IT security

Lapsing ISO certifications: Myth versus risk

Allowing ISO certifications to lapse presents businesses with serious risks when workarounds are possible Continue Reading

Even GDS is telling GDS to shut down Verify

The ailing Gov.uk Verify digital identity system was given a Frankenstein’s monster-like burst of energy back in April, when the lockdown-induced surge in Universal Credit applications brought ... Continue Reading

NCSC relaunches SME security guide with home working focus

The NCSC is issuing an updated version of its guide to security for SMEs, reflecting the long-lasting changes to the world of work seen in 2020 Continue Reading

Emotet rated September’s ‘most popular’ malware

The current resurgence of Emotet is attracting attention as governments issue new warnings and cyber criminals rush to exploit the chaotic US election Continue Reading

Coronavirus face mask spammer fined by ICO

The director of software company Studios MG spammed members of the public at the height of the pandemic as one of its directors tried to shift a job lot of face masks Continue Reading

Crown Prosecution Service suffers 1,600 data breaches in 12 months

CPS sees a spike in data security incidents, many of them serious enough to be reported to the Information Commissioner’s Office Continue Reading

Threat of GDPR fines increasingly driving security buying decisions

Scaring the people who hold the purse strings may be the best option for CISOs who need a little extra budget Continue Reading

CW Middle East: Egypt’s datacentre plans take a step forward

While it builds an IT services industry, Egypt is also investing in infrastructure and now plans to develop a datacentre industry. Read in this issue how, as part of this plan, Egypt’s parliament has passed a data protection law. Also read how the Europe, Middle East and Africa region has seen traditional IT outsourcing deals reduce in value by 21%, while the business process outsourcing market fell by 9%. Continue Reading

5G regulation failures are a threat to UK’s national security

Defence Committee report on the security of 5G brands existing regulations outdated and unsatisfactory Continue Reading

Department for Education failed to protect data on millions of children, says ICO

The Department for Education’s National Pupil Database, which contains millions of items of data on the UK’s schoolchildren, was found to be non-compliant with data protection regulations across the board Continue Reading

QiuiAnon

A smart chastity cage that can only be controlled via its app was vulnerable to hackers putting almost 40,000 penises on lockdown, research has revealed. Sex toy manufacturer Qiui muses on its ... Continue Reading

UK accounts for 45% of Europe’s card fraud as criminals target online transactions

Payment card fraudsters steal €1.5bn, with card-not-present attacks accounting for three-quarters of this sum Continue Reading

ICO wraps up Cambridge Analytica investigation

Information Commissioner’s Office concludes its investigation into Cambridge Analytica, saying no additional evidence has come to light that would change its previous assessments Continue Reading

Southeast Asia remains hotspot for cyber attacks

Geopolitics and Covid-19 have been fodder for cyber criminals to advance their motives in Southeast Asia in 2020 Continue Reading

Three steps to harden supply chains

The coronavirus has shone a spotlight on the fragility of modern supply chains and the risk of having a single point of failure Continue Reading

EU’s top court questions legality of UK phone and internet data surveillance

European Court of Justice rules that the UK and EU member states must comply with EU privacy laws when harvesting people’s sensitive communications data from telecoms and internet companies Continue Reading

The privacy and compliance challenges organisations face in 2021

Privacy and compliance teams have a lot on their plate as 2021 approaches. What are the key issues to consider? Continue Reading

Scotland digital identity prototype pilot successful

Digital Identity Scotland’s 10-week test of its digital identity prototype finds that users understand the concept of two-factor authentication and using the same credentials across services Continue Reading

Ransomware attacks go through the roof

The volume of ransomware attacks has jumped 50% in the past three months, according to data produced at Check Point Continue Reading

CISOs struggle to keep up with MITRE ATT&CK framework

Despite its proven benefits for security, the MITRE ATT&CK framework is proving difficult for many, according to a joint study from McAfee and UC Berkeley Continue Reading

John McAfee arrested over cryptocurrency fraud

Erratic tech baron allegedly promoted initial coin offerings without disclosing he was being paid to do so Continue Reading

