IT security

Making sense of the changing UK Cyber Policing and Skills Scene

There is an urgent need to make rapid use of the trusted partner programmes of the new Cyber Resilience Centres to help business of all sizes (and charities, schools, reputable training providers ... Continue Reading

Okta picks up Auth0 for $6.5bn

Multibillion-dollar acquisition a vote of confidence in future of identity and access management services Continue Reading

Microsoft Exchange CVEs more widely exploited than thought

US CISA issues emergency guidance as impact of four newly disclosed Microsoft Exchange vulnerabilities becomes clearer Continue Reading

Progress towards gender equality in cyber still slow

The cyber security sector is making painfully slow progress towards gender equality, according to a report Continue Reading

Qualys caught up in Accellion FTA breach

Security services supplier confirms that some of its data was stolen via vulnerabilities in Accellion’s file transfer product Continue Reading

Five ways that disaster recovery changes in a pandemic

Covid-19 has changed IT. Previously, working remotely was a business continuity measure, but now it is the norm. That means disaster recovery has to adapt to new risks and new ways to respond Continue Reading

UK contactless payment limit more than doubled

UK increases the amount that can be spent in one go using a contactless payments card to £100 Continue Reading

Veritas looks beyond NetBackup for growth in ASEAN

Veritas has seen increased demand for its availability tools as it looks to address backup and recovery requirements from cloud, database and VMware workloads Continue Reading

Technical controls to prevent business email compromise attacks

Technical controls are at the heart of preventing successful business email compromise attacks. Learn about those and extra considerations to keep your business secure. Continue Reading

Emergency patch addresses MS Exchange Server zero-days

Microsoft releases an emergency patch to address multiple zero-day exploits directed at on-premise installations of Exchange Server Continue Reading

EU seeking pan-European Covid-19 passport solution

The European Union’s proposal could see the creation of a Covid-19 vaccine passport to enable travel across the EU Continue Reading

A sobering reminder for more vigilant supply chain security

This is a guest post by Gaurav Chhiber, vice-president of Asia-Pacific and Japan at IronNet Cybersecurity The recent and unfolding news about the Russian APT 29, or Cozy Bear, SolarWinds breach is ... Continue Reading

3 ransomware distribution methods popular with attackers

To prevent cyber attacks, understanding how they work is half the battle. Explore the most common ransomware distribution methods in this excerpt of 'Preventing Ransomware.' Continue Reading

Patching: Balancing technical requirements with business considerations

With an increasing reliance on subscription models alongside the regular patching of software, updates have become an essential part of modern business practices. However, care needs to be taken to ensure the optimum patching process is implemented. Continue Reading

Malware researcher speculates on the future of ransomware

Abhijit Mohanta, author of 'Preventing Ransomware,' opines on the future of ransomware and discusses why this attack is favored among cybercriminals. Continue Reading

Digital secretary Dowden outlines UK post-Brexit data approach

The UK government is searching for a new information commissioner with an updated remit to use data to support growth and innovation, and plans on reaching new international data partnerships Continue Reading

Essential guide to operation-centric security

To stay ahead of cyber attackers, IT security teams need to take an operation-centric approach, to offer a real-time picture of activity across their estate. Continue Reading

Making sense of the UK Cybersecurity Sector

The UK cybersecurity industry is heavily concentrated. Only 150 suppliers, employing 2/3rd of the work force are large enough to provide realistic in-house work experience for trainees/apprentices. ... Continue Reading

On digital identity, the government gets it wrong again

The latest government proposals to regulate the digital identity sector continue to misunderstand how such a market works – a more API-based approach is needed to deliver the clear benefits of online ID Continue Reading

Cyber extortionist threatened to bomb NHS targets

A German court has convicted a 33-year-old Italian man for making extortion and bomb threats against NHS hospitals at the height of the Covid-19 pandemic’s first wave last year Continue Reading

NCSC Cyber Action Plan emphasises SME security

NCSC self-assessment tool launched to help sole traders and micro-businesses tackle their cyber security challenges Continue Reading

Get started with network penetration testing for beginners

Authentication, patching and configuration are among the most common vulnerabilities found through network penetration testing. Learn more in this free chapter excerpt. Continue Reading

Advice on how to learn network penetration testing skills

As beginners learn network penetration testing skills, they should remember these expert tips: Pay attention to what the client wants, and stick to offense, not defense. Continue Reading

GCHQ sets out rules of the road for AI in cyber

A paper produced by GCHQ shows how the intelligence agency can use artificial intelligence responsibly as a tool to protect the UK’s national security Continue Reading

Npower shuts off app after credential stuffing attack

Npower customers will have to log in to their accounts on its website after its app was withdrawn following a security breach Continue Reading

MHRA and other agencies to offer new resources for scam victims

New landing page resources will replace .uk domains suspended for criminal activity to help members of the public access appropriate guidance Continue Reading

Transport for NSW hit by Accellion breach

Australian state agency Transport for New South Wales is the latest victim of the supply chain attack against Accellion’s legacy file transfer system Continue Reading

Vaccine passports prove an ethical minefield

Privacy campaigners warn that vaccine passports may turn out to be discriminatory and invasive, while technologists agree careful consideration must be given to their design Continue Reading

Is Clubhouse safe, and should CISOs stop its use?

