IT for leisure and hospitality industry

Adaptive RedAlert, Monster ransomwares go cross-platform

Kaspersky researchers have shared new intelligence on two emergent cyber criminal groups that have adapted their ransomwares to target different operating systems at the same time Continue Reading

Security pros fret about stress and promotion over cyber attacks

CIISec’s annual report on the state of the security profession reveals some home truths for security leaders Continue Reading

LockBit 3.0 cements dominance of ransomware ecosystem

Ransomware attacks were up 47% in July compared with the previous month, according to the latest threat data from NCC Group, with the LockBit family largely to blame Continue Reading

Most CISOs think they’ve been attacked by a nation state

Most organisations have made changes to their cyber strategies and policies following Russia’s invasion, and almost two-thirds suspect they have been directly targeted or impacted by a nation-state cyber attack Continue Reading

Merlin and the magic of tech

The theme park giant faced a huge challenge during Covid with its venues closed, but digital tech came to the rescue, as Merlin CTO Lee Cowie explains. Continue Reading

How digital technology rescued Merlin

In this week’s Computer Weekly, we talk to the CTO of Merlin Entertainments – operator of Legoland, Sea Life and Alton Towers – to find out how digital saved the company when Covid shut all its theme parks. We look at how software and data analytics can help to track – and reduce – greenhouse gas emissions. And Southern Water explains how data helps to support its most vulnerable customers. Read the issue now. Continue Reading

Kaspersky threat data added to Microsoft Sentinel service

Microsoft and Kaspersky have agreed a collaboration to integrate Kaspersky’s threat data feeds into Microsoft’s cloud-native SIEM/SOAR service Continue Reading

Lloyd’s to end insurance coverage for state cyber attacks

Lloyd’s of London has instructed its members to exclude nation state cyber attacks from insurance policies beginning in 2023, saying they pose unacceptable levels of risk Continue Reading

Cozy Bear targets MS 365 environments with new tactics

Cozy Bear, or APT29, is trying out new tricks as it seeks access to its targets’ Microsoft 365 environments Continue Reading

Growing MFA use spurs ‘pass-the-cookie’ attacks

The exploitation of stolen session cookies by cyber criminals is once again back on the agenda, thanks to the growing popularity of multifactor authentication tools Continue Reading

It takes a breach to force boards to take notice of cyber, says UK government

Too often, it takes a major incident for business leadership to pay attention to cyber issues, according to a government-commissioned study of victims Continue Reading

CTO interview: Steve Otto, CTO, The R&A

The Open Championship was fully back in 2022 after Covid, and back at golf’s spiritual home of St Andrews – and it was an opportunity for the club’s CTO to reflect on where technology will take the sport next Continue Reading

Why organisations need to harmonise their CIO and CISO roles

Unless properly managed, conflicting responsibilities between the chief information officer and the chief information security officer can cause project delays and budget overruns, says Netskope’s Mike Anderson Continue Reading

Microsoft fixes two-year-old MSDT vulnerability in August update

August’s Patch Tuesday drop fixes more than 120 CVEs, including another MSDT RCE zero-day that is being actively exploited. Continue Reading

‘Coopetition’ a growing trend among ransomware gangs

Sophos shares data from its new X-Ops unit at Black Hat in Las Vegas, revealing a growing number of ransomware victims being attacked by multiple gangs at the same time Continue Reading

Spyware activity particularly impactful in July

After a quiet June, vulnerability exploitation ramped up in July, with intrusions linked to spyware seeing unusually high volumes of activity, according to a report Continue Reading

Cyber criminals pivot away from macros as Microsoft changes bite

As Microsoft resumes blocking macros by default in its Office application suite, reversing a temporary reversal, analysis from Proofpoint suggests the action has had a remarkable effect Continue Reading

Hibs push for the backup premier league with Acronis

Hibernian FC signs Acronis to get top division data protection and make the most of ticketing information and match footage as it tries to gain more value from the data it holds Continue Reading

