IT security

The dangers of the UK’s illogical war on encryption

The unintended consequences of the Online Safety Bill will have a dramatic effect on our ability to communicate securely, including in Ukraine, where it is needed most Continue Reading

UK has biggest card fraud problem in Europe

Social Market Foundation calls on the UK to get a grip on its huge problem with bank card fraud in Europe Continue Reading

SBRC to administer NCSC training across Scotland

The Scottish Business Resilience Centre has been awarded a £500,000 contract to extend cyber resilience training across more than 250 at-risk organisations Continue Reading

Financial services regulator opens digital delivery centre in Leeds

The Financial Conduct Authority is increasing the number of tech experts in its workforce through a new digital delivery centre in Leeds Continue Reading

Spyware activity particularly impactful in July

After a quiet June, vulnerability exploitation ramped up in July, with intrusions linked to spyware seeing unusually high volumes of activity, according to a report Continue Reading

Reimagining ethical digital technology

With ever-increasing digitisation leading to greater dependence on a range of digital technologies, enterprises need to urgently look at how they can incorporate ethical and social considerations into the tech they develop Continue Reading

New EU due diligence law needs amending to stop tech sector abuse

European corporate due diligence directive seeking to transform how companies approach their human rights and environmental risk is welcome, but without further changes, it will fail to effectively curb tech firms’ harmful practices, claims international non-profit Continue Reading

Shift to remote work sees major rise in cyber crime

Survey finds almost four in five cyber security teams agree that recent changes to working practices have adversely affected their organisation’s cyber security, with one-fifth banning the use of public Wi-Fi by policy Continue Reading

DrayTek patches SOHO router bug that left thousands exposed

Network hardware supplier has fixed an unauthenticated RCE vulnerability in multiple routers in its Vigor line, after being alerted by Trellix researchers Continue Reading

UK safety tech sector sees strong revenue and employment growth

Safety tech is now one of the fastest-growing sectors in the UK tech industry, with jumps in revenue, investment and employment Continue Reading

Austrian data firm accused of selling malware, conducting cyber attacks

Microsoft has accused DSIRF, an Austrian data services firm, of involvement in a string of cyber attacks Continue Reading

Ex-youth footballers kick-start cyber careers

New programme aims to find fresh careers for former youth footballers in cyber security Continue Reading

H0lyGh0st ransomware gang faces challenges, but still a threat

Digital Shadows reports on the recently identified H0lyGh0st ransomware outfit, a new threat actor operating out of North Korea that faces some clear challenges, but is nevertheless still a live threat Continue Reading

NCSC startups scheme turns focus to operational technology, SME security

NCSC for Startups initiative turns its focus to supporting innovation around securing operational technology and addressing the challenges facing small businesses Continue Reading

Cyber criminals pivot away from macros as Microsoft changes bite

As Microsoft resumes blocking macros by default in its Office application suite, reversing a temporary reversal, analysis from Proofpoint suggests the action has had a remarkable effect Continue Reading

Consumers left out of pocket as security costs soar

As the average cost of a security incident reaches an all-time high of nearly $4.5m, an IBM Security study reveals how these costs are being passed on to ordinary people Continue Reading

US doubles bounty on Lazarus cyber crime group to $10m

US State Department doubles a previously announced reward for information on North Korean cyber criminals, including the notorious Lazarus group Continue Reading

Retail software firm PrestaShop warns users about SQL injection attacks

Open source e-commerce platform PrestaShop warns thousands of small retailers that their customers’ credit card details may be at risk of compromise Continue Reading

Cyber security training ‘boring’ and largely ignored

Two-thirds of employees don’t bother to pay attention to cyber security training – and the fault does not lie with them Continue Reading

Security Think Tank: Don’t rely on insurance alone

Cyber insurance is a useful addition to the cyber protection toolbox. However, it cannot be regarded as a replacement for the controls that should be in operation, says Turnkey Consulting’s Tom Venables Continue Reading

Secret court asked to quash a decade of MI5 surveillance warrants following ‘systemic breaches’

