IT security

Security Think Tank: SOAR to the next level with automation

SIEM and SOAR have much in common, but there are key differences between the two that may influence the best fit for your organisation. What should security pros consider when making a choice? Continue Reading

Amnesia:33 IoT flaws dangerous and patches unlikely, say experts

The disclosure of multiple flaws by Forescout has raised big questions for the developers of connected products, and for their users Continue Reading

Patch Tuesday: Microsoft presents just 58 CVEs for Christmas

The final Patch Tuesday of 2020 contains 58 fixes, a minnow compared to some recent drops, but many are still of high importance Continue Reading

FireEye’s ethical hacking tools stolen in state-backed attack

Hacking tools used to conduct red team penetration testing were stolen in the state-backed attack on security firm FireEye Continue Reading

There’s no going back to pre-pandemic security approaches

The cyber security world will probably never return to its pre-pandemic state, and different approaches to security will come to the fore in 2021 Continue Reading

Top IT predictions in APAC in 2021

The Asia-Pacific region will continue to be a cradle for technology innovation in the new year, whether it is 5G services, artificial intelligence, cloud computing or cyber security Continue Reading

API, API, API, API (aye aye aye aye)

I very recently spoke at a webinar for a long-time client emanating from the artist formerly known as helpdesk market - Sunrise Software - on the increasing importance of APIs - usable ones, not ... Continue Reading

Multiple D-Link routers found vulnerable to attack

Digital Defense discloses a remotely exploitable root command injection flaw in a number of D-Link wireless router devices Continue Reading

Russian state actors exploiting VMware bug to hijack data, users warned

Russian APT groups are actively exploiting a vulnerability in VMware products to access protected data, according to latest warnings Continue Reading

Where next for Windows?

In this week’s Computer Weekly, Windows is still the most-used operating system in enterprises – we look at where Microsoft aims to take it next. We examine some of the key questions for CIOs for their 2021 IT strategy. And we analyse the best practice in preventing distributed denial of service (DDoS) attacks. Read the issue now. Continue Reading

DDoS mitigation strategies needed to maintain availability during pandemic

The growing prevalence of DDoS attacks combined with the increased reliance on internet connectivity during the pandemic means enterprises can no longer afford to ignore the threat of DDoS attacks. Computer Weekly explores organisations’ perceptions of the risks and best practice for mitigation. Continue Reading

Met Police failed to clear backlog of subject access requests

Metropolitan Police failed to comply fully with an enforcement notice issued by the Information Commissioner, and despite hundreds of overdue subject access requests the regulator did not take further action Continue Reading

HMRC referred 11 data security incidents to ICO in 2019-20

HM Revenue & Customs shares details of a number of data security incidents that occurred during the 2019-20 financial year in its annual report Continue Reading

Grindr and others patch critical Android bug

Fixes for CVE-2020-8913 deployed as app developers shore up their defences against a disclosed Google Play vulnerability Continue Reading

Singapore government to boost blockchain adoption

Singapore government unveils S$12m programme to promote development and adoption of blockchain applications beyond financial services Continue Reading

A trillion dollars lost to cyber crime every year

Data collated by McAfee and the Centre for Strategic and International Studies highlights the growing impact of cyber crime Continue Reading

China lags US in computer vision

China trails the US in the field of computer vision despite making inroads in computing and research, new report finds Continue Reading

Opportunistic Egregor ransomware is an emerging and active threat

Researchers at Recorded Future’s Insikt Group highlight links between the emerging Egregor ransomware and other strains, and offer guidance on defending against it Continue Reading

Avast and Borsetta to support Intel’s AI security project

Security firm Avast and AI security specialist Borsetta have signed up to support an Intel-led artificial intelligence security research project Continue Reading

Cyber Aware campaign to help safeguard Christmas shoppers

New government campaign sets out to raise awareness of online shopping fraud in the run-up to Christmas Continue Reading

Covid-19 vaccine supply chain attacked by unknown nation state

An unknown nation state actor is attempting to disrupt the supply of coronavirus vaccines Continue Reading

