IT security

Sim-swapping crooks targeted celebrities, influencers

Eight arrests have been made in England and Scotland in connection with a series of Sim-swapping attacks targeting high-profile victims Continue Reading

WFH: Creating A Change In Network Infrastructure

As promised in a recent blog focusing on Cato Networks’ recent customer survey results - “The 2021 Networking Survey The Future of Enterprise Networking and Security: Are You Ready For The Next ... Continue Reading

Security Think Tank: UK well-placed to work with Biden on cyber

As US president Joe Biden sets out his agenda for the next four years, we consider the opportunities for renewed international collaboration on cyber security, what aspects of cyber Biden should focus on, and ask how the industry can make its voice heard Continue Reading

Oracle claims major win in Australian public sector

Australian Data Centres will deploy Oracle’s Dedicated Region Cloud@Customer to host cloud services for the federal government Continue Reading

Using content disarm and reconstruction for malware protection

Content disarm and reconstruction is a modern approach to removing malicious code from files, key to detecting and thwarting successful phishing and malware attacks. Continue Reading

Facebook sued for data-sharing practices with third parties

Data protection claim filed in London against social media giant for its alleged failure to give at least one million users in England and Wales meaningful control over their personal data Continue Reading

Government launches review of use of health data for research

The review, which will be led by Ben Goldacre, will look at home-efficient and safe use of health data for research and analysis Continue Reading

Data breaches are a ticking timebomb for consumers

Damage from data breaches goes far beyond the impact to the target organisation – an obvious fact that is too often overlooked, says F-Secure Continue Reading

Cyberpunk 2077 developer refuses to pay up after ransomware attack

Polish video game developer CD Projekt has released details of a ransomware attack on its systems Continue Reading

‘Batman Begins’ cyber attack is a warning to CNI providers

A thwarted cyber attack in a Florida town that could have resulted in the poisoning of the water supply is a timely reminder of the vulnerability of critical services Continue Reading

NHS reports fewer phishing emails in 2020

The NHSmail email service saw a steady decline in suspected phishing emails during the course of 2020 Continue Reading

Security Think Tank: Biden has a chance to renew cyber alliances

As President Joe Biden sets out his agenda for the next four years, we consider the opportunities for renewed international collaboration on cyber security, what aspects of cyber Biden should focus on, and ask how the industry can make its voice heard? Continue Reading

End of Emotet: A blow to cyber crime, but don’t drop your guard

The takedown of Emotet is a huge event with repercussions that will reverberate across the cyber criminal world, but unfortunately that’s not to say there will be much of a long-term impact Continue Reading

Audi fine-tunes its digital performance to boost online car sales

In this week’s Computer Weekly, the digital chief at Audi UK discusses how the carmaker is tackling the slump in new car sales. One of the largest global malware botnets has been taken down, but how much of a blow will it be for cyber criminals? And we hear how one county council made huge savings on its SAP installation. Read the issue now. Continue Reading

UK Cyber Security Council to take charge of skills strategy

New government-backed body will be set up to boost careers opportunities and professional standards in the cyber security sector Continue Reading

5 cybersecurity lessons from the SolarWinds breach

Ransomware attack simulations, accessing enterprise logs and pen testing software code are among the best practices cybersecurity pros suggest following the SolarWinds breach. Continue Reading

Too few UK organisations offering cyber training for remote work

Nearly a year into the pandemic, a study reveals a concerning tendency for organisations not to bother offering security training for remote workers Continue Reading

Data of thousands of Dutch citizens leaked from government Covid-19 systems

Weak access controls and outdated systems blamed for leaking of the personal details of thousands of Dutch citizens tested for Covid-19 Continue Reading

Sweden to establish national cyber security centre

Sweden becomes latest Nordic state to establish a national cyber security centre as the threat landscape grows Continue Reading

EncroChat: Appeal court finds ‘digital phone tapping’ admissible in criminal trials

Appeal Court decides EncroChat-encrypted phone records can be used in criminal trials. Critics say the decision means phone tapping no longer has a ‘clear meaning in the digital age’ Continue Reading

Google Chrome update to patch serious zero-day

A serious heap buffer overflow vulnerability means Google Chrome users should patch their browsers as soon as possible Continue Reading

Financial regulatory body bombarded with malicious emails

New disclosures reveal the FCA’s systems bounced almost a quarter of a million malicious emails in a three-month period Continue Reading

Security firm Stormshield loses source code in cyber attack

Source code from two products developed by French cyber security firm was compromised in a December 2020 incident Continue Reading

Denmark and Sweden to issue digital vaccine certificates

Sweden and Denmark announce plans to develop digital certificates that prove people have been vaccinated against Covid-19 Continue Reading

