Privacy and data protection

Ex-NCSC boss Ciaran Martin joins cyber venture capital outfit

Outgoing NCSC CEO Ciaran Martin is to take up a new role guiding new investments in cyber security Continue Reading

Outgoing NCSC CEO: Ransomware threat kept us up at night

Former NCSC CEO Ciaran Martin sheds some light on some of the biggest cyber threats currently facing the UK Continue Reading

Congressman offered Julian Assange a ‘win-win’ deal that would help President Trump

Details have emerged of US congressman Dana Rohrabacher’s offer of a pardon to WikiLeaks founder Julian Assange in a ‘win-win deal that would benefit US President Donald Trump Continue Reading

US government deplatforms TikTok and WeChat

The Commerce Department of the US government has banned new downloads of TikTok and WeChat in the US, and announced new prohibitions on doing business with them Continue Reading

German authorities probe ransomware hospital death

Hackers failed to extort a ransom from University Hospital Düsseldorf, but indirectly caused the death of a patient Continue Reading

Rampant Kitten spent six years hacking Iranian dissidents

Details emerge of an ongoing campaign by Tehran-backed threat actors targeting dissidents and activists Continue Reading

Maze ransomware borrows Ragnar Locker tactics to sneak past defences

New research from the Sophos threat response team has found the Maze ransomware gang has adopted techniques pioneered by the cyber criminals behind Ragnar Locker Continue Reading

Top five ways to benefit from tape today

We look at the benefits that tape can bring, including in backup and recovery, long-term and ‘warm’ archiving, compliance and WORM use cases and ‘air gapping’ to protect data Continue Reading

Saudi Arabia sees cyber security boom as coronavirus bites

Saudi Arabian CIOs have been forced to increase their security posture as the Covid-19 pandemic transforms working methods Continue Reading

Seven charged in connection with Chinese state-backed cyber attacks

Attacks by APT41, or Wicked Panda, targeted hundreds of organisations, including the UK government Continue Reading

Security Think Tank: Edge security in the world of Covid-19

That datacentre security is a complex subject is not in doubt and, given the trend to move beyond centralised datacentre to distributed environments, this is not going to change. How can security professionals ensure such setups are just as secure as the traditional centralised model? Continue Reading

Assange revelations among most important in US history, says Daniel Ellsberg

Daniel Ellsberg, who leaked highly classified documents that changed the course of the Vietnam War in the 1970s, says WikiLeaks exposed a serious pattern of US war crimes Continue Reading

NCSC steps up ransomware support for schools and universities

New alert and updated guidance comes after several academic institutions were targeted in ransomware attacks Continue Reading

Julian Assange held back 15,000 documents to prevent harm to US government

Investigative journalist John Goetz said today that WikiLeaks held back publication of thousands of documents that could harm individuals Continue Reading

Retailers urged to get to grips with Magento as attacks spike

A huge spike in online retailers being hacked with Magecart credit card skimmers is being blamed on unsupported versions of Adobe Magento Continue Reading

Lorca security scaleups to get Splunk data expertise

Lorca inducts Splunk onto its co-marketing programme, giving security scaleups access to new data expertise Continue Reading

Singapore partners Apple on LumiHealth

Singapore’s Health Promotion Board has developed a programme with Apple to encourage healthy living following a similar partnership with Fitbit last year Continue Reading

Gartner Security Summit: Covid-19 brings agile security to the fore

The evolving threat landscape is the top driver impacting cyber security during the next three to five years, and Covid-19 has accelerated the trend towards more agile security deployments Continue Reading

Risky development practice leaves company access keys exposed

Database stores, cloud storage and myriad other services are being put at risk by the accidental exposure of company access keys during development Continue Reading

Security Think Tank: No secret sauce for edge security, just good practice

That datacentre security is a complex subject is not in doubt, and given the trend to move beyond centralised datacentres to distributed environments, this is not going to change. How can security professionals ensure such setups are just as secure as the traditional centralised model? Continue Reading

TikTok-Oracle partnership moves forward for consideration

Joint venture proposal could create thousands of jobs and secure TikTok’s future outside China Continue Reading

Data of every Welsh Covid-19 patient leaked online

Data on all 18,105 people in Wales who have received positive tests for the coronavirus was uploaded to a public-facing web server in error Continue Reading

MEPs denied access as observers to Julian Assange extradition hearing

MEPs and NGOs say they have been denied access to observe extradition proceedings against WikiLeaks founder in Central Criminal Court Continue Reading

Julian Assange faces solitary confinement if extradited, court hears

WikiLeaks founder Julian Assange will be held under special administrative measures if extradited to the US, said Eric Lewis, a US legal expert, effectively placing him in solitary confinement Continue Reading

Microsoft drops out of TikTok talks, paves way for Oracle partnership

Microsoft confirms it is dropping out of the running to acquire the US operations of TikTok, leaving the way clear for an imminent partnership deal with Oracle Continue Reading

Travel industry websites are laughably insecure, claims Which?