SIEM or SOAR or both? Consider your business complexity first

SIEM and SOAR have much in common, but there are key differences between the two that may influence the best fit for your organisation. What should security pros consider when making a choice? Continue Reading

Lax Android app developers putting millions of users at risk

Eight months after Google patched a critical vulnerability, developers have failed to update their apps, putting millions of users of apps such as dating services Bumble and Grindr at risk Continue Reading

Dangerous Trickbot evolves to target UEFI/BIOS firmware

Dubbed Trickboot by researchers, Trickbot’s new features enable malicious actors to read, write or even erase UEFI/BIOS firmware Continue Reading

Re:Invent 2020: AWS CEO Andy Jassy on redefining hybrid cloud

Amazon Web Services’ Re:Invent user conference has moved online this year, with the firm’s CEO using the opening keynote to explain how AWS’s take on hybrid cloud has changed over time Continue Reading

Covid-19: Cyber criminals will target vaccine programmes

Interpol issues a global alert to law enforcement as the UK becomes one of the first countries to approve the Pfizer/BioNTech Covid-19 vaccine for use Continue Reading

Double extortion ransomware will be a big theme in 2021

Defenders will see heightened levels of cyber crime next year as criminals pivot their attacks from data encryption to exfiltration Continue Reading

Security Think Tank: SIEM and SOAR are far from mutually exclusive

SIEM and SOAR have much in common, but there are key differences between the two that may influence the best fit for your organisation. What should security pros consider when making a choice? Continue Reading

Singapore government remains ‘juicy target’ for cyber attackers

The government is baking security into the design and implementation of its IT systems and looking to increase bug bounties to fend off cyber threats Continue Reading

DHL, Amazon and FedEx are most phished delivery services

DHL has emerged as the most imitated delivery brand in Europe, accounting for 77% of the total volume of phishing emails received in November 2020 Continue Reading

22,000 malicious .uk domains suspended in past year

Nominet has suspended just over 22,000 domains in the 12 months to 31 October 2020, continuing a downward trend, and with less impact from Covid-19 than might be expected Continue Reading

Security Think Tank: Alerts are great, it’s what you do with them that counts

SIEM and SOAR have much in common, but there are key differences between the two that may influence the best fit for your organisation. What should security pros consider when making a choice? Continue Reading

Government covers its ears as complaint by victims of Post Office abuse heads to ombudsman

Government denies responsibility for the abuse inflicted on subpostmasters by the Post Office over faulty IT system Continue Reading

What it takes for APAC firms to ride out the pandemic

Whether businesses will recover from the Covid-19 pandemic will depend on how they leverage technology to innovate, create new business models and build digital trust Continue Reading

MI5 accused of withholding surveillance compliance failures from cabinet minister

MI5 withheld high-risk concerns about its ability to comply with legislation from the home secretary when it submitted applications for surveillance warrants, NGOs Privacy International and Liberty claimed last week Continue Reading

IT Priorities: APAC enterprises readying recovery budget

Enterprises in Asia-Pacific are investing in cloud and other key technologies to not only survive but thrive in the post-pandemic world Continue Reading

UK government ramps up efforts to regulate tech giants

The Digital Markets Unit of the Competitions and Markets Authority aims to protect consumer privacy and lower barriers to entry for businesses Continue Reading

NI police unable to delete data seized unlawfully from journalists for 10 years

The Police Service of Northern Ireland is unable to delete terabytes of unlawfully seized data taken from journalists who exposed police failings in the investigation of the Loughinisland sectarian murders Continue Reading

Algorithmic transparency obligations needed in public sector

Public sector’s use of algorithms with social impacts needs to be more transparent to foster trust and hold organisations responsible for the negative outcomes their systems may produce, says report Continue Reading

How to modernise identity governance and administration

Modernising identity governance and administration (IGA) capabilities is essential for organisations to manage identities effectively to ensure they remain competitive, compliant and secure Continue Reading

How Grab is using technology to improve trust and safety

Southeast Asian unicorn Grab is tapping artificial intelligence and other technologies to keep its users safe and cyber criminals at bay Continue Reading

