IT security

Dutch police used deep learning model to predict threats to life

Dutch police developed a deep learning model in their EncroChat investigation to predict which messages contain serious threats to life Continue Reading

The shape of fraud and cyber crime: 10 things we learned from 2020

While a pandemic-driven increase in cyber crime and an exacerbation of existing fraud trends were, to a large extent, to be expected, the LexisNexis Risk solutions UK cybercrime report 2020 still contained a few surprises Continue Reading

Okta and Auth0 to expand APAC coverage

Okta’s acquisition of rival Auth0 will enable both companies to expand their footprint in the Asia-Pacific region as demand for identity management services soars amid the pandemic Continue Reading

NHSX data strategy due in ‘a few weeks’

NHSX director of policy and strategy Simon Madden says the long-awaited strategy is expected to “trigger huge debates” on issues such as access, choice and transparency, and will be published in draft form shortly to allow for consultation Continue Reading

Publishing exploit code does more harm than good, says report

Disclosing exploit code before patches are available gives malicious actors a ‘massive’ head-start, says Kenna Security Continue Reading

Biden beefs up public-private security cooperation

Joe Biden has signed a new Executive Order to harden US cyber security and government networks, with an emphasis on information sharing Continue Reading

CW Benelux: Netherlands university launches centre of expertise in applied AI

Amsterdam University of Applied Sciences has launched a centre of expertise in applied artificial intelligence, and students from all faculties of the university will learn how to apply AI in their field of study. Also in this issue, read why a training ‘roadmap’ is needed to get Netherlands police officers up to speed with tackling cyber crime. Continue Reading

Refuge launches tech safety site for domestic abuse victims

Created with the help of survivors, Refuge’s resource site offers guidance on protecting yourself from tech-enabled domestic abuse Continue Reading

CISOs weathered the pandemic well, but at personal cost

Over 80% of CISOs think their existing security capabilities stayed strong during the worst of the Covid-19 pandemic, but now face stress and burnout on an unheard-of scale Continue Reading

Verizon DBIR underscores year of unprecedented cyber challenge

Verizon 2021 Data Breach Investigations Report draws predictable conclusions as the impact of the Covid-19 pandemic continues to be felt Continue Reading

UK government publishes Online Safety Bill draft

Bill builds on previous commitments by the government, which has added new measures to uphold democracy and freedom of speech while making tech giants more accountable Continue Reading

Inside DarkSide: Researchers share intel on break-out cyber gang

Security researchers swap information on the newly famous DarkSide ransomware gang, the group that doesn’t appear to understand what ‘being a criminal’ actually means Continue Reading

CyberUK 2021: NCSC encourages startups to invest in cyber

National Cyber Security Centre is launching bespoke cyber security guidance aimed at the UK’s valuable startup community Continue Reading

UK to fund national cyber teams in Global South

Government will commit millions of pounds to supporting vulnerable countries in establishing cyber capacity Continue Reading

Microsoft fixes four critical bugs on lighter Patch Tuesday

Four critical RCE vulnerabilities put users of various Microsoft products at risk, and should be patched right away Continue Reading

The Security Interviews: Why helpful bots could hurt vaccine roll-outs

Earlier this year, spikes in traffic to websites containing information about Covid-19 vaccines were attributed by Imperva to automated bots scraping data. Why is that a problem? Continue Reading

UK Plc invited to sign up for Early Warning of cyber incidents

The launch of the Early Warning incident notification service is among the enhancements being made by the NCSC to its service packages Continue Reading

NCSC cyber guidance targets cloud and home working

The NCSC’s refreshed cyber security guidance for larger organisations places particular emphasis on cloud, home working and ransomware Continue Reading

Collaboration key to success of UK’s Cyber Security Council

The founders of the UK’s Cyber Security Council have been setting out their plans to professionalise the cyber sector at the NCSC’s CyberUK 2021 event Continue Reading