How Yarra Valley Water is tapping APIs

The largest water retailer in Melbourne has rolled out application programming interfaces to improve operations and customer service Continue Reading

Picking the right IAM tools is based on more than today’s needs

 Continue Reading

Woodland Trust hit by cyber attack in December

Conservation charity is investigating what it describes as a ‘sophisticated’ cyber attack but has waited nearly two months to inform its members Continue Reading

SolarWinds chases multiple leads in breach investigation

Investigators at SolarWinds are exploring multiple theories as to how the company’s systems were compromised Continue Reading

Fraud and cyber crime still vastly under-reported

The scale of digitally enabled crime in the UK is dramatically under-reported, new statistics indicate Continue Reading

CDEI: Local government data use must keep up Covid momentum

The Centre for Data Ethics and Innovation says momentum in local authority data use during the Covid-19 pandemic is in danger of being dissipated without central government investment and support for data skills development Continue Reading

Cloud security policy configuration in AWS, Azure and GCP

Explore cloud security policy configurations in AWS, Azure and GCP using native security tools in this excerpt of 'Multi-Cloud Architecture and Governance' by Jeroen Mulder. Continue Reading

Design a human firewall training program in 5 steps

Follow these five steps to develop human firewall training that's not only effective at preventing social engineering attacks, but also relevant and accessible to employees. Continue Reading

Crypto malware targets Kubernetes clusters, say researchers

Newly identified Hildegaard malware targets Kubernetes clusters and seems to herald a new campaign from the TeamTNT gang Continue Reading

Foxtons rejects claims of slow reaction to data leak

Investigators have unearthed 16,000 data records that seem to have been stolen in an attack on property firm Foxtons last year, but the organisation says it acted by the book in dealing with the incident Continue Reading

‘Classic’ Cerber ransomware targets health sector in high volumes

Cerber ransomware-as-a-service seems to have re-emerged as one of the most critical cyber threats facing healthcare organisations, reports VMware Carbon Black Continue Reading

SolarWinds patches two critical CVEs in Orion platform

New vulnerabilities disclosed as SolarWinds reels from December 2020 Solorigate/Sunburst attack – but do not appear to have been exploited yet Continue Reading

Tata Communications grows IoT footprint

India’s Tata Communications has been shoring up its IoT capabilities through a handful of acquisitions and partnerships with telcos Continue Reading

Top 11 cloud security challenges and how to combat them

Before jumping feet-first into the cloud, understand the new and continuing top cloud security challenges your organization is likely to face -- and how to mitigate them. Continue Reading

SASE hype includes SD-WAN, but does it need to?

Much of the hype around Secure Access Service Edge features the importance of SD-WAN with SASE, but do the two need each other to thrive? Research says probably not. Continue Reading

Agent Tesla trojan finds new ways to sneak past defences

Updated versions of Agent Tesla Rat include new techniques that fiddle with code to disable endpoint protection tools on target systems Continue Reading

Serco confirms Babuk ransomware attack

Outsourcing firm was hit by the ransomware last week but insists most of its operations are running as normal Continue Reading

UKRI suspends services after ransomware attack

UK Research and Innovation was hit by an undisclosed strain of ransomware at the end of January Continue Reading

CISOs invisible to their organisations, says BT report

Ignorance of cyber issues is leading to misplaced confidence in security in many organisations, as CISOs struggle to make themselves seen and heard Continue Reading

‘Victory for free speech and openness’ after tribunal confirms no territorial restrictions to FOIA

Freedom of information tribunal rules that investigative journalists and others can use the Freedom of Information Act if they live outside the UK or are not British citizens Continue Reading

SBRC picks Check Point to support cyber helpline

The Scottish Business Resilience Centre has enlisted Check Point as the first security supplier to join its incident response partnership programme Continue Reading

Indian firms see growing value of data

Half of Indian IT leaders see a permanent increase in value of data as their organisations come under threat from mounting cyber attacks amid the pandemic Continue Reading

Hunting and anti-hunting groups locked in tit-for-tat row over data gathering

The leaking of internal documents has prompted a row between pro- and anti-hunting groups about the legality of the other’s data collection practices Continue Reading

Biometrics ethics group addresses public-private use of facial recognition

Home Office’s Biometrics and Forensics Ethics Group releases briefing note on the use of live facial recognition in public–private collaborations following a year-long investigation Continue Reading

Revealed: Brits who fuelled ‘vicious’ conspiracy theory by Trump supporters

Trump supporters have apologised and paid millions in damages to the family of murdered Democratic Party staffer Seth Rich for promoting false allegations that Rich – not Russian agents – stole emails from the Democratic National Committee Continue Reading

