IT security

Inside Group-IB’s cyber security playbook

A focus on threat intelligence, fraud protection and its work with Interpol has enabled Group-IB to compete against bigger rivals in the market Continue Reading

Europol warns cops to prep for malicious AI abuse

In a report looking at how large language models can be used by criminals, Europol’s Innovation Lab calls on law enforcement agencies to prepare themselves for wide-ranging impacts on their work Continue Reading

Ethical hackers urged to respond to Computer Misuse Act reform proposals

The deadline for submissions to the government’s consultation on reform of the Computer Misuse Act is fast approaching, and ethical hackers and security experts need to make their voices heard, says Bugcrowd Continue Reading

Taking back control of AI training data

AI tools such as ChatGPT are trained on datasets scraped from the web, but you don’t have much say if your data is used. Technologist Bruce Schneier explains why it’s time to give control of AI training data back to the people. Continue Reading

UK TikTok ban gives us all cause to consider social media security

The UK government’s ban on TikTok should give organisations cause to look into what information social media platforms are collecting on us, and what they are using it for. Continue Reading

Is TikTok really a security threat to your business?

In this week’s Computer Weekly, with the UK government becoming the latest administration to ban TikTok, we ask whether the controversial social media app is really a security threat to enterprises. Technology guru Bruce Schneier tells us about the need to take back control of AI and the personal data it relies on. And we look at how firms are trying – and failing – to make AI work for online content moderation. Read the issue now. Continue Reading

Ransomware attacks up 45% in February, LockBit responsible

NCC Group says it observed a surge in ransomware attacks in February, with LockBit, BlackCat and BianLian all highly active Continue Reading

France latest to ban TikTok on government devices

Following bans in the UK and US, France has moved to enact restrictions on TikTok, and other social media apps, on government devices Continue Reading

JP Morgan pilots palm and face-recognition technology in US

JP Morgan is testing out its biometric payment technology in selected retailer stores and at the upcoming Formula 1 Grand Prix in Miami Continue Reading

Use zero-trust data management to better protect backups

Backup admins looking to protect data from bad actors can implement a zero-trust strategy for added protection. However, the method is not without its downsides. Continue Reading

Acquiring the skills necessary to implement the UK Cybersecurity Strategy

The skills plan for meeting the needs of the world greatest Financial Services and Fin Tech Hub outside North America is therefore at heart of the work of the advisory group.  Continue Reading

National Crime Agency sting operation infiltrates cyber crime market

The UK National Crime Agency has tricked thousands of potential cyber criminals into registering with a fake website pretending to offer tools for creating DDoS attacks Continue Reading

Aryaka expands SD-WAN, SASE offer to SMEs

Having deployed its services to large enterprises and Fortune 100 companies for over a decade, software-defined networking technology focuses on small to medium-sized enterprises for secure access and wide area networks Continue Reading

Trust: easy to lose, hard to recover

Here are just a few of the topics that my fellow Freeformers and I have enjoyed researching and writing about in recent years: network security, SD-WAN, digital identity, smart wallets, digital ... Continue Reading

Why Veeam thinks ransomware warranty payouts are unlikely

Veeam Data Platform v12 offers a financial guarantee to customers that can’t restore after ransomware attacks, but the backup supplier is convinced it won’t be making many payouts Continue Reading

Government launches seven-year NHS cyber strategy

The new Cyber Security Strategy for Health and Adult Social Care lays out a plan for promoting cyber resilience in the sector by 2030 to protect services and patients alike Continue Reading

Nordics move towards common cyber defence strategy

Nordic countries agree to work together to improve their cyber defences amid increasing threat Continue Reading

How Mimecast thinks differently about email security

Mimecast CEO Peter Bauer believes the company’s comprehensive approach towards email security has enabled it to remain relevant to customers for two decades Continue Reading

Hitachi Energy emerges as victim of Clop gang’s Fortra attack

The power and energy division of Japanese conglomerate Hitachi has disclosed that it has fallen victim to a Clop cyber attack, but insists customer data is safe Continue Reading

