Privacy and data protection

EU sanctions China and Russia over cyber attacks

The EU is applying restrictive measure to six individuals and three entities accused of conducting disruptive cyber attacks in Europe, including the Russian GRU Continue Reading

Former UC Global staff confirm Embassy surveillance operation against Julian Assange

Spanish court investigates claims that security company illegally recorded meetings between Julian Assange, politicians, lawyers and celebrities at the Ecuadorian Embassy in London Continue Reading

List of Blackbaud breach victims tops 120

More than 120 education and third-sector organisations may have had their data compromised through the breach of Blackbaud’s cloud platform Continue Reading

Serious BootHole vulnerability puts millions of systems at risk

BootHole is a GRUB2 bootloader vulnerability and puts millions of PCs, servers and other devices at risk of compromise Continue Reading

Campaigners urge government to resist big tech lobbying pressure

Lobbyists for big tech, supported by senior US politicians, have rallied against stricter regulation of technology companies, and threatened the US-UK trade deal unless Britain scraps plans to levy a digital services tax Continue Reading

Schrems steps up pressure on Irish data protection commissioner on Facebook’s data sharing with US

Austrian lawyer is considering ‘other’ options if the Irish data protection commissioner does not make a decision by October on his seven-year-old complaint against Facebook Continue Reading

Cosmetics firm Avon faces new cyber security incident

Technical information relating to Avon’s web and mobile sites was inadvertently left exposed on an unsecured Microsoft Azure server Continue Reading

Taking back control of government data mustn’t leave the public in the dark

Boris Johnson has quietly transferred control over government data to Number 10, without explaining why. The public deserves more involvement in how their personal data is being used, says Labour Continue Reading

De Montfort, KCL, Newcastle universities join list of Blackbaud victims

Embattled cloud services provider now has big questions to answer over its handling of data belonging to UK universities and charities Continue Reading

Garmin may have paid hackers ransom, reports suggest

Garmin’s services are coming back online, but the company remains tight-lipped about what exactly happened to it Continue Reading

NCSC names national security expert Lindy Cameron as new CEO

New National Cyber Security Centre head joins from the Northern Ireland Office and has spent 20 years in government at home and abroad Continue Reading

Scotland’s security resilience centre concept goes national

Based on the success of the Scottish Business Resilience Centre, a series of regional Cyber Resilience Centres are now launching across the rest of the UK Continue Reading

NCSC inducts six security startups to Cyber Accelerator

10-week programme will guide some of the UK’s most innovative security startups as they scale their businesses for future growth Continue Reading

MI6 apologises after attempt to interfere with intelligence court

The UK Secret Intelligence Service, MI6, has apologised after attempting to persuade the secretary of Britain’s most secret court to withhold documents from senior judges in a case about crimes by undercover agents Continue Reading

Court adjourns hearing into Assange extradition as US delays serving new indictment

Westminster Magistrates Court suspends scheduled extradition hearing into WikiLeaks founder after it emerged the US had failed to serve a second superseding indictment against him Continue Reading

Australia issues new cloud computing guidelines

The new guidance, which comes after the expiry of the government’s cloud services certification programme, will help to bolster Australia’s cyber security resilience Continue Reading

Garmin outage prompts ransomware attack speculation

Details are thin on the ground following a major service outage at Garmin, prompting industry speculation that the firm has fallen victim to a ransomware attack Continue Reading

A question of trust: University and supplier on the hook for data breach

Data on students at the University of York was stolen in a ransomware attack on a supplier two months ago, and the response of both parties raises serious questions Continue Reading

How Schrems II will impact data sharing between the UK and the US

At the end of this year, the UK will no longer be subject to the EU’s treaties, opening the way for it and the US to finalise a new trade relationship. Could the UK leave EU data protection standards behind? Continue Reading

Post-Privacy Shield, what chance for a Brexit data adequacy deal?

