Privacy and data protection

FCA warns over future hybrid working security risks

Earlier this week, the Financial Conduct Authority issued fresh guidance to regulated organisations on keeping hybrid workers safe and secure Continue Reading

Former signals intel leader named godfather of UK security

Sixth annual Security Serious Unsung Heroes Awards honours former Royal Corps of Signals colonel and infosec pioneer John Doody Continue Reading

Australia unveils ransomware action plan

The Australian government has established a task force to address the ransomware menace and is proposing legislation to mandate reporting of ransomware incidents by businesses Continue Reading

BCS calls on government to retain protections against AI

BCS, the Chartered Institute for IT, wants the government to retain protections that allow people to have decisions about them made by an AI reviewed by humans if needed Continue Reading

Ban UK police use of facial-recognition, House of Lords told

Experts giving evidence to the House of Lords have said that UK police use of facial-recognition technology is disproportionate and ineffective, and further questioned the utility of algorithmic crime ‘prediction’ tools Continue Reading

Covid-19 will loom over cyber strategy for years to come

In remarks delivered to a Chatham House conference, NCSC head Lindy Cameron reflects on the security challenges facing the UK, and sets out some plans for the future Continue Reading

Sensitive documents to stay with whistleblower after deadline for agreement for their return passes

A deadllne to agree the safe return of the sensitive banking details of former and current NatWest Group customers has passed without agreement Continue Reading

Singapore refreshes cyber security strategy

The city-state updates its national cyber security strategy to shore up the security of critical infrastructure and enterprises while growing its cyber security industry, among other goals Continue Reading

Craft beer specialist Brewdog fixes serious app vulnerability

Vulnerability in brewer’s mobile app could have resulted in serious consequences for its shareholders and customers Continue Reading

ICO expresses concerns over its future independence

In its response to the government’s data protection consultation, the Information Commissioner’s Office has raised worries over its future ability to function independently of government interference Continue Reading

Uber faces legal action over ‘racist’ facial verification system

Two UK-based unions are taking Uber to court, claiming their members have been unfairly dismissed as a result of misidentification by the company’s facial verification system Continue Reading

Twitch data breach investigations continue

Investigations are ongoing into a 125GB data breach that hit livestreaming platform Twitch, apparently the work of hacktivists Continue Reading

US lawmakers propose ransomware reporting rules

Former presidential candidate Elizabeth Warren lends her support to a bill that would require corporate ransomware victims to disclose more information about their attacks to the authorities Continue Reading

Security Think Tank: Responsible vulnerability disclosure is a joint effort

By working hand-in-hand, developers and security researchers can both play a vital role in ensuring newly-discovered vulnerabilities are addressed appropriately, writes Paddy Francis of Airbus CyberSecurity Continue Reading

Gaming service Twitch hacked, data leaked

Users of livestreaming platform Twitch may be at risk after a 125GB torrent of data was leaked Continue Reading

Apache web server users urged to patch immediately

New zero-day in Apache HTTP Server is already being actively exploited and must be addressed immediately Continue Reading

Auto-enrolment begins for Google multi-factor authentication

Google has started to turn on multi-factor authentication on consumer accounts by default, and aims to auto-enrol 150 million users by the end of 2021 Continue Reading

ICO cookie consent: How will the plan affect businesses?

A data privacy and compliance expert considers what the ICO’s proposals for an overhaul of cookie consent procedures could mean for businesses Continue Reading

Security Think Tank: Embracing vulnerability management for the greater good

When it comes to vulnerability management, CISOs should define a responsible disclosure policy so that they can receive and manage identified vulnerabilities transparently, practically and collaboratively, says Paul Watts of the ISF Continue Reading

How GYG Singapore moved to paperless contracts

The Singapore franchisee of Mexican cuisine specialist Guzman y Gomez has turned to electronic agreements and digital signatures to ease the administrative burden on its HR team Continue Reading