This Christmas, Covid-19 heightens retail security risks for everyone

Do you think it’s only retailers and consumers who need to consider cyber security when shopping online during the holidays? You’re dead wrong. This year, the Covid-19 pandemic and the shift to remote working has thrown a spanner in the works Continue Reading

The authentication arms race continues

This week we are heading back to 2006, when we reported on that sadly-perennial favourite: IT access security, and more specifically, Managing Access Securely. As our contribution to the bit of fun ... Continue Reading

Data safes will give users control over their data

Belgian computer scientist tells Computer Weekly how people can regain control of their online personal information Continue Reading

CW Nordics: Bank branch closures continue as digital banking grows

Sweden’s Handelsbanken is cutting its branch network by nearly half, which means more money will be invested in IT. But it’s not just Sweden and the Nordics – banks across the world are watching the fintech industry demonstrate to consumers what banking can be like if the right technology is in place. Also in this issue, read about the Norwegian government’s decision not to implement an outright ban on the use of 5G equipment supplied by China's Huawei. Continue Reading

APAC plagued by APT, ransomware attacks

The Asia-Pacific region was a primary target of advanced persistent threat groups, mostly from China, Iran, North Korea and Russia, that carried out 34 campaigns between June 2019 to June 2020 Continue Reading

Three cyber criminals arrested in Nigerian BEC investigation

Prolific cyber criminal gang is thought to have compromised up to half a million victims since 2017 Continue Reading

8 benefits of a security operations center

A security operations center can help lessen the fallout of a data breach, but its business benefits go much further than that. Here are eight SOC benefits to consider. Continue Reading

Merger of national policing systems over budget and behind schedule

UK government effort to replace legacy IT systems suffers further delays, and will not be fully completed until 2025 at the earliest Continue Reading

From front line to back office – how supporting the cyber community keeps the NHS safe

NHS Digital’s chief information security officer describes how the Cyber Associates Network benefits security experts in health and care Continue Reading

Securing UK’s critical national infrastructure is a 2021 priority

Government outlines the UK’s strategic cyber security policies for the coming 12 months, with critical national infrastructure a clear priority Continue Reading

Use of abusive stalkerware against women skyrocketed in 2020

Rise in the use of malicious stalkerware correlates closely to increased domestic violence during lockdown Continue Reading

What next for digital identity in the UK? Industry welcomes latest DCMS plan

After months – some would say years – of frustration and delay, tech suppliers have largely welcomed the latest government initiative to establish a digital identity ecosystem in the UK. The ... Continue Reading

Business continuity vendors bolster offerings during pandemic

Organizations must ensure their pandemic business continuity and technology DR plans address cybersecurity, as well as remote employees, social distancing and company shutdowns. Continue Reading

Belgian security researcher hacks Tesla with Raspberry Pi

Belgian security researcher Lennert Wouters once again succeeds in hacking a Tesla vehicle, this time by exploiting the Bluetooth Low Energy standard Continue Reading

Accidental heroes: How one scaleup pivoted to cyber

Simeon Quarrie designed his business using virtual reality and interactivity as a tool to tell stories that effect cultural change in enterprise environments – then a cyber criminal emptied his bank account Continue Reading

How Covid-19 has accelerated tech innovation in the NHS

Of all the terrible things that Covid is, what it has done is accelerate the digital journey. In this issue of Computer Weekly, we look at the track and trace app, which was redeveloped and enhanced at breakneck speed, and explore how the pandemic has accelerated the roll-out of new technology such as artificial intelligence and video conferencing tools at NHS trusts. We also present some research into how Covid has affected IT spending. Read the issue now. Continue Reading

Nominet introduces new resources for cyber scam victims

Domain name registrar is working with law enforcement to provide new information, guidance and resources for potential victims of online scams Continue Reading

Telcos could face huge fines under new security laws

Government boasts of unprecedented powers to boost the security standards of the UK’s critical national infrastructure Continue Reading

NCSC issues retail security alert ahead of Black Friday sales

National Cyber Security Centre issues refreshed guidance as cyber criminals turn their eyes to the holiday shopping season Continue Reading

