IT security
-
News
25 Jul 2024
North Korean cyber APT targeting nuclear secrets
Mandiant has upgraded the North Korean threat actor known as Andariel to APT status and warned of coordinated efforts to steal western military IP, including nuclear secrets Continue Reading
-
Feature
25 Jul 2024
CrowdStrike update chaos explained: What you need to know
A botched software update at cyber security firm CrowdStrike has caused IT chaos around the world. Learn more about the global CrowdStrike update outage as it develops Continue Reading
-
Definition
15 Jun 2022
directory traversal
Directory traversal is a type of HTTP exploit in which a hacker uses the software on a web server to access data in a directory other than the server's root directory. Continue Reading
-
News
15 Jun 2022
Patch Tuesday dogged by concerns over Microsoft vulnerability response
The last Patch Tuesday in its current form is overshadowed by persistent concerns about how Microsoft deals with vulnerability disclosure Continue Reading
-
Opinion
15 Jun 2022
Security Think Tank: Basic steps to secure your supply chain
When it comes to supply chain security, there are some core things you should be doing – but remember, the devil is in the detail Continue Reading
-
News
14 Jun 2022
MS Azure Synapse vulnerability fixed after six-month slog
Microsoft patched a critical Azure Synapse vulnerability twice, but each time the researcher who discovered it was able to bypass it with ease, leading to a lengthy saga Continue Reading
-
E-Zine
14 Jun 2022
Managing Apple Macs in the enterprise
In this week’s Computer Weekly, with more people working remotely, the use of Apple Macs in the enterprise is growing – we look at how to manage them securely. Our latest buyer’s guide examines security in the supply chain. And 10 years on from the London Olympics, we find out how data innovation is revitalising its legacy. Read the issue now. Continue Reading
-
News
13 Jun 2022
UK, US prepare to launch PET project
A transatlantic prize challenge to accelerate development of privacy-enhancing technologies is set to begin Continue Reading
-
News
13 Jun 2022
Government recommits to UK’s cyber future in Digital Strategy
New strategy leans heavily on cyber security but stops short of announcing any initiatives that have not already been launched or heavily trailed Continue Reading
-
Definition
13 Jun 2022
acceptable use policy (AUP)
An acceptable use policy (AUP) is a document stipulating constraints and practices that a user must agree to for access to a corporate network, the internet or other resources. Continue Reading
-
News
13 Jun 2022
New UK digital strategy aims to secure future growth for £150bn digital economy
Government publishes plan that brings together existing and new initiatives intended to expand the digital sector and help to establish the UK as a ‘superpower’ in science and tech Continue Reading
-
News
13 Jun 2022
New warning over tech suppliers in thrall to hostile governments
Ukraine war could lead to shakeup of dual-use tech exports, says former UK intelligence officer Continue Reading
-
News
13 Jun 2022
Health data strategy to exorcise ghosts of GPDPR
Government publishes a revised data in health strategy, with an emphasis firmly on preserving the integrity and privacy of patients’ confidential information Continue Reading
-
News
13 Jun 2022
Qatar bolsters cyber security in preparation for World Cup
With hackers honing their cyber weapons to target the upcoming football World Cup, Qatar is busy developing countermeasures and raising awareness Continue Reading
-
News
10 Jun 2022
ICO fails to disclose majority of reprimands issued under GDPR
London law firm Mishcon de Reya forces disclosure of reprimands issued to organisations by the Information Commissioner’s Office for contraventions of UK data protection law Continue Reading
-
Opinion
10 Jun 2022
Security Think Tank: Don’t trust the weakest link? Don’t trust any link
Your security model shouldn’t fall apart just because a part of your business, or a partner, has weak security. This is why information-centric security is a must Continue Reading
-
News
10 Jun 2022
Snake Keylogger climbing malware charts, says Check Point
Cyber criminals behind Snake Keylogger campaigns have been switching up their tactics in the past few weeks, say researchers Continue Reading
-
News
10 Jun 2022
Researchers find eight CVEs in single building access system
A series of eight vulnerabilities in Carrier LenelS2 building access panels could enable malicious actors to obtain physical access to their targets Continue Reading
-
News
10 Jun 2022
Commercialising open source
Most software developed today takes advantage of open source, but there are still gaps in understanding what open source means in business Continue Reading
-
News
09 Jun 2022
SolarWinds CEO offers to commit staffers to government cyber agencies
A new proposal from SolarWinds’ outspoken CEO, Sudhakar Ramakrishna, could see software companies commit key staff to work with government cyber agencies to improve cooperation and incident response Continue Reading
-
News
09 Jun 2022
Trade body calls for public-private sector collab on digital ID
TechUK has published a report outlining 10 key recommendations it believes are urgently needed to enable the rapid creation of an effectively regulated digital identity marketplace Continue Reading
-
News
09 Jun 2022
Cyber researchers step in to fill Patch Tuesday’s shoes
Afraid you’ll miss Patch Tuesday when it’s gone? You’re not alone, but security analysts at Recorded Future are taking action to help the community come to terms with its loss Continue Reading
-
E-Zine
09 Jun 2022
CW Europe: Russia escalates cyber war on Ukraine
Microsoft has given details of cyber attacks on Ukrainian civilian communications, nuclear safety authorities, and the exploitation of the destruction of Mariupol in a phishing campaign. Also read about a report on the European Artificial Intelligence Act that suggests a limited ban on predictive policing systems. Continue Reading
- 08 Jun 2022
-
News
08 Jun 2022
China using top consumer routers to hack Western comms networks
An advisory from US cyber authorities shares details of multiple vulnerabilities exploited by Chinese state actors to hack into Western telecoms networks Continue Reading
-
Blog Post
08 Jun 2022
Using A SASE Platform approach: What Are The Real Cost Benefits?
