Privacy and data protection

UAE bolsters cyber security

The United Arab Emirates has successfully improved its security posture amid mounting cyber threats Continue Reading

CW APAC: Trend Watch: Cyber security

Protection from malicious actors has become a critical consideration for organisations in recent years. In this handbook, focused on cyber security in the Asia-Pacific region, Computer Weekly looks at how to minimise edge security risks, India’s rise in cyber security revenues, Check Point’s sales force and partner ecosystem processes, and Trellix’s decision to democratise XDR access Continue Reading

One-third of scams that hit TSB are impersonation fraud

TSB reports an increase in fraudsters impersonating trusted organisations to trick consumers into making payments to them Continue Reading

Home secretary Priti Patel to decide whether to extradite Assange

Home secretary will decide in four weeks whether to approve Julian Assange’s extradition to the US, where he faces espionage and hacking charges Continue Reading

NSO Group faces court action after Pegasus spyware used against targets in UK

Three human rights activists whose phones were targeted by spyware traced to Saudi Arabia and the United Arab Emirates have begun legal action against both countries and Israel’s NSO Group Technologies Continue Reading

Hammers sign Acronis as backup and security in one

West Ham United set to replace separate backup from Veeam and a variety of security products with Acronis Cyber Protect to have backup, data protection and file share on a single platform Continue Reading

Kyndryl kindles cyber incident recovery pact with Dell

IBM spin-out Kyndryl hops into bed with Dell Technologies in a joint cyber resilience proposition Continue Reading

Government agrees bulk surveillance powers fail to protect journalists and sources

Campaign group Liberty to launch legal appeal that will call for journalists to receive stronger legal protections from state surveillance Continue Reading

Multiple arrests made in RaidForums takedown

A Portuguese national and a 21-year-old man from Croydon are among a number of individuals arrested ahead of the closure of RaidForums by police Continue Reading

AI researcher says police tech suppliers are hostile to transparency

Expert witness in Lords police tech inquiry welcomes committee’s findings but questions whether its recommendations on how to end the ‘Wild West’ of police artificial intelligence and algorithmic technologies in the UK would be implemented Continue Reading

EncroChat: France says ‘defence secrecy’ in police surveillance operations is constitutional

Constitutional court finds that invoking ‘defence secrecy’ to withhold information about the state hacking of EncroChat cryptophones is constitutional. Defence lawyers now head for the supreme court Continue Reading

Ukrainian cyber criminal gets five years in jail

A US court has sentenced Denys Iarmak, who worked as a penetration tester for the FIN7 cyber crime group, to a five-year prison sentence Continue Reading

MPs and editors sound alarm over threat to Freedom of Information

Government secrecy and trend for departments to block Freedom of Information requests pose a long-term risk to accountability Continue Reading

Hydra takedown merely shifts cyber criminal problem elsewhere

The seizure of the Hydra dark web marketplace is a positive development in the fight against cyber crime, but will only be a temporary setback for determined criminals Continue Reading

Secrecy over police EncroChat hacking is unconstitutional, defence lawyers tell top French court

France’s constitutional court, the Conseil Constitutionnel, has heard arguments that the use of ‘defence secrecy’ to withhold information about police surveillance operations breaches the French constitution Continue Reading

Discount retailer The Works hit by cyber attack

A small number of The Works’ bricks-and-mortar stores were forced to close amid a cyber attack of an undisclosed nature Continue Reading

Triple-threat Borat malware no joke for victims

Unlike its namesake, the newly discovered Borat malware won’t raise a smile for IT security pros Continue Reading

US offers concessions on surveillance and privacy as EU and US agree successor to Privacy Shield

 Continue Reading

Two teenagers charged with Lapsus$ cyber attacks

City of London Police have charged two teenagers in connection with the Lapsus$ cyber crime spree Continue Reading

TechUK calls on government to seize post-Brexit data opportunities

Ahead of the government’s reply to its late 2021 consultation about proposed post-Brexit reforms to the data protection regime, TechUK has published a paper declaring six data governance principles Continue Reading