Met Police purchase new retrospective facial-recognition system

Retrospective facial-recognition software purchased for £3m by the Met Police will be deployed in coming months amid continuing controversy around the use of biometric technologies by law enforcement bodies Continue Reading

Amnesty International exploited in malware campaign

According to new intelligence from Cisco Talos, Amnesty International’s branding and profile is being used as part of a new malware campaign that exploits people’s fears of the notorious Pegasus spyware app Continue Reading

JVCKenwood hit by Conti ransomware attack

Nearly 2TB of data was stolen from Japanese electronics firm in a Conti ransomware hit Continue Reading

UK consumers would collectively pay over £1bn a year for control of their data

UK consumers are willing to pay a small fee per month to have control of the data they share with Google and Facebook Continue Reading

Digital regulators need discrete but cooperative remits

The UK’s information commissioner has told MPs that digital economy regulators need discrete remits backed up by strong information sharing powers to both provide clear focus as well as allow for greater cooperation between their disparate but interlinked regimes Continue Reading

Women and BAME people bear brunt of cyber crime impact

Cyber crime has a disproportionate impact on women and BAME people, according to a new report Continue Reading

Dubai International Finance Centre’s data protection law to be boosted by new federal regulation

New UAE data protection regulation on the horizon a year after a Dubai-specific law came into force Continue Reading

Facial recognition cannot be a standalone authentication method

As more organisations look to facial recognition to improve their digital identity practices, they must remember that it cannot stand in isolation Continue Reading

How Australia punches above its weight in cyber security

Australia is playing to its strengths in niche areas such as governance and deep tech to punch above its weight in the cyber security industry Continue Reading

MoD in second leak of Afghan citizens’ data

A second breach of data relating to Afghan citizens at risk of Taliban reprisals has been reported by the Ministry of Defence Continue Reading

AI cannot be regulated by technical measures alone

The regulation of artificial intelligence must address the power of tech companies, as technical measures alone will not be enough to prevent the harms caused by AI-driven technologies, says report Continue Reading

UK data plans aim to boost growth but will they isolate the UK from its international friends?

The UK government has made strong statements about the nation’s post-Brexit data strategy but must be careful not to undermine its global credibility Continue Reading

UK government turns to Tim Berners-Lee startup for digital identity plan

As part of its new digital identity project, the Government Digital Service is using the Solid platform created by web inventor Berners-Lee, which helps users to manage their personal data better Continue Reading

Managing cyber risk through integrated supply chains

High-profile supply chain cyber attacks have caused huge disruption this year. PA Consulting’s Carl Nightingale considers key questions business leaders should be asking of their organisations Continue Reading

Investigation launched after MoD email blunder

Exposure of PII on Afghan interpreters who worked with the UK may put hundreds at risk of Taliban reprisals Continue Reading

Spanish police bust Mafia-linked phishing gang

A joint operation between European authorities has dismantled a cyber criminal gang with links to the Italian Mafia Continue Reading

BlackMatter gang ramps up attacks on multiple victims

A wave of new BlackMatter ransomware attacks is hitting organisations around the world, even as the US authorities mull new sanctions on ransom payment infrastructure Continue Reading

UK GDPR faces changes under planned reforms

DCMS is launching a major consultation on proposed changes to the UK’s data protection regime, under which several key elements of the GDPR are likely to change Continue Reading

The cities planning for ethical use of AI

In this week’s Computer Weekly, we talk to tech leaders in Barcelona and London about a collaboration to ensure ethical use of AI in the era of smart cities. The UK government wants to reform data protection law – we assess the implications. And we examine the latest best practice in hybrid cloud. Read the issue now. Continue Reading

Dutch education administrators underestimate threat of cyber crime

Research shows educational establishments in the Netherlands are becoming favoured targets of cyber criminals and administrators are underestimating the risks Continue Reading

The UK government data protection reforms - good for business, but are they good for you?

