Privacy and data protection

‘Top’ ransomware gangs favour smaller businesses

Despite high-profile attacks on prominent organisations, the world’s most prolific ransomware operations tend to target smaller businesses Continue Reading

Poor digital experience a blocker for cyber resilience

Organisations that neglect the digital employee experience are not only vulnerable to employee attrition, but putting themselves at increased cyber risk, an Ivanti report finds Continue Reading

Parliament passes sweeping Online Safety Bill but tech companies still concerned over encryption

Ofcom will consult on standards to enforce new powers, but tech companies remain concerned about the impact of the bill’s ‘spy clause’, which could require them to scan encrypted messages Continue Reading

Organisations failing to proactively address insider cyber risk

Organisations are spending less than 10% of their annual security budgets on trying to solve one of the costliest problems in cyber: insider risk Continue Reading

Multi-agency pilot aims to help innovators navigate regulatory landscape

Regulators join forces in pilot scheme to help businesses deploy new technologies in a way that complies with cross-industry regulations Continue Reading

Braverman puts pressure on Meta to pause end-to-end encryption plans

The home secretary is calling on Meta to halt its plans to introduce encrypted messaging services on Facebook and Instagram until the company puts measures in place to detect abuse Continue Reading

New revelations from the Snowden archive surface

A decade after Snowden exposed NSA’s mass surveillance in cooperation with the British GCHQ, only about 1% of the documents have been published – but three major facts can finally be revealed thanks to a doctoral thesis in applied cryptography by Jacob Appelbaum Continue Reading

Okta confirms link to cyber attacks on Las Vegas casinos

Okta CISO David Bradbury confirms widespread speculation about the high-profile cyber attacks on two Las Vegas casino operators, revealing that the threat actors responsible had indeed abused its services as they earlier claimed Continue Reading

APAC guide to identity and access management

The rise of identity-based attacks is fuelling investments in identity and access management (IAM) tools. We examine the key capabilities of IAM, discuss implementation best practices, and explore the future of this technology Continue Reading

Unregulated DeFi services abused in latest pig butchering twist

Pig butchering scammers are taking advantage of the unregulated nature of DeFi crypto trading apps to siphon off even more money from their victims, according to the latest findings of an ongoing investigation Continue Reading

Security Think Tank: A user’s guide to encryption

The Security Think Tank assesses the state of encryption technology, exploring topics such as cryptographic techniques, data-masking, the legal ramifications of end-to-end encryption, and the impact of quantum Continue Reading

Government seeks industry views on cyber threat to UK CNI

The Science, Innovation and Technology Select Committee is seeking evidence from the cyber sector as it launches an inquiry into the resilience of the UK's critical national infrastructure Continue Reading

TikTok fined €345m under GDPR for failing to protect children’s privacy

Data protection regulators warn social media companies to take all necessary measures to protect children’s privacy Continue Reading

Las Vegas mainstay Caesars Palace likely paid off ransomware crew

Caesars Entertainment, owner of the lavish Roman Empire-themed Caesars Palace casino in Las Vegas, has revealed it also suffered a ransomware attack, and appears to have paid off its hackers Continue Reading

Manchester police data breach a classic supply chain incident

The developing data breach at Greater Manchester Police follows a cyber attack on the systems of a key supplier of ID services to the force Continue Reading

Data on over 3,000 Airbus suppliers leaked after breach

An emergent threat actor has leaked details of multiple sensitive Airbus suppliers after claiming to have accessed the firm’s systems having hacked customer Turkish Airlines Continue Reading

BlackCat on the hook for cyber attack that crippled Vegas casinos

The ALPHV/BlackCat ransomware operation claimed responsibility for an attack that forced MGM Resorts to shut down systems at some of Las Vegas’ most popular gambling venues Continue Reading

Google, Microsoft and Mozilla push browser updates to foil zero-day

A zero-day in Google’s Chrome browser was first reported by surveillance researchers at The Citizen Lab and Apple, but also affects other browsers Continue Reading

As vehicle safety regulations loom, carmakers fret over cyber risks

Global, UN-backed car safety and security regulations come into force next year, and automotive bosses say they are not only unprepared, but “swamped” by a tide of compliance and security risks Continue Reading

GCHQ breached privacy rights of IT professional and security researcher, human rights court rules

