Privacy and data protection

Covid-19 left people feeling vulnerable to cyber crime

Around 15 million people in the UK experienced cybercrime in the past 12 months, with a cumulative 64 million hours wasted dealing with the fallout Continue Reading

EncroChat lawyers raise questions over use of PII secrecy orders on UK decryption capabilities

Lawyers claim that public interest immunity certificates may have been used to withhold information on UK intelligence agencies’ ability to decrypt encrypted communications Continue Reading

Vaccine passports and travel plans race up Covid threat charts

With lockdown restrictions easing in the UK, cyber criminals are tailoring their phishing lures to new areas of interest Continue Reading

What has a year of home working meant for the DPO?

Byron Shirley of The Compliance Space explores how the role of the data protection officer has changed in the past 12 months Continue Reading

Executive interview: Unleashing blockchain’s potential

Labrys founder and CEO Lachlan Feeney offers his observations about blockchain adoption in Australia, and what his firm is doing to help organisations unleash the full potential of the technology Continue Reading

Egypt, Italy and US most affected in Facebook leak

Researchers at VPN firm Surfshark have been analysing data on 533 million people leaked from Facebook Continue Reading

NCSC: Using your pet’s name as a password is very stupid

If your email password is still Rex, Rover or Mr Fluffles, it’s probably best to change it, the NCSC has said Continue Reading

Nation-state cyber attacks double in three years

Cyber attacks backed by nation states are becoming more frequent and varied, moving the world closer to a point of ‘advanced cyber-conflict’, according to a University of Surrey research project Continue Reading

Facebook ducks calls to apologise over huge data leak

Facebook gives its side of the story as data on millions of its users leaks, but is yet to apologise for security lapses that put half a billion people at risk of compromise Continue Reading

Facebook data leak could be outside scope of GDPR

Regulators may be unable to do much about leaked data on 533 million Facebook users, as it seems to have been stolen before GDPR came into force Continue Reading

EncroChat hearings delayed as lawyers seek disclosure on police hacking

Court hearings precipitated by police cracking the EncroChat secure mobile phone network have been delayed after defence lawyers request further disclosures on police decryption capabilities Continue Reading

NHS is apparently closing security skills gap

By the end of 2020, there were more than twice as many in-house security professionals at NHS trusts as there were two years before Continue Reading

Security Think Tank: Evolving threats, tech, leaves CNI exposed

In light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them? Continue Reading

Cyber Security Council to champion UK security pros

A new cyber security professional body has launched with the aim of developing and promoting UK cyber security excellence globally and growing the skills base Continue Reading

Nordics run information sharing on digital vaccination passports

Nordic countries advance plans for digital Covid-19 vaccination passports in a bid to kick-start their economies Continue Reading

Privacy campaigners hail legal victory over Hancock and Palantir

Civil liberties organisation OpenDemocracy says it has scored a legal victory over health secretary Matt Hancock regarding the involvement of Palantir in the NHS Covid-19 data store Continue Reading

Ransomware attack on London schools highlights warnings

Ransomware attack on Harris Federation comes just days after a fresh NCSC alert for the education sector Continue Reading

The Security Interviews: How to secure an F1 team in a pandemic

A multi-year digital transformation programme paid off for F1 team Williams Racing when the 2020 season was abruptly postponed thanks to Covid-19. Learn how the team’s CIO has been supporting remote working and protecting data Continue Reading

UK courts face evidence ‘black hole’ over police EncroChat mass hacking

French investigators have refused to disclose how they downloaded millions of messages from a supposedly secure cryptophone network used by organised criminals – leaving UK courts to grapple with a forensic ‘black hole’ of evidence Continue Reading

Ecolabels and data sanitisation key to recycling and reusing IT assets

Ecolabels on hardware and data sanitisation of devices are key to recycling and reusing old IT equipment respectively, helping enterprises avoid unnecessary asset destruction and contributing to increasingly high levels of electronic waste globally Continue Reading

CW Innovation Awards: SIA taps blockchain for loyalty app

Singapore Airlines, winner of the transportation category in this year’s CW Innovation Awards APAC, expands its blockchain-based digital wallet into a broader digital lifestyle platform Continue Reading

Surveillance expert ‘unfairly’ refused job at intelligence regulator after MI5 intervened

The Home Office unfairly refused Eric Kind, a specialist in criminal justice and UK surveillance law, clearance for a job at an intelligence watchdog after MI5 claimed he was “insufficiently deferential” Continue Reading

Backup appliances the hot topic for Pas-de-Calais fire brigade

With requirements for strict, long-duration backup and archiving, French fire brigade set out to replace optical media with a StorageCraft appliance and disaster-proof storage Continue Reading