Government to reform Computer Misuse Act

Home secretary Priti Patel will explore reforming the Computer Misuse Act as calls mount for the 31-year-old law to be updated to reflect the changed online world Continue Reading

SolarWinds CEO calls for collective action against state attacks

SolarWinds CEO tells NCSC’s CyberUK conference he is exploring the possibility of collaborating with other companies on collective cyber action against attacks backed by nation states Continue Reading

Swedish court finds ambiguities in hacked EncroChat cryptophone evidence

Defence lawyer claims evidence obtained by hacking the EncroChat encrypted phone network has ‘no legal’ value following Swedish appeal court ruling Continue Reading

Colonial Pipeline ransomware attack has grave consequences

The ramifications of a major ransomware attack against a US fuel pipeline operator could spread far and wide Continue Reading

NCSC Active Cyber Defence blocks surge of pandemic scams

The NCSC responded to a surge in online scams last year as it moved to protect both the general public and critical national services during the pandemic Continue Reading

APAC career guide on cloud computing

Besides having engineering chops and certifications, aspiring cloud professionals should have curiosity and soft skills to succeed in the evolving cloud computing landscape Continue Reading

How to support a hybrid workforce

As the economy opens up, organisations are rethinking the idea of office-based work – and a more flexible approach is on the cards Continue Reading

Despite confusion, zero-trust journey underway for many

Zero trust is a catchy phrase with seemingly lofty goals. Uncover the reality behind one of infosec's hottest buzzphrases, and learn why it's within reach for many companies today. Continue Reading

One size does not fit all - current cyber security practice as revealed by the DCMS Breaches Survey

The report is an excellent snapshot but it also illustrates why most business leaders (large or small) find it so hard to take cyber security seriously until it is put into the context of their own ... Continue Reading

How do I get my users to pay attention to security training?

As cyber security risks grow daily, businesses must educate staff about these through cyber awareness training. But how can they ensure this is taken seriously by employees? Continue Reading

NCSC, CISA publish new information on Russia’s Cozy Bear

New intelligence from UK and US cyber agencies suggests that APT29, or Cozy Bear, has been switching up its tactics Continue Reading

NCSC publishes smart city security guidelines

Guidance for local authorities, IT and cyber professionals aims to ensure the security of connected, smart city projects Continue Reading

Cyber accreditation to improve legal standing of security pros

Institute of Cyber Digital Investigations Professionals will help incident responders and cyber investigators get the professional recognition they deserve Continue Reading

Securing the UK's emerging smart cities

UK councils have a huge opportunity to improve services through the use of smart city technologies - but they must avoid the cyber security risks, says the government's digital minister Continue Reading

Reddit enlists HackerOne to run public bug bounty programme

Online community platform is opening up its HackerOne bug bounty programme to any ethical hacker who cares to have a look under the bonnet Continue Reading

Ransomware, supply chain attacks show no sign of abating

Security experts at Black Hat Asia 2021 discuss the state of ransomware and supply chain attacks, two of the most common attack vectors that offer high returns for threat actors Continue Reading

Government urged to add scam protections to Online Safety Bill

Group of organisations calls for the government to use the Online Safety Bill to protect people from cyber scams Continue Reading

Scammers accidentally reveal fake Amazon review data

More than 13 million records relating to an organised fake review scam have been found on an unsecured ElasticSearch database, implicating hundreds of thousands of people in unethical behaviour Continue Reading

Google to introduce mandatory MFA for users

In future, holders of Google accounts will have no option but to use multifactor authentication if they want to use the firm’s services Continue Reading

HSBC blocks £249m in UK fraud with voice biometrics

HSBC voice recognition technology has reduced telephone banking fraud as demand for the channel increases Continue Reading

Why ITAM can aid IT-fuelled business recovery

As a sense of normality returns, we look at why IT asset management is the stealth tool for clearing a path towards greater digitisation Continue Reading

Dysfunctional cyber, network teams disrupt digital transformation

Despite shared goals, combative and dysfunctional relationships within specialist tech teams are putting digital transformation projects at risk, according to a report Continue Reading

