Security policy and user awareness

Unforeseen consequences of new technologies put UK at risk

Lords committee told that the risks associated with various emerging digital technologies must be assessed together, with input from UK citizens, if the government is to avoid ‘siloisation’ of fundamentally interconnected problems Continue Reading

APAC firms grapple with cyber security amid pandemic

Some aspects of cyber security have taken a backseat as companies across the Asia-Pacific region rush to shore up their infrastructure to cope with the demands of remote work Continue Reading

Security Think Tank: Plan for hybrid working to become normal

After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be selling like hot cakes? Continue Reading

World’s largest dark web market disrupted in major police operation

Coordinated international operation including Europol and the UK’s National Crime Agency has successfully taken DarkMarket offline Continue Reading

Critical zero-day features in first Patch Tuesday of 2021

Microsoft releases fixes for 84 bugs on the first Patch Tuesday of 2021, including a critical zero-day vulnerability in Microsoft Defender Continue Reading

Parler collapse opens door to phishing attacks

The shutdown of controversial social media site Parler, and the publication of huge amounts of user data scraped by ethical hackers, is giving cyber crime experts cause for concern Continue Reading

Security Think Tank: Time for security teams to learn from Covid

After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be selling like hot cakes? Continue Reading

New SolarWinds CEO sets out rescue plan

Customers can expect to see more regular and thorough checks on SolarWinds products, alongside greater engagement with the security community Continue Reading

Security Think Tank: Don’t bet on a new normal just yet

After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be selling like hot cakes? Continue Reading

Government use of 'general warrants' to authorise computer and phone hacking is unlawful

A court has ruled that the security and intelligence services can no longer rely on ‘general warrants’ to authorise the hacking of large numbers of computers and phones belonging to UK citizens Continue Reading

Picking the right IAM tools is based on more than today’s needs

With remote working now normal, it is important to take proactive steps in managing credentials across platforms that can be subject to multiple data protection regulations. IAM services can streamline this process, but care must be taken to ensure the correct one is chosen Continue Reading

The nation state threat to business

The SolarWinds hack shows the widespread damage possible from a nation state cyber attack. What is the threat to business and how can it be mitigated? Continue Reading

The human firewall's role in a cybersecurity strategy

The human firewall is a crucial element of a long-term, holistic security initiative. Explore how human firewalls can protect your enterprise against attacks. Continue Reading

Security Think Tank: Cyber effectiveness, efficiency key in 2021

After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be selling like hot cakes? Continue Reading

WikiLeaks founder Julian Assange cannot be extradited to face charges in US, court rules

Court rules it would be oppressive to send Julian Assange to the US to face trial after finding he is at high risk of suicide. US government says it will appeal Continue Reading

Security Think Tank: The year of the work-from-home hangover

After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be selling like hot cakes? Continue Reading

NPCC brings the Christmas present of partnership to UK Cyber Policing

The combination of the Cyber Resilience Centres, Police Cyber Alarm and The Cyber Helpline  provides a major advance towards joining up the UK approach to policing the on-line world, Continue Reading

Security Long Reads: Cyber insiders reveal what’s to come in 2021

In this long read, we gather together the thoughts of cyber security insiders from across the industry to get their take on what will happen in 2021 Continue Reading

Top 10 cyber crime stories of 2020

Here are Computer Weekly’s top 10 cyber crime stories of 2020 Continue Reading

Top 10 cyber security stories of 2020

Here are Computer Weekly’s 10 top cyber security stories of 2020 Continue Reading

It’s time to accept that disinformation is a cyber security issue

Tackling the manipulation of truth and facts is no easy task, and it’s time for the cyber security sector to take up the challenge Continue Reading

Patching: Balancing technical requirements with business considerations

With an increasing reliance on subscription models alongside the regular patching of software, updates have become an essential part of modern business practices. However, care needs to be taken to ensure the optimum patching process is implemented Continue Reading

Ministry of Justice in the dock for catalogue of serious data breaches

Annual report reveals major incidents of personal data loss affecting 121,355 people and including misplaced, unencrypted USB stick containing documents from a trial, accidental disclosure of identities, and staff files made visible to unauthenticated users Continue Reading

Utility supplier People’s Energy has entire customer list stolen

All 270,000 customers of People’s Energy, a renewable energy startup, have had their details compromised in a major data breach incident Continue Reading

Dodgy browser extensions put social media users at risk

More than three million users of third-party browser extensions for Instagram, Facebook, Vimeo and others have been infected with malware, according to Avast Continue Reading

EU security strategy a ‘step up’ on cyber leadership, says Brussels

The EU’s new cyber security strategy forms a key component of Shaping Europe’s Digital Future, the Recovery Plan for Europe, and the EU Security Union Strategy Continue Reading

SolarWinds cyber attack: How worried should I be, and what do I do now?