GDS signs £24m worth of contracts for One Login

As the Government Digital Service (GDS) prepares for the official end of Gov.uk Verify, it signs three new contracts for its successor programme, One Login Continue Reading

Ferrari rejects ransom demand after cyber attack

Italian carmaker Ferrari says it will refuse to pay a ransom after an unspecified threat actor broke into its IT systems and stole customer data Continue Reading

Ransomware gangs harass victims to ‘bypass’ backups

Analysis reveals how cyber criminal gangs are turning to extensive, targeted harassment campaigns to force victims to pay up, even if their backups are in good order Continue Reading

NCSC launches cyber check-up tools for SMEs

The NCSC has launched two new security services aimed at SMEs that lack the resources to address cyber issues, and may underestimate their vulnerability to attack Continue Reading

Preventing Crime not meeting Political Targets -  A review of the MPS Turnaround Plan 

Respond by the end of March if you live or work in London and believe that the primary objective of policing is the prevention of time not the meeting of targets as proxies for delivering political ... Continue Reading

NatWest announces ID service for its customers

The identities of NatWest customers engaging with businesses online can be confirmed by the bank's ID service in seconds Continue Reading

BBC cracks down on TikTok after review

The BBC is asking staff not to install TikTok on corporate-owned devices without a justified business purpose, although its use will still be allowed to share media content with its audiences Continue Reading

Half A Rack In Half A Day: Building A Private Cloud

Having entered my 39th (gulp!) year in IT, it’s fair to say I’ve had to endure more than my fair share of IT hype and BS. Many are the times at live events I’ve done a tally chart on the number of ... Continue Reading

UK TikTok ban gives us all cause to consider social media security

The UK government’s ban on TikTok should give all organisations cause to look into what information social media platforms are collecting on us, and what they are using it for Continue Reading

UK government to create code of practice for generative AI firms

The code will look to strike a balance between copyright holders and generative AI firms so that both parties can benefit from the use of copyrighted material in training data Continue Reading

BEC attacks doubled in 2022, outstripping ransomware

Massive growth in the volume of Business Email Compromise or BEC attacks was linked to a surge in successful phishing campaigns, according to data from Secureworks Continue Reading

TikTok banned on UK government devices

The UK government has followed in the footsteps of its US and European counterparts and banned the use of Chinese social media app TikTok on official devices Continue Reading

Rubrik customer, partner data exposed in possible Clop attack

Rubrik was supposedly compromised by the Clop ransomware gang via a zero-day vulnerability in a managed file transfer software package it uses Continue Reading

Mandiant: Dangerous MS Outlook zero-day widely used against Ukraine

A zero-day vulnerability in Microsoft Outlook that was fixed in the March Patch Tuesday update has likely been actively exploited by Russian actors for a year or more, and its use will now spread rapidly Continue Reading

New APT group targets ASEAN governments and militaries

 Continue Reading

How Zscaler is cracking APAC’s cloud security market

Zscaler’s head in Asia-Pacific and Japan, Scott Robertson, talks up the company’s growth momentum in the region and what it is doing to address areas where it can do better Continue Reading

APAC buyer’s guide to SASE

Aaron Tan looks at the benefits of secure access service edge services, key considerations and the market landscape Continue Reading

Chinese Silkloader cyber attack tool falls into Russian hands

A loader tool used by Chinese cyber criminals seems to have been enthusiastically taken up in recent weeks by Russian ransomware operators Continue Reading

Top 30 incident response interview questions

Job interviews are nerve-wracking, but preparation can help minimize jitters and position you to land the role. Get started with these incident response interview questions. Continue Reading

Microsoft patches Outlook zero-day for March Patch Tuesday

A highly dangerous privilege escalation bug in Outlook is among 80 different vulnerabilities patched in Microsoft’s March Patch Tuesday update Continue Reading

NatWest introduces limits on crypto trading to prevent fraud

UK bank says its retail customers will benefit from daily and monthly limits on the amount they can pay into cryptocurrency exchanges Continue Reading

