IT security

The essential role of PETs in unlocking the trillion dollar SaaS market

Ahead of the Eyes-Off Data Summit in Dublin, Jack Fitzsimons of Oblivious AI explains why so-called Privacy Enhancing Technologies or PETs may hold the key to unlocking the full potential of SaaS in the enterprise Continue Reading

Police Scotland use cloud for biometric data despite clear risks

Police Scotland confirms it has stored significant volumes of biometric data on a cloud-based digital evidence sharing system despite major ongoing data protection concerns, bringing into question the effectiveness of the current regulatory approach and the overall legality of using hyperscale public cloud technologies in a policing context Continue Reading

AI in cyber security: Distinguishing hype from reality

We know that malicious actors are starting to use artificial intelligence (AI) tools to facilitate attacks, but on the other hand, AI can also be a powerful tool within the hands of cyber security professionals Continue Reading

Shift towards ‘smarter’ digital life as broadband security, sustainability become key needs

Cisco survey finds consumer expectations will reshape the needs and economics of the internet Continue Reading

Improve business outcomes by managing data and analytics risk

An effective data and analytics risk and control environment requires a full understanding of data, analytics and AI risks, related risk decisions and their impact on business outcomes Continue Reading

Civil society groups call on EU to put human rights at centre of AI Act

Dozens of civil society groups are calling on EU institutions to prioritise people and human rights in AI legislation as secretive negotiations begin Continue Reading

Microsoft issues new warning over Chinese cyber espionage

A newly uncovered Chinese espionage campaign exploited forged authentication tokens to access its victims’ email accounts, says Microsoft Continue Reading

One month after MOVEit: New vulnerabilities found as more victims are named

Five weeks after the mass MOVEit breach, new vulnerabilities in the file transfer tool are coming to light as the Clop cyber crime group continues to terrorise victims. But has the gang bitten off more than it can chew? Continue Reading

MPs launch inquiry into government use of data

The Public Administration and Constitutional Affairs Committee is to investigate the possibility of reforming the way government collects and analyses data, and whether the UK census could be scrapped Continue Reading

CW EMEA: Can we trust AI?

Artificial intelligence and the opportunities and dangers it introduces into society has been a hotly debated subject in tech circles for many years, but today with the increased use of platforms such as ChatGPT, these debates include a wider section of the public. The fact that schoolchildren are even asking ChatGPT for help with their homework brings home the importance of these debates and the responses to them by national policy-makers. Continue Reading

Spanish lawyers claim police hacking of EncroChat cryptophones breaches human rights law

 Continue Reading

Forensic Institute provides Hansken viewing method for Dutch lawyers

Dutch lawyers can now view crypto communication in criminal cases from their own workplace via digital search engine Hansken. Previously, this had to be done at an external location Continue Reading

Ofcom’s online safety preparedness efforts hobbled by government

Despite Ofcom’s progress so far, UK government changes to the scope and timetable of the Online Safety Bill are hobbling the ability of the regulator to successfully prepare for the new regime Continue Reading

Cozy Bear lures victims with used BMW 5 Series

A recent Cozy Bear campaign saw the Russian APT group pivot to exploiting an advert for a used car as it targeted diplomatic missions in Kyiv Continue Reading

Whistleblower contacts NatWest customers affected by a decade-old data breach

Former worker says contacting the people affected by the data breach is her last resort after the bank and regulators appear satisfied that the sensitive data file is safe stored under her bed Continue Reading

Hackers: We won’t let artificial intelligence get the better of us

AI is changing how ethical hackers go about their work, and will continue to do so, but the community is convinced the technology will never be able to replicate the creativity of a flesh-and-blood hacker Continue Reading

Microsoft users on high alert over dangerous RCE zero-day

A serious RCE vulnerability in Microsoft Office and Windows is among several zero-days disclosed in Redmond’s July Patch Tuesday update, but this one does not have a patch yet Continue Reading

Why we need to research the cybersecurity needs of Micro-Businesses?