The culture at MI5 was to ‘prioritise’ missions ‘over everything else’, including compliance with safeguards designed to protect the public, the UK’s most secret court heard yesterday Continue Reading

No More Ransom initiative helps 1.5 million people in six years

One and a half million people have now taken advantage of free ransomware decryption tools offered by a joint European project Continue Reading

Visibility and proactive stance needed to secure OT systems

Critical infrastructure operators need to have more visibility into their IT and operational technology environment, and take a more active stance to fend off sophisticated adversaries, expert says Continue Reading

Ducktail infostealer targets Facebook Business users

Newly uncovered Ducktail operation targets individuals with access to Facebook Business service and tries to steal their accounts Continue Reading

Inside Russia’s Ukraine information operations

In this week’s Computer Weekly, we get the inside track on Russia’s disinformation operations attempting to spread propaganda and cyber threats about the invasion of Ukraine. Our new buyer’s guide looks at customer and employee experience management. And we assess 10 top Kubernetes backup suppliers. Read the issue now. Continue Reading

Inside Russia’s Ukraine information ops

We speak to Craig Terron of Recorded Future about delving deep inside the Russian disinformation machine’s operations, and how the Kremlin’s strategy is likely to evolve as the Ukraine war drags on. Continue Reading

Home Office ‘unlawfully’ approved MI5 bulk surveillance warrants

MI5 provided ‘false information’ to the Home Office to secure bulk surveillance warrants, the Investigatory Powers Tribunal heard Continue Reading

NCSC seeks community input for Cyber Advisor service

The NCSC is proposing to establish a new Cyber Advisor service to train up experts in security guidance, and is inviting interested parties to come forward Continue Reading

Latest Atlassian Confluence vulnerability raises concerns

CVE-2022-26138 is the second major vulnerability disclosure made for Atlassian’s Confluence collaboration platform in recent months Continue Reading

The Security Interviews: Why you need to protect abandoned digital assets

The war in Ukraine and subsequent boycott of Russia resulted in a swathe of digital infrastructure being abandoned, becoming a potential vulnerability for many organisations, says Cyberpion’s Ran Nahmias Continue Reading

TMT firms among top targets for cyber attacks in Singapore

Organisations in the technology, media and telecoms sector were among the most lucrative targets for malicious actors as their services penetrate almost every aspect of society Continue Reading

LinkedIn most impersonated brand in phishing attacks

Social network LinkedIn, along with Microsoft and DHL, are just some of the brands that are most frequently imitated by cyber criminals conducting phishing attacks Continue Reading

GCHQ experts back scanning of encrypted phone messages to fight child abuse

Ian Levy, technical director of the NCSC, and Crispin Robinson, technical director of GCHQ, back client-side scanning software on mobile phones to detect child abuse Continue Reading

Buy ‘plug-n-play’ malware for the price of a pint of beer

Three-quarters of malwares and almost 90% of exploits retail on the dark web for about £8.40 or less, according to a report Continue Reading

Russia-linked APTs targeted fleeing Ukrainian civilians

Mandiant and the US authorities have shared details of a phishing campaign that spoofed humanitarian information on evacuation procedures to target Ukrainians fleeing Russian bombardment Continue Reading

UK government introduces data reforms legislation to Parliament

Proposed changes to UK’s data protection regime include new grounds for data processing, significant powers for the secretary of state to direct the regime’s application, and fewer restrictions on law enforcement’s use of data Continue Reading

(ISC)² expands entry-level cyber programme after UK success

Flush with success from a UK certification programme, reaching 100k in the UK, (ISC)² now wants to provide free security certification to a million people worldwide Continue Reading

Transatlantic PET contest open for entries

A joint UK-US innovation prize challenge for developers of privacy-enhancing technologies has opened for entries Continue Reading

Cato aims to bust cyber myths as it extends network protections

Cato Networks is beefing up its platform’s security features with ransomware and data loss protections, and the firm’s security strategy lead Etay Maor is using the occasion – and his unique access to billions of data points from the firm’s network – to explode some cyber myths Continue Reading

