Network security management

SolarWinds attack almost certainly work of Russian spooks

Investigations into the far-reaching SolarWinds Solorigate attack did not let up during the holidays Continue Reading

Security Think Tank: Cyber effectiveness, efficiency key in 2021

After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be selling like hot cakes? Continue Reading

Top 10 networking stories of 2020

Here are Computer Weekly’s top 10 networking stories of 2020 Continue Reading

Security Long Reads: Cyber insiders reveal what’s to come in 2021

In this long read, we gather together the thoughts of cyber security insiders from across the industry to get their take on what will happen in 2021 Continue Reading

Top 10 cyber crime stories of 2020

Here are Computer Weekly’s top 10 cyber crime stories of 2020 Continue Reading

How to manage non-human identities

Identity management has traditionally focused on human identities, but non-human identities are proliferating and must not be overlooked. Businesses can reduce risk by managing both types of identity in the same way using a services-based approach Continue Reading

Top 10 cyber security stories of 2020

Here are Computer Weekly’s 10 top cyber security stories of 2020 Continue Reading

SolarWinds cyber attack is ‘grave risk’ to global security

More victims of the SolarWinds Orion Sunburst cyber attack are being identified as the massive scale of the Russia-linked cyber espionage campaign becomes more clear Continue Reading

NHS Scotland taps Check Point to secure Covid-19 data

NHS National Services Scotland is working with security firm Check Point to safeguard its sensitive data in the cloud and support its work on the coronavirus Continue Reading

FireEye and partners release SolarWinds kill-switch

A so-called kill-switch for the dangerous SolarWinds Sunburst attack should allay some user fears, but is not a full fix for the issue Continue Reading

How security will be different after Covid-19

In this week’s Computer Weekly, the world of cyber security will probably never return to its pre-pandemic state – we look ahead. The combination of remote working and streaming video is putting extra strain on networks. And we look at how digital transformation is changing the way contact centres are run. Read the issue now. Continue Reading

The week in ransomware: Foxconn and Randstad are high-profile victims

Foxconn and Randstad are laid low by cyber criminals, while Sophos spills on Egregor, and prognosticators turn to their crystal balls to divine how ransomware will develop in the next 12 months Continue Reading

Disputed PostgreSQL bug exploited in cryptomining botnet

PGMiner cryptomining botnet remained unnoticed by exploiting a disputed CVE in PostgreSQL Continue Reading

Surge in Covid-19 vaccine phishing scams reported

Check Point and KnowBe4 share details of a growing number of phishing campaigns using the prospect of a Covid-19 vaccine as a lure Continue Reading

Security Think Tank: Integration between SIEM/SOAR is critical

SIEM and SOAR share much in common but there are key differences between the two that may influence the best fit for your organisation. What should security pros consider when making a choice? Continue Reading

Post-pandemic approaches to IAM for cloud security

Cloud technology may have saved businesses from catastrophe during the pandemic, but it has also introduced additional challenges around identity and access management. Here’s why IAM policies are crucial in the new normal Continue Reading

After critical year, Vodafone trains security sights on CNI market

Vodafone’s security head Steve Knibbs explains how he plans to bring the lessons of a transformative few years in cyber security to bear on new markets Continue Reading

Data on Pfizer/BioNTech Covid-19 vaccine stolen in cyber attack

The European Medicines Agency has launched a full investigation into an apparent security incident that has seen documents on the Pfizer/BioNTech Covid-19 vaccine stolen Continue Reading

Security Think Tank: SOAR to the next level with automation

SIEM and SOAR have much in common, but there are key differences between the two that may influence the best fit for your organisation. What should security pros consider when making a choice? Continue Reading

Amnesia:33 IoT flaws dangerous and patches unlikely, say experts

The disclosure of multiple flaws by Forescout has raised big questions for the developers of connected products, and for their users Continue Reading