Sophos: How timely intervention stopped a ProxyLogon attack

A recent incident at an undisclosed customer sheds new light on how malicious actors exploit unpatched Microsoft Exchange servers Continue Reading

How GCHQ proposes to implement and use ethical AI

The rise of cyber crime and the escalating threat vectors facing the UK have led GCHQ to invest in automated threat detection and response systems to meet this challenge, as well as liaising with the private sector for the first time Continue Reading

Deploying productivity monitoring software ethically

While software that tracks the activities of staff can be helpful to companies with a remote workforce, managers must consider employees’ concerns and privacy Continue Reading

Half of organisations breached via a third party in 12 months

New report highlights the risks of outsourcing key business processes without paying due care and attention to your service provider’s security Continue Reading

The practical steps needed to accelerate a UK digital identity ecosystem

The draft digital identity framework published by the UK government highlights the importance of learning from the private sector and existing standards to accelerate deployment and citizen adoption Continue Reading

New standard to simplify IoT device onboarding

Fido Alliance’s device onboarding protocol will automate the process of connecting internet-of-things devices to device management platforms while improving security Continue Reading

EncroChat: Top lawyer warned CPS of risk that phone hacking warrants could be unlawful

Lord David Anderson QC warned prosecutors that there were formidable arguments against the lawfulness of a police operation to infiltrate the encrypted phone network, EncroChat Continue Reading

MPs accuse government of unduly interfering in information commissioner appointment

Cross-party group of MPs says government is influencing the appointment of a new information commissioner by explicitly seeking a candidate who will support its policy agenda, rather than regulate independently Continue Reading

End of support for Build 1909 leaves some Windows open to attack

Biannual Windows updates free IT staff from major updates, but some people prefer older builds of Windows, which leaves a gaping security hole Continue Reading

Security awareness training quiz: Insider threat prevention

Find out how much you know about preventing user-caused cybersecurity incidents through education in this security awareness training quiz for infosec pros. Continue Reading

The case for vaccine passports: the real world versus the digital world

What are the security issues challenges presented by vaccine passports, and how should they be designed and used with ethics and privacy in mind? Continue Reading

Gartner SASE 2021 Roadmap - You Know It Makes Sense...

As observed before in this blog, few of Gartner’s ‘inventions’ have caught on as quickly as SASE – Secure Access Service Edge. From traditional firewall vendors to declared SASE specialists, ... Continue Reading

G7 countries to cooperate on digital regulation

Digital and technology ministers outline their agenda for how technology can be used to facilitate the post-Covid recovery, signalling closer collaboration in key areas of the digital economy Continue Reading

Northern Ireland pilots security training plan for 16-25s

Pilot scheme in Northern Ireland aims to widen access to cyber security careers Continue Reading

How to tackle intellectual property crime

Crimes against intellectual property are big business for organised crime groups, commercial competitors and foreign states alike. In the first of a series of legal columns, David Cowan offers a practical approach Continue Reading

Covid-19 security challenges leave bank customers at risk

Challenges arising from the pandemic have left gaping holes in banking security, putting consumers at risk of fraud Continue Reading

Recruiters can’t afford to hold out for cyber ‘unicorns’

The perfect security candidate is hard to find, so hiring policy needs to be more pragmatic Continue Reading

Office 365 compromise likely led to Merseyrail ransomware attack

Compromise of Merseyrail employee data seems to have begun after a key email account was hacked Continue Reading

NHS App to serve as vaccine passport for foreign holidays

Existing NHS App will have vaccine passport functionality added to it, transport secretary confirms Continue Reading

Backup failure: Four key areas where backups go wrong

We look at the key ways that backups can fail – via software issues, hardware problems, trouble in the infrastructure and good old human error – and suggest ways to mitigate them Continue Reading