How NEC is transforming its business

While NEC is known for its public safety systems, the company has been expanding into new areas including e-government, financial services and customer experience in Asia-Pacific Continue Reading

Russia’s Cozy Bear abusing Dropbox, Google Drive to target victims

Russian APT known as Cozy Bear has become adept at quickly incorporating popular cloud storage services into its attack chain to avoid detection Continue Reading

Tracking the rise of homeworking across the UK

In this week’s Computer Weekly, new figures show that homeworking has more than doubled in the UK due to the pandemic – we look at the regional differences. The pressure is growing on cyber security teams – we analyse the expert advice on how to avoid staff burnout and lost talent. And we examine the important role that tech startups play in the rapid growth of Amazon Web Services. Read the issue now. Continue Reading

US cyber agency CISA to open London office

The US Cybersecurity and Infrastructure Security Agency has chosen London to host its first office outside America Continue Reading

What to look for when taking out a cyber insurance policy

We look at the steps organisations need to take when buying cyber insurance Continue Reading

NHS trust ‘deliberately’ deleted up to 90,000 emails before tribunal hearing

A high-profile case brought by NHS whistleblower Chris Day raises questions about the adequacy of information governance practices in NHS hospital trusts Continue Reading

Log4Shell on its way to becoming ‘endemic’

US government report concludes that, like Covid, Log4Shell will be with us for a long time to come Continue Reading

CW APAC: Buyer’s guide to backup and recovery software

The cyber threat landscape leaves firms with little room for error. In this handbook, focused on backup and recovery software in the Asia-Pacific region, Computer Weekly looks at data protection capabilities, how Veeam aims to achieve a market-leading position, Rubrik’s focus on recovery and Kubernetes’s mission to meet the challenges of containerised application environments. Continue Reading

Videogame maker Bandai Namco confirms cyber attack

Bandai Namco, developer of videogames including Pac-Man, Tekken and Dark Souls, has broken days of silence to confirm it has been hit by a cyber attack Continue Reading

How hostile government APTs target journalists for cyber intrusions

Proofpoint shares data on multiple campaigns of cyber intrusions against journalists originating from threat actors aligned to the governments of China, Iran, North Korea and Turkey Continue Reading

SASE - The Importance Of Spelling It Out In Full

First to note that in these financially – and politically – challenging times, it’s good to see serious investment still in the security area of IT. Let’s face it – we need it more than ever. In ... Continue Reading

Government pauses Online Safety Bill’s progress

The government has paused the Online Safety Bill’s journey towards becoming law, amid timetable pressure Continue Reading

ICO wants to ‘empower people through information’

Information Commissioner’s Office sets out commitment to safeguard the information rights of the most vulnerable people in UK society Continue Reading

Slippery phish wriggles around MFA protections, says Microsoft

Microsoft’s threat researchers share details of a phishing campaign that hit 10,000 organisations, against which standard multifactor authentication provides little defence Continue Reading

Digital break-up kit to help women get out of bad relationships safely

Domestic abuse charity Refuge teams up with Avast to equip women with the knowledge to effectively and safely end a relationship digitally Continue Reading

July Patch Tuesday brings more than 80 fixes, one zero-day

While some admins can put their feet up and let Windows Autopatch do the hard work of updating their Microsoft estates, for the rest of us, the Patch Tuesday bandwagon keeps on keeping on Continue Reading

ICO calls for review into government use of private email and WhatsApp messages

Information Commissioner’s Office reprimands Department of Health and Social Care after ministers and officials conducted government business on their own email accounts and messaging apps Continue Reading

Brits say social media must do more to block harmful content

UK citizens want social media companies to do more to prevent harmful content appearing on their platforms Continue Reading

MaliBot Android malware spreading fast, says Check Point

The MaliBot malware is becoming a persistent and widespread problem, and Android users should be on their guard, says Check Point Continue Reading

Ransomware and backup: Overcoming the challenges

Ransomware attacks that exfiltrate data don’t nullify the value of backups to restore from, but the challenges – such as not restoring corrupted data – require careful planning Continue Reading

Microsoft Windows Autopatch now generally available

Microsoft customers with Windows Enterprise E3 and E5 licences can now take full advantage of its new automated patching service Continue Reading