With more concerns being raised over the privacy and security of social media app Clubhouse, we consider whether security teams should consider restricting or stopping employees from using it Continue Reading

Babuk ransomware unsophisticated, but highly dangerous

Intelligence gathered through McAfee’s Mvision service reveals more insight into the emerging Babuk ransomware Continue Reading

Bombardier is latest victim of Accellion supply chain attack

Canadian aviation company joins the growing list of Accellion breach victims Continue Reading

Warning on security risk from virtual events platforms

Vulnerabilities found in virtual events platforms could form part of a variant supply chain attack Continue Reading

Industry concerns over government digital identity plans risk a confusing outcome for users

A flurry of recent activity suggests the government is ramping up its plans for the long-awaited demise of Gov.uk Verify, its failed attempt to produce a digital identity system for online public ... Continue Reading

Rogue drones beware: We’re here to ground you

Eugene Kaspersky exclusively lifts the lid on a mysterious, shiny device that’s been sitting in his office Continue Reading

How to achieve security observability in complex environments

Security observability is a novel approach to incident detection that goes beyond traditional monitoring. Read on to learn if this emerging strategy is right for your enterprise. Continue Reading

XDR makes cyber a Stroll in the park for Aston Martin F1

Aston Martin Cognizant Formula One team will run SentinelOne’s Singularity XDR platform under the bonnet Continue Reading

AI powers reputational damage insurance policy

Reputational damage has an immediate impact on a company’s share price, and brand loyalty built over many years can be lost in an instant Continue Reading

CyberScotland offers centralised security resource hub

Newly launched partnership brings together security resources for individuals and organisations across Scotland Continue Reading

Microphones, smartphones, laptops among items stolen from BBC

A total of 105 devices have been stolen from the BBC in the past two years, some of which may have been spirited away by remote workers Continue Reading

Pandemic has exposed fractures in cyber fraud strategy

RUSI report urges a bolder and more coordinated response to cyber-enabled fraud as the pandemic lays bear the scale of the problem Continue Reading

The nation state threat to business

The SolarWinds hack shows the widespread damage possible from a nation-state cyber attack. What is the threat to business and how can it be mitigated? Continue Reading

European Commission proposes UK data adequacy agreement

The publication of two draft data adequacy decisions brings the UK closer to a final positive decision, which will enable the continued free flow of data between the EU and the UK if green-lit by member states Continue Reading

NCSC cyber defence scheme blocked thousands of scams in 2019

The NCSC has reported another productive year for its Active Cyber Defence programme Continue Reading

Biden will act on cyber security to fix SolarWinds mess

US will take action to modernise its defences in the wake of the SolarWinds attack, says US government cyber lead Anne Neuberger Continue Reading

Swedish police fined for unlawful use of facial-recognition app

Sweden’s data watchdog has found that Swedish police failed to conduct the data protection checks required by law before using controversial facial-recognition tool Continue Reading

City of Helsinki adopts MyData principles to improve digital services

Principles on the use of personal data for the benefit of society will guide Finnish capital’s ambitious digital plans Continue Reading

More than two-thirds of firms would invest in dedicated remote working connectivity

Firms are faced with supporting more remote working for their businesses going forward, and a survey has shed light on what form this support will take and what firms believe they will need in the ‘new normal’ Continue Reading

2020 a record year for cyber, thanks to Covid

The UK’s cyber industry now employs close to 50,000 people and contributes billions to the economy Continue Reading

Fingerprints will help payment cards retain relevance

Biometric payment cards using fingerprint technology could add billions to global banking revenues, says UBS Continue Reading

Assessing UK law enforcement data adequacy

Data protection experts discuss the consequences of achieving data adequacy between the UK and EU for the UK’s intelligence services and criminal justice sector Continue Reading

North Korean Lazarus Group hackers indicted in US

Charges filed relate to Lazarus Group’s long-running cyber crime spree, including financial theft and extortion, WannaCry malware and the cyber attack on Sony Pictures Continue Reading

Vaccine passports highlight social impact of systems design

Vaccine or immunity passports are an opportunity to advance the design of trustworthy digital systems, but much more work still needs to be done Continue Reading