The striking down of Privacy Shield has been hailed as a victory for digital rights and privacy campaign groups, but it will have consequences that go beyond transatlantic data transfers Continue Reading

NCSC reveals scale of cyber attacks on UK sports industry

The UK’s sports industry is under near constant cyber attack, according to new statistics from the National Cyber Security Centre Continue Reading

US charges Chinese nationals with Covid-19 research hacking

The two hackers allegedly worked with the Chinese Ministry of State Security, targeting intellectual property and confidential business information Continue Reading

Privacy Shield: Companies face new hurdles to legally transfer data to the US

Businesses will have to conduct legal assessments to ensure they can transfer data from the EU to the US and other countries, following a European Court of Justice ruling Continue Reading

Coronavirus: Government drags its feet on online misinformation

Online misinformation about Covid-19 continues to spread unchecked, according to a DCMS committee report which has accused the government of dragging its feet over online harms Continue Reading

Russia Report reveals long-running cyber warfare campaign against UK

Russia has been hacking the UK for years and the British government has also known about it for years, according to the Intelligence and Security Committee’s report Continue Reading

Avon calling: what happens when lockdown eliminates your business model?

In this week’s Computer Weekly, we talk to global beauty brand Avon, to find out how it coped with a huge lockdown dilemma – how to adapt its door-to-door sales model when its reps couldn’t leave home. Our latest buyer’s guide examines the use of artificial intelligence in IT security. And we analyse the government’s decision to strip Huawei from the UK’s 5G network. Read the issue now. Continue Reading

Australian industry panel calls for ‘clear consequences’ of cyber attacks

A government-appointed panel recommends strong deterrence and other measures to be implemented in Australia’s next cyber security strategy Continue Reading

ICO hails transformative year as average fine trebles

Information Commissioner’s Office annual report reflects on a busy period, during which it levied two of the largest fines so far seen under the GDPR Continue Reading

Test and Trace programme unlawful, admits government

The Department of Health and Social Care failed in its legal obligation to complete a mandatory Data Protection Impact Assessment Continue Reading

Twitter hack fallout: Investigators on trail of cyber criminals

Investigators are hunting the cyber criminals who broke into Twitter’s systems to hijack prominent accounts, amid concerns that more attacks may come Continue Reading

CW APAC: Trend Watch – security

It wasn’t that long ago when DevSecOps was little more than a mispronunciation of DevOps. Fast forward to today, the notion of embedding security into the development process is not only accepted, but increasingly championed. In this handbook, Computer Weekly looks at what organisations in the Asia-Pacific region are doing to secure their systems, from adopting a DevSecOps approach, to preparing for cyber attacks and ensuring the privacy of Covid-19 contact-tracing app users. Continue Reading

CW ANZ: Expert advice on security

Supply chain risks are invisible to many organisations, which means they are often not prioritised from an IT security perspective, partly because supply chain risk management is often seen as a procurement issue. In this handbook, Computer Weekly looks at how organisations in Australia and New Zealand can better protect themselves against supply chain attacks and other evolving cyber threats. Continue Reading

Russian state hackers attacking Covid-19 researchers

Kremlin-linked APT29 group, also known as Cozy Bear, is conducting a campaign against Covid-19 researchers around the world Continue Reading

Schrems v Facebook: European court strikes down EU-US Privacy Shield agreement

The European Court of Justice has struck down Privacy Shield, the EU-US data-sharing agreement, creating uncertainty for European countries that share data with the US and pressuring the US to reform surveillance laws Continue Reading

Cryptocurrency scammers attack Twitter in insider breach

Apparent insider breach at Twitter saw so-called “blue tick” accounts of business people, politicians and celebrities hijacked to promote a Bitcoin scam Continue Reading

Coronavirus shines spotlight on cyber security

Programme committee chair of this year's RSA Conference Asia-Pacific and Japan talks up the challenges that IT security professionals in APAC are facing to mitigate security risks amid the Covid-19 pandemic Continue Reading

Government proposes IoT security enforcement body

The government is today publishing new proposals concerning planned legislation that will protect users of smart IoT devices from cyber criminals Continue Reading

Video providers slammed by credential stuffing attacks

Attacks on the media sector are spiking as cyber criminals try to gain access to valuable consumer accounts Continue Reading

11 obscure questions, Facebook, Max Schrems and the European Court of Justice

Eleven obscure questions will be the first step towards explaining why we in the UK and Europe have experienced 13 years of what has been described as ‘mass and indiscriminate surveillance’ by the US Continue Reading