NCSC warns over AI language models but rejects cyber alarmism

The UK's NCSC has issued advice for those using the technology underpinning AI tools such as ChatGPT, but says some of the security doomsday scenarios being proposed right now are not necessarily realistic Continue Reading

AI interview: Elke Schwarz, professor of political theory

Elke Schwarz speaks with Computer Weekly about the ethics of military artificial intelligence and the dangers of allowing governments and corporations to push forward without oversight or scrutiny Continue Reading

Securing low Earth orbit represents the new space race

The barriers to launching satellites into low Earth orbit are falling fast, and that brings new cyber security challenges. Continue Reading

MI5 to oversee new National Protective Security Authority

The new National Protective Security Authority will address various national security threats including state-sponsored cyber espionage against UK targets Continue Reading

HSBC buys Silicon Valley Bank UK arm for £1 following collapse

UK tech ecosystem welcomes government intervention to facilitate HSBC purchase after the collapse of SVB left many UK startups unable to access their deposits Continue Reading

Technology minister Michelle Donelan defends data reforms

Secretary of state Michelle Donelan has defended the government’s new data reforms as providing certainty for businesses while simultaneously retaining high standards of data protection, but industry figures are having mixed reactions Continue Reading

UK government introduces revised data reform bill to Parliament

Designed in close collaboration with technology businesses, the UK government is re-introducing an updated version of its Data Protection and Digital Information Bill to Parliament, which civil society groups say upends key safeguards Continue Reading

How ForgeRock is tackling identity management

ForgeRock CEO Fran Rosch has set the identity and access management software supplier on a path to deliver a frictionless identity experience without compromising security or privacy Continue Reading

Nine in 10 enterprises fell victim to successful phishing in 2022

Egress annual email security risk report breaks down impacts of email-based phishing attacks and data loss, and the effect these can have on organisations in terms of staff retention and morale Continue Reading

Dutch hospitals underestimate impact of cyber attack

IT failures in acute care organisations in the Netherlands have increased considerably since 2010, affecting patient care and stressing the need to improve IT security in hospitals Continue Reading

What can security teams learn from a year of cyber warfare?

With the passing of the first anniversary of Russia’s invasion of Ukraine, we reflect on the ongoing cyber war, and ask what security leaders can learn from the past 12 months Continue Reading

Taking back control: Could a distributed model breed a better AI?

AI tools such as ChatGPT are trained on datasets scraped from the web, but you don’t have much say if your data is used. Technologist Bruce Schneier says it’s time to give control of AI training data back to the people Continue Reading

APAC IT leaders bullish on tech spending

Over half of respondents in this year’s IT Priorities study have bigger IT budgets as they continue to make strategic investments in cyber security, cloud and automation, among other areas Continue Reading

Podcast: 2023 compliance and storage outlook

Geopolitical instability casts its shadow as organisations must think about cyber attacks, data location and what to do if things change quickly. We talk to Mathieu Gorge, CEO of Vigitrust Continue Reading

White House unveils National Cybersecurity Strategy

The strategy will focus on ensuring closer collaboration on cyber security between government and industry, while giving software and other tech companies a bigger role in combatting threats due to their resources and expertise Continue Reading

UK and US Strategies for Public Private co-operation on Cyber

Given support from a critical mass of those employers who are serious about addressing their own skills needs, plus those of their supply chain and customer base, we should be able to use the LSIP ... Continue Reading

Flipper Zero explained: What to know about the viral hacker tool

The hacking tool blew up on TikTok. Unlike other TikTok trends, it is a powerful tool that can be used by serious pen testers and a learning device for new hackers. Continue Reading

AI interview: Michael Osborne, professor of machine learning

Artificial intelligence researcher speaks with Computer Weekly about the implications of a market-driven AI arms race and the overwhelming dominance of the private sector over the technology Continue Reading

Uber introduces dynamic pricing algorithm in London

The dynamic pricing algorithm will allow Uber to set variable pay and pricing levels, but drivers are concerned about how their personal data will be used and the impact the algorithm will have on their livelihoods Continue Reading