Bank fraud prevention scheme blocked £60m in fraud last year

Scheme to catch fraudsters, including online scammers, before they commit their crimes has reported a significant increase in crimes prevented Continue Reading

Lapsus$ cyber crime spree continues despite arrests

The arrests of seven people in connection with the Lapsus$ cyber crime group has not dented the gang’s enthusiasm for causing chaos Continue Reading

Overhaul of UK police tech needed to prevent abuse

Lords inquiry finds UK police are deploying artificial intelligence and algorithmic technologies without a thorough examination of their efficacy or outcomes, and are essentially ‘making it up as they go along’ Continue Reading

Singapore rolls out cyber security certification scheme

Two new cyber security marks are expected to provide an edge for Singapore businesses with good cyber security practices Continue Reading

IT professionals wary of government campaign to limit end-to-end encryption

Members of the Chartered Institute of IT, the professional body for technology professionals in the UK, warn against limiting end-to-end encryption Continue Reading

US offers concessions on surveillance and privacy as EU and US agree successor to Privacy Shield

EU and US agree data privacy framework allowing trans-Atlantic data transfers after US offers concessions on surveillance and new rights of redress for EU citizens Continue Reading

Ransomware demands and payments increase with use of leak sites

Ransomware demands and payments continue to climb as gangs increasingly turn to Dark Web leak sites to add pressure on victims Continue Reading

Hiring and retention challenges in cyber security persist

Latest ISACA report shows that enterprises are struggling to find and retain cyber security talent Continue Reading

Private equity house spins SSE company out of McAfee Enterprise

The launch of Skyhigh Security completes division of McAfee Enterprise into separate businesses by Symphony Technology Group, which acquired the long-standing cyber security firm for $4bn in March 2021 Continue Reading

NHS urgent care provider uses ID and access management to reduce complexity for clinicians

Provider of care through NHS 111 is using a cloud-based identity and access management system to remove the need for clinicians to remember multiple passwords Continue Reading

Biden issues warning about Russian cyber attacks

President Biden has said that US companies running critical infrastructure should immediately harden their defences in anticipation of potential cyber attacks from Russia Continue Reading

One year on from IR35 reforms – why IT skills are harder to find

In this week’s Computer Weekly, a year after IR35 tax reforms were introduced, we assess the impact on the UK’s IT talent pool – and it’s not looking good. We examine the rise of industry clouds, and how they are changing the market. And we find out how London councils plan to work together on data and innovation. Read the issue now. Continue Reading

Siloed data holding back coordinated health responses

Digital health experts discuss the role of data in coordinating the NHS’s pandemic response and how managing privacy and governance issues are key to further success Continue Reading

How 2022’s most significant data privacy trends affect your organisation

Data privacy and protection are now core responsibilities for most, but as we all know by now, compliance is a moving target. Here, expert Alan Calder looks ahead at what to expect in the coming months Continue Reading

UK Cyber Strategy a welcome injection of progress

The National Cyber Strategy should be seen as a welcome injection of both focus and investment in bettering cyber defence for everyone, says Turnkey Consulting senior consultant Louise Barber Continue Reading

Dark web littered with Ukraine crypto scammers

Cryptocurrency scammers are actively targeting people trying to donate funds to support Ukraine Continue Reading

Ukrainian cyber defences prove resilient

Thanks to a combination of prior experience and global support, Ukraine’s defences against cyber incidents are holding strong in the face of Russian attacks Continue Reading

National Cyber Strategy will enhance UK’s cyber power status

The UK punches above its weight when it comes to wielding cyber power around the world, but challenges to this status are clear. The National Cyber Strategy has a clear role to play in maintaining and enhancing this status, writes Paddy Francis of Airbus Cybersecurity Continue Reading

NCSC catches 10 million phishes

Nation Cyber Security Centre’s scam email reporting service enjoys great success as government embarks on new cyber awareness campaign Continue Reading

Kaspersky CEO: Ukraine war must end through diplomacy

Eugene Kaspersky speaks out on the war in Ukraine, and rebuffs Germany’s BSI, branding its warnings over his company’s trustworthiness as insulting Continue Reading