Singapore’s Project Ubin hits commercialisation milestone

A blockchain payments network prototype spearheaded by Singapore’s central bank and its partners could speed up and lower the cost of cross-border payments Continue Reading

European court to decide legality of EU-US data sharing in dispute between Schrems and Facebook

A ruling by the European Court of Justice will have ramifications for hundreds of thousands of companies that share data with the US. The case aims to balance US surveillance laws with the rights of EU citizens to keep their data private Continue Reading

Security Think Tank: AI in cyber needs complex cost/benefit analysis

AI and machine learning techniques are said to hold great promise in security, enabling organisations to operate a IT predictive security stance and automate reactive measures when needed. Is this perception accurate, or is the importance of automation being gravely overestimated? Continue Reading

‘Name-and-shame’ ransomware attacks increasing in prevalence

Since emerging at the tail-end of 2019, double extortion, or exfiltration and encryption, ransomware attacks have become highly popular, and now account for a significant number of incidents, according to Emsisoft research Continue Reading

Australian enterprises facing more cyber attacks

The volume of cyber attacks in Australia jumped from 90% in October 2019 and 81% in February 2019, underscoring the worsening threat landscape in the country Continue Reading

Security Think Tank: Ignore AI overheads at your peril

Artificial intelligence and machine learning techniques are said to hold great promise in security, enabling organisations to operate an IT predictive security stance and automate reactive measures when needed. Is this perception accurate, or is the importance of automation being gravely overestimated? Continue Reading

Zoom zero-day a reminder to stop using Windows 7

Researchers have disclosed a newly discovered zero-day vulnerability to videoconferencing service Zoom, which only affects users of Windows 7 systems Continue Reading

HSBC customers targeted in new smishing scam

SMS phishing scam is targeting HSBC customers in the UK to trick them into handing over their bank account details Continue Reading

NHS trust uses case management software to deliver time savings

To deal with inefficient and unreliable processes, East Suffolk and North Essex NHS Trust has implemented a case management system specifically designed for HR practitioners Continue Reading

Clearview AI faces ICO investigation over facial recognition

Controversial company that scraped data from the public internet to build its facial recognition algorithm faces a joint UK-Australian investigation into its practices Continue Reading

The pandemic has made UK government rethink its relationship with data

Data has been essential to fighting the coronavirus outbreak, and the forthcoming National Data Strategy promises to place data at the heart of the UK's economic recovery Continue Reading

Most finance firms are multicloud, but many are unprepared for public cloud cyber attacks

Financial services firms are moving to the cloud at pace, but many are uncertain whether they could cope with an attack on an application based in the public cloud Continue Reading

More Joker malware apps chucked off Google Play Store

Infamous Joker billing fraud malware continues to sneak past Google’s security controls Continue Reading

Pubs and restaurants failing on cyber fraud protection

Virtually all of the UK’s most popular restaurant and pub brands are failing to proactively block fraudulent emails from reaching their targets Continue Reading

Tencent Cloud teams up with ADBC on banking services

Singapore’s Asia Digital Bank Corporation could leverage Tencent Cloud’s financial cloud platform to provide banking services to small businesses Continue Reading

Political awareness needed to ethically handle migration data, panel claims

Understanding the political, social and economic relationships between different groups in society is needed to ensure location data is not used in ways that further endanger already vulnerable people on the move Continue Reading

Use of spyware apps linked to domestic abuse soars in lockdown

The rise in domestic violence during the pandemic has been linked to increase use of stalkerware apps by abusers Continue Reading

Cosmic Lynx cyber crime group takes BEC to new heights

Newly identified Russian threat group targets large organisations with increasingly dangerous business email compromise attacks Continue Reading

Over 15 billion credentials for sale on dark web

Research by Digital Shadows reveals the scale of the security threat facing consumers as it uncovers 15 billion usernames and passwords stolen in more than 100,000 different data breaches Continue Reading

Security funding soars despite Covid-19 slump, but problems lie ahead

The overall cyber security funding ecosystem in the UK is healthier than ever despite Covid-19, but the figures mask stark and concerning disparities in where the money is going Continue Reading

