IT security

Cyber training firm launches £20k data protection scholarship

Training specialist Freevacy has launched a £20,000 scholarship fund to train data privacy and protection professionals Continue Reading

Russian DDoS hacktivists seen targeting western hospitals

A swathe of attacks by the Putin-supporting DDoS operation known as Killnet has targeted hospitals and other infrastructure in several Nato countries, with the UK thought to be at risk Continue Reading

GitHub warns Desktop, Atom users after code-signing certificates pinched

Threat actors stole encrypted code-signing certificates for GitHub’s Desktop and Atom applications in December 2022, prompting warnings for users Continue Reading

MI5 unlawfully collected and held millions of people’s data

Secretive court finds MI5 knowingly acted unlawfully in use of bulk surveillance warrants, and the Home Office continued granting warrants despite information the agency was operating outside the law Continue Reading

Royal Mail recovers more International Tracked services

Royal Mail is making further progress in recovering IT systems hit by a ransomware attack, and has re-enabled another tranche of international export services Continue Reading

ATO renews major Macquarie deal

The contract renewal will enable the Australian Tax Office to tap Macquarie’s security operations centre, among other services, to secure its IT environment and protect sensitive data Continue Reading

Data of 10 million JD Sports customers accessed in cyber attack

Data on 10 million people who shopped online at JD Sports over a two-year period was accessed and potentially stolen in a cyber attack Continue Reading

Hive ransomware gang taken down after FBI hacks back

The FBI hacked into Hive’s servers, stole its decryption keys and then took down its servers in a major action that has successfully disrupted a prolific and dangerous ransomware operation Continue Reading

Royal Mail resumes some international parcel services from UK

Royal Mail has successfully stood up its International Tracked and Signed, and International Signed, services as it continues to recover from a ransomware attack Continue Reading

Zero-trust implementations remain work in progress

Just one in 10 large enterprises are expected to have mature and measurable zero-trust programmes in place by 2026, study finds Continue Reading

NCSC exposes Iranian, Russian spear-phishing campaign targeting UK

Spear-phishing campaigns likely linked to Iranian and Russian espionage activity are targeting persons of interest in the UK, warns the NCSC Continue Reading

Arnold Clark cyber attack claimed by Play ransomware gang

A cyber attack that struck car dealer Arnold Clark prior to Christmas has been claimed as the work of the Play ransomware cartel Continue Reading

Boards struggle to resolve cyber risk in digital supply chains

Accelerated digitisation of supply chains is introducing more cyber risk for which many organisations seem unprepared, according to the BSI’s annual report on supply chain risk Continue Reading

Japan researchers develop new data encryption method

Researchers from Tokyo University of Science have combined the best of homomorphic encryption and secret sharing in a new method to handle encrypted data Continue Reading

Chinese IoT suppliers expose UK businesses to espionage and data theft

Chinese companies supplying network components, known as IoT modules, post a greater long-term threat to UK security than the now banned 5G supplier Huawei, according to a study by a Chinese expert and former diplomat Continue Reading

UK insurers need to up their game on cyber gaps, says PRA

Gaps and limitations in how insurers respond to cyber risk need to be addressed, according to the Bank of England regulator, the Prudential Regulation Authority Continue Reading

IT’s shift to the cloud: Veeam’s data protection report in detail

With half of servers in the cloud, most backup and nearly all disaster recovery cloud-centric, the shift to the cloud is significant – but container backup is one area that is yet to settle down Continue Reading

SSRF attacks hit 100,000 businesses globally since November

There has been a dramatic increase in attacks exploiting the ProxyNotShell/OWASSRF exploit chains to target Microsoft Exchange servers Continue Reading

Fake online contest makes Yahoo! most phished brand of Q4 2022

Yahoo! was the most frequently phished brand during the last three months of 2022, according to a report Continue Reading

Trellix automates patching for 62,000 vulnerable open source projects

Since revealing startling statistics about the prevalence of a 15-year-old Python vulnerability, Trellix says it has helped fix almost 62,000 vulnerable projects in the past four months Continue Reading