Teams in Grenoble work on 6G breakthrough technology

Even as 5G networks are being rolled out, new requirements are driving scientists, and engineers in Europe are back to the lab to start developing 6G Continue Reading

Consumers left out of pocket as security costs soar

As the average cost of a security incident reaches an all-time high of nearly $4.5m, an IBM Security study reveals how these costs are being passed on to ordinary people Continue Reading

Cyber security training ‘boring’ and largely ignored

Two-thirds of employees don’t bother to pay attention to cyber security training – and the fault does not lie with them Continue Reading

Security Think Tank: Don’t rely on insurance alone

Cyber insurance is a useful addition to the cyber protection toolbox. However, it cannot be regarded as a replacement for the controls that should be in operation, says Turnkey Consulting’s Tom Venables Continue Reading

No More Ransom initiative helps 1.5 million people in six years

One and a half million people have now taken advantage of free ransomware decryption tools offered by a joint European project Continue Reading

Ducktail infostealer targets Facebook Business users

Newly uncovered Ducktail operation targets individuals with access to Facebook Business service and tries to steal their accounts Continue Reading

Latest Atlassian Confluence vulnerability raises concerns

CVE-2022-26138 is the second major vulnerability disclosure made for Atlassian’s Confluence collaboration platform in recent months Continue Reading

The Security Interviews: Why you need to protect abandoned digital assets

The war in Ukraine and subsequent boycott of Russia resulted in a swathe of digital infrastructure being abandoned, becoming a potential vulnerability for many organisations, says Cyberpion’s Ran Nahmias Continue Reading

Russia could become the world’s largest market for illegal IT

Russia could become the biggest market for illegal IT equipment as companies try to get round sanctions imposed on the country Continue Reading

Buy ‘plug-n-play’ malware for the price of a pint of beer

Three-quarters of malwares and almost 90% of exploits retail on the dark web for about £8.40 or less, according to a report Continue Reading

(ISC)² expands entry-level cyber programme after UK success

Flush with success from a UK certification programme, reaching 100k in the UK, (ISC)² now wants to provide free security certification to a million people worldwide Continue Reading

Cato aims to bust cyber myths as it extends network protections

Cato Networks is beefing up its platform’s security features with ransomware and data loss protections, and the firm’s security strategy lead Etay Maor is using the occasion – and his unique access to billions of data points from the firm’s network – to explode some cyber myths Continue Reading

European IT services see bumper quarter, but signs of slowing emerge

Spending on IT and BPO services in Europe saw significant growth in the past quarter, but there are signs of a slowdown Continue Reading

US cyber agency CISA to open London office

The US Cybersecurity and Infrastructure Security Agency has chosen London to host its first office outside America Continue Reading

Log4Shell on its way to becoming ‘endemic’

US government report concludes that, like Covid, Log4Shell will be with us for a long time to come Continue Reading

Global IT services market shows signs of slowing

Spending on IT and business process services could be set to reduce over the coming months as the latest ISG figures show early signs of decline Continue Reading

ICO wants to ‘empower people through information’

Information Commissioner’s Office sets out commitment to safeguard the information rights of the most vulnerable people in UK society Continue Reading

Slippery phish wriggles around MFA protections, says Microsoft

Microsoft’s threat researchers share details of a phishing campaign that hit 10,000 organisations, against which standard multifactor authentication provides little defence Continue Reading

July Patch Tuesday brings more than 80 fixes, one zero-day

While some admins can put their feet up and let Windows Autopatch do the hard work of updating their Microsoft estates, for the rest of us, the Patch Tuesday bandwagon keeps on keeping on Continue Reading

MaliBot Android malware spreading fast, says Check Point

The MaliBot malware is becoming a persistent and widespread problem, and Android users should be on their guard, says Check Point Continue Reading

Microsoft Windows Autopatch now generally available

Microsoft customers with Windows Enterprise E3 and E5 licences can now take full advantage of its new automated patching service Continue Reading

Microsoft VBA macro block will return

Microsoft provides more details about its sudden decision to rollback a landmark security policy, and reassures users it is a temporary measure Continue Reading

Cyber insurance: An effective use of your scant security budget?

