IT security

Ireland’s DPC launches probe into Facebook leak

The Irish Data Protection Commission has launched an ‘own volition’ inquiry into the leak of data from 500 million Facebook profiles Continue Reading

CW Middle East: Qatari regulator launches platform to help combat money laundering

The Qatar Financial Markets Authority is using a digital platform to enable financial services professionals to assess their knowledge of anti-money laundering and combating the financing of terrorism. Also in this issue, read how the Covid-19 pandemic has changed the IT spending patterns among enterprises in Saudi Arabia. Continue Reading

How Windows patching leaves security exposed

Four years on since it devastated IT systems across the NHS, WannaCry remains a threat to organisations around the world Continue Reading

FBI accesses ProxyLogon target servers to disrupt cyber criminals

US Justice Department reveals successful court-authorised effort to clamp down on ProxyLogon exploitation Continue Reading

NSA unearths more MS Exchange vulnerabilities

Microsoft patches more critical vulnerabilities in Exchange Server a month after the ProxyLogon incident, after being warned by the US National Security Agency Continue Reading

Security Think Tank: Vaccine passports cannot be taken lightly

What are the security issues and challenges presented by vaccine passports, and how should they be designed and used with ethics and privacy in mind? Continue Reading

Security Think Tank: Vaccine passports must be secure by design

What are the security issues and challenges presented by vaccine passports, and how should they be designed and used with ethics and privacy in mind? Continue Reading

MP told to ditch official email over hacking fears

MP Tom Tugendhat claims the intelligence services advised him to switch to the Gmail service due to concerns his parliamentary email could be hacked Continue Reading

Covid-19 left people feeling vulnerable to cyber crime

Around 15 million people in the UK experienced cybercrime in the past 12 months, with a cumulative 64 million hours wasted dealing with the fallout Continue Reading

Millions of devices at risk from NAME:WRECK DNS bugs

Newly disclosed set of nine DNS vulnerabilities puts over 100 million consumer, enterprise and industrial IoT devices at risk Continue Reading

EncroChat lawyers raise questions over use of PII secrecy orders on UK decryption capabilities

Lawyers claim that public interest immunity certificates may have been used to withhold information on UK intelligence agencies’ ability to decrypt encrypted communications Continue Reading

Vaccine passports and travel plans race up Covid threat charts

With lockdown restrictions easing in the UK, cyber criminals are tailoring their phishing lures to new areas of interest Continue Reading

Why some jobseekers have turned to cyber crime during the pandemic

Research shows that many people have been seeking cyber crime-related work on the dark web, but why? Continue Reading

What has a year of home working meant for the DPO?

Byron Shirley of The Compliance Space explores how the role of the data protection officer has changed in the past 12 months Continue Reading

Executive interview: Unleashing blockchain’s potential

Labrys founder and CEO Lachlan Feeney offers his observations about blockchain adoption in Australia, and what his firm is doing to help organisations unleash the full potential of the technology Continue Reading

How do YOU find and attract the Cybersecurity skills/talent YOU need?

Review the salaries you offer to Cybersecurity and Computer Science Graduates - unless your policy is to pay more for those implementing security by design. If you are worried about losing those ... Continue Reading

Egypt, Italy and US most affected in Facebook leak

Researchers at VPN firm Surfshark have been analysing data on 533 million people leaked from Facebook Continue Reading

NCSC: Using your pet’s name as a password is very stupid

If your email password is still Rex, Rover or Mr Fluffles, it’s probably best to change it, the NCSC has said Continue Reading

Cring ransomware hits ICS through two-year-old bug

A long-disclosed vulnerability in Fortinet’s Fortigate VPN servers is being exploited to distribute Cring ransomware Continue Reading

Nation-state cyber attacks double in three years

Cyber attacks backed by nation states are becoming more frequent and varied, moving the world closer to a point of ‘advanced cyber-conflict’, according to a University of Surrey research project Continue Reading

Facebook ducks calls to apologise over huge data leak

Facebook gives its side of the story as data on millions of its users leaks, but is yet to apologise for security lapses that put half a billion people at risk of compromise Continue Reading

A billion extra contactless payments in year since limit increase

Visa said there was an extra one billion contactless payments made by its customers last year Continue Reading

Unpatched SAP applications are target-rich ground for hackers

Report from SAP and cyber threat research company Onapsis warns that hackers are attacking mission-critical SAP business applications that contain unpatched vulnerabilities Continue Reading

Facebook data leak could be outside scope of GDPR

Regulators may be unable to do much about leaked data on 533 million Facebook users, as it seems to have been stolen before GDPR came into force Continue Reading

API Daze

Earlier this week, the US Supreme Court ruled that Google did not infringe Oracle copyright on the Java SE API (application programming edition). The fact the US Supreme Court has digested a load ... Continue Reading

What Agenda is the new GDS Director, Identity Assurance Programme expected to deliver?