Manufacturing particularly at risk of Solorigate-linked breaches

Every fifth victim of the SolarWinds Solorigate/Sunburst attack was a manufacturing organisation, say researchers Continue Reading

Human factor dominates Australia’s latest data breach numbers

The number of data breaches resulting from human error increased by 18% in the second half of 2020, according to Australian government’s latest notifiable data breaches report Continue Reading

5-step IaaS security checklist for cloud customers

Get expert advice on patching, data encryption, and identity and access management responsibilities in this enterprise IaaS security checklist. Continue Reading

Apprenticeships may be a solution to cyber skills shortage, say insiders

Cyber security professionals are open to new approaches to finding sorely needed talent, according to a poll Continue Reading

End of Emotet: A blow to cyber crime, but don’t drop your guard

The takedown of Emotet is a huge event with repercussions that will reverberate across the cyber criminal world, but unfortunately that’s not to say there will be much of a long-term impact Continue Reading

Pandemic response has improved privacy posture, says Cisco

Data privacy seems to be ‘coming of age’ to some extent and organisational responses to Covid-19 may be partly responsible, according to a report Continue Reading

Mimecast breach was work of SolarWinds attackers

Mimecast’s investigation into a January 2021 breach of its systems turns up evidence that the culprit was the same group that targeted SolarWinds in December Continue Reading

Emotet botnet goes offline as cops seize servers

The Emotet botnet has been disrupted and knocked offline after a major international effort by law enforcement Continue Reading

Grindr complaint results in €9.6m GDPR fine

Norway’s data protection authority plans to apply a fine totalling 10% of LGBTQ+ dating app Grindr’s revenues over its data sharing practices Continue Reading

Emergency Apple updates patch exploited zero-days

Three vulnerabilities could give attackers full control of their target Apple devices, and must be patched immediately Continue Reading

Global VPN downloads surge in 2020

Repressive regimes’ regulatory demands and remote working see virtual private network usage rocket over the past 12 months Continue Reading

The ransomware routine: pages from the Secret IR Insider’s diary

The Secret Incident Response Insider shares behind-the-scenes stories of what really happens after organisations are hit by cyber attacks – and shows how they could have been avoided Continue Reading

Conservatives broke data law to racially profile millions

The Conservative Party acted illegally in collecting data that inferred voters’ ethnicity and religious background, a Select Committee has heard Continue Reading

North Korean state attacks legitimate security researchers

Threat researchers specialising in vulnerability research and development appear to be being targeted by a North Korean state-backed group Continue Reading

Saudi IT spending to hit $11bn in 2021

Saudi Arabian organisations will spend about $11bn on IT this year, with emerging technologies high on shopping lists Continue Reading

Juggling data silos, privacy and fraud

Among the uncomfortable truths about the government’s response to the pandemic is the fact that some people have and will continue to play the system. At the time it was introduced, the furlough ... Continue Reading

ICO extends commissioner Denham’s term of office

Extension of Elizabeth Denham’s tenure as information commissioner will give the government more time to appoint her successor Continue Reading

Cyber fraud a national security issue, says Rusi report

A report from the Rusi think tank calls for fresh approaches to how we think about fighting fraud Continue Reading

Security Think Tank: Are security teams the unsung heroes of 2020?

After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be selling like hotcakes? Continue Reading

Gartner: IT budgets shift to mature processes around remote business

The pandemic forced businesses to work remotely. Now, almost a year on, CIOs must consider the IT to run long-term remote business strategies Continue Reading

Salad as a service: How tech could revolutionise farming

In this week’s Computer Weekly, we find out how new technologies are supporting the rise of vertical farming, and could revolutionise food supply chains. We examine one of the biggest trends in the cloud – serverless computing. And Brexit has not yet ended the debate about UK-EU data protection. Read the issue now. Continue Reading

Cracking the message in a bottle

Between 2016 and 2019, a number of bottles washed ashore in Hamburg, each containing an ‘uncrackable’ message Continue Reading

Are banks overburdened with responsibility for money lost to online scams?