The European Court of Human Rights in Strasbourg finds UK intelligence services breached the privacy rights of two overseas nationals – an IT professional and a security researcher Continue Reading

GitHub fixes race condition that could have led to ‘repojacking’

A subtle flaw in how GitHub handled repository creation and user renaming could have had serious consequences for the open source community, but has now been fixed. Learn more about how it worked Continue Reading

BianLian ransomware gang holds Save the Children hostage

The dangerous and prolific BianLian ransomware gang claims to have stolen almost 7TB of data from NGO Save the Children, but thankfully the charity’s vital work on the ground appears to be unaffected Continue Reading

US casino giant MGM Resorts battles 36-hour outage after cyber attack

Multiple systems at US hotel and casino operator MGM went down in the wake of the incident on 10 September, crippling several of Las Vegas’ most prominent casinos Continue Reading

Podcast: ‘Data first’ a key principle of digital transformation

Chris Gorton of Syniti says organisations should put data first during digital transformation projects, and that means getting data quality, access rights and governance right Continue Reading

IT experts issue more warnings over Online Safety Bill proposals to weaken encryption

BCS, The Chartered Institute for IT, argues the government is seeking a technical fix to terrorism and child abuse without fully understanding the risks and implications. Continue Reading

The dangers of breaking encryption

In this week’s Computer Weekly, we detail the concerns of the BCS and other IT experts about the UK’s Online Safety Bill’s proposals to weaken end-to-end message encryption. Our buyer’s guide continues to look at the issues around integrating software-as-a-service applications, with a particular eye to the proliferation of SaaS during the Covid pandemic. Red Hat’s CEO Matt Hicks retails the company’s efforts to support generative AI. And we discover how immersive technologies can shape a brave new world of training and design. Read the issue now. Continue Reading

Polish election questioned after Pegasus spyware used to smear opposition, investigation finds

Senate committee alerts prosecutors over potential crimes by public officials involved in purchasing Pegasus spyware used to monitor and smear political opponents Continue Reading

How Culture Amp is tapping generative AI

Australia’s Culture Amp is building a generative AI capability that summarises employee survey responses, automating a process that typically takes HR admins up to hundreds of hours to complete Continue Reading

Apple patches Blastpass exploit abused by spyware makers

Apple has patched two vulnerabilities that formed an exploit chain which has been allegedly abused by spyware company NSO Continue Reading

Deputy PM urges UK plc not to lose focus on cyber

In a speech at TechUK, deputy prime minister Oliver Dowden urges the cyber security community not to lose focus, and to do more to further collaboration across sectors Continue Reading

North Koreans using new zero-day to target security researchers

A threat actor linked to the North Korean government is continuing a long-running campaign targeting legitimate security researchers, using an as-yet undisclosed zero-day vulnerability to gain access to their victims Continue Reading

UK minister fails to reassure tech companies over encryption risk

Technology companies say reassurances by government ministers that they have no intention of weakening end-to-end encrypted communication services do not go far enough Continue Reading

Honeywell goes quantum to protect utilities from future threats

Honeywell and quantum computing specialist Quantinuum will integrate quantum-hardened encryption keys into future smart meters Continue Reading

UK and US slap fresh sanctions on Conti ransomware crew

London and Washington DC have imposed sanctions on 11 more members of the cyber criminal gang behind the Conti ransomware attacks Continue Reading

CW EMEA: The value of valuing people

In this month’s CW EMEA ezine, we look at HR software and strategies that can help combat staff attrition, find out how Finland’s and Sweden’s plans to join NATO have initiated activity in the Nordic cyber security sector already, consider the data privacy challenges associated with generative AI, and find out why it is important for companies to implement new cryptography standards now in preparation for quantum-safe communication. Read the issue now. Continue Reading

Meet the professional BEC op that targeted Microsoft 365 users for years

The so-called W3LL cyber crime operation ran a phishing empire that has played a large role in compromising Microsoft 365 accounts for years. Its activities are now coming to light thanks to Group-IB researchers Continue Reading

Researchers find flaw in Mend.io security platform

WithSecure’s research team uncovered an authentication flaw in an application security platform developed by Mend.io, which has now been fixed Continue Reading

Law firm Fieldfisher launches data breach management tool

UK and European data breach law specialist Fieldfisher has enlisted legal tech specialist Lawcadia to supply a 24-hour data breach notification assessment platform Continue Reading