Following on from my previous blog - where I talked about the real costs of going down the DIY/product portfolio integration route, rather than opting for a “here’s one they made earlier” solution ... Continue Reading
-
News
08 Jun 2022
ProxyLogon, ProxyShell may have driven increase in dwell times
The median network intruder dwell time was up 36% to 15 days last year, thanks to massive exploitation of the ProxyLogon and ProxyShell vulnerabilities by IABs, according to new Sophos data Continue Reading
-
News
07 Jun 2022
Weak IT and SecOps collaboration in ANZ opens doors to cyber attacks
The weak collaboration between IT and security teams in Australia and New Zealand is exposing their organisations to data loss, business disruption and other potential consequences of cyber attacks Continue Reading
-
Blog Post
07 Jun 2022
Contemporary IT: Off the Shelf Vs Bolt-On Approach? It's a No Brainer!
We’ve talked before in this ‘ere blog about the options available nowadays in terms of buying into a platform-based approach, versus integrating a portfolio of specialist products and services – or ... Continue Reading
-
News
07 Jun 2022
Software house Mega achieves holistic SaaS security with Synopsys
Mega International, a supplier of IT management software, turned to Synopsys’s Coverity and Black Duck products to reassure both itself and its customers that its software-as-a-service offerings were built to the best possible security standards Continue Reading
-
Feature
07 Jun 2022
APAC buyer’s guide to backup and recovery software
In this buyer’s guide, learn more about the market for backup and recovery software and key data protection capabilities to look for Continue Reading
-
Blog Post
06 Jun 2022
How has the UK response to ransomware worked?
Ransomware gangs begin with their own due diligence - to calculate how much the victim (or insurer) will pay before reporting. They are likely to move on and find a victim who will not report, ... Continue Reading
-
Blog Post
06 Jun 2022
Time to act on the DCMS Select Committee 2016 Recommendations
Prepare for when losses from impersonation replace whiplash and PPI as the target income stream of ambulance-chasing lawyers, so that you can rapidly sort the genuine claims from the rest. Continue Reading
-
Feature
06 Jun 2022
IT departments need holistic circular economies to fight climate change
With sustainability moving up the boardroom agenda, IT managers should revamp procurement strategies to align with the principles of the circular economy, but what does this mean for managing the IT lifecycle? Continue Reading
-
News
01 Jun 2022
EU must stand ground on cyber security, says Finland’s WithSecure
Russian threat is serving to focus minds on cyber security across Europe, say executives at enterprise security company’s inaugural conference Continue Reading
-
News
01 Jun 2022
Executive interview: Jeetu Patel, general manager of collaboration and security, Cisco
Anyone with an idea can help solve a problem if geography and distance don’t matter when bringing in talent, says Cisco’s collaboration and security chief Continue Reading
-
News
01 Jun 2022
Security leaders call for more observability for cloud native apps
New research highlights the challenges CISOs face securing modern, cloud native applications Continue Reading
-
Opinion
01 Jun 2022
What does the EU’s NIS 2 cyber directive cover?