The Most Influential Women in UK Technology 2020

In this week’s Computer Weekly, we announce our annual list of the Most Influential Women in UK Technology, and talk to this year’s winner, Stemettes CEO and diversity campaigner, Anne-Marie Imafidon. Meet our five Rising Stars and the latest entrants to our women in tech Hall of Fame. Read the issue now. Continue Reading

MosaicRegressor APT campaign using rare malware variant

Kaspersky researchers have shared details of a APT campaign utilising a rarely seen and hard-to-stop variety of malware Continue Reading

Fake news tops list of online concerns worldwide

Receiving false information is a greater worry than other online risks such as cyber bullying and fraud, says the Lloyd’s Register Foundation Continue Reading

HMRC warns locked-down freshers of ‘wave’ of tax scams

New university intake may be being targeted by cyber criminals amid Covid-19 confusion Continue Reading

FBI seized ‘legally privileged’ material from Ecuador Embassy, claims Julian Assange’s lawyer

The US struck a secret deal with Ecuador to seize WikiLeaks founder Julian Assange’s property from the Ecuadorian Embassy in London days before his arrest. The haul included legally privileged documents, says his solicitor Continue Reading

Understanding BC, resilience standards and how to comply

Follow these nine steps to first identify relevant business continuity and resilience standards and, second, launch a successful compliance program at your organization. Continue Reading

WikiLeaks led the way for newsrooms to use encryption to protect sources, says Italian journalist

Stefania Maurizi says in written evidence that Julian Assange pioneered the use of encryption by journalists to protect sources. Her work shows that the US put pressure on Italy to stop the extradition and prosecution of CIA officers responsible for the extrajudicial kidnapping and torture of an Egyptian cleric Continue Reading

Honesty is the best policy: Forging a security culture in the NHS

Clinician and technologist Sam Shah helped set up NHSX in 2019. Now he’s helping advance digital transformation in healthcare from the outside, and a big part of that is addressing security in the sector Continue Reading

Picking Your Way Through The SASE Minefield

After the best part of two decades of gradual change in the world of the networking infrastructure, WiFi and mobile notwithstanding, the past few years have seen more upheaval than at any time ... Continue Reading

Security pros face sanctions if they help ransomware victims pay

New advisory from the US government warns cyber insurance and incident response specialists that they could be skating on thin ice if they help ransomware victims pay their attackers off Continue Reading

Find and fix your Adobe Flash dependencies, says NCSC

As Adobe’s Flash Player approaches end-of-life, the National Cyber Security Centre is urging organisations to fix their Flash dependencies Continue Reading

Judge to give verdict on Julian Assange’s extradition after Christmas

Judge Vanessa Baraitser said today that she would make a ruling in early January on whether WikiLeaks founder Julian Assange should be extradited to the US Continue Reading

WikiLeaks revelations ‘shed light of truth’ on war on terror, court hears

WikiLeaks disclosures led to ‘revelations of extraordinary journalistic importance’ about detention in Guantamo Bay and civilian casualties in Iraq and Afghanistan Continue Reading

Blackbaud admits hackers stole banking details, passwords

Software firm paid off a ransomware gang, believed its hackers when they said they had destroyed the data, and has now discovered the cyber criminals accessed even more sensitive information than it thought Continue Reading

GitHub makes code vulnerability scanning feature public

Code-scanning service is now out of beta and generally available, helping teams to bake security into their code at the development stage Continue Reading

‘American friends’ spied on Julian Assange in Ecuadorian Embassy, court hears

Two former employees of UC Global, which provides security services to the Ecuadorian Embassy in London, claim the company shared surveillance footage with the US of the WikiLeaks founder meeting with lawyers and other visitors Continue Reading

Julian Assange would be held with convicted terrorist Abu Hamza in supermax prison, court hears

WikiLeaks founder Julian Assange would be held alongside convicted terrorist Abu Hamza in a supermax federal prison in Colorado, isolated from other prisoners, if he is extradited to the US, Old Bailey told Continue Reading