Current government policy, from digital inclusion to cyber security is based on allegation, not evidence with regard to the five million microbusinesses and sole traders who account for 30% of the ... Continue Reading

EU formally grants data adequacy to US

The European Commission has formally granted the US data adequacy, allowing companies and organisations to freely transfer personal data across the Atlantic via the EU-US Data Privacy Framework. But privacy activist Max Schrems has already committed to legally challenging the decision Continue Reading

Malicious URL volumes soar as cyber criminals pull on Threads

Malicious actors have been quick to exploit the buzz around Meta’s newly launched Threads platform, with thousands of new suspicious domains registered exploiting its branding Continue Reading

Apple pushes Rapid Response patch to fix WebKit zero-day

Apple deployed an emergency patch under its Rapid Security Response update programme, but had to temporarily suspend delivery after it caused problems for users of the Safari browser Continue Reading

Norwegian data privacy experts sound alarm over generative AI

Hundreds of millions of people embrace generative artificial intelligence, blissfully ignorant of what it’s doing to data privacy. Continue Reading

Suspicious email reported every five seconds in UK

National Cyber Security Centre report reveals a suspicious email was reported by UK citizens and organisations every five seconds last year Continue Reading

JumpCloud issues notice to customers to refresh API keys

JumpCloud has asked its customers to update their API cryptographic keys following a security incident Continue Reading

VMware ramps up on sovereign cloud in APAC

VMware is working with local partners to deliver sovereign cloud services in the region, amid growing sovereignty interests among governments and the need maintain business continuity Continue Reading

Vodafone tests quantum-safe business network solutions

Telco announces initiative looking at transition to a quantum safe world, exploring and trialling new algorithms with upgraded smartphones to provide protection against possible quantum-empowered attackers in the future Continue Reading

Biometrics watchdog calls for public space surveillance review

The biometrics and surveillance camera commissioner is calling for a review of public space surveillance to gain a clearer picture about the proliferation of Chinese surveillance technology across the public sector, but warns against applying double standards on companies just because they are from China Continue Reading

Meta’s Threads hits app stores, but no EU launch in sight

Meta’s Twitter competitor makes its debut and signs up millions of users in just 12 hours, but concerns over compliance with the EU’s Digital Markets Act have sunk a pan-European launch for now Continue Reading

Germany: European Court of Justice hears arguments on lawfulness of EncroChat cryptophone evidence

The European Court of Justice will decide whether the collection and sharing of data intercepted by law enforcement from EncroChat crypto phone network is compatible with European law Continue Reading

HSBC explores quantum-safe comms to AWS edge

Banking group HSBC is looking at how to secure transactions and the benefits of quantum computing in finance Continue Reading

UK public increasingly concerned over NHS data sovereignty

Amid security concerns and AI advances, a majority of the British public still trusts the NHS to store and analyse their health data, but would prefer it remains domiciled in the UK Continue Reading

EU judgment sinks Meta’s argument for targeted ads

The EU Court of Justice has issued a significant judgment against Meta, ruling that national anti-trust bodies can investigate GDPR breaches, disrupting the platform’s entire basis for carrying out targeted advertising Continue Reading

How Maxeon is forging the path to SASE

Maxeon Solar Technologies is building out its security service edge capabilities with an eye on a SASE implementation that combines best of breed offerings from different suppliers Continue Reading

How data is beating heart disease

In this week’s Computer Weekly, we find out how a new data strategy is helping the British Heart Foundation to raise money and support medical research. We examine the benefits of using AI in advanced malware detection. And we reveal why the Information Commissioner is under fire for weak responses to serious data breaches. Read the issue now. Continue Reading

Over half of ANZ organisations hit by ransomware

Amid the rising ransomware threat, almost four in five organisations in ANZ expect to pay a ransom if they could recover data and business processes Continue Reading

Why we need advanced malware detection with AI-powered tools

 Continue Reading

SASE Delivery - Is A PoP always a PoP? What to look for...