The travel industry is failing to take the data security of its customers seriously, according to a Which? investigation Continue Reading

Zoom adds two-factor authentication for all users

Latest enhancements to Zoom security make it easier for organisations to protect users and prevent breaches and unauthorised meeting access Continue Reading

Russian interference in US elections ramps up on schedule

With the critical US 2020 presidential election looming, Russian-state backed hackers are once again after organisations directly involved in political elections, launching thousands of targeted attacks Continue Reading

Cyber security is next frontier for open source

Open security will facilitate the interoperability and capabilities of cyber security tools while alleviating vendor lock-in for enterprises, says IBM Continue Reading

Lorca security scaleups hit funding milestone

£153m of investment has been raised by Lorca cohort companies in just two years, almost four times the original target Continue Reading

Assange prosecution would put journalists around the world at risk

Trevor Timm, co-founder of the Freedom of the Press Foundation, tells a court that if the US prosecutes WikiLeaks founder Julian Assange, every reporter who receives a secret document will be criminalised Continue Reading

US conspiracy charges against WikiLeaks founder Julian Assange ‘politically motivated’

US journalism historian and investigative journalist Mark Feldstein tells a UK court that use of the Espionage Act against Assange will have wide implications for the press Continue Reading

Julian Assange warned against interrupting witnesses in extradition hearing

On the second day of his extradition hearing at the Old Bailey, judge informs the WikiLeaks founder he could be removed and potentially banned from court for interrupting witnesses Continue Reading

NHS whistleblowers at risk due to poor IT policies

In this week’s Computer Weekly, our investigation into NHS practices shows how poor IT policies are putting whistleblowers at risk. Our buyer’s guide examines the networking implications of the surge in remote working. And we assess how well the public cloud giants responded to the demands of the coronavirus pandemic. Read the issue now. Continue Reading

Court rejects request to exclude ‘11th hour’ US evidence against WikiLeaks founder Julian Assange

Lawyers for Julian Assange say the US has introduced an 11th hour indictment against the WikiLeaks founder that provides additional grounds for his extradition Continue Reading

Government DPOs challenged by volume of GDPR work

Data protection officers working across the UK government are finding it tough to keep up with the increased workload generated by GDPR, according to a report Continue Reading

Why predictive threat intelligence is key

Threat intelligence startup Cyfirma is using virtual agents to gather intelligence on potential cyber attacks that are being coordinated in underground forums before they occur Continue Reading

Lockdown sees increase in girls applying for GCHQ cyber courses

The shift to online learning saw an increase in participants for its CyberFirst cyber security training programme, GCHQ found Continue Reading

Phishing scam targets Lloyds Bank customers

Bank customers warned of emails and SMS messages that direct them to a fraudulent site and then request account log-in details Continue Reading

Only 10% of tech talent have cyber skills to fill skills gap

The UK has a growing need for cyber skills as a result of the pandemic, but few IT professionals have the skills firms actually need Continue Reading

Northumbria University suffers major disruption after cyber attack

Some exams cancelled as university appoints external specialists to investigate incident Continue Reading

Benefit fraud: Underground trade in stolen identities revealed

A roaring underground trade in stolen identities is undermining the Universal Credit system and could potentially defraud it out of millions of pounds Continue Reading

DDoS downs New Zealand stock exchange for third day

Distributed denial of service attack from overseas has left stock exchange offline for days Continue Reading

Double extortion ransomware attacks and how to stop them

As ransomware attacks increase, hackers are diversifying their tactics to get victims to hand over larger sums of money. We investigate the rise of double extortion attacks Continue Reading

NHS whistleblowers’ anonymity at mercy of inadequate trust IT policies and processes

They were clapped in the streets for their bravery at the height of the Covid-19 pandemic, but some NHS staff who raise workplace concerns are suffering abuse as a result Continue Reading

TikTok CEO clocks off

TikTok CEO Kevin Mayer has resigned from the firm after just three months Continue Reading

Avaddon ransomware operators having a go at double extortion

The operators of the Avaddon ransomware seem to be tooling up to leak the data of their victims in addition to holding it to ransom, Cofense researchers confirm Continue Reading

What are the latest GDPR security breach enforcement trends?