Compare AWS CloudEndure vs. Azure Site Recovery services

Learn how DRaaS heavyweights AWS CloudEndure and Microsoft Azure Site Recovery compare when it comes to architectures, features, integrations, pricing and other considerations. Continue Reading

Threat actors becoming vastly more sophisticated

Malicious actors have been busily honing their craft and cyber security incidents are up across the board as a result, according to a Microsoft report Continue Reading

NCSC expands schools programme to north-east England and Northern Ireland

Following an initial roll-out in Gloucestershire and Wales, the NCSC’s CyberFirst Schools programme is being extended to north-east England and Northern Ireland Continue Reading

NatWest offers online banking customers free security services

Bank responds to a surge in cyber crime targeting users of online banking services Continue Reading

Ryuk attack downs private health provider in major incident

Private healthcare provider UHS has been been hit by a major big game hunting cyber attack that infected its systems with the Ryuk ransomware Continue Reading

Organisations locked out by Azure AD crash

The Azure Active Directory was unavailable for a few hours in the evening of 28 September, preventing many from accessing MS online services Continue Reading

Remote working world reveals cloud/SaaS security concerns

Research reveals pivotal moment when the cloud is playing a more important role than ever to support mass remote working, with CISO concerns over cloud security remaining stubbornly high Continue Reading

Julian Assange would be held in ‘solitary confinement’ in US jail

WikiLeaks founder would be held in a cell the size of a parking space for 22 or 23 hours a day without contact with other inmates before trial Continue Reading

Sustrans opens door to NCSC cyber certification via the cloud

Sustainable transport charity turned to Qualys to help it attain needed certifications to bid for government work Continue Reading

Government updates data ethics framework

The new data ethics framework was created to better reflect how projects are run in practice after finding there was “little awareness” of the previous framework across the public sector Continue Reading

TikTok ban stayed after last-minute court case

TikTok’s lawyers have staved off an imminent ban for the time being, after successfully arguing that it infringed rights guaranteed under the Constitution of the United States Continue Reading

Police Scotland to set up new cyber crime centre

National Centre of Excellence will employ specially trained officers to tackle a vertiginous rise in cyber crime Continue Reading

Security now main driving force behind digital transformation

Organisations are urgently remodelling their core technology stack in the light of the Covid-19 pandemic, and this is pushing security to the top of the agenda Continue Reading

So – We Have The “New Normal” But Then IT Infrastructure’s Changing Anyway…

I was at an event in London at the beginning of the year – in the days when we were allowed to do that kind of thing – a platform migration event as it happens. One of the key takeaways from that ... Continue Reading

Airbnb hosts’ account data exposed in internal leak

Data exposure within Airbnb’s system was the result of a technical issue but was swiftly fixed, says the firm Continue Reading

Forensic expert questions US claims that Julian Assange conspired to crack military password

Forensic computer expert Patrick Eller told the Old Bailey that US allegations that WikiLeaks founder Julian Assange attempted to decrypt a password to help former soldier Chelsea Manning leak sensitive government documents anonymously do not fit with the evidence Continue Reading

Digital Identity Policy must address Fake (and Fogged) Credentials   

Banks and employers cannot afford to trust the credentials (digital or otherwise) issued by Government or mandated by regulators (e.g. Passports, Driving Licenses or Utility Bills) until the issues ... Continue Reading

Covid-19 has changed how we think about cyber security forever

Six months into the global pandemic, the true impact on the future of cyber security is beginning to look clearer, says Microsoft’s Ann Johnson Continue Reading

Gartner: Balance safety, privacy and productivity when employees return to the workplace

Organisations may decide that data collection can help keep employees safe in a Covid-secure workplace – but employers must consider all the privacy and productivity implications Continue Reading

‘Not unjust’ to extradite WilkiLeaks founder Julian Assange, court hears

Nigel Blackwood, NHS consultant psychiatrist, told the Old Bailey court that WikiLeaks founder Julian Assange had ‘moderate depression’ and autistic traits, but said they did not prevent his extradition Continue Reading

Third-party code bug left Instagram users at risk of account takeover

A critical vulnerability in Instagram’s image processing could have allowed attackers to take over not just their victim’s account, but their entire device Continue Reading