Security teams across the world are on high alert as more details emerge of the widespread SolarWinds ‘Sunburst’ attack. What do defenders need to do next? Continue Reading

How security will be different after Covid-19

In this week’s Computer Weekly, the world of cyber security will probably never return to its pre-pandemic state – we look ahead. The combination of remote working and streaming video is putting extra strain on networks. And we look at how digital transformation is changing the way contact centres are run. Read the issue now. Continue Reading

Confidence in print security drops and data breach costs rise

As cyberattacks continue to increase, capitalising on the new vulnerabilities of remote working, securing the print infrastructure – across the office and home environments – must be a strategic ... Continue Reading

Singapore trials beacons to bolster police operations

Police beacons equipped with video cameras, sirens, floodlights and speakers are being deployed at two parks to improve public safety in a year-long trial Continue Reading

The week in ransomware: Foxconn and Randstad are high-profile victims

Foxconn and Randstad are laid low by cyber criminals, while Sophos spills on Egregor, and prognosticators turn to their crystal balls to divine how ransomware will develop in the next 12 months Continue Reading

Disputed PostgreSQL bug exploited in cryptomining botnet

PGMiner cryptomining botnet remained unnoticed by exploiting a disputed CVE in PostgreSQL Continue Reading

Surge in Covid-19 vaccine phishing scams reported

Check Point and KnowBe4 share details of a growing number of phishing campaigns using the prospect of a Covid-19 vaccine as a lure Continue Reading

Security Think Tank: Integration between SIEM/SOAR is critical

SIEM and SOAR share much in common but there are key differences between the two that may influence the best fit for your organisation. What should security pros consider when making a choice? Continue Reading

Post-pandemic approaches to IAM for cloud security

Cloud technology may have saved businesses from catastrophe during the pandemic, but it has also introduced additional challenges around identity and access management. Here’s why IAM policies are crucial in the new normal Continue Reading

French regulators fine Google and Amazon over cookie policies

Google and Amazon rapped over their use of advertising cookies by the French data protection authorities Continue Reading

Cyber Helpline awarded lottery funding to support victims

The Cyber Helpline, a UK charity that provides emergency support to victims of cyber crime and online stalking, is to receive funding from the National Lottery Continue Reading

Security Think Tank: SOAR to the next level with automation

SIEM and SOAR have much in common, but there are key differences between the two that may influence the best fit for your organisation. What should security pros consider when making a choice? Continue Reading

Amnesia:33 IoT flaws dangerous and patches unlikely, say experts

The disclosure of multiple flaws by Forescout has raised big questions for the developers of connected products, and for their users Continue Reading

Patch Tuesday: Microsoft presents just 58 CVEs for Christmas

The final Patch Tuesday of 2020 contains 58 fixes, a minnow compared to some recent drops, but many are still of high importance Continue Reading

FireEye’s ethical hacking tools stolen in state-backed attack

Hacking tools used to conduct red team penetration testing were stolen in the state-backed attack on security firm FireEye Continue Reading

Multiple D-Link routers found vulnerable to attack

Digital Defense discloses a remotely exploitable root command injection flaw in a number of D-Link wireless router devices Continue Reading

A trillion dollars lost to cyber crime every year

Data collated by McAfee and the Centre for Strategic and International Studies highlights the growing impact of cyber crime Continue Reading

Opportunistic Egregor ransomware is an emerging and active threat

Researchers at Recorded Future’s Insikt Group highlight links between the emerging Egregor ransomware and other strains, and offer guidance on defending against it Continue Reading

Cyber Aware campaign to help safeguard Christmas shoppers

New government campaign sets out to raise awareness of online shopping fraud in the run-up to Christmas Continue Reading

Covid-19 vaccine supply chain attacked by unknown nation state

An unknown nation state actor is attempting to disrupt the supply of coronavirus vaccines Continue Reading

Dangerous Trickbot evolves to target UEFI/BIOS firmware

Dubbed Trickboot by researchers, Trickbot’s new features enable malicious actors to read, write or even erase UEFI/BIOS firmware Continue Reading

Covid-19: Cyber criminals will target vaccine programmes

Interpol issues a global alert to law enforcement as the UK becomes one of the first countries to approve the Pfizer/BioNTech Covid-19 vaccine for use Continue Reading

Security Think Tank: SIEM and SOAR are far from mutually exclusive

SIEM and SOAR have much in common, but there are key differences between the two that may influence the best fit for your organisation. What should security pros consider when making a choice? Continue Reading

Singapore government remains ‘juicy target’ for cyber attackers

The government is baking security into the design and implementation of its IT systems and looking to increase bug bounties to fend off cyber threats Continue Reading