Bank boss calls for cross-industry cooperation to reduce scams that trick people into making instant payments online Continue Reading

Security Think Tank: Time to rethink stopgap solutions

After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be selling like hot cakes? Continue Reading

Government Gateway at 20 – looking back at the UK’s most successful digital identity system

Not all legacy IT systems in government cause problems – one has been at the heart of many of the most important online public services for 20 years Continue Reading

Private vs. public cloud security: Benefits and drawbacks

Uncover the differences between private vs. public cloud security -- as well as hybrid cloud security -- before deciding on an enterprise deployment model. Continue Reading

ICO resumes adtech investigation

The UK Information Commissioner’s Office was criticised for ending its investigation into alleged malpractice in advertising technology, but has now resumed its probe Continue Reading

How to create a cloud security policy, step by step

Read up on the components of a cloud security policy, what policies cover and why your organization needs them, and download a handy template to get the process started. Continue Reading

Sepa data leaks as agency resists ransom demands

The Scottish Environment Protection Agency is resisting extortion demands from a ransomware gang, but has suffered a data leak in retaliation Continue Reading

Google threatens to cut off Australia

Google’s threat to end its Australian Search operation comes in the face of new legislation that would force it to pay media publishers for news content Continue Reading

Immigration exemption in data protection law faces further legal challenge

Human rights groups set to take legal challenge against immigration exemption to Court of Appeal on the basis that everyone, regardless of their nationality or residence, should have their fundamental rights and freedoms protected as stated in the GDPR Continue Reading

Hackney Council tenders for cyber security upgrade

Suppliers are being invited to tender for enhanced cyber security capabilities at ransomware victim Hackney Council Continue Reading

Gamarue malware found on government-issued school laptops

Devices handed out by the government to support vulnerable children contain malware that appears to be contacting C2 infrastructure in Russia Continue Reading

How can healthcare organisations fight increased cyber crime in 2021?

As the Covid-19 pandemic enters what may be its most dangerous phase, we explore how healthcare organisations can ward off cyber threats while preserving their ability to deliver critical care Continue Reading

Two-thirds of CISOs say they’ll be cyber attack victims this year

Security professionals are ever alert to the threats they face, but some still seem to think it is unlikely they will be attacked Continue Reading

Interview: Tony Porter, chief privacy officer, Corsight AI

Tony Porter speaks to Computer Weekly about the changes in facial-recognition during his time as surveillance camera commissioner, the ethics of using the technology, and his new role as chief privacy officer at Corsight AI Continue Reading

Incompetent cyber criminals leak data in opsec failure

Even cyber criminals need to pay attention to their information security posture, as this cautionary tale uncovered by Check Point reveals Continue Reading

Should I be worried about MFA-bypassing pass-the-cookie attacks?

Malicious actors bypassed multi-factor authentication using so-called pass-the-cookie attacks, but how worrying is this and what is the risk to organisations? Continue Reading

The Future of Enterprise Networking and Security

If you’re going to ask a customer a question, ask them a proper one! You can’t get much bigger than looking at the future of enterprise networking and security, but that’s what a recent survey by ... Continue Reading

Malwarebytes also hit by SolarWinds attackers

The nation state group that attacked SolarWinds in December got inside Malwarebytes by exploiting privileged access to its Microsoft Office 365 tenant, the firm reveals Continue Reading

Security Think Tank: It’s time to secure the collaboration revolution

After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be selling like hotcakes? Continue Reading

Legacy security architectures threaten to disrupt remote working

Annual survey of IT leaders finds network security is of prime concern as most companies continue with work-from-home policies Continue Reading

Questions raised by New Zealand central bank boss, following cyber attack investigation

The governor of New Zealand’s central bank said the organisation must answer questions about its security following a ‘significant’ attack Continue Reading

UK fraud agency deploys ArcGIS dashboard for data sharing

The National Fraud Intelligence Bureau says it has achieved improved transparency with the public, as well as saving 3,500 staff hours and £100,000 Continue Reading

Value of GDPR fines shows dramatic increase in 2020

European regulators imposed almost €160m worth of fines during the past 12 months, a substantial rise Continue Reading

Security Long Reads: Cyber insiders reveal what’s to come in 2021

In this long read, we gather together the thoughts of cyber security insiders from across the industry to get their take on what will happen in 2021 Continue Reading

The UK’s struggle with digital schooling

In this week’s Computer Weekly, the UK government’s sudden decision to close schools left many unable to provide children with online schooling - we examine the home learning challenges. Cyber security experts give us their forecasts for 2021. And we find out how technology supports the work of the Guide Dogs charity. Read the issue now. Continue Reading

Click fraud levels reach new heights in pandemic

Small companies risk losing £10,000 a year, and enterprises as much as £520,000, to cyber criminals as click fraud volumes spike Continue Reading

Criminals fiddled stolen Covid-19 vaccine data to damage trust

Malicious actors manipulated stolen Covid-19 data in a way clearly intended to damage public trust in vaccines, says the EMA Continue Reading

Security Think Tank: In 2021, enable, empower and entrust your users

After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be selling like hot cakes? Continue Reading

MAS offers guidance on mitigating supply chain threats

Monetary Authority of Singapore revises its technology risk management guidelines to help the financial sector guard against supply chain attacks Continue Reading