This is a guest post by Computer Weekly security editor Alex Scroxton, which features in the 21 September issue of the Computer Weekly digital magazine as its leader column. It is hard to sum up ... Continue Reading

Travel-themed phishing lures spiked this summer

As people begin to take holidays again after more than a year of restrictions and lockdowns, opportunist cyber criminals have taken note, according to new data from Palo Alto’s Unit 42 Continue Reading

Interview: Chancellor of the Exchequer Rishi Sunak on supporting the UK tech sector

Computer Weekly talked to Sunak at a Treasury event in front of an audience of tech sector leaders, investors and startups, to discuss how the government can support the digital economy Continue Reading

Australia and Singapore have higher incidences of insecure databases

Five-year longitudinal study by Imperva shows the proportion of databases with at least one known vulnerability in Australia and Singapore are among the world’s highest Continue Reading

Mass health tracker data breach has UK impact

The leak of a database of 61 million users of health-tracking devices includes records on individuals located in the UK Continue Reading

Apple patches ForcedEntry vulnerability used by spyware firm NSO

Apple patches ForcedEntry vulnerability that was used to target political activists with spyware Continue Reading

Smishing attacks up sevenfold in six months

Scam text messages are reaching pandemic proportions, thanks in part to the pandemic Continue Reading

UK GDPR faces changes under planned reforms

DCMS is launching a major consultation on proposed changes to the UK’s data protection regime, under which several key elements of the GDPR are likely to change Continue Reading

Law enforcement: Question the tech sector's motives

Perhaps there are application areas where law enforcement technology should not be used, one of the witnesses at a recent Justice and Home Affairs Committee meeting warned. Experts from the US, New ... Continue Reading

Stolen credit card data worth about £13 on dark web, PayPal worth more

The average price of a stolen credit card on a dark web marketplace comes in at around $17.40, or £12.60, according to new data – but the real money for cyber criminals is in hacked PayPal accounts Continue Reading

Security Think Tank: Optimising privacy, post-GDPR

Airbus CyberSecurity CTO Paddy Francis explores the impact of regulation on data protection, and how it has changed how one goes about optimising data privacy in the enterprise Continue Reading

Procuring law enforcement tech needs greater scrutiny

Tech firms are playing a high-stakes game to drive adoption of artificial intelligence and surveillance technology in law enforcement Continue Reading

OT security in APAC remains work in progress

Two operational technology security experts shed light on the state of OT security in the region, and what’s being done to address skills, competency and organisational challenges Continue Reading

ICO in bid to end cookie pop-ups

Outgoing information commissioner Elizabeth Denham will call on her equivalents across the G7 group of countries to collaborate on an overhaul of cookie consent pop-ups Continue Reading

Security Think Tank: A response to planned data protection changes

The ISF’s Emma Bickerstaffe assesses how organisations might respond to proposed changes to the UK’s data protection regime Continue Reading

Highways England delivers a digital roadmap

In this week’s Computer Weekly, we talk to the CDIO of Highways England about her digital services and asset management plans. We explore SIEM and SOAR security tools. And we find out how McLaren Racing is using data analytics to build its cars more efficiently. Read the issue now. Continue Reading

Are proposed data protection changes a threat to UK citizens’ privacy?

Though changes are as-yet undefined pending an upcoming consultation, concerns are already being expressed over the government’s plan to liberalise data protection laws in the service of innovation and growth Continue Reading

UK’s new data protection strategy risks costing business more than it gains

The apparent business benefits of pursuing data adequacy agreements around the world may not be as enticing as they at first appear Continue Reading

Berlin court reverses ban on use of EncroChat evidence in criminal trials

Berlin Superior Court allows use of EncroChat evidence in criminal trials but lawyers say the question will ultimately need to be decided by the German Supreme Court Continue Reading

China accused of cyber attacks on Norwegian IT systems

China-based cyber attackers have been blamed for multiple assaults on IT systems in Norway Continue Reading

WhatsApp fined €225m over GDPR breaches

Irish data protection watchdog has issued one of the largest GDPR fines to date against Facebook-owned WhatsApp Continue Reading