DHL, Amazon and FedEx are most phished delivery services

DHL has emerged as the most imitated delivery brand in Europe, accounting for 77% of the total volume of phishing emails received in November 2020 Continue Reading

22,000 malicious .uk domains suspended in past year

Nominet has suspended just over 22,000 domains in the 12 months to 31 October 2020, continuing a downward trend, and with less impact from Covid-19 than might be expected Continue Reading

Security Think Tank: Alerts are great, it’s what you do with them that counts

SIEM and SOAR have much in common, but there are key differences between the two that may influence the best fit for your organisation. What should security pros consider when making a choice? Continue Reading

How to modernise identity governance and administration

Modernising identity governance and administration (IGA) capabilities is essential for organisations to manage identities effectively to ensure they remain competitive, compliant and secure Continue Reading

How Grab is using technology to improve trust and safety

Southeast Asian unicorn Grab is tapping artificial intelligence and other technologies to keep its users safe and cyber criminals at bay Continue Reading

This Christmas, Covid-19 heightens retail security risks for everyone

Do you think it’s only retailers and consumers who need to consider cyber security when shopping online during the holidays? You’re dead wrong. This year, the Covid-19 pandemic and the shift to remote working has thrown a spanner in the works Continue Reading

APAC plagued by APT, ransomware attacks

The Asia-Pacific region was a primary target of advanced persistent threat groups, mostly from China, Iran, North Korea and Russia, that carried out 34 campaigns between June 2019 to June 2020 Continue Reading

From front line to back office – how supporting the cyber community keeps the NHS safe

NHS Digital’s chief information security officer describes how the Cyber Associates Network benefits security experts in health and care Continue Reading

Securing UK’s critical national infrastructure is a 2021 priority

Government outlines the UK’s strategic cyber security policies for the coming 12 months, with critical national infrastructure a clear priority Continue Reading

Belgian security researcher hacks Tesla with Raspberry Pi

Belgian security researcher Lennert Wouters once again succeeds in hacking a Tesla vehicle, this time by exploiting the Bluetooth Low Energy standard Continue Reading

Accidental heroes: How one scaleup pivoted to cyber

Simeon Quarrie designed his business using virtual reality and interactivity as a tool to tell stories that effect cultural change in enterprise environments – then a cyber criminal emptied his bank account Continue Reading

Nominet introduces new resources for cyber scam victims

Domain name registrar is working with law enforcement to provide new information, guidance and resources for potential victims of online scams Continue Reading

NCSC issues retail security alert ahead of Black Friday sales

National Cyber Security Centre issues refreshed guidance as cyber criminals turn their eyes to the holiday shopping season Continue Reading

Manchester United praised for swift response to cyber attack

Manchester United’s systems were attacked last week, and the club has been praised for a swift and decisive response Continue Reading

MPs subjected to over 22 million malicious email attacks in 2020

Members of Parliament are targeted by millions of spam and phishing emails every month, according to a Freedom of Information disclosure Continue Reading

Security pros fear prosecution under outdated UK laws

CyberUp, a group of campaigners who want to reform the Computer Misuse Act, finds 80% of security professionals are concerned that they may be prosecuted just for doing their jobs Continue Reading

CW APAC: Expert advice on zero-trust security

Zero trust is a security model that eliminates the traditional perimeter and assumes that no user or device can be trusted until proven otherwise. In this handbook, Computer Weekly looks at how enterprises can take a zero-trust approach to securing their network, devices and workforce. Continue Reading

Security sector broadly backs Boris Johnson’s Cyber Force

Security community says the presence of a robust cyber defence force alongside a robust physical one will be vital to the UK’s national security Continue Reading

2021 the year of commodity ransomware, says Sophos

Sophos researchers anticipate a trickle-down effect in the cyber criminal underground Continue Reading

US cyber security chief fired for contradicting Trump

CISA chief Chris Krebs ousted for doing his job fighting disinformation in an apparent purge of officials deemed disloyal to president Donald Trump Continue Reading

HMRC warns over uptick in Self Assessment tax scams

HMRC issues updated warnings as 2021 Self Assessment deadlines loom Continue Reading

Ransomware stats overload risks confusing buyers

UK-based organisations are either more, or less, likely to pay ransoms, depending on which cyber security supplier you want to believe Continue Reading

Financial services data volumes heighten risk of insider breach

Financial services organisations hold so much data that it is becoming virtually impossible to safeguard properly against data breaches caused by malicious or careless employees Continue Reading

Brexit and risks to data privacy and governance

EY privacy specialists assess the risks to data privacy, protection and governance on the table for businesses, with less than two months until Brexit Continue Reading