NCSC names ex-NCC man as new CTO

New NCSC CTO Ollie Whitehouse joins from NCC Group, having also worked at BlackBerry and Symantec Continue Reading

Plymouth Uni spearheads research into wind farm cyber resilience

Project hosted at the University of Plymouth in Devon aims to develop cyber security measures to protect the UK’s increasingly important offshore wind farm assets Continue Reading

LockBit ransomware gang allegedly leaks MoD data after hit on supplier

The UK government appears to have become entangled in a LockBit ransomware attack after data was leaked from a third-party supplier online Continue Reading

Police Scotland five-year digital strategy approved

Police Scotland’s new strategy outlines how the force will approach and invest in its digital transformation over the next five years, but notes its ability to achieve its ambitions is subject to the availability of funding Continue Reading

IT experts issue new warnings over Online Safety Bill plans to weaken end-to-end encryption

BCS, The Chartered Institute for IT, argues the government is seeking a technical fix to terrorism and child abuse without understanding the risks and implications Continue Reading

The quantum threat: Implications for the Internet of Things

The Security Think Tank assesses the state of encryption technology, exploring topics such as cryptographic techniques, data-masking, the legal ramifications of end-to-end encryption, and the impact of quantum Continue Reading

Sandworm attacks Ukraine with Infamous Chisel malware

The UK and its allies have attributed a novel malware campaign against Ukrainian state targets to the Russian intelligence-backed Sandworm APT Continue Reading

Ducktail social media marketing malware rears its head again

Use of the Ducktail infostealer, which first popped up in 2022 targeting Meta Business accounts, seems to be increasing Continue Reading

Home Office and MoD seeking new facial-recognition tech

The UK’s Defence and Security Accelerator is running a ‘market exploration’ exercise on behalf of the Home Office to identify new facial-recognition capabilities for security and policing bodies in the UK Continue Reading

Cyber world hails downfall of Qakbot trojan

A multinational law enforcement hacking operation disrupted the botnet infrastructure used to distribute the Qakbot trojan at the weekend, in a major setback for the cyber criminal underworld Continue Reading

NCSC warns over possible AI prompt injection attacks

The UK’s NCSC says it sees alarming potential for so-called prompt injection attacks driven by the large language models that power AI chatbots Continue Reading

Google bets on AI-backed cyber controls for Workspace users

Zero-trust and digital sovereignty controls are the focus of a series of enhancements being made for Google Workspace users Continue Reading

St Helens Council in Merseyside hit by ransomware attack

St Helens Borough Council is investigating a suspected ransomware incident targeting its systems, and is advising residents to be on the alert for follow-on phishing attacks Continue Reading

Singapore to bolster OT security capabilities

Cyber Security Agency of Singapore teams up with Dragos and the US Cybersecurity and Infrastructure Security Agency to bolster the country’s OT security capabilities Continue Reading

Researchers demo fake airplane mode exploit that tricks iPhone users

Exploit chain that tricks a victim into believing their iOS device is offline in airplane mode when it is not could open the door to grave privacy concerns Continue Reading

CyberArk eyes growth beyond PAM

CyberArk is seeing exponential growth in the broader identity security market as the company expands its capabilities beyond privileged access management Continue Reading

AI is the most hyped technology of 2023

Gartner's 2023 hype cycle puts generative AI at the peak of inflated expectations in its latest analysis of emerging tech trends Continue Reading

Norfolk and Suffolk police hit by FoI-linked data breach

Latest UK police data breach relates to crime suspects, victims and witnesses across East Anglia, and comes just days after a similar incident at the Northern Irish service Continue Reading

Online safety message failing to get through to women

The security community could be doing a lot more to make its advice and guidance more accessible to women, according to a study Continue Reading

NatWest offers compensation to customer affected by data breach exposed by whistleblower

NatWest bank has offered compensation to a former customer affected by a data breach alongside around 1,600 other former and current customers Continue Reading

A non-conventional career journey into IT security

GCSEs and A-levels are not the only route to higher education. We speak to an IT security expert who left school with no formal qualifications Continue Reading

PSNI investigating second breach after laptop stolen

Just hours after accidentally disclosing the personal details of 10,000 personnel, the Police Service of Northern Ireland has notified a second data breach after a police issue laptop and documents were stolen from a parked car Continue Reading