NHS whistleblower privacy concerns passed on to regulator, but campaigners not holding their breath

NHS Improvement chair Dido Harding acknowledges receiving concerns raised about the anonymity of whistleblowers, but campaigners have little faith that anything will be done Continue Reading

Coronavirus shows inadequacy of rear-view mirror planning

Looking at historical data has hampered businesses’ attempts to move forward effectively during the pandemic Continue Reading

Government blasted over ‘reckless’ contact-tracing security

The Open Rights Group and Big Brother Watch accuse the government of endangering public health with a reckless attitude to contact-tracing data security Continue Reading

Top five ways backup can protect against ransomware

Ransomware threatens to put your data beyond reach, so the best way to prepare is to have good-quality data you can restore from backup. We look at the key things to consider Continue Reading

Race to patch as Microsoft confirms Zerologon attacks in the wild

Don’t be the organisation that made the headlines because it failed to patch. Microsoft says it is seeing cyber attacks ramping up around the Zerologon CVE-2020-1472 bug Continue Reading

Data deluge grips enterprises amid digitisation

Two-thirds of respondents in a new Splunk study expect the quantity of data to grow by nearly five times by 2025 as they embrace more emerging technologies Continue Reading

Australians want more control over privacy

Nearly nine in 10 Australians want more control and choice over the collection and use of their personal information amid declining trust in how organisations handle personal data, survey finds Continue Reading

WikiLeaks founder Julian Assange has Asperger syndrome and depression, court hears

Julian Assange is on the autistic spectrum and has a history of depression that would put him at risk of suicide if he is extradited to a US prison, psychiatrists tell the court Continue Reading

Over half of firms intend to continue US data transfers despite Schrems II

Survey shows many organisations do not intend to significantly change their data-sharing practices, at least until there is more guidance from regulators or governments Continue Reading

Public admires security professionals, but doesn’t want their jobs

(ISC)² research finds attitudes towards security roles are increasingly positive, but not many people fancy joining the fight against cyber crime Continue Reading

What's involved in VPN maintenance and management?

Before an organization's VPN is up and running, IT teams must address four important aspects of VPN maintenance and management to keep abreast of transforming security concerns. Continue Reading

Video gamers barraged with cyber attacks

From credential stuffing to SQL injection and DDoS, video game producers and players are seeing massive volumes of cyber attacks Continue Reading

US agencies warn of election disinformation and cyber attacks

Federal agencies are warning of heightened disinformation as the crucial 2020 presidential election nears Continue Reading

UK government to trial new single sign-on system for Gov.uk

GDS introduces Gov.uk Accounts in its latest attempt to unify the growing number of login systems used across the government web domain Continue Reading

Activision shoots down data breach claims

Gaming company denies there has been any data breach after up to 500,000 accounts appeared to have been compromised, but evidence mounts that credential stuffing attacks are to blame Continue Reading

GDS reviewing Cloud First policy post-Schrems II

Review seeks to determine the future of government engagement with cloud hosting services as they relate to cross-border data flows Continue Reading

Scam mobile apps spreading via rogue TikTok accounts

Malicious TikTok accounts are promoting a number of adware scam mobile apps Continue Reading

WikiLeaks published unredacted cables after password was disclosed in book

WikiLeaks published a cache of unredacted government cables after the publication of a book containing the password led to their publication on other parts of the internet, court told Continue Reading

Trump implicated in plans to prosecute Assange over war leaks

US journalist and Trump supporter, Cassandra Fairbanks, said she was given advanced details of US plans to oust Wikileaks founder Julian Assange from the Ecuadorian Embassy and to arrest him for over documents leaked by former soldier Chelsea Manning Continue Reading

Why business resilience management should be high on the agenda

Business resilience management is key to business survival in the face of rapidly changing IT, cyber threat and regulatory environments Continue Reading

Big questions to be answered over TikTok and WeChat reprieve

TikTok and WeChat seem to have received a stay of execution, but big questions and contradictions remain Continue Reading

Resiliency must run across the supply chain

The coronavirus pandemic is the latest crisis to impact global supply chains. After the banking crisis of 2008, banks put in place stress testing to assess how resilient they were to future banking ... Continue Reading