Experience in "Significant agile programme management and/or major change delivery" will not be enough. The appointee will need the skills of Machiavelli  and the luck of the Devil.    Continue Reading

5 endpoint security best practices to keep company data safe

With an expanding company perimeter, it's time to implement these endpoint security best practices, from asset discovery to device profiling. Continue Reading

EncroChat hearings delayed as lawyers seek disclosure on police hacking

Court hearings precipitated by police cracking the EncroChat secure mobile phone network have been delayed after defence lawyers request further disclosures on police decryption capabilities Continue Reading

Ultimate guide to cybersecurity incident response

Learn actionable incident response strategies that your IT and enterprise security teams can use to meet today's security threats and vulnerabilities more effectively. Continue Reading

How to build a honeypot to increase network security

Create a honeypot that will trap attackers and monitor their activities to enhance your organization's network security. This step-by-step guide takes you through the process. Continue Reading

NHS is apparently closing security skills gap

By the end of 2020, there were more than twice as many in-house security professionals at NHS trusts as there were two years before Continue Reading

Security Think Tank: Evolving threats, tech, leaves CNI exposed

In light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them? Continue Reading

Cyber Security Council to champion UK security pros

A new cyber security professional body has launched with the aim of developing and promoting UK cyber security excellence globally and growing the skills base Continue Reading

Nordics run information sharing on digital vaccination passports

Nordic countries advance plans for digital Covid-19 vaccination passports in a bid to kick-start their economies Continue Reading

Create an incident response plan with this free template

Want to boost your organization's ability to fight cybersecurity threats? Uncover the essentials to creating an incident response plan and download our free, editable template. Continue Reading

Privacy campaigners hail legal victory over Hancock and Palantir

Civil liberties organisation OpenDemocracy says it has scored a legal victory over health secretary Matt Hancock regarding the involvement of Palantir in the NHS Covid-19 data store Continue Reading

Ransomware attack on London schools highlights warnings

Ransomware attack on Harris Federation comes just days after a fresh NCSC alert for the education sector Continue Reading

New cyberthreats remind us of the need for hyper-vigilance

This is a guest post by Kerry Singleton, managing director for cyber security at Cisco Asia-Pacific, Japan and China In recent weeks, we’ve seen a number of significant cybersecurity threats ... Continue Reading

The Security Interviews: How to secure an F1 team in a pandemic

A multi-year digital transformation programme paid off for F1 team Williams Racing when the 2020 season was abruptly postponed thanks to Covid-19. Learn how the team’s CIO has been supporting remote working and protecting data Continue Reading

UK courts face evidence ‘black hole’ over police EncroChat mass hacking

French investigators have refused to disclose how they downloaded millions of messages from a supposedly secure cryptophone network used by organised criminals – leaving UK courts to grapple with a forensic ‘black hole’ of evidence Continue Reading

Cyber attack takes Channel Nine off-air

The Australian broadcaster was hit by an alleged ransomware attack that disrupted broadcasting operations in its Sydney studio Continue Reading

Ecolabels and data sanitisation key to recycling and reusing IT assets

Ecolabels on hardware and data sanitisation of devices are key to recycling and reusing old IT equipment respectively, helping enterprises avoid unnecessary asset destruction and contributing to increasingly high levels of electronic waste globally Continue Reading

CW Innovation Awards: SIA taps blockchain for loyalty app

Singapore Airlines, winner of the transportation category in this year’s CW Innovation Awards APAC, expands its blockchain-based digital wallet into a broader digital lifestyle platform Continue Reading

Surveillance expert ‘unfairly’ refused job at intelligence regulator after MI5 intervened

The Home Office unfairly refused Eric Kind, a specialist in criminal justice and UK surveillance law, clearance for a job at an intelligence watchdog after MI5 claimed he was “insufficiently deferential” Continue Reading

Backup appliances the hot topic for Pas-de-Calais fire brigade

With requirements for strict, long-duration backup and archiving, French fire brigade set out to replace optical media with a StorageCraft appliance and disaster-proof storage Continue Reading

Retailer FatFace pays $2m ransom to Conti cyber criminals

Retailer FatFace paid out a $2m ransom to restore its data following a January 2021 cyber attack by the Conti ransomware syndicate Continue Reading

Leading Israeli IoT firm lands in US as worldwide malware attacks surge

With US end-user internet of things devices expected to grow to $1.6tn by 2025 and with more than 5.4 billion IoT connected devices in North America alone, tech firms and the black hat community are weighing up the potential Continue Reading

Zombified Gov.uk Verify is officially dead - so what's next?