Manchester United praised for swift response to cyber attack

Manchester United’s systems were attacked last week, and the club has been praised for a swift and decisive response Continue Reading

Finnish finance giant pilots fingerprint payments

OP Financial introduces biometric security technology to enable higher-value payments to be made safely using contactless cards Continue Reading

MPs subjected to over 22 million malicious email attacks in 2020

Members of Parliament are targeted by millions of spam and phishing emails every month, according to a Freedom of Information disclosure Continue Reading

Inside Huawei’s APAC cloud strategy

The Chinese technology giant is counting on its strengths in hardware infrastructure and focus on research and development to make a mark in Asia Pacific’s public cloud market Continue Reading

Data protection impact assessment tips and templates

Conducting a data protection impact assessment is key to evaluating potential risk factors that could pose a serious threat to individuals and their personal information. Continue Reading

Security pros fear prosecution under outdated UK laws

CyberUp, a group of campaigners who want to reform the Computer Misuse Act, finds 80% of security professionals are concerned that they may be prosecuted just for doing their jobs Continue Reading

HM Land Registry drafts digital ID standards

The department’s draft identity-checking requirements aims to provide clarity for software developers creating solutions to be used for property lawyers Continue Reading

Cyber security is next frontier for open source

Open security will facilitate the interoperability and capabilities of cyber security tools while alleviating vendor lock-in for enterprises, says IBM Continue Reading

Making sense of zero-trust security

Implementing zero-trust security is not an easy feat, but enterprises can still get it right if they approach it from a process perspective and get a handle on their infrastructure footprint Continue Reading

CW APAC: Expert advice on zero-trust security

Zero trust is a security model that eliminates the traditional perimeter and assumes that no user or device can be trusted until proven otherwise. In this handbook, Computer Weekly looks at how enterprises can take a zero-trust approach to securing their network, devices and workforce. Continue Reading

Covid-19 shift to remote working adds to Earth’s growing e-waste problem

The shift to remote working has forced firms to purchase new IT equipment, but many are still lacking sustainable end-of-life processes for their devices Continue Reading

Data silos and IT complexity stifle business potential

A study from 451 Research highlights the problems organisations face in managing data Continue Reading

Security sector broadly backs Boris Johnson’s Cyber Force

Security community says the presence of a robust cyber defence force alongside a robust physical one will be vital to the UK’s national security Continue Reading

2021 the year of commodity ransomware, says Sophos

Sophos researchers anticipate a trickle-down effect in the cyber criminal underground Continue Reading

US cyber security chief fired for contradicting Trump

CISA chief Chris Krebs ousted for doing his job fighting disinformation in an apparent purge of officials deemed disloyal to president Donald Trump Continue Reading

The case of Julian Assange as he faces US extradition bid – Computer Weekly Downtime Upload podcast

In this episode of the Computer Weekly Downtime Upload podcast, Bill Goodwin, investigations editor, joins Caroline Donnelly, Clare McDonald and Brian McKenna to discuss the case of Julian Assange, whose recent extradition hearing at the Old Bailey Bill reported on Continue Reading

How Aarogya Setu is addressing scale and security challenges

India’s contact-tracing platform leverages microservices, encryption techniques and cloud-based visibility tools to address scale and security requirements Continue Reading

Automated image recognition: How using ‘free’ photos on the internet can lead to lawsuits and fines

Germany-based photographer Marco Verch uses computer scripts to populate the internet with topical images and photographs. People and companies who make mistakes in following the complex licensing terms of his ‘free to share and adapt’ photographs receive threatening ‘legal’ demands Continue Reading

Choosing between proxy vs. API CASB deployment modes

Curious how to choose the right CASB deployment mode for your organization? Before you buy, compare how proxy vs. API CASB architectures work to secure SaaS applications. Continue Reading

Kaspersky shuts down data-processing activities in Russia

Cyber security provider’s data storage and processing activities for customers in Europe, the US and Canada, have now been fully relocated to Switzerland Continue Reading