In my previous blogs I spoke of the delivery-related problems when there are no local PoPs, or the equivalent technology in place to successfully deliver those services, and how this potentially ... Continue Reading

Top Of The SASE PoPs

In my previous blog I noted how themes occur seemingly from nowhere, that are common among vendors from different spheres of IT. In this particular case it is various vendors I’m working with who ... Continue Reading

BlackCat gang claims cyber attack on Barts NHS Trust

Investigations continue into a claim by the ALPHV/BlackCat ransomware gang that it has stolen 7TB of data from Barts NHS Trust in London Continue Reading

AI can never be given control over combat decisions, Lords told

Artificial intelligence is technically incapable of distinguishing between the complex contextual factors of combat situations, and will likely never be able to, according to legal and software experts Continue Reading

NHS data stolen in Manchester Uni ransomware attack

The ransomware gang behind the cyber attack on the University of Manchester appears to have got its hands on an NHS dataset being used by the university for research purposes Continue Reading

The time to implement an internal AI usage policy is now

As with any emerging technology, AI’s growth in popularity establishes a new attack surface for malicious actors to exploit, thereby introducing new risks and vulnerabilities to an increasingly complex computing landscape. Continue Reading

8 blockchain-as-a-service providers to have on your radar

You don't have to build your blockchain project from the ground up. These cloud-based service providers can provide the necessary infrastructure, networking and development tools. Continue Reading

Navigating cyber security under ChatGPT

Balancing the risk and reward of ChatGPT – as a large language model (LLM) and an example of generative AI – begins by performing a risk assessment of the potential of such a powerful tool to cause harm Continue Reading

‘Shadow’ AI use becoming a driver of insider cyber risk

Off-the-books use of generative AI tools will inevitably lead to a costly, high-profile data breach for someone, but a little attention paid to appropriate data management policy can help mitigate the risk Continue Reading

How real and present is the malware threat from AI?

One of the most talked about concerns regarding generative AI is that it could be used to create malicious code. But how real and present is this threat? Continue Reading

Charity demands transparency in digital universal credit system

The digital universal credit system needs overhauling to ensure greater transparency over benefit claims and more effective means of redress when things go wrong, says child poverty charity Continue Reading

GDPR tax reclaim scheme preys on fears of SMEs

IT suppliers are a target of companies offering a tax reclaim scheme that preys on small businesses’ fears around General Data Protection Regulation compliance Continue Reading

Stolt-Nielsen SASE looks to optimise global connectivity, security for hybrid workers

Bulk liquid logistics and sustainable land-based aquaculture expert advances secure digital transformation plans and operational efficiency Continue Reading

Three years on, EncroChat cryptophone hack nets 6,500 arrests and seizures of €900m

French and Dutch prosecutors say three years after they infiltrated the EncroChat cryptophone network in a novel hacking operation, Europe’s courts are opening the way for more collaboration and data sharing between law enforcement agencies Continue Reading

SolarWinds hack explained: Everything you need to know

Hackers targeted SolarWinds by deploying malicious code into its Orion IT monitoring and management software used by thousands of enterprises and government agencies worldwide. Continue Reading

One Login’s Gov.uk ID check apps downloaded over two million times

The One Login digital identity system is being used by eight government services, and GDS has issued more than 1.5 million verified identities since summer 2022, while its ID check apps are proving popular Continue Reading

WithSecure forges ahead with green coding initiative

WithSecure’s W/Sustainability programme kickstarts a number of initiatives, including a commitment to green coding the security supplier hopes will set an example for others to follow Continue Reading

3,600 potential cyber security experts apply to government scheme

The UK government’s Upskill in Cyber programme is reporting great success just a month after launch, with almost half of applicants women Continue Reading

A tenth of kids claim they could hack you

More and more young people are at risk of being drawn into cyber criminality, and parents must shoulder some of the blame, according to a report Continue Reading

Could social media revolutionise war crimes trials?

Computer Weekly speaks with open source investigators about how they use social media to gather evidence of war crimes, and the trouble with using such evidence in legal proceedings Continue Reading

AI cyber monitoring: A Computer Weekly Downtime Upload podcast

In this podcast, Darktrace’s Max Heinemeyer discusses the good – and the bad – to come out of artificial intelligence in IT security Continue Reading

ChatGPT’s phishing ‘problem’ may not be overstated

Some data now suggests that threat actors are indeed using ChatGPT to craft malicious phishing emails, but the industry is doing its best to get out in front of this trend, according to the threat intelligence team at Egress Continue Reading