The UK government has finally admitted in public for the first time that its flagship digital identity programme, Gov.uk Verify, is dead. This will be no surprise to anyone following the project, ... Continue Reading

Remote working burn-out a factor in security risk

After a year of working from the kitchen table, stress and burn-out are increasing, giving rise to more security risks – and Millennials seem to be particularly affected Continue Reading

‘Major’ security flaw detected in 5G core network slicing design

Mobile security specialist details potentially revenue-threatening vulnerabilities with key element of next-generation networks and reveals plans to work with industry to provide mitigation prior to widespread deployments Continue Reading

Cyber security complacency puts UK at risk, says NCSC head

National Cyber Security Centre CEO Lindy Cameron, in her maiden speech in the role, warns of challenges ahead for the UK and sets out the future agenda for cyber Continue Reading

TUC warns of gaps in British law over use of AI at work

The TUC has published a report warning of AI-powered discrimination against working people enabled by gaps in existing British employment law Continue Reading

Warning: AWS IAM behaves differently to directory services

IT admins use group policies to manage user access via Active Directory, but AWS takes a subtly different approach, which can be exploited Continue Reading

Four in five UK businesses seek new security suppliers

Decision-makers are ready to buy new security technology, but suppliers must pay close attention to how they present themselves Continue Reading

Facebook disrupts Chinese espionage operation

Social media giant’s in-house security team has tracked down and disrupted a long-running Chinese campaign targeting the Uighur Muslim minority Continue Reading

More than £34.5m stolen in pandemic scams over past year

City of London Police and National Cyber Security Centre report large uptick in threats and crime related to Covid-19 over the past year, in some cases directed specifically at health organisations Continue Reading

Oil giant Shell hit through Accellion FTA breach

Energy firm discloses cyber attack through Accellion File Transfer Appliance Continue Reading

Apparent drop in cyber incidents highlights underlying problems

UK organisations report fewer cyber security incidents, but the headline data masks more serious issues, according to a report Continue Reading

UK faces significant cyber talent shortfall

Cyber security sector is struggling to attract the talented workforce it needs Continue Reading

Cyber criminals forging Covid-19 vaccine certificates

Vaccine passports and certificates are gaining mainstream traction, which means cyber criminals are also on the bandwagon Continue Reading

How to choose the right email security service for your organisation

With email security threats growing rapidly, businesses can quickly identify and block these by using a top email security service. Here’s how to select the right provider Continue Reading

Employees must be given the right to disconnect

As enterprises increasingly turn to workplace monitoring technologies and more of the workforce moves to remote or hybrid working, unions are campaigning for workers’ ‘right to disconnect’ and not engage in digitally enabled work after hours Continue Reading

Anti-money laundering technology must operate in a collaborative ecosystem

With new technologies making it easier for banks to spot money laundering activity, we look at why the problem persists at scale, finding that ecosystems and collaborative processes need to be built Continue Reading

NCSC beefs up support for education sector after spate of attacks

Refreshed guidance from the NCSC recommends a defence-in-depth strategy as schools and universities face a renewed wave of cyber attacks Continue Reading

Security Think Tank: Attacks on CNI – an evolving frontier in warfare

In the light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them? Continue Reading

Cyber sector welcomes PM’s defence review

Security commentators approve of measures to improve the UK’s cyber resilience, strengthen its R&D and skills base, lead on the development of new technology and promote a free, open, peaceful and secure global internet Continue Reading

Would the UK really nuke a cyber attacker?

In this week’s Computer Weekly, did the UK’s defence and security review really suggest a nuclear response to a cyber attack? Data visualisation has been widely used to explain the Covid-19 pandemic, but not always that effectively. And jewellery retailer Pandora explains how it kept the personal touch as customers went online. Read the issue now. Continue Reading

$50m ransomware demand on Acer is highest ever

Record-breaking double-extortion cyber attack saw REvil gang exfiltrate financial data from Taiwan-based PC manufacturer Continue Reading

Unionised drivers call on Microsoft to suspend Uber’s Face API licences

Unionised private hire drivers in the UK are calling for Microsoft to suspend Uber’s licences to use its Face API technology after claims the ride-hailing firm’s ID-checking system has led to drivers losing their jobs and having licences revoked Continue Reading

Security Think Tank: Back to square one – ground-up CNI protection

In the light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them? Continue Reading

Security Think Tank: Properly protecting CNI demands specificity

In the light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them? Continue Reading

Compare Azure Firewall vs. NSGs for network security

Traffic to and from resources needs proper security to protect data, but the wrong tool could leave you vulnerable. Explore these two services to find the right level of protection. Continue Reading

Vaccine passports cannot put basic rights at risk, warns BCS

BCS warns of challenges to come as the government presses on with its plans for Covid-19 vaccine passports Continue Reading

Eastern Health reports ‘cyber incident’, takes systems offline

Australian healthcare provider Eastern Health takes IT systems offline as a precaution while it looks into a cyber incident Continue Reading