How to build an effective vulnerability management programme

As cyber criminals increasingly look to exploit vulnerabilities in software and hardware, businesses must build and implement an effective vulnerability management programme to counter this growing threat Continue Reading

How Standard Chartered approaches cyber security

Bank uses security-by-design principles and conducts red-teaming exercises among other measures to fend off cyber breaches Continue Reading

Privacy advocates call for European probe into Palantir

Dutch group SOMI is trying to raise awareness of Palantir’s data privacy practices and how it works with European government agencies Continue Reading

Hackney systems could be unavailable for months, says council

A month after a highly disruptive cyber attack on its systems, Hackney Council is still struggling to get back up and running Continue Reading

Online kids’ game Animal Jam confirms large breach

Cyber criminals have stolen data on 46 million Animal Jam player accounts via a third-party attack Continue Reading

Security pros coped admirably with remote working transition

Despite facing tight timescales at the onset of the pandemic, security professionals have come through the transition to remote working remarkably well, according to a report Continue Reading

Microsoft drops fix for serious zero-day among 112 Patch Tuesday updates

November’s Patch Tuesday contains fixes for 112 bugs, including a potentially serious zero-day exploit that malicious actors are already taking advantage of Continue Reading

EU aid funds used to train ‘unaccountable intelligence agencies’ in high-tech surveillance

Hundreds of documents obtained by campaign group Privacy International show how the EU is supporting surveillance programmes in the Balkans, the Middle East and Africa Continue Reading

Leaky AWS S3 bucket once again at centre of data breach

Prestige Software exposed millions of records after failing to pay attention to the security of its cloud instances Continue Reading

Zoom rapped over historic security practices

The US Federal Trade Commission rules that Zoom’s practices undermined the security of its users Continue Reading

IT Priorities 2020: After Covid-19, security goes back to basics

This year’s transition to remote working highlighted big gaps in the fundamentals of security, as updated TechTarget/Computer Weekly data reveals Continue Reading

EU moves closer to encryption ban after Austria, France attacks

Draft resolution document setting up an EU-wide ban on end-to-end encryption is set to be waved through this week Continue Reading

Credential stuffing: When DDoS isn’t DDoS

Ten years ago, credential stuffing attacks posed a comparatively minor threat, but with an escalating number of data breaches, the threat posed has now increased. What are the solutions to this very human problem? Continue Reading

NHS warned over Ryuk spreading through Trickbot replacements

NHS Digital tells healthcare organisations to be mindful of a marked rise in usage of the Bazar and Buer loaders Continue Reading

Singapore government rolls out digital signature service

Individuals and businesses will soon be able to sign documents digitally using a new service on the Singapore government’s SingPass digital identity platform Continue Reading

India and Japan report stronger concern over cyber threats

Security operations teams in the two Asian giants see the increased volume of cyber threats as their biggest challenge amid the Covid-19 pandemic Continue Reading

GDPR lawsuit against Oracle and Salesforce moves forward

Class action suit seeks claims worth more than £10bn over the processing of personal information Continue Reading

NHS weathers cyber crime storm during pandemic, says NCSC

The NCSC dealt with over 700 incidents in the 12 months to August 2020, with over 200 specifically related to Covid-19, and the NHS a critical area of focus Continue Reading

Accidental heroes: How one scaleup pivoted to cyber

Simeon Quarrie designed his business using virtual reality and interactivity as a tool to tell stories that effect cultural change in enterprise environments – then a cyber criminal emptied his bank account Continue Reading

CISOs more confident in identity practice after pandemic shock

Identity practice and management has become a critical element of cyber security strategies to support remote workers Continue Reading

ICO slashes Marriott breach fine to £18.4m

Reduced fine reflects both improvements made to hotel group’s cyber security and impact of coronavirus on the travel and hospitality sector Continue Reading

Surge in Ryuk ransomware attacks has hospitals on alert

Russian cyber criminals are conducting a targeted campaign against hospitals with Ryuk ransomware Continue Reading

Privacy and online safety are focus of new UKRI research funding

Online safety research centre of excellence will look into technology to boost privacy and tackle disinformation, fake news, conspiracies and other online harms Continue Reading

Barracuda eyes Indochina markets

Barracuda is looking to expand its local presence and headcount in fast-growing emerging markets of Vietnam, Cambodia and Laos Continue Reading

Zero-trust network policies should reflect varied threats

Role-based access systems create enormous pools of responsibility for administrators. Explore how to eliminate these insecure pools of trust with zero-trust network policies. Continue Reading

Zero-trust methodology's popularity a double-edged sword

The authors of 'Zero Trust Networks' discuss how the zero-trust methodology's popularity produces both vendor hype and renewed attention to critical areas of security weakness. Continue Reading