Security pros agree: We need to take a break

As many as 85% of security staff engage in leisure activities during working hours, but they have excellent reasons for doing so Continue Reading

Egregor ransomware arrests confirmed

Authorities confirm that they have arrested an undisclosed number of cyber criminals associated with the Egregor ransomware Continue Reading

Emotional intelligence, empathy increasingly valued in CISOs

The pandemic has highlighted the value of soft skills, rather than technical ones, in security Continue Reading

Malware quiz: Test your knowledge of types and terms

Malware trends are constantly evolving, but older techniques are still often used in cyber attacks today. Test your knowledge of existing and emerging threats in this malware quiz. Continue Reading

Law firm and cyber criminals clash over source of stolen data

Cyber attack victim Jones Day says its data was stolen in a supply chain attack, but the gang holding it to ransom disagrees Continue Reading

7 steps for a network and IT security foundation

Enterprises should make it a habit to review their IT security systems, following steps that include network segmentation, multifactor authentication and security education. Continue Reading

North Korea accused of Pfizer Covid vaccine cyber attack

South Korean intelligence pins a recent attack on Pfizer, targeting information on coronavirus vaccines, on its neighbour Continue Reading

RDP, SSH exposures off the charts thanks to remote working

The Covid-19 pandemic has had an impact on the prevalence of certain vulnerabilities in the wild, according to a report Continue Reading

Qatar regulator launches platform to monitor human understanding of financial crime

Qatari financial services regulator works with global body to provide digital platform to assess whether financial services workers understand how to prevent financial crime Continue Reading

Egregor ransomware associates arrested amid disruption

Undisclosed number of arrests made in Ukraine after investigators tracked bitcoin ransom payments Continue Reading

Central government should promote data policy compliance, say civil servants

Most civil servants want the government to gain additional powers to promote data policy compliance to ensure better use of data, according to research Continue Reading

Security Think Tank: Towards a united state of security

As US president Joe Biden sets out his agenda for the next four years, we consider the opportunities for renewed international collaboration on cyber security, what aspects of cyber Biden should focus on, and ask how the industry can make its voice heard Continue Reading

Batman Begins cyber attack a warning to CNI providers

A thwarted cyber attack in a Florida town that could have resulted in the poisoning of the water supply is a timely reminder of the vulnerability of critical services Continue Reading

How Covid-19 has hit IT salaries and job prospects

In this week’s Computer Weekly, our salary survey reveals the impact of the coronavirus pandemic on IT professionals’ wages and job security. A potentially deadly cyber attack on a US water plant highlights the risks to critical infrastructure. And we find out how NHS Scotland is using tech to support its vaccine roll-out. Read the issue now. Continue Reading

The WFH ‘New Normal’ is nothing of the sort

At least, not yet. The world is still in the very abnormal grip of a pandemic, and even with widespread vaccination we will be defending ourselves against the fear of further outbreaks for months, ... Continue Reading

Post Office to offer digital ID services to customers

Post Office partnership with Yoti is intended to expand customer choice as to how people prove their identity when accessing services Continue Reading

NCSC recognises UK’s top cyber schools

National Cyber Security Centre CyberFirst Schools initiative has handed out 14 gold, silver and bronze awards recognising excellence in cyber security teaching Continue Reading

Government to impose new digital identity system across all Gov.uk services

Cabinet Office minister Michael Gove writes to Whitehall departments mandating the use of a new digital identity system that will allow citizens to be tracked across the Gov.uk website Continue Reading

Security Think Tank: Renewed US stability may ease cyber tensions

As US president Joe Biden sets out his agenda for the next four years, we consider the opportunities for renewed international collaboration on cyber security, what aspects of cyber Biden should focus on, and ask how the industry can make its voice heard Continue Reading

UK border surveillance regime highly privatised, says Privacy International

Research from Privacy International raises concerns about the deep involvement of technology companies in the development and deployment of various technologies throughout the UK’s border regime, along with the lack of scrutiny they receive Continue Reading

Security Think Tank: Biden must address insider security threat first

As US president Joe Biden sets out his agenda for the next four years, we consider the opportunities for renewed international collaboration on cyber security, what aspects of cyber Biden should focus on, and ask how the industry can make its voice heard Continue Reading

Use business email compromise training to mitigate risk

Effective BEC training can prevent scams designed to exploit the brain's automatic responses. It starts by teaching employees to slow down and make the unconscious conscious. Continue Reading

Hacked Finnish therapy business collapses

Vastaamo, the Finnish psychotherapy centre whose patients were blackmailed by a cyber criminal gang, has filed for bankruptcy Continue Reading

Government launches digital identity trust framework

The government’s draft framework, which aims to set out rules for the use of digital identities, will be tested with industries, services, users and organisations ahead of a final version being published Continue Reading

Low-complexity CVEs a growing concern

Analysis of thousands of CVEs logged with NIST in 2020 reveals some unwelcome developments Continue Reading

Future security stars shine in first round of CyberFirst Girls contest

There were more than 6,500 participants in the opening heats of the National Cyber Security Centre’s CyberFirst Girls competition this year Continue Reading

Is it time to ban ransomware insurance payments?