Northern Irish police expose staff data in botched FoI response

Human error is being blamed for the leak of personally identifiable information on all serving officers and civilian staff at the Police Service of Northern Ireland Continue Reading

MPs warn about growing prevalence of tech-enabled domestic abuse

The UK government must take action to prevent perpetrators from being able to use connected or smart technologies to conduct their domestic abuse, a select committee has warned Continue Reading

UK voter data hacked in cyber attack on election watchdog

An unknown threat actor who attacked the UK’s Electoral Commission had access to data on millions of UK voters for over a year, the watchdog has revealed Continue Reading

Black Basta, Hive and Royal ransomware gangs may share real-world connection

At Black Hat USA, Sophos X-Ops researchers share data revealing potential connections between three active ransomware crews Continue Reading

Workplace monitoring needs worker consent, says select committee

Employers looking to monitor their employees through connected devices should only to so with the consent of those affected due to negative impacts such surveillance can have on work intensification and mental health Continue Reading

Many UK organisations considering ChatGPT bans on employee devices

More than 60% of organisations in the UK have either banned, or are considering banning, the use of generative AI tools on employee- or business-owned devices Continue Reading

Rise in fraudsters spoofing the websites of leading UK banks

Despite safeguards to protect customers from scams, UK retail banks are still seeing high volumes of fake phishing websites exploiting their brands, and the problem seems to be increasing in scope and scale Continue Reading

Scottish NHS trust ducks fine after staff shared patient data via WhatsApp

NHS Lanarkshire has been issued a formal reprimand by the ICO after staff members used WhatsApp to share patients’ personal data with one another Continue Reading

Cozy Bear hijacks SME Microsoft 365 tenants in latest campaign

Microsoft shares intelligence on a newly observed Cozy Bear campaign that saw the APT take over genuine Microsoft 365 tenants and subvert them to try to phish its victims Continue Reading

Pig butchers caught using ChatGPT to con victims

Romance scammers looking to con people out of their savings appear to be turning to generative AI tools to save time and effort Continue Reading

Vigilance advised if using AI to make cyber decisions

The AI arms race is heating up, and the battle lines are being redrawn. Still, organisations should proceed cautiously and remain vigilant in scrutinising AI’s ability to ensure accurate, safe, and informed decision-making. Continue Reading

Singtel adds Zscaler SSE to managed security services portfolio

Singtel teams up with Zscaler to offer a managed security service edge service as it looks to ramp up its enterprise business Continue Reading

Lancaster Uni lends cyber support to nuclear decommissioning body

Lancaster University’s cyber team has joined with the Nuclear Decommissioning Authority to help support and protect its 300-year mission, while enhancing its own capabilities in the process Continue Reading

Does AI have a future in cyber security? Yes, but only if it works with humans

Do AI and ML hold the promise of helping cyber pros achieving the holy grail of operating quicker, cheaper, and with higher efficiency? We shouldn’t hold our breath, says Nominet’s Paul Lewis Continue Reading

How Indian organisations are keeping pace with cyber security

Indian organisations are shoring up their defences to improve their cyber resilience amid intensifying cyber threats targeted at key sectors such as healthcare and logistics Continue Reading

US cyber breach reporting rules to have global impact

Organisations that operate as Foreign Private Issuers in the US will have to get to grips with strict new cyber breach reporting regulations handed down by the SEC in Washington Continue Reading

Meta results show impact of data fines and datacentre upgrade strategy

The owner of Facebook is battling with regulators over transferring EU data to the US. It is also seeing less improvements on CPUs Continue Reading

Ant Group teams with NTU to advance privacy-preserving technologies

The Chinese fintech giant is partnering with Singapore’s Nanyang Technological University on a cryptographic protocol that ensures the privacy of transacting parties Continue Reading

NATO countries must coordinate their cyber forces to combat the Russian threat  

The top item on the agenda at the Vilnius NATO Summit this month was the revamping the alliance’s defences. Continue Reading

How do companies protect customer data?