A cyber breach specialist from Fieldfisher runs the rule over the latest trends in cyber security, data protection and GDPR Continue Reading

TikTok takes Trump to court

Under-fire video app TikTok files a formal complaint in the federal courts challenging the Trump administration’s attempt to ban it in the US Continue Reading

When algorithms don’t play fair

In this week’s Computer Weekly, we report on the auditing of algorithms to countervail bias. We examine what CISOs can learn from Covid-19. And in our buyer’s guide to modern software development, we assess how competent artificial intelligence is at building applications that deliver the best possible customer experience. Read the issue now. Continue Reading

Getting physical with datacentre security

Whether it is natural disasters, terrorism or break-ins, datacentres will be vulnerable to a range of risks unless they are physically secured. Here’s how you can improve the physical security of your datacentre Continue Reading

TikTok’s GDPR compliance probed amid accusations of data misuse

Dutch privacy organisation SOMI claims TikTok falls short in protecting young users, and that it is likely violating GDPR Continue Reading

MPs accuse ICO of failing to do its job on contact-tracing data

Cross-party group of MPs say the ICO has failed to enforce data protection standards or hold the government to account over the unlawful Test and Trace programme Continue Reading

Australian regulator sues RI Advice for cyber security lapses

The Australian Securities and Investments Commission is suing RI Advice for cyber security breaches at the financial firm’s authorised representatives Continue Reading

UKAS rejects ISO certification concerns

UK’s certification body says refreshed guidance is in place to cover the possibility of lapsed ISO certifications Continue Reading

Social media data leak highlights murky world of data scraping

A data brokerage left its database of 235 million Instagram, TikTok and YouTube profiles exposed to anybody who cared to access it Continue Reading

HMRC investigates over 10,000 Covid-19 phishing reports

HM Revenue & Customs received thousands of reports of coronavirus phishing scams exploiting its name during April, May and June Continue Reading

Coronavirus: Thousands of ISO certifications set to lapse

Delays and postponements in the auditing process are putting hard-earned security and data protection certifications at risk of lapsing Continue Reading

Marriott slapped with class action lawsuit over 2018 breach

Group action brings together millions of victims who stayed at the Starwood hotel chain over a four-year period Continue Reading

Carnival cruise lines hit by ransomware, customer data stolen

Cruise ship operator is likely to be the victim of a major data breach after customer information is apparently stolen in a ransomware attack Continue Reading

Reports Oracle to enter TikTok bidding war

Oracle may be about to make a bid to acquire the US operations of TikTok from its Chinese parent ByteDance, according to the FT Continue Reading

Comms startup Element helps support secure communications during pandemic

With the huge increase in remote working, Element is using an open, decentralised network to give organisations more control over their communications Continue Reading

ICO acknowledges GDPR concerns over A-level results scandal

Information Commissioner’s Office says it has engaged with exams regulator Ofqual after its use of an algorithm to calculate A-level grades backfired Continue Reading

US decision to file new charges against Julian Assange ‘astonishing and potentially abusive’

Lawyer for WikiLeaks founder slams US decision to serve a second indictment at the 11th hour alleging that Assange conspired with hackers, as a potential abuse of process Continue Reading

Oracle and Salesforce sued over online ad tracking

Class action lawsuits filed in Amsterdam and London will accuse Oracle and Salesforce of breaching GDPR in their processing and sharing of personal data to sell online advertising Continue Reading

Ed Sheeran is not promoting investment opportunities, says NCSC

The National Cyber Security Centre has issued a new warning after uncovering a series of online scams promoting fraudulent celebrity-endorsed investment opportunities Continue Reading

APAC consumers do not feel responsible for data security

Just one in four consumers believe they should protect their own data, underscoring the tightrope between security and convenience that organisations have been walking on Continue Reading

EU and US start discussions on ‘enhanced’ Privacy Shield data-sharing agreement

Talks begin on a successor to the Privacy Shield EU-US data-sharing agreement declared unlawful in July 2020 – a decision by the European Court of Justice that left thousands of businesses facing legal uncertainty Continue Reading

How Dharma ransomware became an effective services business

New research looks under the bonnet of a Dharma ransomware attack, with the ransomware's ease of use being particularly dangerous for small to medium-sized enterprises Continue Reading

Security training body Sans Institute hit by data breach

Around 28,000 items of personally identifiable data were lost in a phishing attack on Sans, proving that even the professionals can be caught out Continue Reading

Police use of facial recognition found ‘unlawful’ in court

In a landmark decision, the Court of Appeal has ruled that South Wales Police’s facial recognition deployments breached human rights and data protection laws Continue Reading

NHS hit by thousands of malicious emails at height of pandemic

The NHS received nearly 30,000 malicious emails at the height of the Covid-19 pandemic in March and April Continue Reading

Why data exports from the EU will be challenging without Privacy Shield

Organisations exporting data to the US under Privacy Shield or overseas generally, whether under standard contractual clauses or binding corporate rules, need to urgently review the legal basis of these transfers   Continue Reading

Coronavirus: Phishing lures pivot to exploit vaccine hopes

Phishing emails are increasingly luring in victims with subject lines relating to the development of a vaccine for Covid-19 Continue Reading