Applying web application reconnaissance to offensive hacking

Learn how to apply web application reconnaissance fundamentals to improve both offensive and defensive hacking skills in an excerpt of 'Web Application Security' by Andrew Hoffman. Continue Reading

Collaboration is key to a secure web application architecture

Author Andrew Hoffman explains the importance of a secure web application architecture and how to achieve it through collaboration between software and security engineers. Continue Reading

UK supermarkets to trial age estimation tech for alcohol purchases

Biometric age estimation technology developed by Yoti to be tested in UK supermarkets for alcohol purchases as part of government-led digital identities initiative Continue Reading

Total cost of ransomware attack heading towards $2m

Sophos’ latest study finds that ransomware attacks are proving increasingly disruptive to their victims’ finances Continue Reading

Leaky Azure storage account puts software developer IP at risk

Source code for multiple products was left exposed in an unsecured Microsoft Azure cloud storage account, say researchers, but attributing responsibility for the error has proved difficult Continue Reading

Why we need to reset the debate on end-to-end encryption to protect children

Private messaging is the front line of abuse, yet E2EE in its current form risks engineering away the ability of firms to detect and disrupt it where it is most prevalent Continue Reading

Apple OS updates patch multiple security holes

The much-heralded release of the privacy-centric iOS 14.5 also brings patches for multiple CVEs, and users of Apple smartphones, tablets and notebooks are best advised to update as soon as possible Continue Reading

Uber drivers’ resistance and the gig economy – Computer Weekly Downtime Upload podcast

In this episode of the Computer Weekly Downtime Upload podcast, Caroline Donnelly and Brian McKenna are joined by Sebastian Klovig Skelton to discuss the legal campaign by Uber drivers for the right to be recognised as workers Continue Reading

North London school wins NCSC girls’ cyber challenge

Highgate School in North London is the winner of this year’s CyberFirst Girls security competition Continue Reading

The Security Interviews: Making sense of outbound email security

Screening inbound emails is an accepted part of an organisation’s security posture, but the topic of securing outbound traffic is less often discussed. Zivver’s Rick Goud is on a mission to change this Continue Reading

Justice at last in Post Office IT scandal

In this week’s Computer Weekly, 12 years after we broke the story, victims of the Post Office IT scandal finally have their criminal convictions overturned. We take a virtual tour of a Microsoft datacentre and meet a server called ‘Mega-Godzilla Beast’. And we find out how technology is transforming Nationwide Building Society. Read the issue now. Continue Reading

UnitingCare Queensland hit by cyber attack

Healthcare service provider UnitingCare Queensland was reportedly hit by a ransomware attack that crippled several IT systems Continue Reading

French legal challenge over EncroChat cryptophone hack could hit UK prosecutions

Lawyers are challenging the legality of a French police operation to harvest tens of thousands of messages from the EncroChat encrypted phone network in a move that could overturn criminal prosecutions in the UK Continue Reading

How Toffs is seizing Asia’s CDN market

Toffs Technologies is eyeing second- and third-tier cities in Asia as it bolsters its infrastructure and experiments with the use of home networks as content delivery networks Continue Reading

‘Spy cops’ victims share ongoing data protection concerns

Under Cover Policing Inquiry will consider whether the extensive amount of personal data collected about left-wing activists by the Special Demonstration Squad was justified, as witnesses question whether information about them is still being collected Continue Reading

GCHQ: Cyber investment a guarantor of UK’s global status

GCHQ director Jeremy Fleming sets out a vision for the UK’s cyber security future Continue Reading

Researchers shed more light on APT29 activity during SolarWinds attack

RiskIQ’s Atlas threat intel team uncovers new patterns and threat infrastructure used in the SolarWind’s attacks Continue Reading

Automation, zero-trust, API-based security priorities for EMEA CISOs

Report by FireMon sheds light on buyer behaviour across the EMEA region Continue Reading

ToxicEye malware exploits Telegram messaging service

The Telegram instant messaging service is being used by malicious actors to manage a remote access trojan called ToxicEye Continue Reading