WH Smith staff data accessed in cyber attack

The retailer has said that customer data has not been affected by the incident as it is held in different systems, and that investigations into the attack are ongoing Continue Reading

Salt Labs identifies OAuth security flaw within Booking.com

Security flaw in Booking.com OAuth implementation could be used to launch account takeovers, but researchers discovered and flagged the issue before it could be exploited in the wild Continue Reading

Data breaches in Australia on the rise, says OAIC

Cyber security incidents were the cause of most data breaches, which rose by 26% in the second half of 2022, according to the Office of the Australian Information Commissioner Continue Reading

Security Think Tank: Training can no longer be a compliance exercise

Historically, security training has tended to take a compliance-based focus, a ‘tick-box’ exercise using generic, off-the-shelf courses. This needs to change, says Hayley Watson of Turnkey Consulting. Continue Reading

LastPass attack saw employee’s home computer hacked

The ongoing investigation into a series of linked security incidents at LastPass has found that the attacker was successfully able to compromise a developer’s home PC using a vulnerability in a media software package Continue Reading

Advanced digital resiliency can save organisations millions

Businesses that build out their digital resiliency are not only more secure, they also have more opportunities to innovate with IT Continue Reading

Scotland launches data strategy for health and social care

The five-year strategy aims to make it easier for people to access their own health and social care data, improve data flows between organisations, and transform the way data is used to enhance services Continue Reading

Cyber training in 2023 needs to drive measurable change

2023 will see more focus on security training programmes that not only provide employees with an understanding of the risks they face but more importantly drive measurable behavioural change, says PA Consulting’s Richard Allen Continue Reading

How Dell is future-proofing its business

Dell Technologies is building a more resilient supply chain, investing in growth areas like edge and multicloud, and responding to shifts in consumption models to position itself for long-term growth Continue Reading

Building an incident response framework for your enterprise

Understanding incident response framework standards and how to build the best framework for your organization is essential to prevent threats and mitigate cyber incidents. Continue Reading

How to create a CSIRT: 10 best practices

The time to organize and train a CSIRT is long before a security incident occurs. Certain steps should be followed to create an effective, cross-functional team. Continue Reading

Top incident response service providers, vendors and software

Get help deciding between using in-house incident response software or outsourcing to an incident response service provider, and review a list of leading vendor options. Continue Reading

UK police have ‘culture of retention’ around biometric data

A culture of retention around biometric data in UK policing is damaging public trust, says UK biometrics commissioner, who is calling for clear regulation to govern police use of biometric technologies Continue Reading

Royal Mail stands firm as LockBit leaks data and renews ransom demand

The LockBit ransomware gang has made good on its threat to leak data exfiltrated from Royal Mail’s systems, but the postal service is not entertaining the possibility of giving in Continue Reading

WithSecure proposes ‘undo’ button for ransomware

WithSecure’s Activity Monitor technology supposedly overcomes the shortcomings of sandbox test environments, and may be able to stop ransomware attacks from ever happening Continue Reading

ANZ CIOs flag priorities amid inflation concerns

CIOs in Australia and New Zealand are concerned about inflation and plan to adjust their technology priorities to optimise resources and combat cyber threats Continue Reading

How APAC organisations can harness the power of IoT

In a panel discussion moderated by Computer Weekly, industry experts from across Asia-Pacific discussed the use cases, challenges and future developments in the internet of things Continue Reading

Top incident response tools: How to choose and use them

The OODA loop can help organizations throughout the incident response process, giving insight into which tools are needed to detect and respond to security events. Continue Reading

UK forces lead live-fire cyber war exercise

The seven-day Defence Cyber Marvel 2 exercise put cyber responders from 11 countries through their paces Continue Reading

Researchers find new bug ‘class’ in Apple devices

A group of vulnerabilities in Apple products that stem from the ForcedEntry exploit used by spyware firm NSO constitutes a whole new class of bug, say researchers at Trellix Continue Reading