We run the rule over the European Union’s updated NIS2 security directive Continue Reading
-
Opinion
31 May 2022
The importance of making information security more accessible
Robin Smith, CSO of Aston Martin Lagonda, talks about how an accessible approach to cyber is helping him to keep the organisation secure Continue Reading
-
News
31 May 2022
Researchers discover zero-day Microsoft vulnerability in Office
Malicious Word documents have been used to invoke a previously undisclosed vulnerability in Microsoft Office without user interaction through Windows utility functions Continue Reading
-
Feature
31 May 2022
Attack of the clones: the rise of identity theft on social media
The proliferation of social media has resulted in the rise of identity theft on these platforms, with accounts copied for fraudulent or malicious purposes. What can be done to mitigate it? Continue Reading
-
News
31 May 2022
Industrial systems not safe for the future, say Dutch ethical hackers
Ethical hackers in the Netherlands say operational technology and IT networks need to be integrated to prevent cyber attacks penetrating their operations Continue Reading
-
News
31 May 2022
Singapore doubles down on quantum technology
The city-state is shoring up its quantum talent and quantum device manufacturing capabilities in a bid to advance its knowhow in the emerging technology Continue Reading
-
Opinion
31 May 2022
Mobile digital transformation – from fast to deep
The first half of 2022 has been a busy time, with much happening in the mobile industry. We consider what the rest of year might hold Continue Reading
-
E-Zine
31 May 2022
Trial and error – why the law on computer evidence must change
In this week’s Computer Weekly, the Post Office IT scandal highlighted the problem with computer evidence – we examine the need for legal reform. We assess the nuclear option for sustainable datacentre power. And we find out how IT experts can improve their soft skills and boost their career prospects as a result. Read the issue now. Continue Reading
-
News
30 May 2022
ICO calls for police to end ‘excessive collection’ of personal data from rape and assault victims
The UK’s information commissioner, John Edwards, has called for prosecutors and police to end the excessive collection of personal data from victims of rape and serious sexual assault Continue Reading
-
Opinion
30 May 2022
Log4Shell: How friendly hackers rose to the challenge
HackerOne CISO Chris Evans looks back at how the security community successfully rose to the challenge of Log4Shell, and saved end-user organisations millions Continue Reading
-
Opinion
30 May 2022
Strong internal foundations are key to withstanding external threats
The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back Continue Reading
-
Opinion
27 May 2022
Consistency is key to mitigate outsourcing risk
The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back Continue Reading
-
News
26 May 2022
Consultation launched on datacentre, cloud security
The government is seeking views on how to boost the security and resilience of the UK’s datacentres and online cloud platforms Continue Reading
-
Opinion
26 May 2022
Security Think Tank: Core security processes must adapt in a complex landscape
The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back Continue Reading
-
News
26 May 2022
Two-thirds of UK organisations defrauded since start of pandemic
Nearly two out of three UK companies say they have experienced some form of fraud or economic crime in the past two years, according to a report Continue Reading
-
News
26 May 2022
Most CFOs being left out of ransomware conversations
Barely a tenth of CFOs are actively involved in planning for cyber attacks, according to a report Continue Reading
-
News
25 May 2022
New inquiry looks at the state of UK chips
Foreign Affairs Committee is fishing for evidence in a new inquiry assessing skills, security and end-to-end semiconductor supply chain concerns Continue Reading
-
News
25 May 2022
Rubrik charts data security path
Backup and recovery software provider Rubrik now sees itself as a cyber security company that helps organisations recover from ransomware and other data security threats Continue Reading
-
News
25 May 2022
Building a pathway to commercial quantum computing
The shortage of expertise in quantum technologies will drive up salaries. A new report from TechUK assesses the route to commercialisation Continue Reading
-
News
24 May 2022
ICO orders facial recognition firm Clearview AI to delete all data about UK residents
UK data watchdog fines facial recognition company Clearview AI £7.5m for multiple privacy breaches. The firm, which offers services to law enforcement, faces growing pressure from regulators and legal action around the world Continue Reading
-
News
24 May 2022
Ransomware volumes grew faster than ever in 2021
Verizon’s annual DBIR assessment of the security landscape highlights an unprecedented boom in ransomware volumes, to the surprise of nobody Continue Reading
-
News
24 May 2022
Bad bots make up a quarter of APAC’s web traffic
Bots that run automated tasks have been responsible for stealing personal information among other malicious activities in the Asia-Pacific region, study finds Continue Reading
-
Blog Post
24 May 2022
Need a CISO? No need to look for that tech boffin
This is a guest post by Yvette Lejins, resident CISO at Proofpoint Asia-Pacific and Japan The role of the CISO (chief information security officer) has become increasingly important as more ... Continue Reading
-
Definition
23 May 2022
business resilience
Business resilience is the ability an organization has to quickly adapt to disruptions while maintaining continuous business operations and safeguarding people, assets and overall brand equity. Continue Reading
-
News
23 May 2022
Did the Conti ransomware crew orchestrate its own demise?