CCPA enforcement has begun: Here’s what to expect

The US’s California Consumer Privacy Act came into force in January this year, but enforcement against technology companies did not begin until this month Continue Reading

Security Think Tank: Balancing human oversight with AI autonomy

Artificial intelligence and machine learning techniques are said to hold great promise in security, enabling organisations to operate an IT predictive security stance and automate reactive measures when needed. Is this perception accurate, or is the importance of automation gravely overestimated? Continue Reading

MSP Xchanging attacked in ransomware incident

Specialist managed services provider is restoring customer access to systems after an unspecified ransomware incident Continue Reading

Australian government foreshadows ‘sovereign data’ classification

The Australian government will examine if certain government datasets should be declared sovereign and only be hosted in the country Continue Reading

GDPR at two: How far we’ve come, how far we still have to go

Marking two years of the General Data Protection Regulation, industry voices weigh in on the state of data protection and privacy, consider what has changed, and what still needs to change. Continue Reading

Pub ‘check-in’ apps provoke fresh privacy concerns

With pubs and restaurants required to collect customer data for contact tracing when they reopen, data privacy risks will be heightened. Continue Reading

The privacy challenges of easing lockdown

In this week’s Computer Weekly, as pubs in the UK re-open after lockdown, we examine the privacy issues around collecting customer data for contact tracing. We look at how interconnected devices are revolutionising the manufacturing and engineering sectors. And we assess GDPR progress two years after its introduction. Read the issue now. Continue Reading

Lorca scale-ups bring diverse security to the fore

London Office for Rapid Cybersecurity Advancement announces the cyber security scale-ups that will make up its fifth cohort Continue Reading

North Korea behind spate of Magecart attacks

The Magecart credit card skimmer found on the website of retailer Claire’s Accessories was likely put there by the Lazarus or Hidden Cobra North Korean APT group, reports Sansec Continue Reading

Chinese law may require companies to disclose cyber-security preparations outside China

Companies with Chinese operations may have to disclose information about the security of their networks in other countries under China’s draft data security law Continue Reading

Cops take out encrypted comms to disrupt organised crime

The UK’s National Crime Agency, alongside other law enforcement agencies in France and the Netherlands, have busted illicit arms and drugs rings after disabling an encrypted comms platform Continue Reading

Locked-down teens flock to NCSC CyberFirst training scheme

A record number of 14 to 17-year-olds have signed up to the National Cyber Security Centre’s CyberFirst summer school Continue Reading

Police secrecy over ‘IMSI-catcher’ mass surveillance of mobile phones

Following a tribunal ruling, constabularies in England and Wales can refuse to confirm or deny whether they use mass surveillance devices, known as IMSI-catchers to monitor people’s location, phone calls and text messages Continue Reading

Sodinokibi gang begins dark web celebrity data auctions

Group claims to be auctioning confidential legal data on pop stars Mariah Carey, Nicki Minaj and basketball player LeBron James Continue Reading

UK’s unsung cyber security heroes sought

Nominations have opened for the fifth annual Security Serious Unsung Heroes Awards Continue Reading

Zoom making progress on cyber security and privacy, says CEO

Three months after being hit by a spate of security incidents, Zoom’s CEO, Eric Yuan, has been discussing progress towards a more secure product Continue Reading

Remote workers more aware of security, but still flout the rules

Almost three-quarters of remote workers reckon they have gained in cyber security awareness during lockdown, but don’t seem to be especially bothered about keeping themselves safe Continue Reading

Black Lives Matter, but do bots know that?