The ISF’s Paul Watts asks if cyber insurance is a must-have item, an expensive luxury, or the emperor’s new clothes Continue Reading

Stop telling clients to pay ransomware gangs, solicitors told

The NCSC and the ICO are calling on solicitors to help tackle the rising number of ransomware payments being made, and to stop giving erroneous advice to victims Continue Reading

Microsoft appears to reverse VBA macro-blocking

Microsoft quietly reverses VBA macro-blocking across its Office portfolio in a move that has left security experts puzzled Continue Reading

Lots to consider when buying cyber insurance, so do your homework

When considering implementing a cyber insurance policy, due diligence should be your watchword, says Paddy Francis of Airbus CyberSecurity Continue Reading

MI5, FBI chiefs warn of Chinese cyber espionage threat

In a joint appearance in London, MI5 director general Ken McCallum and FBI director Chris Wray warn of the growing threat posed by the Chinese government to UK and US interests Continue Reading

IBM still breaking new ground at Wimbledon

IBM Watson is playing an increasingly important role in growing the fanbase and relevance of the Wimbledon tennis tournament Continue Reading

Security Think Tank: Cyber insurance – A nice safety blanket, but don’t count on it

In the second instalment of this month’s Security Think Tank, Mike Gillespie argues that cyber insurance should be thought of like car insurance – you don’t start driving recklessly because you’re covered Continue Reading

Latest Marriott data breach not as serious as others

Questions are again being raised over Marriott’s cyber security practices following yet another incident, but fortunately it seems limited in its scope, and the company is responding appropriately Continue Reading

Prepare for long-term cyber threat from Ukraine war, says NCSC

The NCSC has published refreshed guidance on cyber preparedness as the war on Ukraine continues, urging organisations to pay attention to the state of their security teams Continue Reading

NCSC CEO: Why we should run towards crises to elevate cyber security

National Cyber Security Centre CEO Lindy Cameron, the 2022 Computer Weekly UKtech50 Most Influential Person in UK IT, reflects on a career immersed in crisis management, and how she is using this to elevate cyber security standards across the country Continue Reading

Security Think Tank: Now is the time to think about cyber insurance

Many IT leaders shy away from cyber insurance, but new, innovative developments in the market can help organisations take an approach that suits their needs Continue Reading

New cyber extortion op appears to have hit AMD

Semiconductor specialist AMD has confirmed it is investigating reports that a ‘bad actor’ has stolen hundreds of gigabytes of its data Continue Reading

Brexit a net negative for UK cyber, say CISOs

Six years on from the UK’s Brexit vote, the majority of security professionals say leaving the EU has raised concerns over their ability to keep their organisations safe Continue Reading

LockBit ransomware gang launches bug bounty programme

A bug bounty programme is among a number of features LockBit’s developers have added to ‘version 3.0’ of the ransomware Continue Reading

The cyber security impact of Operation Russia by Anonymous

The campaign against the Russian government by Anonymous surprised many with the depth and scale of the cyber attacks. What can we learn from this online war? Continue Reading

Black Basta ransomware crew aiming for ‘big leagues’

Emergent Black Basta ransomware gang has hit more than 50 countries since bursting onto the scene earlier this year, says Cybereason Continue Reading

US cyber agency in fresh warning over Log4Shell risk to VMware

Many VMware Horizon and UAG servers remain defenceless against Log4Shell, and organisations continue to fall victim to the vulnerability Continue Reading

Assessment and knowledge: Your key tools to secure suppliers

There is no silver bullet that will resolve all the issues arising from today’s interconnected businesses and complex supply chains, but there are some key tools at your disposal Continue Reading

What will the Data Reform Bill mean for UK businesses operating in the EU?