Patch Tuesday: Microsoft presents just 58 CVEs for Christmas

The final Patch Tuesday of 2020 contains 58 fixes, a minnow compared to some recent drops, but many are still of high importance Continue Reading

There’s no going back to pre-pandemic security approaches

The cyber security world will probably never return to its pre-pandemic state, and different approaches to security will come to the fore in 2021 Continue Reading

Multiple D-Link routers found vulnerable to attack

Digital Defense discloses a remotely exploitable root command injection flaw in a number of D-Link wireless router devices Continue Reading

Russian state actors exploiting VMware bug to hijack data, users warned

Russian APT groups are actively exploiting a vulnerability in VMware products to access protected data, according to latest warnings Continue Reading

DDoS mitigation strategies needed to maintain availability during pandemic

The growing prevalence of DDoS attacks combined with the increased reliance on internet connectivity during the pandemic means enterprises can no longer afford to ignore the threat of DDoS attacks. Computer Weekly explores organisations’ perceptions of the risks and best practice for mitigation. Continue Reading

A trillion dollars lost to cyber crime every year

Data collated by McAfee and the Centre for Strategic and International Studies highlights the growing impact of cyber crime Continue Reading

Avast and Borsetta to support Intel’s AI security project

Security firm Avast and AI security specialist Borsetta have signed up to support an Intel-led artificial intelligence security research project Continue Reading

Covid-19 vaccine supply chain attacked by unknown nation state

An unknown nation state actor is attempting to disrupt the supply of coronavirus vaccines Continue Reading

SIEM or SOAR or both? Consider your business complexity first

SIEM and SOAR have much in common, but there are key differences between the two that may influence the best fit for your organisation. What should security pros consider when making a choice? Continue Reading

Security Think Tank: SIEM and SOAR are far from mutually exclusive

SIEM and SOAR have much in common, but there are key differences between the two that may influence the best fit for your organisation. What should security pros consider when making a choice? Continue Reading

Singapore government remains ‘juicy target’ for cyber attackers

The government is baking security into the design and implementation of its IT systems and looking to increase bug bounties to fend off cyber threats Continue Reading

DHL, Amazon and FedEx are most phished delivery services

DHL has emerged as the most imitated delivery brand in Europe, accounting for 77% of the total volume of phishing emails received in November 2020 Continue Reading

22,000 malicious .uk domains suspended in past year

Nominet has suspended just over 22,000 domains in the 12 months to 31 October 2020, continuing a downward trend, and with less impact from Covid-19 than might be expected Continue Reading

Security Think Tank: Alerts are great, it’s what you do with them that counts

SIEM and SOAR have much in common, but there are key differences between the two that may influence the best fit for your organisation. What should security pros consider when making a choice? Continue Reading

This Christmas, Covid-19 heightens retail security risks for everyone

Do you think it’s only retailers and consumers who need to consider cyber security when shopping online during the holidays? You’re dead wrong. This year, the Covid-19 pandemic and the shift to remote working has thrown a spanner in the works Continue Reading

Securing UK’s critical national infrastructure is a 2021 priority

Government outlines the UK’s strategic cyber security policies for the coming 12 months, with critical national infrastructure a clear priority Continue Reading

Belgian security researcher hacks Tesla with Raspberry Pi

Belgian security researcher Lennert Wouters once again succeeds in hacking a Tesla vehicle, this time by exploiting the Bluetooth Low Energy standard Continue Reading

Telcos could face huge fines under new security laws

Government boasts of unprecedented powers to boost the security standards of the UK’s critical national infrastructure Continue Reading

Manchester United praised for swift response to cyber attack

Manchester United’s systems were attacked last week, and the club has been praised for a swift and decisive response Continue Reading

CW APAC: Expert advice on zero-trust security

Zero trust is a security model that eliminates the traditional perimeter and assumes that no user or device can be trusted until proven otherwise. In this handbook, Computer Weekly looks at how enterprises can take a zero-trust approach to securing their network, devices and workforce. Continue Reading