Retailer FatFace pays $2m ransom to Conti cyber criminals

Retailer FatFace paid out a $2m ransom to restore its data following a January 2021 cyber attack by the Conti ransomware syndicate Continue Reading

Remote working burn-out a factor in security risk

After a year of working from the kitchen table, stress and burn-out are increasing, giving rise to more security risks – and Millennials seem to be particularly affected Continue Reading

Cyber security complacency puts UK at risk, says NCSC head

National Cyber Security Centre CEO Lindy Cameron, in her maiden speech in the role, warns of challenges ahead for the UK and sets out the future agenda for cyber Continue Reading

TUC warns of gaps in British law over use of AI at work

The TUC has published a report warning of AI-powered discrimination against working people enabled by gaps in existing British employment law Continue Reading

Facebook disrupts Chinese espionage operation

Social media giant’s in-house security team has tracked down and disrupted a long-running Chinese campaign targeting the Uighur Muslim minority Continue Reading

Apparent drop in cyber incidents highlights underlying problems

UK organisations report fewer cyber security incidents, but the headline data masks more serious issues, according to a report Continue Reading

Cyber criminals forging Covid-19 vaccine certificates

Vaccine passports and certificates are gaining mainstream traction, which means cyber criminals are also on the bandwagon Continue Reading

How to choose the right email security service for your organisation

With email security threats growing rapidly, businesses can quickly identify and block these by using a top email security service. Here’s how to select the right provider Continue Reading

Employees must be given the right to disconnect

As enterprises increasingly turn to workplace monitoring technologies and more of the workforce moves to remote or hybrid working, unions are campaigning for workers’ ‘right to disconnect’ and not engage in digitally enabled work after hours Continue Reading

Anti-money laundering technology must operate in a collaborative ecosystem

With new technologies making it easier for banks to spot money laundering activity, we look at why the problem persists at scale, finding that ecosystems and collaborative processes need to be built Continue Reading

NCSC beefs up support for education sector after spate of attacks

Refreshed guidance from the NCSC recommends a defence-in-depth strategy as schools and universities face a renewed wave of cyber attacks Continue Reading

Security Think Tank: Attacks on CNI – an evolving frontier in warfare

In the light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them? Continue Reading

$50m ransomware demand on Acer is highest ever

Record-breaking double-extortion cyber attack saw REvil gang exfiltrate financial data from Taiwan-based PC manufacturer Continue Reading

Unionised drivers call on Microsoft to suspend Uber’s Face API licences

Unionised private hire drivers in the UK are calling for Microsoft to suspend Uber’s licences to use its Face API technology after claims the ride-hailing firm’s ID-checking system has led to drivers losing their jobs and having licences revoked Continue Reading

Security Think Tank: Properly protecting CNI demands specificity

In the light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them? Continue Reading

Vaccine passports cannot put basic rights at risk, warns BCS

BCS warns of challenges to come as the government presses on with its plans for Covid-19 vaccine passports Continue Reading

Eastern Health reports ‘cyber incident’, takes systems offline

Australian healthcare provider Eastern Health takes IT systems offline as a precaution while it looks into a cyber incident Continue Reading

Average ransomware cost triples, says report

The average amount paid out by ransomware victims has grown almost threefold to more than $300,000 per incident, according to a report Continue Reading

Digital Green Certificate proposed for travel in Europe

Digital Green Certificates will supposedly help re-establish freedom of movement within the European Union Continue Reading

Security Think Tank: CNI operators must focus on core issues

In the light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them? Continue Reading

Cyber sector welcomes PM’s defence review

Security commentators approve of measures to improve the UK’s cyber resilience, strengthen its R&D and skills base, lead on the development of new technology and promote a free, open, peaceful and secure global internet Continue Reading

Uber and Ola ordered to hand over more data to drivers

A Dutch court has rejected Uber and Ola’s claims that drivers collectively taking action to access their data amounts to an abuse of their individual data access rights, laying the ground for drivers to form their own union-controlled data trust Continue Reading

MoD partners playing fast and loose with confidential data

Clear spike in data breach incidents at defence partners may reflect better reporting standards, claims MoD Continue Reading

Unusual DearCry ransomware uses ‘rare’ approach to encryption

Hybrid approach to encryption used by DearCry bears similarities to WannaCry Continue Reading

Government calls for input into Covid-19 vaccine passports

Evidence gathering exercise will inform the development of the UK’s proposed Covid-19 vaccine passport scheme Continue Reading

ST Engineering teams up with Google Cloud

Singapore’s ST Engineering and Google Cloud will explore offering secure cloud services for organisations in regulated industries Continue Reading

UK plans ‘full spectrum’ approach to national cyber security

PM Boris Johnson expands on proposed National Cyber Force and plans to set up a north of England Cyber Corridor Continue Reading