The rise of fraud in pop culture is impacting consumers’ digital trust

Shows such as The Tinder Swindler and Inventing Anna were big money-earners for Netflix in 2022, but Onfido’s Mike Tuchen says their popularity risks damaging consumer trust Continue Reading

Royal Society calls on public sector to pilot privacy tech

The Royal Society says public sector bodies should lead the way in piloting privacy-enhancing technologies to unlock the value of data without compromising privacy and data rights, but lack of standards and incentives mean adoption is slow Continue Reading

NCSC warning over cyber risk to charity sector

Cash-strapped charities without the resource to tackle their resilience deficit are increasingly at risk from malicious actors, says the NCSC Continue Reading

Royal Mail making limited progress on ransomware recovery

Royal Mail asks customers to hold back from sending post overseas as some services get back on track, while a report warns that disruptive attacks on critical infrastructure are set to become more common Continue Reading

Veeam survey finds ransomware blocks digital transformation

Annual report shows secular trend to the cloud and increased use of containers, but prevalence of ransomware attacks means digital transformation is hindered Continue Reading

WhatsApp’s £4.8m fine raises questions for organisations using behavioural advertising

The Irish Data Protection Commissioner has fined WhatsApp, owned by Meta, in a case that will raise questions for organisations that rely on contracts rather than consent to comply with GDPR when offering behavioural advertising Continue Reading

International post resumes thanks to Royal Mail ‘workarounds’

Royal Mail has resumed limited international services after putting in place operational workarounds to bypass the impact of a ransomware attack Continue Reading

KFC, Pizza Hut parent shuts UK restaurants after cyber attack

A ransomware attack on Yum! Brands, the parent organisation of restaurants including KFC and Pizza Hut, was forced to shut approximately 300 outlets in the UK following a ransomware attack by an unspecified group Continue Reading

Fraudsters and cyber criminals stole more than £4bn in the UK through 2022

The amount of money stolen by fraudsters and cybercriminals in the UK saw a huge increase in 2022 Continue Reading

Mailchimp suffers third breach in 12 months

Email marketing service Mailchimp has suffered its third data breach in a year, but has been praised for being open about its latest attack Continue Reading

Newham Council rejects use of live facial-recognition tech by police

Live facial-recognition technology should not be used by police in Newham until biometric and anti-discrimination safeguards are in place, according to a motion passed unanimously by the council, but the Met Police and the Home Office have indicated they will not suspend its use Continue Reading

Outdated IT infrastructure poses growing risk to UK Security Vetting

Delays to UKSV’s important work in safeguarding the country’s national security are in part down to a legacy IT estate in dire need of modernisation, says the NAO Continue Reading

Ukraine CERT leaders touch down in London for talks

The UK’s NCSC has been hosting Ukrainian cyber security leaders for a round of bilateral talks on improving resilience Continue Reading

David Anderson KC to review UK surveillance laws

Home Office commissions independent review of the Investigatory Powers Act, known as the snoopers’ charter. It will include a review of bulk datasets and government access to internet connection records held by phone and internet companies Continue Reading

Oracle and CBI: companies cautious, selective in 2023 IT, business investment

Oracle and the CBI are seeing much the same picture of cautious technology investment of UK businesses in 2023, in the context of long Covid and the energy price inflation crisis Continue Reading

Ukraine cyber teams responded to more than 2,000 attacks in 2022

The Ukrainian authorities responded to more than 2,000 major cyber incidents during 2022, and are blocking thousands more potential attacks every day Continue Reading

Cloudflare urged to clamp down on pirates, counterfeiters

A whitepaper produced by brand protection specialist Corsearch calls on Cloudflare to do more to stop online content piracy and sales of counterfeit goods Continue Reading

Crest throws support behind CyberUp CMA reform campaign

Cyber accreditation association Crest International has lent its support to the CyberUp campaign for reform to the Computer Misuse Act of 1990 Continue Reading

Royal Mail promises ‘workarounds’ to restore services after ransomware attack

Royal Mail CEO Simon Thompson apologises to customers whose businesses are being disrupted by a ransomware attack and promises a ‘workaround’ will be in place in the near future Continue Reading