ICO under fire for taking limited action over serious data breaches

The ICO has come under fire from lawyers and data protection specialists for just issuing written warnings to two public bodies over serious data breaches that placed people’s lives at risk Continue Reading

Generative AI: Data privacy, backup and compliance

We look at generative AI and the risks it poses to data privacy for the enterprise, implications for backup, and potentially dangerous impacts on compliance Continue Reading

Phishing and ransomware dominate Singapore’s cyber threat landscape

Phishing and ransomware attacks continued apace in Singapore last year amid signs of improving cyber hygiene Continue Reading

Lancaster University launches trailblazing cyber MBA

MBA programme at Lancaster University designed to deliver security leadership education to business leaders has received NCSC backing Continue Reading

Manchester University students threatened by ransomware gang

Students and staff members at the University of Manchester are being pressurised by an unnamed ransomware gang Continue Reading

Orange Business leads team to deliver cloud-native managed SASE to enterprises

Enterprise division of the global telco taps in-house cyber security practice and leading cyber security technology provider to offer simpler operational model for customers with end-to-end accountability, improved agility, efficiency and performance Continue Reading

Nearly quarter of a million malicious websites reported and removed through NCSC service

A suspicious email and text message reporting service in the UK has directly led to a quarter of a million malicious websites being removed Continue Reading

Podcast: Cloud security, compliance and data classification

The rise of cloud has led to a proliferation of enterprise data and a rise in risk. We talk to Vigitrust CEO Mathieu Gorge about how to ensure compliance in a multicloud world Continue Reading

The security interviews: Exploiting AI for good and for bad

The chief product officer of AI security firm Darktrace explains how large language AI models are making it harder for people to spot email attacks Continue Reading

ChatGPT is creating a legal and compliance headache for business

ChatGPT’s increased use in the workplace has led many to question its legal and compliance implications for businesses. Experts warn that the software poses major security and copyright risks Continue Reading

Prime minister Rishi Sunak faces pressure from banks to force tech firms to pay for online fraud

The UK’s major banks have told the prime minister to force tech firms to do more to prevent fraud that the banks end up paying for Continue Reading

How Fastly thinks differently about CDNs and the edge

Fastly is counting on its developer chops and different approaches towards security and other areas to compete with its rivals Continue Reading

Early June Microsoft outages were result of large-scale DDoS hit

Investigations into recent outages on Microsoft Azure and Outlook services have turned up evidence of a massive distributed denial-of-service attack Continue Reading

Nakivo adds ransomware scanning and new restore options

Backup maker adds malware scanning with big names in security to immutable backup copy functionality. “Tape’s not dead” either, with restore from the venerable medium now possible Continue Reading

UK to contribute up to £25m to Ukraine cyber defences

Prime minister Rishi Sunak announces an expansion to the Ukraine Cyber Programme, with a cash boost of up to £25m over the next two years Continue Reading

Exploitation of Barracuda ESG appliances linked to Chinese spies

Intelligence from Mandiant links exploitation of a flaw in a subset of Barracuda ESG appliances to a previously untracked China-nexus threat actor Continue Reading

NCSC warns over ‘enduring’ LockBit threat

Although its activity volumes have been lower of late, LockBit is still a highly dangerous ransomware gang and is now the subject of a new international cyber advisory Continue Reading

Clop begins naming alleged MOVEit victims

Clop uploaded details of 12 new victims to its dark web leak site late on 14 June, many of them likely linked to the ongoing MOVEit cyber attack Continue Reading

Ransomware-stricken Capita to run Action Fraud successor

A £50m deal to replace the Action Fraud service has been handed to PwC and Capita, which is facing investigations over its handling of customer data in a ransomware incident Continue Reading

Podcast: Containers, Kubernetes, data protection and compliance

Containers offer benefits to application deployment, but they proliferate, so tracking them for compliance purposes can be a challenge. We talk to Mathieu Gorge, CEO of Vigitrust Continue Reading

No zero-days for June Patch Tuesday, but plenty to chew over

On the face of it, Microsoft’s monthly round of updates is a lighter-than-usual load for security teams, with no zero-days in evidence, but there are still plenty of issues needing attention Continue Reading

TSB calls on Meta to intervene and protect users from fraud losses of £250m this year