Dutch cyber security professionals experience stress akin to soldiers in war zone, claims expert

Cyber attacks are taking a heavy toll on Dutch IT professionals, with over a third reporting that their mental health suffers as a result Continue Reading

Half of cyber leaders to switch jobs by 2025, citing stress

A substantial number of cyber security leaders are plotting their great escape, saying the industry is leaving them too stressed to go on, according to a study Continue Reading

Institute for Government cautions government to draw right lessons from pandemic

The Institute for Government has published a policy document warning government not to draw wrong lessons from data sharing during pandemic Continue Reading

Innovation not infestation – digitising pest control

In this week’s Computer Weekly, we find out how Rentokil Initial is using the latest in digital innovation to improve the age-old task of pest control. The leading experts offer a 15-point plan to improve diversity and inclusion in IT. And with all the excitement around ChatGPT, we ask whether business is ready to use the AI chatbot. Read the issue now. Continue Reading

Royal Mail resumes full export service after cyber attack

Royal Mail resumes the last of its international services as it recovers from a ransomware attack, while the Post Office offers postmasters compensation for their lost business Continue Reading

Cyber security training: Insights for future professionals

Future cyber security professionals need soft skills as well as technical ones, says security educator Sudeep Subramanian Continue Reading

US government Strike Force aims to prevent adversaries from accessing disruptive tech

The US Strike Force law enforcement initiative will target rogue nation-states that pose a national security threat Continue Reading

Singapore organisations struggle to operationalise threat intelligence

Organisations in the city-state were satisfied with the quality of their threat intelligence, but they struggled to operationalise the information due to talent shortages and other challenges Continue Reading

Twitter 2FA changes bring more risks than benefits

Twitter’s approach to nudging users away from insecure SMS-based 2FA is being questioned over its logic Continue Reading

Why CIOs need to revisit desktop virtualisation

Cloud computing is the next revolution in infrastructure, but desktop IT is still very much on-premise Continue Reading

Accreditation key to enterprise security

We look at how industry-recognised certification enables security chiefs to improve the strength of their security team Continue Reading

Enterprise open source: A Computer Weekly Downtime Upload podcast

We speak to Spotify’s open source tech lead, Per Ploug, on supplier relationship management in open source Continue Reading

Mock crime prediction tool profiles MEPs as potential criminals

Developed by Fair Trials, the example crime prediction tool uses the same information as police systems to assess the likelihood of someone committing a crime in the future Continue Reading

Financial advisory firm Succession Wealth probes cyber attack

Aviva-owned wealth consultancy and financial advisory practice Succession Wealth was hit by an undisclosed security incident on 8 February Continue Reading

Security Think Tank: New trends and drivers in cyber security training

Self-paced, interactive, bite-sized learning is becoming the optimum path for cyber security training in the workplace, says John Tolbert of KuppingerCole Continue Reading

How to tame the identity sprawl

Organisations should find a comprehensive way to gain full visibility into their digital identities and leverage automation to tame the identify sprawl Continue Reading

Multi-purpose malwares can use more than 20 MITRE ATT&CK TTPs

Report warns of the development of increasingly sophisticated, multi-purpose malwares, and calls on defenders to play close attention to the MITRE ATT&CK framework to ward them off Continue Reading

What charities should know about ransomware and reputational threats

The NCSC recently called for charities to elevate their cyber security practice. Find out why charities are a soft target for cyber criminals, and what they can do to fight back Continue Reading

Microsoft fixes three zero-days in February update

February’s Patch Tuesday update contains fixes for three previously unpublicised zero-days in Microsoft Office, Windows Graphics Component and Windows Common Log File System Driver Continue Reading

Royal Mail refused to pay £66m LockBit ransom demand, logs reveal

Leaked chat logs reveal Royal Mail has supposedly refused to pay a £66m ransom demand from the LockBit ransomware gang Continue Reading

Vidar, nJRAT re-emerge as prominent malware threats in January

Trojans and infostealers once again dominate the list of most commonly observed threats, according to Check Point’s latest telemetry Continue Reading