2021 the year of commodity ransomware, says Sophos

Sophos researchers anticipate a trickle-down effect in the cyber criminal underground Continue Reading

Kaspersky shuts down data-processing activities in Russia

Cyber security provider’s data storage and processing activities for customers in Europe, the US and Canada, have now been fully relocated to Switzerland Continue Reading

Financial services data volumes heighten risk of insider breach

Financial services organisations hold so much data that it is becoming virtually impossible to safeguard properly against data breaches caused by malicious or careless employees Continue Reading

How to build an effective vulnerability management programme

As cyber criminals increasingly look to exploit vulnerabilities in software and hardware, businesses must build and implement an effective vulnerability management programme to counter this growing threat Continue Reading

How Standard Chartered approaches cyber security

Bank uses security-by-design principles and conducts red-teaming exercises among other measures to fend off cyber breaches Continue Reading

Hackney systems could be unavailable for months, says council

A month after a highly disruptive cyber attack on its systems, Hackney Council is still struggling to get back up and running Continue Reading

DDoS mitigation strategies needed to maintain availability during pandemic

The growing prevalence of DDoS attacks combined with the increased reliance on internet connectivity during the pandemic means enterprises can no longer afford to ignore the threat of DDoS attacks. Computer Weekly explores organisations’ perceptions of the risks and best practice for mitigation Continue Reading

Online kids’ game Animal Jam confirms large breach

Cyber criminals have stolen data on 46 million Animal Jam player accounts via a third-party attack Continue Reading

How do VPN vs. cloud services compare for remote work?

As remote work becomes increasingly normal, IT teams must decide which remote access technologies will benefit employees more. VPN and cloud services are two top choices. Continue Reading

Security pros coped admirably with remote working transition

Despite facing tight timescales at the onset of the pandemic, security professionals have come through the transition to remote working remarkably well, according to a report Continue Reading

EU aid funds used to train ‘unaccountable intelligence agencies’ in high-tech surveillance

Hundreds of documents obtained by campaign group Privacy International show how the EU is supporting surveillance programmes in the Balkans, the Middle East and Africa Continue Reading

IT Priorities 2020: After Covid-19, security goes back to basics

This year’s transition to remote working highlighted big gaps in the fundamentals of security, as updated TechTarget/Computer Weekly data reveals Continue Reading

Why securing the DNS layer is crucial to fight cyber crime

Domain name system security is often overlooked by organisations, but focusing on this layer could actually improve the effectiveness of cyber security strategies. We explore the latest DNS trends and best practice Continue Reading

Credential stuffing: When DDoS isn’t DDoS

Ten years ago, credential stuffing attacks posed a comparatively minor threat, but with an escalating number of data breaches, the threat posed has now increased. What are the solutions to this very human problem? Continue Reading

NHS warned over Ryuk spreading through Trickbot replacements

NHS Digital tells healthcare organisations to be mindful of a marked rise in usage of the Bazar and Buer loaders Continue Reading

Microsoft to support next generation of security startups

Tech giant lends its support to the NCSC Cyber Accelerator scheme, which is seeking its seventh cohort of startups Continue Reading

India and Japan report stronger concern over cyber threats

Security operations teams in the two Asian giants see the increased volume of cyber threats as their biggest challenge amid the Covid-19 pandemic Continue Reading

NHS weathers cyber crime storm during pandemic, says NCSC

The NCSC dealt with over 700 incidents in the 12 months to August 2020, with over 200 specifically related to Covid-19, and the NHS a critical area of focus Continue Reading

ICO slashes Marriott breach fine to £18.4m

Reduced fine reflects both improvements made to hotel group’s cyber security and impact of coronavirus on the travel and hospitality sector Continue Reading

Zero-trust investment seen accelerating through pandemic

New analyst report details some of the main indicators for success in zero-trust implementation Continue Reading