TSB is the latest bank to demand more action from social media sector in helping to reduce online fraud Continue Reading

Clop’s MOVEit ransom deadline expires

A seven-day deadline set by Clop for victims of its latest attack to contact it to arrange payment passes today Continue Reading

Cyber attacks against APAC commerce sector surpass 1.1 billion

Retailers, hotels and travel-related organisations in the region saw over a billion cyber attacks last year amid the surge in e-commerce activity and online travel bookings Continue Reading

Arnold Clark data leak victims prepare legal action

More than 10,000 people who had their data stolen and leaked in a ransomware attack on the Arnold Clark car dealer network have signed up to a group legal action after facing elevated amounts of fraud Continue Reading

Top Of The POPs

I always find it interesting when unanticipated themes crop up out of nowhere that are suddenly commonplace between multiple conversations with different vendors, especially vendors that are very ... Continue Reading

(ISC)² and CIISec set out to make cyber language more inclusive

Newly published guide on appropriate use of language in cyber security aims to help make the profession more inclusive for all Continue Reading

UKtech50 2023: The most influential people in UK technology

In this week’s Computer Weekly, we reveal the 13th annual UKtech50 list of the most influential people in UK technology. This year’s award goes jointly to the secretaries of state for science, innovation and technology – Michelle Donelan and her maternity cover, Chloe Smith. Also, we examine the mounting legal challenges faced by the emergence of generative AI tools such as ChatGPT. Read the issue now. Continue Reading

Ofcom data stolen in MOVEit cyber attack

Communications regulator Ofcom says data on employees and regulated communications companies was stolen by the Clop gang Continue Reading

Progress Software releases patch for second MOVEit Transfer vulnerability

Progress Software releases a patch for a second MOVEit Transfer issue, which was uncovered by third-party security specialist Huntress Security during post-incident code scanning Continue Reading

Building a secure coding philosophy

A proportion of cyber security spend goes towards securing application development. Software teams are also budgeting for IT security Continue Reading

6 must-read blockchain books for 2023

Numerous sources provide comprehensive information on blockchain fundamentals and applications. We narrowed the field to six of the most popular and diverse books available. Continue Reading

Extreme Networks emerges as victim of Clop MOVEit attack

Network equipment and services supplier Extreme Networks has revealed its instance of Progress Software’s MOVEit tool was compromised in the ongoing Clop cyber attack Continue Reading

Barracuda ESG users told to throw away their hardware

Owners of Barracuda Email Security Gateway appliances are being told that they will need to throw out and replace their kit after it emerged that a patch for a recently disclosed vulnerability had not done the job Continue Reading

UK and US move closer to transatlantic data bridge deal

The British and American governments have committed, in principle, to a new data bridge agreement that will ease the free flow of personal data across the Atlantic Continue Reading

University of Manchester hit by cyber attack

The University of Manchester has been hit by a cyber attack of an undisclosed nature Continue Reading

RFI vs. RFP vs. RFQ: What are the differences?

A request for information, a request for proposal and a request for quote are critical documents for procurement. Learn what differentiates each one and when to use them. Continue Reading

CDEI publishes portfolio of AI assurance techniques

The UK’s Centre for Data Ethics and Innovation has published a variety of case studies to show how different assurance techniques can build and maintain trust in artificial intelligence systems Continue Reading

Vulnerability exploitation volumes up over 50% in 2022

Data from Palo Alto Networks’ Unit 42 threat intel specialists reveals insight into the scale of vulnerability exploitation in the wild Continue Reading

UK gets new rules to regulate crypto sector

The Financial Conduct Authority is introducing new rules to regulate the cryptoasset sector, after being handed a government remit to oversee crypto promotions Continue Reading

Clop may have been sitting on MOVEit vulnerability for two years

The Clop cyber extortion gang may have been keeping the MOVEit SQL injection vulnerability they used to penetrate the systems of multiple victims secret for two years Continue Reading

Regulatory ‘lacuna’ around facial recognition threatens rights

The UK is heading for a “legal quagmire” around live facial recognition if the government and regulators do not take action to rein in use of the technology before it becomes ubiquitous Continue Reading