IT security

The fears and benefits of virtualising reality

In this week’s Computer Weekly, we examine the mingling of virtual and physical worlds and find positive applications and worrisome implications from augmented reality. We find out how to run a virtual hackathon during the pandemic – pizza still included. And we look at how to improve performance of your private cloud. Read the issue now. Continue Reading

Five tips to ensure your crisis comms plan is ready for a cyber attack

Business leaders take note: standard crisis communications plans are inadequate if you have fallen victim to a cyber attack. HPL’s Ted Birkhahn shares five tips to make sure you are ready to face the public Continue Reading

Government publishes second version of digital identity trust framework

The second iteration of the framework, still in alpha version, sets out how organisations can become certified digital identity service providers Continue Reading

Hospitality firms must accelerate digital transformation to secure long-term recovery

Key retail sector must respond quickly to new post-pandemic digital-first demands and consumer behaviours to regain competitive edge, says study Continue Reading

Technical hiccups force Babuk ransomware gang to change tactics

The Babuk ransomware operation backed away from encrypting its victims’ files, and technical difficulties may be to blame, reports McAfee Continue Reading

Investigatory Powers Tribunal finds UK spy agencies unlawfully collected personal data

Campaign groups Privacy International and Liberty are gearing up to bring further legal action after a court found that UK spy agencies unlawfully collected phone and internet records Continue Reading

Almost half unaware of GP data-sharing plans

Around half of adults in England – approximately 20 million people – remain unaware of the scope of the NHS GPDPR programme, prompting calls for a public education campaign Continue Reading

Top vulnerabilities target perimeter devices

The most frequently exploited CVEs of the year so far are to be found in perimeter and network access devices, according to a joint advisory from the NCSC and partners Continue Reading

COP26 cyber resource hub launched for Glasgow businesses

New digital information hub for Glasgow business to help organisations keep secure both physically and online ahead of major climate change summit Continue Reading

Security Think Tank: Consider cyber policies and procedures as you welcome employees back

With Covid-19 restrictions easing, offices are welcoming back remote workers this summer, bringing with them their notebooks and mobiles, and creating an endpoint management headache for CISOs. What do security teams need to account for to protect their returning office workers? Continue Reading

ICO ends its involvement in dispute between NatWest Bank and data breach whistleblower

The Information Commissioner’s Office has ended its involvement in a dispute between a data breach whistleblower and NatWest bank Continue Reading

US lawmakers call for probe into ‘arrogant’ spyware firm

US members of Congress have called for an investigation into NSO Group, the spyware supplier at the centre of a massive surveillance scandal Continue Reading

TikTok sets up cyber security hub in Dublin

Dublin-based cyber centre will oversee the security of TikTok’s users across Europe Continue Reading

How IBM is solving the data privacy problem

IBM’s fully homomorphic encryption technology lets enterprises apply analytics and machine learning to encrypted data without compromising data privacy Continue Reading

Are we getting cyber security skills all wrong?

In this week’s Computer Weekly, the chair of the new UK Cyber Security Council tells us how she plans to fundamentally reimagine what working in IT security means. Our latest buyer’s guide examines ERP modernisation and its role in digital transformation. And we take an in-depth look at the first preview version of Windows 11. Read the issue now. Continue Reading

Malicious actors turn to obscure programming languages

Using new, lesser-known or otherwise uncommon programming languages to code new malwares can help skirt cyber defences Continue Reading

No More Ransom initiative saves £850m over five years

Initiative’s free ransomware decryption tools have been used by more than six million people since 2016 Continue Reading

Government-led innovation can help cyber startups find a market

There are many reasons why early-stage cyber startups often struggle to get off the ground, but government-backed programmes can help them find a path Continue Reading

Tokyo 2020 hit by data breach

The user names and passwords of Tokyo 2020 ticket holders and event volunteers were reportedly compromised, but government official claims the data leak was not large Continue Reading

OAIC: Uber failed to protect personal data of Australians

Uber did not take reasonable steps to protect Australians’ personal information from unauthorised access, says Australia’s national privacy watchdog Continue Reading