UKtech50 2022: The most influential people in UK technology

In this week’s Computer Weekly, we reveal the 50 most influential people in UK IT for 2022, and talk to the winner of the 12th annual UKtech50, National Cyber Security Centre CEO Lindy Cameron. Also, we take an in-depth look at the crisis in chip supply and what’s needed to solve it. Read the issue now. Continue Reading

Singapore doubles down on OT security

The Cyber Security Agency of Singapore will fund 80 scholarships to groom a talent pool of operational technology security experts, among other efforts to bolster the security of critical infrastructure in the city-state Continue Reading

NCSC CEO: Why we should run towards crises to elevate cyber security

 Continue Reading

Microsoft VBA macro block will return

Microsoft provides more details about its sudden decision to rollback a landmark security policy, and reassures users it is a temporary measure Continue Reading

SMEs lagging on multifactor authentication

Only 46% of small business owners say they have implemented multifactor authentication, and just 13% mandate its use, according to a report Continue Reading

Cyber insurance: An effective use of your scant security budget?

The ISF’s Paul Watts asks if cyber insurance is a must-have item, an expensive luxury, or the emperor’s new clothes Continue Reading

Cyber insurance: Tips for keeping the right level of cover

Transferring risk to an insurer doesn’t mean you are risk-free – so what is not included in your cyber insurance cover? Continue Reading

Stop telling clients to pay ransomware gangs, solicitors told

The NCSC and the ICO are calling on solicitors to help tackle the rising number of ransomware payments being made, and to stop giving erroneous advice to victims Continue Reading

Sweden and GDPR – four years on

Swedish data protection coordinator talks to Computer Weekly four years into the General Data Protection Regulation Continue Reading

Microsoft appears to reverse VBA macro-blocking

Microsoft quietly reverses VBA macro-blocking across its Office portfolio in a move that has left security experts puzzled Continue Reading

Lots to consider when buying cyber insurance, so do your homework

When considering implementing a cyber insurance policy, due diligence should be your watchword, says Paddy Francis of Airbus CyberSecurity Continue Reading

UK government does not yet understand threat of technology to foreign policy

Select committee chair warns government that the threat posed to global security by malign actors influencing tech standards is no ‘dystopian fantasy’ Continue Reading

MI5, FBI chiefs warn of Chinese cyber espionage threat

In a joint appearance in London, MI5 director general Ken McCallum and FBI director Chris Wray warn of the growing threat posed by the Chinese government to UK and US interests Continue Reading

UK signs ‘in principle’ data adequacy agreement with South Korea

Bilateral adequacy agreement will allow businesses to conduct cross-border data transfers with minimal restrictions Continue Reading

The evolution of threat modelling as a DevSecOps practice

Threat modelling is becoming ever more integrated into software architecture design. Here, Stephen de Vries of IriusRisk looks at the evolution of the process Continue Reading

Amid NSO lawsuit, Apple expands spyware protections

Apple previews a new feature called Lockdown Mode to protect iPhone and iPad users from ‘mercenary spyware’ Continue Reading

Security Think Tank: Cyber insurance – A nice safety blanket, but don’t count on it

In the second instalment of this month’s Security Think Tank, Mike Gillespie argues that cyber insurance should be thought of like car insurance – you don’t start driving recklessly because you’re covered Continue Reading

Latest Marriott data breach not as serious as others

Questions are again being raised over Marriott’s cyber security practices following yet another incident, but fortunately it seems limited in its scope, and the company is responding appropriately Continue Reading

CW Middle East: UAE citizens embrace new digital technologies

A survey shows that people in the United Arab Emirates believe next-generation technologies such as 3D printing and artificial intelligence will become widespread in the country. Also read how the UAE has improved its security posture amid mounting cyber threats. Continue Reading

Tech companies face pressure over end-to-end encryption in Online Safety Bill

An amendment to the Online Safety Bill, currently going through Parliament, will put pressure on tech companies over end-to-end encrypted messaging services Continue Reading