Security Think Tank: Security culture must underpin vaccine passports

What are the security challenges presented by vaccine passports, and how should they be designed and used with ethics and privacy in mind? Continue Reading

NCSC offers teachers free cyber security training

The NCSC’s latest security training offer builds on a package of measures designed to protect schools from cyber attack Continue Reading

EU lays out plans to regulate AI development

Proposal aims to encourage the development of ethical artificial intelligence systems that do not infringe the human rights of EU citizens Continue Reading

SonicWall Email Security zero-days need urgent patch

Users of SonicWall Email Security are advised to patch immediately, but the supplier is being criticised for the pace of its response Continue Reading

Time is running out to probe networks for Emotet

Security teams will lose an unprecedented opportunity to gain valuable intelligence to enhance their defences when Emotet is finally ‘executed’ in a few days’ time Continue Reading

Health app myGP adds Covid-19 vaccine passport function

The new feature is described as the UK’s first NHS-assured Covid-19 certification feature Continue Reading

UK’s proposed IoT cyber security law gathers momentum

New statistics appear to vindicate UK government proposals to force suppliers to be upfront about IoT security Continue Reading

Chinese APT exploits critical CVE in Pulse Secure VPN

A newly disclosed vulnerability in Pulse Secure’s VPN is being exploited by a Chinese advanced persistent threat group – assume compromise and mitigate today Continue Reading

Security Think Tank: ‘Legitimate interest’ crucial for vaccine passports

What are the security issues and challenges presented by vaccine passports, and how should they be designed and used with ethics and privacy in mind? Continue Reading

Codecov supply chain attack has echoes of SolarWinds

Supply chain attack on code auditing service may have compromised the likes of HPE and IBM Continue Reading

Lack of leadership, confusion and frustration - the state of digital identity in the UK

To nobody’s surprise, efforts by a group of peers to force the government to accelerate progress on digital identity in the UK foundered in the House of Lords yesterday (20 April 2021). Baroness ... Continue Reading

Shop and go – will Amazon’s cashless ‘just walk out’ store work?

In this week’s Computer Weekly, Amazon has opened its first ‘just walk out’ grocery store in the UK, but is it the right time to hit the high street? We examine the human and technical issues around email security. And we analyse Microsoft’s $19bn purchase of voice recognition supplier Nuance. Read the issue now. Continue Reading

Does email security need a human solution or a tech solution?

People spend a lot of time using email systems, but many do not realise that this makes them attractive targets for cyber criminals. With education and technology, businesses can tackle this problem head-on. Continue Reading

Singapore’s ViewQwest debuts security service

ViewQwest’s SecureNet service uses Palo Alto Networks’ next-generation firewall with deep packet inspection capabilities to guard against cyber threats Continue Reading

YouGov incentivises sharing of personally identifiable information

YouGov Safe is a new service to help organisations target consumers more precisely, where people can select how much personal data they wish to share Continue Reading

Government puts Facebook under pressure to stop end-to-end encryption over child abuse risks

Facebook faces growing government pressure to abandon its plans to offer users end-to-end encryption to secure the privacy of their messages as the NSPCC raises concerns about child protection Continue Reading

The Secret IR Insider’s Diary – from Sunburst to DarkSide

From dealing with SolarWinds fallout to ransomware attacks, it’s been a busy few weeks for the Secret IR Insider, but they've picked up some new tricks along the way Continue Reading

Finnish government strengthens country’s IT network security

Finland’s government has created a new national organisation to help public and private bodies improve network security Continue Reading

Dutch accuse UK of ‘damaging confidence’ by disclosing details of EncroChat police collaboration

The Dutch Public Prosecution Service claims Britain has damaged confidence by disclosing details of an international investigation into the EncroChat encrypted phone network to the courts Continue Reading

Biden sanctions Russia over SolarWinds cyber attacks

US president imposes new sanctions on Russia following malicious cyber attacks against the US and allies Continue Reading