How the UK Cyber Security Council plans to professionalise security

As chair of the new UK Cyber Security Council, Claudia Natanson is in a superb position to develop professional standards in IT security and she intends to fundamentally reimagine what a security job actually is Continue Reading

Kaseya obtains universal ransomware decryptor

Kaseya says it obtained a ransomware decryptor key from a trusted third party, but there is no word on whether a ransom was paid Continue Reading

Respect in Security challenges abuse and harassment in cyber

With around a third of cyber pros saying they have personally experienced harassment at work or online, a new initiative is urging organisations to pledge their support to help free the community from the scourge of abuse. We met its founders Continue Reading

New thinking and systems required to tackle online fraud in retail

Online fraud is a growing problem for retail, but are merchants doing enough to update systems and how should they change their actions to address it? Continue Reading

Beeinfotech PH opens telco-neutral datacentre in the Philippines

Datacentre startup is touting carrier neutrality, bespoke services and cyber security capabilities to meet the growing demand for co-location services in the Philippines Continue Reading

Five ways to ensure remote working security and compliance

A mix of on-site and remote working has become a fact of life for many organisations. We look at five key things you should consider to ensure compliance and security Continue Reading

France’s Macron among alleged Pegasus targets

Data relating to devices used by French president Emmanuel Macron and the head of the World Health Organization, among others, has been uncovered in a dataset linked to government use of spyware Continue Reading

NCSC’s Cameron urges deeper cyber alliance-building

Speaking to an event in Israel, NCSC CEO Lindy Cameron has praised joint UK-Israeli efforts on security collaboration Continue Reading

Sparsely staffed offices: the new post-pandemic cyber gap

With many offices still operating at limited capacity, a red teaming expert reveals how his job is getting easier, and why this is a problem Continue Reading

The Secret IR Insider’s Diary: It’s all gone quie...

The ‘Q’ word isn’t one that’s really used in incident response, says the Secret IR Insider, largely because as soon as you use it, something happens Continue Reading

NHS Digital tightens rules for GPDPR data scrape

The proposed collection of patient data held by GPs will now only commence when three key criteria have been fulfilled, says NHS Digital Continue Reading

Security Think Tank: A return to the office is not a return to normal

With Covid-19 restrictions easing, offices are welcoming back remote workers this summer, bringing with them their notebooks and mobiles, and creating an endpoint management headache for CISOs. What do security teams need to account for to protect their returning office workers? Continue Reading

Ripe for change – mixing digital innovation with traditional winemaking

In this week’s Computer Weekly, we find out how global winemaker Concha y Toro uses the latest tech to enhance 150-year old traditional processes. Pharma giant GSK explains how an API strategy is changing its business model. And we talk to retailers using video technology to bridge the gap between in-store and online selling. Read the issue now. Continue Reading

Government launches consultation on plans for UK digital identity market

DCMS wants stakeholders to offer their views on proposals for a new governance regime and expanding access to government-held datasets for identity verification Continue Reading

Is tech team remuneration opening up a new form of cyber risk?

Failing to reward cyber security staff in line with increases for other members of the tech team could open up new risks to organisations Continue Reading

UK, US confirm Chinese state backed MS Exchange Server attacks

UK and US governments, alongside the EU and Nato, have formally attributed the March 2021 Microsoft Exchange Server attacks to Chinese state-backed actors Continue Reading

Pegasus mobile RAT abused to monitor journalists and activists

Israel-based surveillance specialist NSO Group is facing renewed pressure after it emerged its Pegasus mobile surveillance tool may be being widely abused by repressive regimes Continue Reading

Privacy Shield: One year on and companies are still grappling for answers

Activist lawyer Max Schrems and Eduardo Ustaran, partner at Hogan Lovells, look for common ground in a problem with no easy answers Continue Reading

Windows 11: A first look at the first preview

Microsoft recently unveiled its plans for the next version of the Windows operating system. We give it a test drive Continue Reading