WikiLeaks cables showed US interfered in German torture investigation

Khalid El-Masri, a German citizen who was kidnapped and tortured by the CIA in a case of mistaken identity, told a court that disclosures by WikiLeaks showed that the US had intervened in a German judicial investigation into his treatment Continue Reading

WikiLeaks video ‘electrified’ public to civilian war deaths, court hears

New Zealand investigative journalist and author Nicky Hager said that WikiLeaks’ publication of a video showing a US helicopter firing on civilians, along with the publication of secret war logs, ‘electrified’ the world to civilian deaths Continue Reading

SASE Is Not Just A Sassy Fashion – It’s Here To Stay So Convert That Attic Now

Earlier in the year, in this space I talked about SASE – Secure Access Service Edge – pronounced “sassy” as being one of the most relevant new Gartner definitions to explore and understand. And I ... Continue Reading

Ex-NCSC boss Ciaran Martin joins cyber venture capital outfit

Outgoing NCSC CEO Ciaran Martin is to take up a new role guiding new investments in cyber security Continue Reading

5 supply chain cybersecurity risks and best practices

Threats to supply chain security have increased in the wake of COVID-19. Learn what they are and how you can defend your organization and prevent disruption and worse. Continue Reading

Top 4 firewall-as-a-service security features and benefits

Firewall-as-a-service offerings implement security policies across consolidated traffic headed to all locations. Learn about four security features and benefits of FWaaS. Continue Reading

Outgoing NCSC CEO: Ransomware threat kept us up at night

Former NCSC CEO Ciaran Martin sheds some light on some of the biggest cyber threats currently facing the UK Continue Reading

Congressman offered Julian Assange a ‘win-win’ deal that would help President Trump

Details have emerged of US congressman Dana Rohrabacher’s offer of a pardon to WikiLeaks founder Julian Assange in a ‘win-win deal that would benefit US President Donald Trump Continue Reading

US government deplatforms TikTok and WeChat

The Commerce Department of the US government has banned new downloads of TikTok and WeChat in the US, and announced new prohibitions on doing business with them Continue Reading

German authorities probe ransomware hospital death

Hackers failed to extort a ransom from University Hospital Düsseldorf, but indirectly caused the death of a patient Continue Reading

Rampant Kitten spent six years hacking Iranian dissidents

Details emerge of an ongoing campaign by Tehran-backed threat actors targeting dissidents and activists Continue Reading

Maze ransomware borrows Ragnar Locker tactics to sneak past defences

New research from the Sophos threat response team has found the Maze ransomware gang has adopted techniques pioneered by the cyber criminals behind Ragnar Locker Continue Reading

Top five ways to benefit from tape today

We look at the benefits that tape can bring, including in backup and recovery, long-term and ‘warm’ archiving, compliance and WORM use cases and ‘air gapping’ to protect data Continue Reading

Saudi Arabia sees cyber security boom as coronavirus bites

Saudi Arabian CIOs have been forced to increase their security posture as the Covid-19 pandemic transforms working methods Continue Reading

What are the habits of highly effective CISOs?

Data crunched by Gartner analysts reveals the behaviours that differentiate the top-performing chief information security officers from the pack Continue Reading

Seven charged in connection with Chinese state-backed cyber attacks

Attacks by APT41, or Wicked Panda, targeted hundreds of organisations, including the UK government Continue Reading

Security Think Tank: Edge security in the world of Covid-19

That datacentre security is a complex subject is not in doubt and, given the trend to move beyond centralised datacentre to distributed environments, this is not going to change. How can security professionals ensure such setups are just as secure as the traditional centralised model? Continue Reading

Assange revelations among most important in US history, says Daniel Ellsberg

Daniel Ellsberg, who leaked highly classified documents that changed the course of the Vietnam War in the 1970s, says WikiLeaks exposed a serious pattern of US war crimes Continue Reading

NCSC steps up ransomware support for schools and universities

New alert and updated guidance comes after several academic institutions were targeted in ransomware attacks Continue Reading