HMRC warns over uptick in Self Assessment tax scams

HMRC issues updated warnings as 2021 Self Assessment deadlines loom Continue Reading

Ransomware stats overload risks confusing buyers

UK-based organisations are either more, or less, likely to pay ransoms, depending on which cyber security supplier you want to believe Continue Reading

Financial services data volumes heighten risk of insider breach

Financial services organisations hold so much data that it is becoming virtually impossible to safeguard properly against data breaches caused by malicious or careless employees Continue Reading

Brexit and risks to data privacy and governance

EY privacy specialists assess the risks to data privacy, protection and governance on the table for businesses, with less than two months until Brexit Continue Reading

How Mastercard is taking digital payments into a new era

In this week’s Computer Weekly, we talk to Mastercard about how the credit card giant is using new technologies to take digital payments into a new era. After months of unprecedented uncertainty, we ask CIOs how they are planning for the next 12 months. And we examine how the growth in remote working will affect IT salaries. Read the issue now. Continue Reading

How to build an effective vulnerability management programme

As cyber criminals increasingly look to exploit vulnerabilities in software and hardware, businesses must build and implement an effective vulnerability management programme to counter this growing threat Continue Reading

How Standard Chartered approaches cyber security

Bank uses security-by-design principles and conducts red-teaming exercises among other measures to fend off cyber breaches Continue Reading

Privacy advocates call for European probe into Palantir

Dutch group SOMI is trying to raise awareness of Palantir’s data privacy practices and how it works with European government agencies Continue Reading

Resident Evil studio Capcom confirms scale of Ragnar Locker breach

Videogame studio says the data of up to 350,000 people was likely to have been compromised in a Ragnar Locker ransomware attack Continue Reading

Human error blamed in Welsh Covid-19 patient data leak

Public Health Wales accepts recommendations of independent probe into data breach that saw PII on 18,105 coronavirus patients leaked Continue Reading

Hackney systems could be unavailable for months, says council

A month after a highly disruptive cyber attack on its systems, Hackney Council is still struggling to get back up and running Continue Reading

Ticketmaster fined £1.25m by ICO for failing to protect customer data

Ticket website’s customer data was exposed through an attack on a third-party chatbot Continue Reading

Humanitarian data collection practices put migrants at risk

United Nations report on smart borders warns that data collection about migrants and refugees by humanitarian organisations risks excluding them from essential basic services like access to food Continue Reading

DDoS mitigation strategies needed to maintain availability during pandemic

The growing prevalence of DDoS attacks combined with the increased reliance on internet connectivity during the pandemic means enterprises can no longer afford to ignore the threat of DDoS attacks. Computer Weekly explores organisations’ perceptions of the risks and best practice for mitigation Continue Reading

Online kids’ game Animal Jam confirms large breach

Cyber criminals have stolen data on 46 million Animal Jam player accounts via a third-party attack Continue Reading

IT Priorities 2020: Budgets rejigged to support 2021 recovery

IT has been essential in helping organisations remain operational. IT chiefs are now considering the IT to drive a sustained business recovery Continue Reading

DCMS opens talks with private sector on future of digital identity market

Department has met with suppliers to discuss plans for a trust framework to show ‘what good looks like’ as it ploughs ahead with digital identity plans Continue Reading

Company accused of spying on Assange acted for Ecuadorian Intelligence, says ex UC Global manager

Former operations chief of UC Global told Spanish Court the company accused of spying on Assange at the Ecuadorian Embassy in London was acting on the orders of Ecuadorian Intelligence Continue Reading

CW Benelux: Dutch Alzheimer’s app helps dementia patients

An app aimed at helping dementia patients and their families has been developed by the Alzheimer Society in the Netherlands. Also in this issue, read about a Belgian startup's app based on blockchain technology to help container handling at ports, and why Rabobank ditched its legacy backup. Continue Reading

What businesses can learn from GovTech’s digital strategy

Modernising its infrastructure and putting digital at its core has given Singapore’s Government Technology Agency the agility it needs to respond to the Covid-19 pandemic Continue Reading