Companies can protect customer data through various technical tools and strategies, like authentication and encryption. But some types of data need more protection than others. Continue Reading

Tetra radio users’ comms may have been exposed for years

A number of flaws in the encryption algorithms used in the secure Tetra radio communications standard have potentially left users exposed to snooping Continue Reading

Getting comfortable with data

In this week’s Computer Weekly, we talk to ‘Data Bob’ – the head of IT at furniture retailer DFS – about building trust in data. The vulnerabilities in MOVEit software continue to attract new victims – we assess the impact of the widespread breaches. And we find out how online investigators are trawling social media to gather evidence of war crimes. Read the issue now. Continue Reading

Tribunal investigates complaint that journalists’ phones were unlawfully monitored

The Investigatory Powers Tribunal has agreed to investigate complaints by Northern Ireland investigative journalists Trevor Birney and Barry McCaffrey that they were unlawfully placed under surveillance Continue Reading

Why cyber security should be part of your ESG strategy

The impact of data breaches and cyber threats on businesses, societies and the environment makes cyber security a key consideration in an environment, social and governance strategy Continue Reading

Future Cyber Threats: The four ‘horsemen of the apocalypse’

How to deal with emerging security threats from deep fake humans to the end of secure encryption  Continue Reading

The problem with ‘secure’ messaging

Secure instant messaging is becoming a norm for business communications but it raises three important security and compliance questions   Continue Reading

What the Product Security and Telecommunications Infrastructure Act means for UK industry

For years, many network-connected devices have lacked adequate security, putting their users and others at risk of cyber attacks. The UK’s Product Security and Telecommunication Act aims to prevent this by mandating minimum security requirements, but what impact will this have on industry? Continue Reading

Government boosts protection for encryption in Online Safety Bill but civil society groups concerned

House of Lords adopts amendment to require Ofcom to commission a report before requiring technology companies to scan encrypted messages, but drops proposals for judicial oversight Continue Reading

Online Safety Bill screening measures amount to ‘prior restraint’

The Open Rights Group is calling on Parliament to reform the Online Safety Bill, on the basis that its content-screening measures would amount to “prior restraint” on freedom of expression Continue Reading

How the DSMA balances security and privacy with press freedom

In a world of information sharing and 24-hour news cycles, the Defence and Security Media Advisory committee have to balance national security and data privacy with freedom of the press Continue Reading

At the gates – How to survive the era of cyber insecurity

Businesses face more legal risks, a mine field of regulation, and individual liability for failures. Getting the basis right is more important than ever. Continue Reading

How to fit customer experience security into your strategy

Most organizations overlook security in their CX strategies. However, with collaboration, personalization, CIAM controls and more, organizations can offer a secure and positive CX. Continue Reading

We have lift off… The opportunities and risks of generative AI

How you can use AI to benefit your business while navigating the risks Continue Reading

Cyber criminal AI tool WormGPT produces ‘unsettling’ results

A newly discovered generative AI tool dubbed WormGPT is being sold to the cyber criminal underground via the dark web, and poses a significant danger, researchers warn Continue Reading

Prepare for quantum to fundamentally change PKI effectiveness

Encryption has always been a fundamental aspect of Public Key Infrastructure but the rise of quantum computing poses a significant threat to this. Thales' John Cullen says post-quantum cryptography may hold the key to safeguarding the future. Continue Reading

The essential role of PETs in unlocking the trillion dollar SaaS market

Ahead of the Eyes-Off Data Summit in Dublin, Jack Fitzsimons of Oblivious AI explains why so-called Privacy Enhancing Technologies or PETs may hold the key to unlocking the full potential of SaaS in the enterprise Continue Reading

Police Scotland use cloud for biometric data despite clear risks

Police Scotland confirms it has stored significant volumes of biometric data on a cloud-based digital evidence sharing system despite major ongoing data protection concerns, bringing into question the effectiveness of the current regulatory approach and the overall legality of using hyperscale public cloud technologies in a policing context Continue Reading

MPs launch inquiry into government use of data

The Public Administration and Constitutional Affairs Committee is to investigate the possibility of reforming the way government collects and analyses data, and whether the UK census could be scrapped Continue Reading

CW EMEA: Can we trust AI?

Artificial intelligence and the opportunities and dangers it introduces into society has been a hotly debated subject in tech circles for many years, but today with the increased use of platforms such as ChatGPT, these debates include a wider section of the public. The fact that schoolchildren are even asking ChatGPT for help with their homework brings home the importance of these debates and the responses to them by national policy-makers. Continue Reading

Spanish lawyers claim police hacking of EncroChat cryptophones breaches human rights law

 Continue Reading