Online Safety Bill introduced in Parliament

The government has introduced its long-awaited Online Safety Bill in Parliament, alongside new criminal offences and sanctions for tech company execs Continue Reading

Alarm raised over ‘trickster’ LokiLocker ransomware

The new LokiLocker ransomware is, like its namesake, adept at tricks and misdirection, say BlackBerry researchers Continue Reading

Two men convicted after using EncroChat cryptophones to plot killing

Evidence from the encrypted phone network EncroChat led to the conviction of two men for conspiracy to murder Continue Reading

German authorities warn on Kaspersky but stop short of ban

Germany authorities warn Kaspersky users to consider alternatives to the firm’s flagship antivirus software, citing national security concerns and the war on Ukraine Continue Reading

Kubernetes vulnerability underscores repeated security warnings

The disclosure of a new vulnerability in an important container runtime engine that underpins Kubernetes has drawn fresh warnings to pay attention to securing Kubernetes environments Continue Reading

Meta fined €17m over EU data breaches

The Irish Data Protection Commissioner has fined Meta after finding it in breach of GDPR rules Continue Reading

Achieving agility, collaboration and data control in the cloud

Organisations have historically had to make a trade-off between the proven benefits of the cloud and maintaining full control of their data, but with the right strategy it is possible to have both Continue Reading

Supreme Court refuses Julian Assange extradition appeal

The case will be referred to the home secretary Priti Patel to make a decision. The WikiLeaks founder has yet to say whether he will file further appeals Continue Reading

Encryption myths versus realities of Online Safety Bill

The UK government can’t legislate the impossible – a safer society depends on encryption, not breaking it Continue Reading

Police EncroChat cryptophone hacking implant did not work properly and frequently failed

Surveillance operation against EncroChat encrypted phone network had repeated technical failures Continue Reading

Paid-for advertising measures included in Online Safety Bill

New measures to deal with fraudulent paid-for advertising have been included in the government’s draft Online Safety Bill, marking the fourth extension in two months Continue Reading

Scrapping NHS Digital a backward step for patient data rights

Former NHS Digital chair Kingsley Manning has spoken out over proposals to fold NHS Digital into NHS England, saying that more oversight is needed to safeguard patient data in light of recent events Continue Reading

Universities need better protection from email-based cyber attacks

The need to educate university staff and students on avoiding email-based cyber attacks is more acute than ever, says Proofpoint’s Adenike Cosgrove Continue Reading

Direct action is a risky business for Ukraine's volunteer hackers

Hackers have been responding to Ukraine’s call to create an IT army, but there are many reasons why taking direct action in a kinetic conflict is a bad idea Continue Reading

Use of encrypted Telegram platform soars in Ukraine, Russia

Encrypted messaging service Telegram is proving a valuable asset to both sides in Russia’s war on Ukraine Continue Reading

BBC blasted with millions of malicious emails

Responding to an FoI request, the BBC has revealed it receives more than 300,000 malicious email attacks every day Continue Reading

DCMS opens consultation on telecoms cyber standards

Proposed rules will set out the specific measures telecoms providers need to take to fulfil their legal duties under the Telecommunications Security Act Continue Reading

Ukraine cyber attacks seen spiking, but no destructive cyber war yet

While cyber attacks linked to Russia’s war on Ukraine are taking place, they are having little impact beyond the region Continue Reading

Irish data watchdog calls for ‘objective metrics’ for big tech regulation

Helen Dixon, Ireland’s data protection commissioner, says EU regulators must agree on metrics to measure the effectiveness of data protection regulation Continue Reading

Define RPO and RTO tiers for storage and data protection strategy

We look at RPO and RTO in defining data protection and disaster recovery strategies and how to specify tiers that reflect the importance of different systems in your organisation Continue Reading

The UK’s cyber security sector is thriving, but our work has only just begun

The government’s Annual Cyber Sector Report painted a positive picture of the UK security industry. CIISec’s Amanda Finch thinks we can go further in developing cyber talent and opening up the sector Continue Reading