Following the government’s response to the Data Reform Bill consultation, Peter Galdies of DQM GRC looks at what might lie ahead for UK organisations working in the European Union Continue Reading

Security Think Tank: Supply chain security demands systematic approach

Supply chain security measures need to be systematic and assessed so as to minimise the complexity and cost to the business Continue Reading

Security Think Tank: Balanced approach can detangle supply chain complexity

Achieving an appropriate balance between people, processes and technology can help to detangle the complexities of the supply chain and create better security practices Continue Reading

Government won’t regulate on professional cyber standards

The government has elected not to proceed with regulatory intervention to embed standards and pathways across the cyber profession Continue Reading

New coalition lifts Finland’s 6G status

Finland is laying the foundations for future European leadership in 6G research and development Continue Reading

Supply chain security goes deep – forget this at your peril

It may have hit the headlines as an IT issue, but supply chain security goes far deeper into an organisation than just technology Continue Reading

British businesses to recognise Google skills certificates

Google training programmes are being made available to more people in the UK as part of an initiative from the supplier and major UK businesses Continue Reading

Government responds to Data Reform Bill consultation

Westminster claims its new data laws will boost British benefits, protect consumers, and seize the ‘benefits’ of Brexit Continue Reading

Consider governance, coordination and risk to secure supply chain

A recent ISACA study found myriad factors that give good reason to be concerned about supply chain security. Cyber adviser Brian Fletcher recommends three areas to zero in on Continue Reading

Security Think Tank: Best practices for boosting supply chain security

In a highly connected world, managing the supply chain landscape requires an adaptation of the ‘traditional’ approach to managing cyber risk Continue Reading

Office 365 loophole may give ransomware an easy shot at your files

Researchers at Proofpoint have discovered potentially dangerous Microsoft Office 365 functionality that they believe may give ransomware a clear shot at files stored on SharePoint and OneDrive Continue Reading

Patch Tuesday dogged by concerns over Microsoft vulnerability response

The last Patch Tuesday in its current form is overshadowed by persistent concerns about how Microsoft deals with vulnerability disclosure Continue Reading

Security Think Tank: Basic steps to secure your supply chain

When it comes to supply chain security, there are some core things you should be doing – but remember, the devil is in the detail Continue Reading

MS Azure Synapse vulnerability fixed after six-month slog

Microsoft patched a critical Azure Synapse vulnerability twice, but each time the researcher who discovered it was able to bypass it with ease, leading to a lengthy saga Continue Reading

Qatar bolsters cyber security in preparation for World Cup

With hackers honing their cyber weapons to target the upcoming football World Cup, Qatar is busy developing countermeasures and raising awareness Continue Reading

Security Think Tank: Don’t trust the weakest link? Don’t trust any link

Your security model shouldn’t fall apart just because a part of your business, or a partner, has weak security. This is why information-centric security is a must Continue Reading

Snake Keylogger climbing malware charts, says Check Point

Cyber criminals behind Snake Keylogger campaigns have been switching up their tactics in the past few weeks, say researchers Continue Reading

ProxyLogon, ProxyShell may have driven increase in dwell times

The median network intruder dwell time was up 36% to 15 days last year, thanks to massive exploitation of the ProxyLogon and ProxyShell vulnerabilities by IABs, according to new Sophos data Continue Reading

CIO interview: Lee Cowie, chief technology officer, Merlin Entertainments

The theme park giant faced an enormous challenge during Covid with its venues closed, but digital technology came to the rescue and is now opening up new opportunities Continue Reading

CIO interview: Emma Frost, director of innovation, London Legacy Development Corporation

The former Olympic Park in London has become a hotbed – and a testbed – for data and technology innovation that could have a wider benefit for the urban environments in which we live Continue Reading

UAE residents think 3D printing will have the most positive impact on society

People in the UAE believe next-generation technologies such as 3D printing and artificial intelligence will become widespread in the country Continue Reading