Trump supporters targeted by cryptocurrency scammers

The successful breach of Donald Trump’s official website shows up lax security on his campaign team and is yet another timely warning that nobody is immune to cyber crime Continue Reading

Barracuda eyes Indochina markets

Barracuda is looking to expand its local presence and headcount in fast-growing emerging markets of Vietnam, Cambodia and Laos Continue Reading

Zero-trust network policies should reflect varied threats

Role-based access systems create enormous pools of responsibility for administrators. Explore how to eliminate these insecure pools of trust with zero-trust network policies. Continue Reading

Zero-trust methodology's popularity a double-edged sword

The authors of 'Zero Trust Networks' discuss how the zero-trust methodology's popularity produces both vendor hype and renewed attention to critical areas of security weakness. Continue Reading

APAC CISOs warm up to zero trust

Security leaders in Asia-Pacific are adopting zero-trust security, but challenges stand in their way of reaping the full potential of the security model Continue Reading

SonicWall patches 11 firewall vulnerabilities

SonicWall users are advised to download updates that fix 11 CVEs in the SonicOS operating system, uncovered by Positive Technologies Continue Reading

Protecting remote workers an opportunity to do security better

Securing the fully remote workforce has been a challenge for IT teams, but it presents an opportunity to commit to a higher standard of cyber security, according to a Cisco report Continue Reading

Financial services staff want work-from-home policies to continue after Covid

About half of workers in the finance sector want their employers to retain remote working policies brought in during the pandemic Continue Reading

Why securing the DNS layer is crucial to fight cyber crime

Domain name system security is often overlooked by organisations, but focusing on this layer could actually improve the effectiveness of cyber security strategies. We explore the latest DNS trends and best practice Continue Reading

Security Think Tank: Essential tools to mitigate double extortion attacks

The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cyber crime heighten risk for the enterprise, and what steps can we take to safeguard the personal data we hold? Continue Reading

Podcast: Cybersecurity Awareness Month, Covid-19 and storage

We look at how organisations can use Cybersecurity Awareness Month as an opportunity to revisit their handling of data and compliance, especially with changes brought by Covid-19 and home working Continue Reading

Security Think Tank: Safeguarding PII in the current threat landscape

The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cybercrime heighten risk for the enterprise, and what steps can we take to safeguard the personal data we hold? Continue Reading

US Elections: Malicious internet domains spike as campaigns heat up

Internet domains related to the US presidential election are 56% more likely to be malicious than regular ones Continue Reading

Microsoft fixes 87 bugs in October 2020 Patch Tuesday

Smaller October Patch Tuesday update includes fixes for critical bugs in Windows 10 and Windows Server 2019 Continue Reading

Suppliers neglecting virtual appliance security, putting users at risk

Software suppliers are often distributing their products on virtual appliances that contain known vulnerabilities or are running outdated or unsupported operating systems, according to a report Continue Reading

Trickbot forced offline in major cyber security victory

Coalition led by Microsoft obtained a court order enabling them to take down the infamous Trickbot botnet’s back-end server infrastructure Continue Reading

Cyber security skills ad branded ‘crass’ by minister

Security skills campaign advert depicting a ballet dancer comes in for criticism as the arts sector struggles in the pandemic Continue Reading

Making sense of zero-trust security

Implementing zero-trust security is not an easy feat, but enterprises can still get it right if they approach it from a process perspective and get a handle on their infrastructure footprint Continue Reading

NCSC relaunches SME security guide with home working focus

The NCSC is issuing an updated version of its guide to security for SMEs, reflecting the long-lasting changes to the world of work seen in 2020 Continue Reading

5G regulation failures are a threat to UK’s national security

Defence Committee report on the security of 5G brands existing regulations outdated and unsatisfactory Continue Reading

CISOs struggle to keep up with MITRE ATT&CK framework

Despite its proven benefits for security, the MITRE ATT&CK framework is proving difficult for many, according to a joint study from McAfee and UC Berkeley Continue Reading