KnowBe4 cyber drama tackles Colonial Pipeline in fourth season

KnowBe4’s ongoing cyber security training drama, The Inside Man, reaches its fourth season with a plot drawing inspiration from one of the most impactful cyber attacks of 2021 Continue Reading

New wave of cyber attacks on Ukraine preceded Russian invasion

A wave of DDoS attacks, and a second data wiper attack, were seen hitting Ukraine in the hours leading up to the Russian invasion Continue Reading

New cyber guidelines to safeguard construction sector

NCSC launches sector-specific security guidance for organisations in the construction industry, with input from the Chartered Institute of Building Continue Reading

Paid-for advertising still not covered in Online Safety Bill

Consumer group Which? calls again for government to include measures against scam paid-for advertising in the Online Safety Bill Continue Reading

Backups ‘no longer effective’ for stopping ransomware attacks

Traditional methods of mitigating ransomware are less efficacious thanks to the rise in double and triple extortion techniques Continue Reading

No imminent cyber threat to UK from Russia

Intelligence officials say they have no evidence or indication that Russian cyber attackers are preparing offensive assaults on infrastructure or organisations in Britain Continue Reading

Attempted burglary exposes risk of NatWest customer data in former worker’s home

Former Royal Bank of Scotland employee offers bank a compromise in her dispute over the return of confidential customer information Continue Reading

Tech acquisition to be major priority for UK police

Policing minister cites technology as major focus for future of UK police, in comments made ahead of the publication of the Strategic Review of Policing in England and Wales Continue Reading

Security Think Tank: Good training is all about context

In-house or outsourced? What makes a good security training programme, and what questions should buyers ask when procuring training as a service? Continue Reading

Zoom gains NCSC Cyber Essentials Plus and NHS security badges

Video platform Zoom has added a number of UK-specific cyber certifications to help it demonstrate its platform is safeguarded against common threats Continue Reading

Lawyers say ‘unprecedented’ secrecy deprived EncroChat defendants of fair trials

Lawyers from seven countries say it is impossible for their clients to challenge the accuracy, authenticity, reliability and legality of the evidence against them Continue Reading

It takes a village: Protecting kids online is everyone’s responsibility

The rapid uptake of smartphones among children has contributed to the increasing number of cases of cyber bullying and online grooming. Is this an educational issue or a cultural problem, and can modern enterprise help? Continue Reading

Red Cross cyber attack the work of nation-state actors

The International Committee of the Red Cross now believes the January 2022 attack on its systems to have been the work of an undisclosed nation state Continue Reading

2021 another record year for UK cyber investment

Total revenue generated by the UK’s cyber sector was up 14% last year, and UK-registered security firms raised over £1bn in investment Continue Reading

DDoS attacks hit Ukrainian defence ministry and banks

A further wave of cyber attacks has taken place against targets in Ukraine amid heightened tension in the region Continue Reading

BlackCat ransomware gang claims responsibility for Swissport attack

Ransomware gang is trying to offload 1.6TB of data stolen from aviation services firm Continue Reading

Retrospect Backup refines anomaly detection in ransomware battle

StorCentric backup software brand allows customer fine-tuning of anomaly detection in struggle against ransomware, and adds immutable copies via object locking in Azure Continue Reading

Botched third-party configuration exposes Internet Society data to web

Personal data on members of The Internet Society was exposed after a supplier failed to secure its Azure storage Continue Reading

Parasol data breach: Frustrated IT contractors dig into the dark web in search of their data

The emergence on the dark web of passports, payslips and other personal documents belonging to contractors affected by the cyber attack and subsequent data breach at Parasol is prompting group actions and forcing some IT contractors to find out for themselves if their data has been compromised Continue Reading

CMA secures final Privacy Sandbox guarantees from Google

The CMA has secured a final set of Privacy Sandbox commitments from Google relating to the proposed removal of third-party cookies from its Chrome browser Continue Reading

Lack of knowledge disastrous for effective security strategy within Dutch companies

Most Dutch companies still haven’t realised that security is an integral part of their IT and company strategy Continue Reading