Microsoft Exchange ProxyLogon attacks spike 10 times in four days

Exploitations of the Microsoft Exchange ProxyLogon vulnerabilities have increased tenfold in just four days Continue Reading

EncroChat ruling has ‘far-reaching effects’ for legal role of interception in UK investigations

The computer forensic experts involved in the review of police use of data hacked from the ultra-secure EncroChat phone network assess the impact of the Appeal Court ruling on future legal use of intercept evidence   Continue Reading

Arrest warrants issued for Canadians behind Sky ECC cryptophone network used by organised crime

The US has issued arrest warrants for the CEO of Sky Global and a former distributor for racketeering, aiding and abetting the distribution of illegal drugs by supplying encrypted phones to criminals Continue Reading

NCSC issues emergency alert on Microsoft Exchange patch

UK’s national cyber agency calls on organisations affected by the ProxyLogon vulnerabilities to patch their Microsoft Exchange Servers immediately Continue Reading

Does email security need a human solution or a tech solution?

People spend a lot of time using email systems, but many do not realise that this makes them attractive targets for cyber criminals. With education and technology, businesses can tackle this problem head-on Continue Reading

DearCry ransomware targets vulnerable Exchange servers

As predicted, ransomware gangs have started to target vulnerable instances of Microsoft Exchange Server, making patching an even greater priority Continue Reading

CW Innovation Awards: Fighting fake Covid-19 vaccines with blockchain

A blockchain-based system developed by Singapore-based Zuellig Pharma can help governments and healthcare providers weed out fake vaccines and manage vaccine distribution and administration Continue Reading

Why the London Data Charter could be a foundation stone in the city’s recovery

London First’s director of connectivity and competitiveness, David Lutton, explains why data is at the core of the capital’s recovery plan Continue Reading

UK digital regulators set out plans to strengthen cooperation

Digital Regulation Cooperation Forum outlines plans for the coming year, marking a shift towards a more collaborative regulatory approach Continue Reading

Attack on surveillance cameras a warning over security, ethics

The attack on a video surveillance startup by a hacktivist group raises questions not just over cyber security, but the use and extent of surveillance technology Continue Reading

Norwegian government falls victim to Microsoft attacks

Norway’s parliament, the Storting, suffers second major cyber incident in a year as threat groups capitalise on vulnerable Microsoft Exchange Servers Continue Reading

Top five threats to compliance during the pandemic

We survey the top five pandemic compliance threats – remote working, Covid tracking, criminal exploits, compliance measures slipping, and heightened enforcement to come Continue Reading

CW Europe: Nordic tech startups create blueprint for post-Covid working environment

Business can learn lessons from Nordic tech startups to prepare employees to return to the office after Covid restrictions end. Also read why Netherlands police need a training ‘roadmap’ to get them up to speed to tackle cyber crime. Continue Reading

Grindr complaint results in €9.6m GDPR fine

 Continue Reading

Police crack world’s largest cryptophone network as criminals swap EncroChat for Sky ECC

Belgian and Dutch police have breached the encryption of users of Sky ECC, the world’s largest cryptophone network. There are significant parallels with the international police operation against the EncroChat cryptophone network which led to hundreds of arrests Continue Reading

Belgian police raid 200 premises in drug operation linked to breach of encrypted phone network

More than 1,600 police and law enforcement officials conduct drug raids after the compromise of an encrypted mobile phone network that has parallels with EncroChat Continue Reading

EBA restores services after Microsoft Exchange attack

European Banking Authority was breached through vulnerabilities in Microsoft Exchange Server, but is now back online Continue Reading

Williams F1 car launch disrupted by data leak

Williams Formula One team forced to pull augmented reality app it had planned to use to launch its 2021 car at the last minute after an apparent cyber attack Continue Reading

Mandiant: MS Exchange bugs first exploited in January

Analysis from technical teams at FireEye’s Mandiant tracked activity exploiting newly disclosed vulnerabilities in Microsoft Exchange Server more than a month ago Continue Reading

Nottinghamshire schools suspend online learning following cyber attack

Cyber attack on central trust that manages secondary schools in Nottinghamshire leaves them unable to access IT systems and deliver remote lessons Continue Reading

Dealing with the challenge of beg bounties

The rise of so-called beg bounties is becoming a challenge for security teams, and can be a drain on time and resources. But what is a beg bounty, and how does it differ from a bug bounty? Continue Reading

Singapore Airlines the latest victim of supply chain attack

A restricted set of data of over 580,000 frequent flyer members of Singapore Airlines was exposed in a supply chain attack against Sita’s passenger service system Continue Reading