Strong internal foundations are key to withstanding external threats

The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back Continue Reading

Two-thirds of UK organisations defrauded since start of pandemic

Nearly two out of three UK companies say they have experienced some form of fraud or economic crime in the past two years, according to a report Continue Reading

Dutch companies struggle to fill tech jobs

There are plenty of IT job vacancies in the Netherlands, but a shortage of IT professionals Continue Reading

Ransomware volumes grew faster than ever in 2021

Verizon’s annual DBIR assessment of the security landscape highlights an unprecedented boom in ransomware volumes, to the surprise of nobody Continue Reading

Reimagining the cities of the future in Finland

New ideas around new space: Helsinki not only imagines, but can see, the cities of the future Continue Reading

Security Think Tank: To follow a path, you need a good map

The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these attack pathways better in order to fight back Continue Reading

(ISC)² to train 100,000 cyber pros in UK

Security association (ISC)² unveils ambitious UK training programme Continue Reading

CyberUK 22: Five Eyes focuses on MSP security

The western intelligence community has set out practical steps IT service providers and their customers can take to protect themselves Continue Reading

Cyber accreditation body Crest forges new training partnerships

Crest says partnerships with Hack The Box and Immersive Labs will enhance its members’ defensive and offensive security skills Continue Reading

Microsoft fixes three zero-days on May Patch Tuesday

It’s the second-to-last Patch Tuesday as we know it, and Microsoft has fixed a total of 75 bugs, including three zero-days Continue Reading

CyberUK 22: Cyber leaders affirm UK’s whole-of-society strategy

On the opening day of CyberUK 2022, GCHQ director Jeremy Fleming and NCSC CEO Lindy Cameron have spoken of their commitment to the government’s ambition for a whole-of-society cyber strategy Continue Reading

CyberUK 22: NCSC refreshes cloud security guidance

The National Cyber Security Centre is revising its cloud guidance as increasing uptake of potentially vulnerable cloud services puts more organisations at risk of compromise Continue Reading

How one Australian firm is creating smarter menus

Me&u’s smart menus are intelligent enough to recommend food items based on customer preferences, and even help to reduce food waste and alleviate bartender workloads during peak periods Continue Reading

Ransomware recovery costs dwarf actual ransoms

The cost of recovering from a ransomware attack far outweighs the ransoms now being demanded by cyber criminals, according to recent data Continue Reading

Log4Shell, ProxyLogon, ProxyShell among most exploited bugs of 2021

These 15 CVEs were the most commonly exploited last year, and if you haven’t mitigated against them, now is the time Continue Reading

Ransomware victims paying out when they don’t need to

Sophos’s annual State of Ransomware report shows dramatic increases in the impact of ransomware attacks, but also finds many organisations are paying ransoms when they don’t need to Continue Reading

Government digital ignorance puts Dutch economy at risk

In this interview, Michiel Steltman, managing director of Digital Infrastructure Netherlands, tells Computer Weekly why the Dutch digital economy is at risk due to a lack of knowledge and understanding at government level Continue Reading

BCS passes defiant Ukrainian tech industry message to its members

BCS, the Chartered Institute for IT, has passed on a message from Ukrainian IT suppliers that the country is open for, and in need of, business Continue Reading

Emotet tests new tricks to thwart enhanced security

The operators of the Emotet botnet seem to be trying to find a way to get around recent changes made by Microsoft to better protect its users Continue Reading

Hammers sign Acronis as backup and security in one

West Ham United set to replace separate backup from Veeam and a variety of security products with Acronis Cyber Protect to have backup, data protection and file share on a single platform Continue Reading

WatchGuard firewall users urged to patch Cyclops Blink vulnerability

The US authorities have seen fit to add the WatchGuard vulnerability used by Sandworm to build the Cyclops Blink botnet to its list of must-patch vulnerabilities Continue Reading