How diplomatic immunity silenced the prosecutor who coordinated Sweden’s EncroChat probe

Defence lawyers claim Swedish court decision not to hear evidence from a Swedish prosecutor leaves important legal questions unanswered over international police operation to hack EncroChat cryptophone network Continue Reading

Phishing tests are a useful exercise, but don’t overdo it

The vast majority of cyber attacks start with a phish, so it’s not surprising that phishing tests form part of cyber training plans. But sometimes these tests go too far. Cyberis’ Gemma Moore looks at how to avoid the pitfalls Continue Reading

CW Benelux: Unesco members adopt AI ethics recommendation

Unesco member state have adopted an AI ethics recommendation that seeks to define a common set of values and principles to guide the development of ethical AI globally. Also read about a large-scale national cyber exercise in the Netherlands, and the Estonian government’s Siri-like digital assistant. Continue Reading

Minister defends digital economy legislation before Lords

A digital minister has said that the UK’s forthcoming digital markets legislation is ‘superior’ to similar efforts in the EU, but could not commit to a specific time frame for when it will be introduced to Parliament Continue Reading

Ransomware ever more sophisticated and impactful, warns NCSC

UK’s National Cyber Security Centre teams up with US and Australian partners in a joint advisory warning organisations of the increasing sophistication exhibited by criminal ransomware gangs Continue Reading

How Dutch hackers are working to make the internet safe

We hear how the personal mission of a Dutch hacker grew into a serious organisation with international ambitions Continue Reading

The Security Interviews: Building the UK’s future cyber ecosystem

As the government lays out the next iteration of its Cyber Security Strategy, we speak to Plexal and Lorca’s Saj Huq about his work building a cyber ecosystem to support the UK’s future ambitions Continue Reading

Parasol data breach: Contractors rage as fallout from umbrella cyber attack continues

Contractors working for the Parasol umbrella company are querying why it has taken so long for news of the firm's data breach, which is linked to a cyber attack on its systems five weeks ago, to come to light Continue Reading

Porn sites will be legally required to verify users’ ages

Porn sites could be legally obliged to verify that their users are 18 or over under proposed online safety rules, in UK government’s second attempt to prevent children from accessing pornography online Continue Reading

Right to disconnect and less monitoring key to better remote work

The World Health Organisation and International Labour Organisation warn against invasive workplace surveillance and promote right to disconnect in joint briefing on how to promote healthy and safe remote working Continue Reading

BlackCat crew supposedly behind OilTanking ransomware heist

Preliminary reports from Germany’s national cyber authority indicate the recent OilTanking ransomware attack may have been the work of the BlackCat group Continue Reading

Crisp supply shortage looms after KP Snacks hit by ransomware

Supplies of Hula Hoops and many other snack brands are under threat after a ransomware attack on the systems of KP Snacks Continue Reading

French Supreme Court raises constitutional questions over EncroChat hacking secrecy

Conseil Constitutionnel to decide whether ‘defence secrecy’ over state EncroChat cryptophone hacking breaches French constitution Continue Reading

Mechanism underlying cookie popups found in breach of GDPR

A fundamental element of the mechanism by which the advertising industry requests tracking consent from web users has been found in breach of the General Data Protection Regulation Continue Reading

Reforms needed to tackle economic crime, says Treasury Committee

The Treasury Committee is disappointed at progress towards tackling economic crime and fraud in both the online and offline worlds, and is calling for more action Continue Reading

British Council data exposed by third-party cyber failure

The British Council entrusted confidential data on its students to a third-party and was let down Continue Reading

What neurodivergent people really think of working in cyber security

Many firms are filling cyber security skills gaps by hiring neurodivergent talent – but more support is needed for neurodivergent cyber security professionals, writes autistic tech journalist Nicholas Fearn Continue Reading

Met Police faces legal action over Gangs Matrix

Campaign group Liberty is taking legal action against the Met over its use of the Gangs Matrix, claiming it is driven by racial stereotypes and disproportionately affects people from black and minority ethnic backgrounds Continue Reading