Qualys caught up in Accellion FTA breach

Security services supplier confirms that some of its data was stolen via vulnerabilities in Accellion’s file transfer product Continue Reading

Emergency patch addresses MS Exchange Server zero-days

Microsoft releases an emergency patch to address multiple zero-day exploits directed at on-premise installations of Exchange Server Continue Reading

EU seeking pan-European Covid-19 passport solution

The European Union’s proposal could see the creation of a Covid-19 vaccine passport to enable travel across the EU Continue Reading

Digital secretary Dowden outlines UK post-Brexit data approach

The UK government is searching for a new information commissioner with an updated remit to use data to support growth and innovation, and plans on reaching new international data partnerships Continue Reading

GCHQ sets out rules of the road for AI in cyber

A paper produced by GCHQ shows how the intelligence agency can use artificial intelligence responsibly as a tool to protect the UK’s national security Continue Reading

Npower shuts off app after credential stuffing attack

Npower customers will have to log in to their accounts on its website after its app was withdrawn following a security breach Continue Reading

MHRA and other agencies to offer new resources for scam victims

New landing page resources will replace .uk domains suspended for criminal activity to help members of the public access appropriate guidance Continue Reading

Transport for NSW hit by Accellion breach

Australian state agency Transport for New South Wales is the latest victim of the supply chain attack against Accellion’s legacy file transfer system Continue Reading

Vaccine passports prove an ethical minefield

Privacy campaigners warn that vaccine passports may turn out to be discriminatory and invasive, while technologists agree careful consideration must be given to their design Continue Reading

Is Clubhouse safe, and should CISOs stop its use?

With more concerns being raised over the privacy and security of social media app Clubhouse, we consider whether security teams should consider restricting or stopping employees from using it Continue Reading

Bombardier is latest victim of Accellion supply chain attack

Canadian aviation company joins the growing list of Accellion breach victims Continue Reading

Warning on security risk from virtual events platforms

Vulnerabilities found in virtual events platforms could form part of a variant supply chain attack Continue Reading

CyberScotland offers centralised security resource hub

Newly launched partnership brings together security resources for individuals and organisations across Scotland Continue Reading

Microphones, smartphones, laptops among items stolen from BBC

A total of 105 devices have been stolen from the BBC in the past two years, some of which may have been spirited away by remote workers Continue Reading

Pandemic has exposed fractures in cyber fraud strategy

RUSI report urges a bolder and more coordinated response to cyber-enabled fraud as the pandemic lays bear the scale of the problem Continue Reading

European Commission proposes UK data adequacy agreement

The publication of two draft data adequacy decisions brings the UK closer to a final positive decision, which will enable the continued free flow of data between the EU and the UK if green-lit by member states Continue Reading

NCSC cyber defence scheme blocked thousands of scams in 2019

The NCSC has reported another productive year for its Active Cyber Defence programme Continue Reading

Biden will act on cyber security to fix SolarWinds mess

US will take action to modernise its defences in the wake of the SolarWinds attack, says US government cyber lead Anne Neuberger Continue Reading

Swedish police fined for unlawful use of facial-recognition app

Sweden’s data watchdog has found that Swedish police failed to conduct the data protection checks required by law before using controversial facial-recognition tool Continue Reading

City of Helsinki adopts MyData principles to improve digital services

Principles on the use of personal data for the benefit of society will guide Finnish capital’s ambitious digital plans Continue Reading

2020 a record year for cyber, thanks to Covid

The UK’s cyber industry now employs close to 50,000 people and contributes billions to the economy Continue Reading

Assessing UK law enforcement data adequacy

Data protection experts discuss the consequences of achieving data adequacy between the UK and EU for the UK’s intelligence services and criminal justice sector Continue Reading

North Korean Lazarus Group hackers indicted in US

Charges filed relate to Lazarus Group’s long-running cyber crime spree, including financial theft and extortion, WannaCry malware and the cyber attack on Sony Pictures Continue Reading

Vaccine passports highlight social impact of systems design

Vaccine or immunity passports are an opportunity to advance the design of trustworthy digital systems, but much more work still needs to be done Continue Reading

Egregor ransomware arrests confirmed

Authorities confirm that they have arrested an undisclosed number of cyber criminals associated with the Egregor ransomware Continue Reading

Law firm and cyber criminals clash over source of stolen data

Cyber attack victim Jones Day says its data was stolen in a supply chain attack, but the gang holding it to ransom disagrees Continue Reading

North Korea accused of Pfizer Covid vaccine cyber attack

South Korean intelligence pins a recent attack on Pfizer, targeting information on coronavirus vaccines, on its neighbour Continue Reading

Central government should promote data policy compliance, say civil servants

Most civil servants want the government to gain additional powers to promote data policy compliance to ensure better use of data, according to research Continue Reading