The volume of content generated each day necessitates automated moderation to curate everything as it is published, ensuring offensive and objectionable material is blocked. But this only works if systems are adequately configured and reviewed Continue Reading

FakeSpy Android malware targets Royal Mail app users

The FakeSpy malware was first identified in October 2017 but is now significantly more powerful and dangerous Continue Reading

Unlocking value in the railway network’s data

In this week’s Computer Weekly, we find out how the rail industry is working to improve its use of data to deliver better services to passengers. Is flash the saviour of the storage universe? Our buyer’s guide assesses the choices for IT managers. And we examine the failure of the government’s Covid-19 contact-tracing app. Read the issue now. Continue Reading

Lawyers learn of fresh US allegations against WikiLeaks founder Julian Assange from press reports

The US has filed an updated indictment against Julian Assange alleging that he conspired with hacking groups to obtain information for WikiLeaks. Defence and prosecution lawyers learned about it from press reports Continue Reading

Evil Corp’s latest ransomware project spreading fast

A new ransomware strain dubbed WastedLocker is spreading rapidly and targeting major corporations Continue Reading

Out of date security laws leave UK plc at risk during pandemic

The CyberUp coalition has written to Boris Johnson to urge him to reform the UK’s 30 year-old cyber crime laws Continue Reading

Airports deploy thermal cameras to control Covid-19, science suggests it’s merely ‘safety theatre’

UK airports are rolling out thermal surveillance cameras to identify people who may have coronavirus, but science says the technology is ineffective at detecting and preventing the spread of the disease Continue Reading

Pub ‘check-in’ apps provoke fresh privacy concerns

With pubs and restaurants required to collect customer data for contact tracing when they reopen, data privacy risks will be heightened Continue Reading

CBI: Digital economy needs joined-up regulations and gigabit broadband

The coronavirus pandemic has shown the need for fast, reliable networking across the UK. The CBI is urging the government to do more Continue Reading

Veeam bullish on growth in APAC

Veeam’s top executive in Asia-Pacific expects the company’s growth momentum in the region to continue despite the Covid-19 pandemic, and is setting sights on growth areas such as container backups Continue Reading

NCSC catches a million phishes in its nets

The NCSC has racked up a million suspicious email reports from the public just two months after launching a reporting service, but the lucky sender won’t be receiving a grand prize Continue Reading

EU judges GDPR an overall success, but changes still needed

Two years after its implementation, an EU report says that the GDPR is achieving what it set out to do, with a few reservations Continue Reading

Political parties harvest personal data to create profiles on voters, most of it wrong

The UK’s three main political parties are collecting personal data on voters, but much of it is wrong and its use may fall foul of data protection laws Continue Reading

Brits will sell their personal data for pennies

Surprising findings from an Okta report on digital identity suggest Brits would be willing to part with valuable personal data for a surprisingly low amount Continue Reading

APT groups’ mobile momentum finally faces resistance

State-backed APT groups are increasingly targeting mobile devices as Covid-19 puts the spotlight on remote working infrastructure security. We explore how the industry is fighting back Continue Reading

Neurodiversity on the rise among career hackers

More diverse hackers enhance the ability of both traditional and cutting-edge cyber security solutions to find and fix vulnerabilities, according to a new report from Bugcrowd Continue Reading

Twitter contacts business users over data exposure

Issue relates to how web browsers cached confidential data entered in Twitter’s ads and analytics services, but is unlikely to have resulted in compromise Continue Reading

Concern over digital risk falls dramatically during pandemic

Brits are understandably more worried about the NHS than personal cyber security Continue Reading

APAC still hotbed for cyber attacks

Individuals and organisations in APAC are encountering malware more frequently than the rest of the world, study finds Continue Reading

Eurostar to roll out facial recognition for ‘passport-free’ travel to Europe

Facial recognition will make passports on the Eurotunnel an option rather than a necessity, but privacy campaigners have questioned whether gathering biometric data on passengers is necessary Continue Reading

Australian prime minister confirms country is suffering repeated nation-state cyber attacks

Concern over critical national infrastructure as cyber attackers repeatedly try to gain access to network of organisations operating in multiple sectors Continue Reading

AI bias and privacy issues require more than clever tech

The new AI Barometer report from the Centre for Data Ethics and Innovation has assessed the threats and opportunities of artificial intelligence in the UK Continue Reading

US pulls out of talks with Europe for global digital tax

Despite the US’s resistance to an international digital services tax, the UK and other European countries plan to continue pushing for a global solution to taxing technology giants Continue Reading

How Australian firms can plug data protection gaps

Australian organisations can address data protection challenges by creating roles such as a data governance lead, classifying data and improving employee awareness of cyber hygiene. Continue Reading