Twitter tests auto-block feature for accounts at risk of abuse

Latest Twitter feature automatically blocks abusive users, and is intended to help victims regain control of their experience on the platform Continue Reading

Security Think Tank: Managing data securely throughout its lifecycle

Managing data in a secure manner is key to ensuring its integrity and therefore its value to the organisation, as well as reducing risk from breaches and misinformation Continue Reading

Experts warn on Office 365 phishing attacks

Newly observed campaign is particularly dangerous because it appears to neutralise one of the most widely known anti-phishing techniques Continue Reading

GovTech launches vulnerability rewards programme

Vulnerability rewards programme will offer rewards ranging from $250 to $5,000 to white hat hackers who find vulnerabilities in critical government systems Continue Reading

How the cyber security market is evolving

The cyber security market has gained even greater importance in the post-Covid era and continues to grow and evolve. But what factors are driving trends in that market and what should your organisation consider when making cyber security investments? Continue Reading

Are proposed data protection changes a threat to UK citizens’ privacy?

Though changes are as-yet undefined pending an upcoming consultation, concerns are already being expressed over the government’s plan to liberalise data protection laws in the service of innovation and growth Continue Reading

Tech giants commit to Biden's cyber security action plan

Some of the world’s most prominent tech giants have made a series of commitments to enhance the US’ national cyber security posture following a high-profile meeting with president Biden Continue Reading

Government unveils post-Brexit data flow proposals

The government will pursue data partnerships with countries including Australia, South Korea and the US as part of a post-Brexit data regime that may also see substantial changes to the UK’s data protection law Continue Reading

Security Think Tank: Steps to a solid data privacy practice

Petra Wenham of the BCS shares her expertise on building, or rebuilding, a solid business data privacy practice in a post-Covid-19 world Continue Reading

NZ privacy lead John Edwards named new information commissioner

DCMS has named John Edwards, currently New Zealand privacy commissioner, to succeed Elizabeth Denham as UK information commissioner Continue Reading

Over a million opt out of NHS data-sharing

Failure to communicate benefits of data-sharing proposals and privacy concerns are prompting large numbers of people to opt out of a proposed NHS Digital scheme Continue Reading

Campaign groups claim police have bypassed Parliament with plans for live facial-recognition tech

Civil society groups call for Parliament to scrutinise the use of live facial-recognition cameras Continue Reading

More data breaches in Australia arising from ransomware

The number of data breaches in Australia arising out of ransomware attacks grew by 24% during the first half of 2021, according to OAIC’s latest data breach report Continue Reading

Flexxon and Lenovo tie up on AI-infused SSDs

Singapore-based Flexxon teams up with Lenovo to make its solid-state drive that uses artificial intelligence to fend off cyber threats available on ThinkPad-based laptops Continue Reading

Security Think Tank: Data privacy not in isolation, but on a spectrum

The gap between data privacy and data governance is narrowing, and security leaders need to be aware of the implications, says KuppingerCole’s Anne Bailey Continue Reading

Pub apps harvesting swathes of customer data unnecessarily

Some pub and restaurant chain apps demand data such as gender and marital status, raising eyebrows among privacy campaigners Continue Reading

Global VPN downloads soar in first half of 2021

Song remains the same with VPNs as repressive regimes’ continued regulatory demands and remote working see virtual private network usage rocket over the first six months of the year Continue Reading

Security Think Tank: Data privacy and ethics in a post-Covid world

The radical change caused by the pandemic requires new approaches to data privacy practice, says PA Consulting’s Daniel Gordon Continue Reading

Educational publisher Pearson fined for data breach cover-up

Securities and Exchange Commission says publisher misled its investors over the extent of a 2018 data breach Continue Reading

Security Think Tank: Building privacy-preserving apps and platforms

ISACA’s Gaurav Deep Singh Johar explores how to embed privacy practices into digital platform architecture Continue Reading

ICO consults public on personal data in employment practices

The ICO has launched a public consultation on employers’ use of personal data to help it provide practical guidance for both businesses and workers Continue Reading