Tips to minimise vulnerabilities in web and mobile apps

Agile software development can sometimes be at odds with secure by design principles. We look at how organisations are balancing security with coding Continue Reading

Legacy SonicWall kit exploited in ransom campaign

Users of older versions of SonicWall Secure Mobile Access 100 and Secure Remote Access products are at risk from a new ransomware campaign Continue Reading

The Changing UK Cyberpolicing and Cyberskills scene - an update

The Covid Lockdown unleashed a torrent of employment and skills related fraud, as criminals seize the opportunity to loot the new programmes , as they did to the Individual Learning Accounts after ... Continue Reading

Macquarie Data Centres to build Sydney North facility

Macquarie Data Centres’ latest 32MW facility will come with a cyber security centre that monitors and manages cyber security events Continue Reading

Covid-19 vaccine supply chain under attack by unknown nation state

An unknown nation state actor is attempting to disrupt the supply of coronavirus vaccines Continue Reading

APAC CISOs warm up to zero-trust

Security leaders in Asia-Pacific are adopting zero-trust security, but challenges stand in their way of reaping the full potential of the security model Continue Reading

The rise and rise of supply chain attacks

Supply chain attacks in Asia-Pacific and elsewhere have intensified as cyber threat actors look to exploit the weakest links in business and digital supply chains Continue Reading

CW APAC: Trend Watch on supply chain security

In this handbook, Computer Weekly looks at the rise of supply chain attacks, the challenges that come with zero trust security and attacks on the Covid-19 vaccine supply chain Continue Reading

Lawyers take EncroChat hacking operation to French supreme court

Lawyers head to French supreme court after appeals court finds EnroChat inception legal under French law Continue Reading

Putting Your Sassy Money Where Your Nous Is

I’ve been making a bit of noise in this bloggy column of mine now about sassy SASE for some time, but it seems I’m not the only one (other than Gartner wot coined the concept). The world of ... Continue Reading

Privacy Shield: US surveillance law reforms essential for EU-US data, says EU parliamentary study

EU Committee on Civil Liberties, Justice and Home Affairs study calls for major reforms of US spying laws to enable an EU-US data-sharing agreement to replace Privacy Shield Continue Reading

Singapore to invest S$50m in ‘digital trust’ capabilities

The Singapore government is pumping in S$50m to bolster research in technologies that will foster digital trust in areas such as privacy protection and identity management Continue Reading

REvil ransomware crew drops offline, reasons murky

The REvil ransomware operation appears to have gone dark, but claims about its demise are almost certainly exaggerated Continue Reading

Multiple Microsoft bugs being actively exploited

Microsoft’s July Patch Tuesday update fixes 117 vulnerabilities, 13 rated as critical and four already being actively exploited Continue Reading

Can a web app ever be truly secure?

Despite the wealth of vulnerability detection tools and practices, there remains a vast array of web application security breaches Continue Reading

Regional cyber clusters score £700k of funding

DCMS has awarded £700,000 of funding to a network of 20 regional cyber clusters Continue Reading

Modipwn vulnerability puts millions of building systems at risk

Authentication bypass vulnerability in a Schneider Electric product could lead to device takeover Continue Reading

Secureworks sets up in EU datacentre for XDR services

New datacentre location helps Secureworks’ customers meet EU data residency requirements Continue Reading

UK Cyber Security Council calls for new push on training

Too many companies have cut back on security training and development during the pandemic, says UK Cyber Security Council Continue Reading

Met Police seize £180m worth of Bitcoin

The largest ever seizure of cryptocurrency in the UK comes just weeks after a previous multi-million pound confiscation, as law enforcement clamps down on money laundering Continue Reading

Dutch prosecutor ordered to give evidence on EncroChat hack

Netherlands court rules that a public prosecutor should give evidence about the role of the Dutch in the EncroChat cryptophone hack which has led to arrests of organised gangs worldwide Continue Reading

Driving intelligence – behind the scenes of Volkswagen’s in-car software

In this week’s Computer Weekly, we go behind the scenes of Volkswagen’s in-car software R&D centre. The UK’s largest supercomputer has gone live in Cambridge – we find out how it will transform healthcare research. And we talk to DWP’s digital chief about the restructuring of its IT capabilities. Read the issue now. Continue Reading

What’s your contingency plan for when ‘online’ stops working?