Analysts examining the shutdown of the Conti ransomware syndicate suggest the cyber crime collective orchestrated its own demise Continue Reading
-
Opinion
23 May 2022
Security Think Tank: Understanding attack paths is a question of training
The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back Continue Reading
-
News
23 May 2022
How Ivanti views patch management with a security lens
Bringing development, operations and security teams together will help organisations to improve their visibility of IT assets and vulnerabilities while keeping threat actors at bay Continue Reading
-
News
20 May 2022
Applying international law to cyber will be a tall order
Many in the security community have voiced their support for the UK government’s ambitions to work towards agreement with other countries on the application of international law to cyber space, but not without some reservations Continue Reading
-
News
20 May 2022
Microsoft drops emergency patch after Patch Tuesday screw up
Microsoft fixed a certificate mapping issue that caused server authentication failures on domain controllers for users that had installed the most recent Patch Tuesday updates Continue Reading
-
News
20 May 2022
Former Welsh steelworks becomes ‘living’ cyber lab
ResilientWorks security centre in Ebbw Vale provides an education hub for students and a testbed for industry Continue Reading
-
News
20 May 2022
Chinese cyber spooks exploit western sanctions on Russia
The actor behind an ongoing Chinese espionage campaign targeting Russian defence research bodies is taking advantage of the Ukraine war in their phishing lures Continue Reading
-
Definition
19 May 2022
business continuity plan (BCP)
A business continuity plan (BCP) is a document that consists of the critical information an organization needs to continue operating during an unplanned event. Continue Reading
-
News
19 May 2022
Defensive cyber attacks may be justified, says attorney general
Speaking ahead of a speech at the Chatham House think tank, the UK’s attorney general has suggested defensive cyber attacks against hostile countries may be legally justifiable Continue Reading
-
News
19 May 2022
Top cyber criminal earnings outpace those of business leaders
Cyber crime can pay significantly better than leading a FTSE 100 organisation, according to a report Continue Reading
-
News
19 May 2022
Nature of cyber war evolving in real time, says Microsoft president
The past three months have seen the rapid evolution of the very nature warfare to incorporate cyber attacks, Microsoft’s Brad Smith tells the audience at its Envision conference in London Continue Reading
-
News
19 May 2022
Deliveroo accused of ‘soft union busting’ with GMB deal
Smaller grassroots unions have criticised Deliveroo and GMB for making a “hollow” deal that will ultimately undermine workers’ self-organising efforts Continue Reading
-
News
19 May 2022
Red teaming will be standard in Dutch governmental organisations by 2025
The Dutch government wants to include the testing of the digital security of systems, processes and people – also known as red teaming – in all of its governmental organisations’ test planning and budgeting by 2025 at the latest Continue Reading
-
Opinion
19 May 2022
Security Think Tank: Yes, zero trust can help you understand attack paths
The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back Continue Reading
-
News
19 May 2022
Singapore opens security testing centre
Joint centre set up by the Cyber Security Agency of Singapore and a local university will facilitate security testing and train security evaluation talent Continue Reading
-
Opinion
18 May 2022
Security Think Tank: To follow a path, you need a good map
The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back Continue Reading
-
News
18 May 2022
Mastercard biometric programme will allow payment authentication by smile
Mastercard is inviting banks and merchants to join a programme to set standards for biometric payments technology Continue Reading
-
News
17 May 2022
Veeam outlines data protection vision
Veeam is looking to achieve an “outsized market leading position” by tapping its strengths in data protection and doubling down on innovation to help enterprises secure emerging workloads Continue Reading
-
News
17 May 2022
(ISC)² to train 100,000 cyber pros in UK
Security association (ISC)² unveils ambitious UK training programme Continue Reading
-
News
17 May 2022
Australian CISOs least prepared for cyber attacks
Australian CISOs are under pressure and feel the least prepared globally to deal with the consequences of a cyber attack, study finds Continue Reading
-
E-Zine
17 May 2022
Digitally transforming UK power networks for renewable energy
In this week’s Computer Weekly, we find out how the UK’s power networks need to be digital transformed to be ready for renewable energy – and the role of open source. Wi-Fi 6 was meant to give a boost to wireless connectivity – we examine why adoption has stalled. And we look at what a quantum datacentre might be like. Read the issue now. Continue Reading
-
News
16 May 2022
Europol gears up to collect big data on European citizens after MEPs vote to expand policing power