Nearly half of retailers hit by ransomware in 2020

In the face of increasingly prevalent and sophisticated ransomware attacks, retail organisations need to develop alternative ways of restoring lost or encrypted data, as paying the ransom does not guarantee its return in almost a third of cases Continue Reading

UN special rapporteurs call for surveillance tech moratorium

In the wake of revelations about NSO Groups Pegasus spyware, a number of special rapporteurs from the United Nations are re-igniting calls for a global moratorium on the sale and transfer of surveillance technologies Continue Reading

Cyber Runway programme supports new security businesses

The Cyber Runway programme is a government-backed scheme to support entrepreneurs, startups and scaleups in launching and growing new security businesses Continue Reading

Hospitals see cyber security investment as a low priority

Almost half of hospitals have experienced an IT shutdown as a result of a cyber attack in the past six months, but just over one in 10 hospital executives see cyber security investment as a high priority Continue Reading

ICO consults on new international data transfer agreement

Information Commissioner’s Office to consult on its draft international data transfer agreement and guidance, which will replace standard contractual clauses to protect personal data during overseas transfers Continue Reading

US wins bid to widen grounds of appeal in Julian Assange extradition case

The US government accused medical expert professor Michael Kopelman of misleading the court by failing to disclose details of Assange’s relationship  Continue Reading

Microsoft fixes seven critical bugs on light Patch Tuesday

All seven critical vulnerabilities in Microsoft’s August Patch Tuesday were related to remote code execution, and there was one zero-day related to Windows Update Medic Service Continue Reading

The Netherlands still lacks digital resilience, says report

Report by National Coordinator for Counterterrorism and Security says the Netherlands’ digital resilience has improved, but is still insufficient Continue Reading

Ransomware demands and payments hit new records

Ransomware groups continue to intensify their operations as ransom demands and payments increase alongside use of “quadruple extortion” tactics during first half of 2021 Continue Reading

Dutch lead the way in protecting themselves against internet risks

Dutch citizens come top in a study on awareness of internet risks in Europe, which showed major differences across the continent Continue Reading

Privacy Shield: US surveillance law reforms essential for EU-US data

EU Committee on Civil Liberties, Justice and Home Affairs study calls for major reforms of US spying laws to enable an EU-US data-sharing agreement to replace Privacy Shield. Continue Reading

Real-time data analytics in action

In this week’s Computer Weekly, we examine the emerging applications of real-time analytics and highlight the challenges for businesses to maximise the benefits. EU experts are calling for reform of US surveillance laws – we look at the issues. And we talk to the co-CEO of HR software giant Workday. Read the issue now. Continue Reading

Researchers uncover database with 126 million unsecured records

Business-to-business marketing firm OneMoreLead was storing tens of millions of records in an unsecured database, exposing at least 63 million people to fraud, identify theft and phishing campaigns Continue Reading

Possible ransomware attack hits Italian vaccine booking system

It is still unclear who is behind the attack that caused Covid-19 vaccine bookings in Lazio, Italy, to grind to a halt, as despite masses of files being encrypted no specific ransom demands have been made for the decryptor Continue Reading

Apple unveils plans to scan US iPhones for child sex abuse images

Apple will introduce child sexual abuse material detection for US users later this year, but some experts are worried that the technology could be repurposed to scan phones for other kinds of content Continue Reading

BlackMatter goes on the record about DarkSide and REvil links

BlackMatter gives details of its ransomware-as-a-service operation and distinguishes itself from now-defunct ransomware gangs in interview with cyber security analysts from Recorded Future Continue Reading

Six Isle of Wight schools hit by ransomware attack

Authorities are still working to manage the fallout from the attack, which has already forced at least one school to delay the start of the new term in September Continue Reading

Leading venture capital firms are failing to protect human rights

Venture capital firms and high-profile tech accelerators are not conducting human rights due diligence on their investments, which means they cannot be sure the companies they invest in are not causing, or contributing to, human rights abuses Continue Reading