Last week I had the misfortune to spend just over an hour and a half listening to a crackly loop of recorded announcements. They were remarkably dull, even before I’d heard them several dozen ... Continue Reading

UK government set to unveil next steps in digital identity market plan

The next phase of the UK government’s plan to support a market of certified, interoperable digital identity providers is set to kick into gear, with digital infrastructure minister Matt Warman due ... Continue Reading

Kaseya VSA services coming online after week-long outage

Kaseya has successfully deployed a patch to its ransomware-hit VSA product as per a revised schedule, and customers are beginning to come back online Continue Reading

NSW department of education hit by cyber attack

Australia’s New South Wales department of education takes some systems offline as a precautionary measure in response to a cyber attack last Thursday Continue Reading

How software developers can create mobile apps securely and quickly

The mobile app market is booming, but to achieve success, organisations must develop mobile apps securely and rapidly Continue Reading

Ransomware and botnets among top cyber threats in Singapore

The city-state saw more ransomware threats and command-and-control servers hosted out of its highly connected network infrastructure last year, as threat actors capitalised on the pandemic Continue Reading

Professionals need protection from the Computer Misuse Act

The UK needs cyber legislation fit for the 21st century, so it is important for the industry to get behind the government’s proposed reform of the Computer Misuse Act Continue Reading

Ransomware gangs seek people skills for negotiations

The process of negotiating a ransomware payment is delicate, hence cyber criminal organisations are prepared to offer good terms to those with the right skillsets Continue Reading

Met Police should release information on British WikiLeaks journalists passed to US, tribunal told

The Metropolitan Police should release correspondence with the US Department of Justice about three UK based WikiLeaks journalists, despite national security claims, a tribunal heard Continue Reading

Are you betting your future on the worst gambling odds in the world?

Gambling is a high-risk strategy. Doing nothing in the face of the threat from ransomware and hoping for the best provides some of the worst odds you will ever come across Continue Reading

Choose the right ITSM tool for digital era success

IT service management (ITSM) tools are essential for many organisations to help optimise the design, delivery, support, use and governance of IT, but not all ITSM solutions are created equal, therefore selecting the right one is crucial Continue Reading

How do we win back digital adolescents recruited to the Dark Side during lockdown?

The Hacker Forum is one of the most welcoming, friendly and attractive "support" group for those stuck in their bedrooms, isolated from friends and school during lockdown and bored with home-learning. Continue Reading

How zero-trust security can bolster Managed Print Services (MPS) offerings

MPS providers must build expertise to address the zero-trust requirements of their customers. This means offering and implementing a multi-layered security proposition to protect printing across ... Continue Reading

Our Survey Says...

The whole WFH/ WFA (Work From Home/Anywhere) initiative that was somewhat enforced on the world’s working population as a result of the “P” word, has largely been well received, but a new survey ... Continue Reading

Kaseya apologises for extended downtime after ransom attack

CEO of Kaseya apologises after pushing back the restoration of the firm’s VSA service following a REvil ransomware attack Continue Reading

Why identity is the central problem for the future of the internet

As debate rages over who has the right to control user identities online, is the concept of decentralised identity about to have its day? Continue Reading

PrintNightmare haunts Microsoft as patch may miss mark

Microsoft dropped an out-of-band patch to fix PrintNightmare, but there are concerns it may not be totally effective. This does not mean it shouldn’t be applied Continue Reading

Security Think Tank: Reopening is an opportunity to reassess wider security posture

With Covid-19 restrictions easing, offices are welcoming back remote workers this summer, bringing with them their notebooks and mobiles, and creating an endpoint management headache for CISOs. What do security teams need to account for to protect their returning office workers? Continue Reading

US government given permission to appeal UK’s decision to not extradite Julian Assange

