations

Open banking requires cross-industry collaboration, but sharing personal data requires explicit consent, which can become a bottleneck Continue Reading

Old, on-premise systems targeted in Hackney ransomware attack

Council reveals some more insight into how the Pysa ransomware gang infiltrated its systems by exploiting legacy technology Continue Reading

Unforeseen consequences of new technologies put UK at risk

Lords committee told that the risks associated with various emerging digital technologies must be assessed together, with input from UK citizens, if the government is to avoid ‘siloisation’ of fundamentally interconnected problems Continue Reading

APAC firms grapple with cyber security amid pandemic

Some aspects of cyber security have taken a backseat as companies across the Asia-Pacific region rush to shore up their infrastructure to cope with the demands of remote work Continue Reading

Security Think Tank: Plan for hybrid working to become normal

After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be selling like hot cakes? Continue Reading

Court to rule on Facebook data sharing after Schrems drops legal challenge against Irish regulator

Irish High Court says it will issue a judgment as soon as possible over a draft decision by Ireland’s data protection commissioner to order Facebook to stop the transfer of data about EU citizens to datacentres in the US Continue Reading

Three-quarters of finance firms report more potentially criminal activity in their networks

Fears of failing to comply with strict regulations grow as financial services firms identify more suspicious financial activity on their networks Continue Reading

World’s largest dark web market disrupted in major police operation

Coordinated international operation including Europol and the UK’s National Crime Agency has successfully taken DarkMarket offline Continue Reading

Covid-19 immunity passport tests to begin in UK

A Covid-19 immunity and vaccination passport developed by two UK firms and backed by Innovate UK has entered the live testing phase Continue Reading

Stolen Pfizer/BioNTech Covid-19 vaccine data leaked

Data dump understood to include screenshots of emails, peer review information, PDFs and PowerPoint presentations Continue Reading

Critical zero-day features in first Patch Tuesday of 2021

Microsoft releases fixes for 84 bugs on the first Patch Tuesday of 2021, including a critical zero-day vulnerability in Microsoft Defender Continue Reading

Palo Alto Networks opens Australia cloud location

The cyber security company’s Australia cloud location will address data localisation requirements amid growing adoption of cloud-based security services Continue Reading

Mimecast latest security firm to be compromised

Users of a specific Mimecast certificate used to authenticate services to Microsoft Office 365 may be at risk of compromise in an attack that may relate to the ongoing SolarWinds incident Continue Reading

Parler collapse opens door to phishing attacks

The shutdown of controversial social media site Parler, and the publication of huge amounts of user data scraped by ethical hackers, is giving cyber crime experts cause for concern Continue Reading

Former ministers speak out on Mike Lynch extradition

As Mike Lynch, founder and former CEO of Autonomy, awaits his US extradition hearing, several former Tory MPs have expressed their concerns Continue Reading

Early stage UK security startups face funding crisis

Overall cyber security funding since the advent of the pandemic is well up, but investment is dominated by safe, later-stage firms while those raising capital for the first time fall away Continue Reading

Security Think Tank: Time for security teams to learn from Covid

After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be selling like hot cakes? Continue Reading

Can AI ever match the power of the brain?

In this week’s Computer Weekly, artificial intelligence is still no match for the brain – we talk to Intel’s neuromorphic computing lab to see how researchers are trying to address that. Our buyer’s guide examines identity and access management. And we find out why datacentres are becoming a new target for financial investors. Read the issue now. Continue Reading

How to tackle the IAM challenges of multinational companies

The rapidly changing business, regulatory and IT environment makes identity and access management a tough nut to crack for large multinationals. Continue Reading

New SolarWinds CEO sets out rescue plan

Customers can expect to see more regular and thorough checks on SolarWinds products, alongside greater engagement with the security community Continue Reading

Kaspersky claims link between Solorigate and Kazuar backdoors

Researchers say they have found specific code similarities between the Solorigate/Sunburst malware and the Kazuar backdoor, suggesting some relationship Continue Reading

New Zealand central bank IT system breached in cyber attack

Bank is responding to a cyber attack after hackers breached the system of a third-party supplier Continue Reading

Security Think Tank: Don’t bet on a new normal just yet

After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be selling like hot cakes? Continue Reading

Government use of 'general warrants' to authorise computer and phone hacking is unlawful

A court has ruled that the security and intelligence services can no longer rely on ‘general warrants’ to authorise the hacking of large numbers of computers and phones belonging to UK citizens Continue Reading

Picking the right IAM tools is based on more than today’s needs

With remote working now normal, it is important to take proactive steps in managing credentials across platforms that can be subject to multiple data protection regulations. IAM services can streamline this process, but care must be taken to ensure the correct one is chosen Continue Reading

The nation state threat to business

The SolarWinds hack shows the widespread damage possible from a nation state cyber attack. What is the threat to business and how can it be mitigated? Continue Reading

Which? online banking investigation reveals ‘worrying gaps’ in security

Consumer rights organisation has ranked the security of UK online current account providers Continue Reading

How have attitudes to risk and resilience changed?

The New Year is traditionally a time for reflections as well as resolutions. With Throwback Thursday we are happy to offer you both, as we look back to June 2008, when Freeform Dynamics published a ... Continue Reading

Biden picks cyber veteran to reinvigorate security response

Appointment of career intelligence operative Anne Neuberger signals refreshed security approach for the US government under Joe Biden's administration Continue Reading

Trump bans Chinese payment apps

US president signs executive order banning the use of Chinese payments app, citing national security risks Continue Reading

Hackney Council data leaked by Pysa ransomware gang

Council data stolen in October is leaked online in a double extortion attack Continue Reading

WikiLeaks founder Julian Assange to remain in prison despite winning extradition battle

Judge cites Assange’s support of NSA whistleblower as one of the reasons for him being at high risk of absconding. He will remain in Belmarsh prison until the US government completes its appeal Continue Reading

SolarWinds attack almost certainly work of Russian spooks

Investigations into the far-reaching SolarWinds Solorigate attack did not let up during the holidays Continue Reading

Cloud Application Acceleration

First, we had WanOp, then we had “son of WanOp” AKA SD-WAN (and its much misunderstood – mainly by vendors – sibling, SDN) and then the cloud came along and, well, clouded the scenario somewhat. If ... Continue Reading