WikiLeaks led the way for newsrooms to use encryption to protect sources, says Italian journalist

Stefania Maurizi says in written evidence that Julian Assange pioneered the use of encryption by journalists to protect sources. Her work shows that the US put pressure on Italy to stop the extradition and prosecution of CIA officers responsible for the extrajudicial kidnapping and torture of an Egyptian cleric Continue Reading

Threat actors becoming vastly more sophisticated

Malicious actors have been busily honing their craft and cyber security incidents are up across the board as a result, according to a Microsoft report Continue Reading

Ryuk attack downs private health provider in major incident

Private healthcare provider UHS has been been hit by a major big game hunting cyber attack that infected its systems with the Ryuk ransomware Continue Reading

Sustrans opens door to NCSC cyber certification via the cloud

Sustainable transport charity turned to Qualys to help it attain needed certifications to bid for government work Continue Reading

TikTok ban stayed after last-minute court case

TikTok’s lawyers have staved off an imminent ban for the time being, after successfully arguing that it infringed rights guaranteed under the Constitution of the United States Continue Reading

Security now main driving force behind digital transformation

Organisations are urgently remodelling their core technology stack in the light of the Covid-19 pandemic, and this is pushing security to the top of the agenda Continue Reading

Covid-19 has changed how we think about cyber security forever

Six months into the global pandemic, the true impact on the future of cyber security is beginning to look clearer, says Microsoft’s Ann Johnson Continue Reading

Top five ways backup can protect against ransomware

Ransomware threatens to put your data beyond reach, so the best way to prepare is to have good-quality data you can restore from backup. We look at the key things to consider Continue Reading

Race to patch as Microsoft confirms Zerologon attacks in the wild

Don’t be the organisation that made the headlines because it failed to patch. Microsoft says it is seeing cyber attacks ramping up around the Zerologon CVE-2020-1472 bug Continue Reading

What's involved in VPN maintenance and management?

Before an organization's VPN is up and running, IT teams must address four important aspects of VPN maintenance and management to keep abreast of transforming security concerns. Continue Reading

Video gamers barraged with cyber attacks

From credential stuffing to SQL injection and DDoS, video game producers and players are seeing massive volumes of cyber attacks Continue Reading

US agencies warn of election disinformation and cyber attacks

Federal agencies are warning of heightened disinformation as the crucial 2020 presidential election nears Continue Reading

Saudi Arabia sees cyber security boom as coronavirus bites

Saudi Arabian CIOs have been forced to increase their security posture as the Covid-19 pandemic transforms working methods Continue Reading

Seven charged in connection with Chinese state-backed cyber attacks

Attacks by APT41, or Wicked Panda, targeted hundreds of organisations, including the UK government Continue Reading

Security Think Tank: Edge security in the world of Covid-19

That datacentre security is a complex subject is not in doubt and, given the trend to move beyond centralised datacentre to distributed environments, this is not going to change. How can security professionals ensure such setups are just as secure as the traditional centralised model? Continue Reading

NCSC steps up ransomware support for schools and universities

New alert and updated guidance comes after several academic institutions were targeted in ransomware attacks Continue Reading

Security Think Tank: Edge datacentre security depends on specific needs

That datacentre security is a complex subject is not in doubt and, given the trend to move beyond centralised datacentres to distributed environments, this is not going to change. How can security professionals ensure such setups are just as secure as the traditional centralised model? Continue Reading

Lorca security scaleups to get Splunk data expertise

Lorca inducts Splunk onto its co-marketing programme, giving security scaleups access to new data expertise Continue Reading

How data has helped in the fight against coronavirus

In this week’s Computer Weekly, we talk to the Office for National Statistics about the important role data plays in the battle against Covid-19. We also look at the speedy deployment of the Scottish contact-tracing app and report on a discussion about the UK government’s delayed response to its digital identity consultation. Read the issue now. Continue Reading