French data protection authorities to probe TikTok as suitors circle

France’s CNIL has confirmed a new investigation into TikTok’s data protection practices Continue Reading

Hospitality sector is failing on contact-tracing obligations

Cyber security experts urge the government to do more to help small hospitality businesses improve their contact-tracing data-handling practices Continue Reading

Retailer Monsoon allegedly exposing data via Pulse Connect server

A researcher has found a critically insecure Pulse Connect Secure VPN version belonging to UK retailer Monsoon Accessorize, but claims the firm is ignoring his disclosures Continue Reading

Virgin Media customers targeted in Twitter phish

Customers seeking help from the ISP are being targeted by a scam Twitter account Continue Reading

Data Standards Authority publishes guidance on government data sharing

The Data Standards Authority (DSA) wants government departments to use new open data standards when sharing data, with the aim of improving public services Continue Reading

TikTok to be banned in US in 45 days

Trump says his Executive Orders against Chinese mobile apps are in the interests of dealing with a national emergency Continue Reading

Don’t believe the hype: AI is no silver bullet

We want to believe AI will revolutionise cyber security, and we’re not necessarily wrong, but it’s time for a reality check Continue Reading

Australia updates cyber security strategy but offers little new

The nation’s latest cyber security strategy includes centralised management of networks and a voluntary code of practice for deploying internet-connected devices, among other areas Continue Reading

Qualcomm chip vulnerability puts millions of phones at risk

Qualcomm has patched multiple vulnerabilities in its chip hardware that left hundreds of millions of smartphones open to compromise by malicious actors Continue Reading

Canon said to be latest Maze ransomware victim

Canon may have had up to 10TB of its data exfiltrated by the Maze ransomware gang Continue Reading

GCHQ seeks researchers to tackle deep fakes and misinformation

A GCHQ research fellowship based at its Manchester office will explore various national security priorities such as deep fakes, fake news and the impact of AI Continue Reading

Netherlands investigates innovative privacy technology SSI

Dutch research organisation is looking into areas where self-sovereign identity technology could be used in society and business Continue Reading

The countdown is on for TikTok after Schrems II

Given the US’ threatened actions against TikTok and the outcome of Schrems II, it is clear that the spotlight is now firmly on international data transfers Continue Reading

Second wave of Covid-19 cyber attacks locked in

More cyber attacks exploiting the pandemic seem likely, says Interpol Continue Reading

Five signs you’re about to get hit with ransomware

A series of Sophos reports on the ransomware threat landscape shows how security professionals can sniff out a potential ransomware attack before it happens Continue Reading

Liam Fox hack raises questions over government security

The hack of a former cabinet minister’s emails casts doubt over the effectiveness of safeguards and security training processes at the highest levels of the British government Continue Reading

Post-Privacy Shield, what chance for a Brexit data adequacy deal?

The striking down of Privacy Shield has been hailed as a victory for digital rights and privacy campaign groups, but it will have consequences that go beyond transatlantic data transfers Continue Reading

The UK’s $500m space technology gamble

In this week’s Computer Weekly we ask why the UK government is spending $500m on a bankrupt satellite technology company. After a European court quashes the EU-US data sharing agreement, we examine the implications for a UK-EU data protection deal after Brexit. And how have small cloud suppliers coped in the pandemic? Read the issue now. Continue Reading

New foundation to bolster security of open source software

The Open Source Security Foundation will bring together key open source security initiatives across the industry to improve and support the security of open source software Continue Reading

Estonian police and border services need better IT to block criminals from becoming e-residents

Police and Border Guard Board of Estonia needs to improve its IT systems to stop criminals from becoming e-residents, says report Continue Reading

Microsoft offers way out of TikTok impasse

Microsoft offers to buy TikTok from its Chinese parent to ease security fears in the US Continue Reading

More data breaches from ransomware attacks in Australia

The number of data breaches caused by ransomware rose to 33 in the first half of 2020 from 13 in the previous six-month period, according to the latest report from the Office of the Australian Information Commissioner Continue Reading

ICO launches guidance on AI and data protection

The Information Commissioner’s Office (ICO) has published guidance aimed at rendering the application of machine learning to data compliant with data protection principles Continue Reading

Labour Party is latest victim of Blackbaud ransomware attack

Widening Blackbaud data breach ensnares the Labour Party as the cloud software firm continues to duck questions about its behaviour Continue Reading

US lawmakers grill big tech chiefs over market power

Sixth antitrust hearing sees CEOs of major technology companies face combative questioning from members of Congress over their market power and dominance Continue Reading

Twitter confirms it was hit by targeted spearphishing attack

Investigation into 15 July 2020 hack of a number of high-profile accounts by cryptocurrency scammers has found evidence of a targeted spearphishing incident Continue Reading