The Security Interviews: Inside Russia’s Ukraine information operation

Computer Weekly speaks to Craig Terron of Recorded Future about delving deep inside the Russian disinformation machine, and how the Kremlin’s strategy is set to evolve Continue Reading

UAE bolsters cyber security

 Continue Reading

Plexal seeks new scaleups for next phase of Cyber Runway

Established security startups looking to grow and scale their operations are being invited to join the next phase of Plexal’s Cyber Runway programme Continue Reading

ESET: Lazarus APT hit aero, defence sector with fake job ads

ESET researchers present new findings into a series of cyber attacks on the aerospace and defence sectors by North Korea’s Lazarus crime syndicate Continue Reading

Prepare for long-term cyber threat from Ukraine war, says NCSC

The NCSC has published refreshed guidance on cyber preparedness as the war on Ukraine continues, urging organisations to pay attention to the state of their security teams Continue Reading

LogRhythm bullish on growth in APAC

LogRhythm expects its business in the region to grow by over 20% this year thanks to demand from emerging economies where cyber security investments have not kept pace with cyber threats Continue Reading

NCSC CEO: Why we should run towards crises to elevate cyber security

National Cyber Security Centre CEO Lindy Cameron, the 2022 Computer Weekly UKtech50 Most Influential Person in UK IT, reflects on a career immersed in crisis management, and how she is using this to elevate cyber security standards across the country Continue Reading

How to get the right level of cyber protection

The first part of our buyer’s guide to cyber insurance looks at how the market for cyber insurance is evolving and how IT security leaders can avoid buying the wrong level of cover. Continue Reading

How to get the right level of cyber insurance

In this week’s Computer Weekly, we look at how the market for cyber insurance is evolving and how to avoid buying the wrong level of cover. We find out what role hydrogen technologies could play in reducing datacentre carbon emissions. And we hear how a 125-year-old bicycle maker is embracing digital innovation. Read the issue now. Continue Reading

MPs call for ban on Chinese surveillance camera technology

Nearly 70 MPs have called on the government to ban Chinese camera technology that is widely used by UK government agencies despite links to human rights abuses in China Continue Reading

Government rejects Lords police tech inquiry recommendations

The government has largely rejected the findings and recommendations of a House of Lords inquiry into police tech, which called for an overhaul of how police deploy artificial intelligence and algorithmic technologies Continue Reading

Assange appeals against Priti Patel’s extradition order

WikiLeaks founder is expected to raise concerns over the political nature of his prosecution, the likelihood of him receiving a fair trial, and the risk of a coercive plea bargain Continue Reading

Cyber insurance: What does a CISO need to know?

We look at how the market for cyber insurance is evolving and how IT security chiefs can avoid buying the wrong level of cover Continue Reading

Tech sector efforts to root out forced labour are failing

Digitally mapping supply chains to identify forced labour and slavery is no longer a technology problem for the IT sector, but a lack of government enforcement and corporate inaction are major barriers to effective change Continue Reading

Security Think Tank: Now is the time to think about cyber insurance

Many IT leaders shy away from cyber insurance, but new, innovative developments in the market can help organisations take an approach that suits their needs Continue Reading

ICO to cut back on fines for public sector data breaches

Information commissioner John Edwards sets out a revised approach to how the ICO handles data breaches in the public sector, saying fining victims risks punishing the public twice over Continue Reading

Urgent need for new laws to govern biometrics, legal review finds

Independent review says new framework is needed to clear up legal and ethical concerns over the use of biometric data and technologies, which can impact privacy, freedom of expression and other human rights Continue Reading

New cyber extortion op appears to have hit AMD

Semiconductor specialist AMD has confirmed it is investigating reports that a ‘bad actor’ has stolen hundreds of gigabytes of its data Continue Reading

Backup maintenance: Five key points to consider

Effective backups need to ensure all data is protected, and to track media and software changes. We look at five key things to consider Continue Reading

Romance scammers exploit Ukraine war in cynical campaign

Romance scammers can make easy money exploiting people looking for love, but in this newly observed campaign linked to the Ukraine war they are playing on deeper emotions Continue Reading