The former head of the NCSC recently called for a dialogue over whether or not it is time to ban insurers from covering ransomware payments. Is he on the right track? Continue Reading

CW Benelux: Is reluctance to report cyber crimes in the Netherlands helping the criminals get away?

According to an academic study in the Netherlands, only one in seven Dutch people report a cyber crime to the police when it happens - feeling it is better to sort the problem out themselves because they don’t think the police will do anything. This is storing up trouble as cyber crime is an increasing problem in the country. Also in this issue, read why Dutch bank ABN Amro is selling its head office. Continue Reading

Security Think Tank: Biden’s team can make a difference on security

As US president Joe Biden sets out his agenda for the next four years, we consider the opportunities for renewed international collaboration on cyber security, what aspects of cyber Biden should focus on, and ask how the industry can make its voice heard Continue Reading

Singtel falls prey to supply chain attack

The Singapore telco reveals that its Accellion file sharing system was illegally hacked in a supply chain attack Continue Reading

Dating app users warned to watch out for scammers

A vast amount of money was lost to romance scammers last year, and with millions of people isolated in lockdown the problem is getting worse, according to a report Continue Reading

Privacy advocates call for European probe into Palantir

 Continue Reading

Cyber crime victims in the Netherlands not reporting offences

 Continue Reading

HelloKitty almost certainly behind CD Projekt ransomware attack

Theories that the cyber attack on a high-profile gaming studio was orchestrated by players who are disappointed in a videogame are likely wide of the mark, according to analysis Continue Reading

Windows 10, Server 2019 users must patch serious zero-day

Another dangerous zero-day exploit is among 56 vulnerabilities patched by Microsoft in February’s Patch Tuesday update Continue Reading

Sim-swapping crooks targeted celebrities, influencers

Eight arrests have been made in England and Scotland in connection with a series of Sim-swapping attacks targeting high-profile victims Continue Reading

WFH: Creating A Change In Network Infrastructure

As promised in a recent blog focusing on Cato Networks’ recent customer survey results - “The 2021 Networking Survey The Future of Enterprise Networking and Security: Are You Ready For The Next ... Continue Reading

Security Think Tank: UK well-placed to work with Biden on cyber

As US president Joe Biden sets out his agenda for the next four years, we consider the opportunities for renewed international collaboration on cyber security, what aspects of cyber Biden should focus on, and ask how the industry can make its voice heard Continue Reading

Oracle claims major win in Australian public sector

Australian Data Centres will deploy Oracle’s Dedicated Region Cloud@Customer to host cloud services for the federal government Continue Reading

Using content disarm and reconstruction for malware protection

Content disarm and reconstruction is a modern approach to removing malicious code from files, key to detecting and thwarting successful phishing and malware attacks. Continue Reading

Facebook sued for data-sharing practices with third parties

Data protection claim filed in London against social media giant for its alleged failure to give at least one million users in England and Wales meaningful control over their personal data Continue Reading

Government launches review of use of health data for research

The review, which will be led by Ben Goldacre, will look at home-efficient and safe use of health data for research and analysis Continue Reading

Data breaches are a ticking timebomb for consumers

Damage from data breaches goes far beyond the impact to the target organisation – an obvious fact that is too often overlooked, says F-Secure Continue Reading

Cyberpunk 2077 developer refuses to pay up after ransomware attack

Polish video game developer CD Projekt has released details of a ransomware attack on its systems Continue Reading

‘Batman Begins’ cyber attack is a warning to CNI providers

A thwarted cyber attack in a Florida town that could have resulted in the poisoning of the water supply is a timely reminder of the vulnerability of critical services Continue Reading

NHS reports fewer phishing emails in 2020

The NHSmail email service saw a steady decline in suspected phishing emails during the course of 2020 Continue Reading

Security Think Tank: Biden has a chance to renew cyber alliances

As President Joe Biden sets out his agenda for the next four years, we consider the opportunities for renewed international collaboration on cyber security, what aspects of cyber Biden should focus on, and ask how the industry can make its voice heard? Continue Reading

End of Emotet: A blow to cyber crime, but don’t drop your guard

The takedown of Emotet is a huge event with repercussions that will reverberate across the cyber criminal world, but unfortunately that’s not to say there will be much of a long-term impact Continue Reading