Security Think Tank: Take a realistic perspective on CNI cyber attacks

In light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them? Continue Reading

Average ransomware cost triples, says report

The average amount paid out by ransomware victims has grown almost threefold to more than $300,000 per incident, according to a report Continue Reading

Digital Green Certificate proposed for travel in Europe

Digital Green Certificates will supposedly help re-establish freedom of movement within the European Union Continue Reading

Top incident response tools to boost network protection

Incident response tools can help organizations identify, prevent and respond to malware exploits, ransomware and other targeted cybersecurity attacks. Continue Reading

Security Think Tank: CNI operators must focus on core issues

In the light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them? Continue Reading

Cyber sector welcomes PM’s defence review

Security commentators approve of measures to improve the UK’s cyber resilience, strengthen its R&D and skills base, lead on the development of new technology and promote a free, open, peaceful and secure global internet Continue Reading

Uber and Ola ordered to hand over more data to drivers

A Dutch court has rejected Uber and Ola’s claims that drivers collectively taking action to access their data amounts to an abuse of their individual data access rights, laying the ground for drivers to form their own union-controlled data trust Continue Reading

How attackers counter incident response after a data breach

It's not over until it's over. Explore how attackers use backdoors and evasion techniques to counter incident response measures even long after a data breach is disclosed. Continue Reading

MoD partners playing fast and loose with confidential data

Clear spike in data breach incidents at defence partners may reflect better reporting standards, claims MoD Continue Reading

Unusual DearCry ransomware uses ‘rare’ approach to encryption

Hybrid approach to encryption used by DearCry bears similarities to WannaCry Continue Reading

Microsoft releases one-click ProxyLogon mitigation tool

Microsoft’s mitigation tool is designed to help customers without dedicated security or IT teams navigate fixing their vulnerable Exchange servers Continue Reading

Government calls for input into Covid-19 vaccine passports

Evidence gathering exercise will inform the development of the UK’s proposed Covid-19 vaccine passport scheme Continue Reading

ST Engineering teams up with Google Cloud

Singapore’s ST Engineering and Google Cloud will explore offering secure cloud services for organisations in regulated industries Continue Reading

Endpoint security vs. network security: Why both matter

As the security perimeter blurs, companies often debate the merits of endpoint security vs. network security. However, it shouldn't be an either-or decision. Continue Reading

UK plans ‘full spectrum’ approach to national cyber security

PM Boris Johnson expands on proposed National Cyber Force and plans to set up a north of England Cyber Corridor Continue Reading

Microsoft Exchange ProxyLogon attacks spike 10 times in four days

Exploitations of the Microsoft Exchange ProxyLogon vulnerabilities have increased tenfold in just four days Continue Reading

Judges refuse EncroChat defendants’ appeal to Supreme Court

Experts suggest Parliament and Investigatory Powers Tribunal need to consider the implications of a court decision on police use of data from the EncroChat phone network Continue Reading

EncroChat ruling has ‘far-reaching effects’ for legal role of interception in UK investigations

The computer forensic experts involved in the review of police use of data hacked from the ultra-secure EncroChat phone network assess the impact of the Appeal Court ruling on future legal use of intercept evidence   Continue Reading

Security Think Tank: CNI operators are in an unenviable position

In the light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them? Continue Reading

India is becoming a hotspot for IoT

India is set to be a cradle for internet of things deployments thanks to its vibrant economy and its potential to play a bigger role in global manufacturing Continue Reading

Arrest warrants issued for Canadians behind Sky ECC cryptophone network used by organised crime

The US has issued arrest warrants for the CEO of Sky Global and a former distributor for racketeering, aiding and abetting the distribution of illegal drugs by supplying encrypted phones to criminals Continue Reading

NCSC issues emergency alert on Microsoft Exchange patch

UK’s national cyber agency calls on organisations affected by the ProxyLogon vulnerabilities to patch their Microsoft Exchange Servers immediately Continue Reading

Does email security need a human solution or a tech solution?

People spend a lot of time using email systems, but many do not realise that this makes them attractive targets for cyber criminals. With education and technology, businesses can tackle this problem head-on Continue Reading

DearCry ransomware targets vulnerable Exchange servers

As predicted, ransomware gangs have started to target vulnerable instances of Microsoft Exchange Server, making patching an even greater priority Continue Reading

Brewer Molson Coors targeted in cyber attack

Cyber criminals have disrupted beer production at Molson Coors, one of the world’s largest brewers Continue Reading

Interview: Uber driver Yaseen Aslam on his Supreme Court battle and what’s next for gig workers

Private hire driver and union organiser Yaseen Aslam speaks to Computer Weekly about his legal battle with Uber and what the UK Supreme Court ruling means to workers in the gig economy Continue Reading