US offers assurances that Assange could serve time in his home country of Australia if convicted Continue Reading

ICO to probe Hancock over private email use

Former health secretary faces an investigation by the UK’s data protection watchdog over his use of private email to conduct government business Continue Reading

How the UK Cyber Security Council plans to professionalise security

As chair of the new UK Cyber Security Council, Claudia Natanson is in a superb position to develop professional standards in IT security and she intends to fundamentally reimagine what a security job actually is Continue Reading

Opportunists seen targeting Kaseya REvil victims

Malwarebytes researchers highlight new spam campaign targeting businesses impacted by the ongoing Kaseya REvil ransomware incident Continue Reading

Security Think Tank: As offices reopen, address patching and ‘build drift’

With Covid-19 restrictions easing, offices are welcoming back remote workers this summer, bringing with them their notebooks and mobiles, and creating an endpoint management headache for CISOs. What do security teams need to account for to protect their returning office workers? Continue Reading

About 60 Kaseya customers hit by REvil

Kaseya has revised upward the number of managed service providers compromised by the REvil ransomware gang in a supply chain attack at the weekend Continue Reading

Klarna under investigation by Swedish finance watchdog

Swedish fintech is being investigated by financial services regulator after customer information was visible to others Continue Reading

Cyber insurance costs up by a third

The frequency and severity of ransomware attacks is a leading factor behind a substantial increase in the cost of obtaining cyber security insurance Continue Reading

BA reaches settlement in data breach group action

A group action against BA following its 2018 data breach has been successfully settled Continue Reading

Security Think Tank: Returning workers to the office: Is your security posture up to date?

With Covid-19 restrictions easing, offices are welcoming back remote workers this summer, bringing with them their notebooks and mobiles, and creating an endpoint management headache for CISOs. What do security teams need to account for to protect their returning office workers? Continue Reading

Buying a VPN? Here’s what you need to know

VPNs are an effective cyber security tool for businesses and remote workers, but there are many things to consider before purchasing and implementing one. We explore some of these Continue Reading

Going back to office networks, only to dismantle them once and for all

With Covid-19 restrictions easing, offices are welcoming back remote workers this summer, bringing with them their notebooks and mobiles, and creating an endpoint management headache for CISOs. What do security teams need to account for to protect their returning office workers? Continue Reading

Cloud - Infrastructure - Security - SASE - Discuss!

Over the past 12 months, I’ve regularly talked about sassy SASE in this blog. But I’m not the only one. A recent Netevents interactive debate had several vendors debating SASE as part of a general ... Continue Reading

REvil crew wants $70m in Kaseya ransomware heist

Two days after one of the largest ransomware attacks in history by the REvil/Sodinokibi gang, the security community is assessing its next moves, while over 1,000 victims remain in limbo Continue Reading

Toughening up web and mobile apps

We look at how organisations can secure internal and web-facing applications against ransomware and injection-style attacks Continue Reading

Berlin court finds EncroChat intercept evidence cannot be used in criminal trials

In a major setback for police hacking operations, Berlin’s regional court has decided that intercepted data from the EncroChat phone network should not be used in criminal prosecutions Continue Reading

The secret to building a future-proof cyber security team

In a post-pandemic digital world, where cyber criminals see a feast of opportunities, what are the secrets to building a world-class cyber security function? Continue Reading

Security Think Tank: Hydration, hiring, hacking – lessons in post-Covid risk

With Covid-19 restrictions easing, offices are welcoming back remote workers this summer, bringing with them their notebooks and mobiles, and creating an endpoint management headache for CISOs. What do security teams need to account for to protect their returning office workers? Continue Reading

Should I be worried about PrintNightmare?

The accidental publication of proof of concept code for a Windows vulnerability, and the reclassification of said bug from low to critical severity, has the cyber community concerned. Is it right to be? Continue Reading

Cyber attackers up the ante on embattled IT teams

Opportunistic threat actors are pouncing on embattled IT teams that are under pressure to expand remote work arrangements Continue Reading

How do I get my users to pay attention to security training?

 Continue Reading