The European Parliament has voted to expand Europol’s role, legalising its processing of bulk datasets containing personal information and endorsing research into predictive policing technologies Continue Reading
-
News
16 May 2022
Keeping Singapore’s critical systems secure
Tracy Thng offers a glimpse into her work in strengthening the cyber resilience of 11 essential service sectors in Singapore Continue Reading
-
News
13 May 2022
Open source community sets out path to secure software
A 10-point plan to improve the security and resilience of open source software was presented this week at a summit in the US Continue Reading
-
Blog Post
13 May 2022
Mind the gap: public and private sector disparity in cybersecurity
Amidst increasingly sophisticated cyber attacks and a constantly shifting threat landscape, cyber security partnerships across the private and public sector are essential in tackling these threats. ... Continue Reading
-
News
12 May 2022
GPDPR data scrape a ‘mistake’, says leading scientist
Giving evidence to the Science and Technology Committee, academic, physician and science writer Ben Goldacre has expressed serious misgivings about the on-hold GPDPR NHS data scrape Continue Reading
-
Feature
12 May 2022
The limits and risks of backup as ransomware protection
Backups can provide a sound means of recovery from ransomware infection, but they are not 100% certain to foil attackers. We look at the limits and risks of depending on backups Continue Reading
-
E-Zine
12 May 2022
CW Benelux: Meta shelves hyperscale datacentre plan in Netherlands
Meta’s plan for a hyperscale datacentre in the Netherlands which was to serve the metaverse world has been halted following a campaign by environmentalists and the Dutch parliament’s call for the government to do everything in its power to stop the facility being built. Also read how the Dutch arm of customer services supplier Teleperformance has led the entire organisation to adopt robotic process automation software. Continue Reading
-
Opinion
12 May 2022
Security Think Tank: Your path to understanding attack paths
The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back Continue Reading
-
News
12 May 2022
APAC career guide: Becoming a cyber security pro
The region’s burgeoning cyber security industry has attracted more talent last year, but it takes more than just technical knowhow to succeed in the field Continue Reading
-
News
11 May 2022
Nerbian RAT enjoys using Covid-19 phishing lures
The world is slowly coming to terms with Covid-19, but fear of the coronavirus is no less useful to cyber criminals because of it, as Proofpoint researchers have discovered Continue Reading
-
News
11 May 2022
Emotet has commanding lead on Check Point monthly threat chart
Emotet remains by some margin the most prevalent malware, according to Check Point’s latest monthly statistics Continue Reading
-
News
11 May 2022
CyberUK 22: Five Eyes focuses on MSP security
The western intelligence community has set out practical steps IT service providers and their customers can take to protect themselves Continue Reading
-
News
11 May 2022
CyberUK 22: Data-sharing service to protect public from scams
A new data-sharing service set up by the NCSC and industry partners will give ISPs access to real-time threat data that they can use to block fraudulent websites Continue Reading
-
News
11 May 2022
Analysts confirm return of REvil ransomware gang
Secureworks CTU analysis has found that the REvil ransomware is undergoing active development, possibly heralding a new campaign of cyber attacks Continue Reading
-
News
11 May 2022
Cyber accreditation body Crest forges new training partnerships
Crest says partnerships with Hack The Box and Immersive Labs will enhance its members’ defensive and offensive security skills Continue Reading
-
News
11 May 2022
Nationwide stops thousands more attempted frauds with Strong Customer Authentication
Nationwide Building Society is blocking an additional 2000 attempted online shopping frauds a month through extra checks Continue Reading
-
News
11 May 2022
Microsoft fixes three zero-days on May Patch Tuesday
It’s the second-to-last Patch Tuesday as we know it, and Microsoft has fixed a total of 75 bugs, including three zero-days Continue Reading
-
News
11 May 2022
EU plans to police child abuse raise fresh fears over encryption and privacy rights
Draft regulation unveiled today will require internet and messaging firms to use algorithms to identify grooming and child abuse or face heavy fines Continue Reading
-
Definition
10 May 2022
Top 10 spyware threats
The top 10 spyware list describes the 10 common spyware threats behind famous spyware attacks and is frequently identified by Webroot's Spy Audit, a free spyware scanner tool. Continue Reading
-
News
10 May 2022
‘Spy cops’ inquiry delves into police relationship with MI5
There was ‘no filter’ on the information that undercover police officers were collecting on activists throughout the 1970s, despite senior managers and officials involved in directing the surveillance questioning the appropriateness of the information gathering and sharing Continue Reading