The Security Interviews: Protecting your digital self

Our digital self – the virtual presence of who we are online – has a pervasive influence in the real world. People make judgements based on these digital depictions, so what can be done to ensure positive representation? Continue Reading

CW EMEA: Protecting the privacy of schoolchildren

In this month’s CW EMEA, we look at how schools in Germany have stopped using Microsoft Office 365 over lack of clarity over how data is collected, shared and used. We also delve into how former UK spy boss Richard Dearlove leaked names of MI6 secret agent recruiters in China to back an aggressive right-wing US campaign against tech company Huawei. Read the issue now. Continue Reading

Thai enterprises spend more on software amid growing digitalisation

The majority of software spending in Thailand during the first half of 2022 went into applications followed by infrastructure software and development tools, according to IDC Continue Reading

Experts concerned over silence around government obligation to review UK surveillance laws

The government is required to review the UK’s surveillance law, the Investigatory Powers Act, but experts say they are in the dark about its plans. The National Crime Agency’s operation Venetic has highlighted the need for urgent reforms Continue Reading

Cabinet Office looks to expand public data sharing for digital ID

Cabinet Office seeks feedback on proposed legislation to enhance data sharing across the public sector, in support of the UK government’s ambition to have a single sign-on identity-check system for all public services Continue Reading

AI 2023 and beyond

Artificial intelligence (AI) is set to become part of the boardroom agenda as organisations look at how they can shave off more from operational costs and work out how they can grow the business ... Continue Reading

LockBit cartel suspected of Royal Mail cyber attack

The still-developing cyber incident at Royal Mail may be the work of the infamous LockBit ransomware operation Continue Reading

Alibaba: Generative AI among top tech trends in 2023

Alibaba’s research arm Damo Academy has recently published a list of top trends that are likely to shape the technology landscape this year. Chief among them is the rise of generative AI, which ... Continue Reading

Companies warned to step up cyber security to become ‘insurable’

Investing in better IT security to protect against cyber crime will make businesses more resilient against other risks  Continue Reading

UK government completes trials of age estimation technology

Government-led trials of age estimation and verification technologies for the sale of alcohol in nightlife venues and supermarkets have been completed, with both government and retail lobbyists pushing for legislation that would allow retailers to adopt the tools for alcohol sales Continue Reading

Chrome vulnerability could have led to widespread data theft

A dangerous vulnerability in Google Chrome and Chromium-based browsers could have put billions of users’ files at risk of being stolen Continue Reading

Europe’s cyber security strategy must be clear about open source

Europe’s cyber security policy on open source is lagging behind the US, and despite growing government awareness of the issues, that poses a problem Continue Reading

Cloudflare completes SASE offer with Magic WAN Connector

Software-defined wide-area network functionality released by online application acceleration and infrastructure provider Cloudflare to complete single-supplier secure access service edge offering Continue Reading

Guardian confirms Christmas 2022 cyber attack was ransomware

Guardian Media Group bosses confirm the 20 December cyber attack that left staff locked out of its London office and disrupted several key systems was an untargeted ransomware attack Continue Reading

Royal Mail services hit by major cyber attack

UK postal service Royal Mail is asking customers not to send any overseas letters or parcels while it deals with the impact of an ongoing cyber attack Continue Reading

Should we be worried about malicious use of AI language models?

WithSecure research into GPT-3 language models, used by the likes of ChatGPT, surfaces concerning findings about how easy it is to use large language models for malicious purposes. Should security teams be concerned? Continue Reading

Internet shutdowns cost global economy $24bn in 2022

Deliberate disruption of people’s access to the internet by governments is having a substantial economic impact and contributing to a range of human rights abuses, primarily against protestors Continue Reading

Microsoft fixes EoP zero-day on January Patch Tuesday

On the first Patch Tuesday of 2023, Microsoft fixed an elevation of privilege vulnerability in Windows Advanced Local Procedure Call, which has been actively exploited in the wild and may be co-opted into ransomware campaigns Continue Reading

NHS data platform costing £480m to supersede Covid-19 data store underway

NHS England has invited suppliers to tender for a data platform that will supersede the Covid-19 data store controversial for the involvement of data analytics firm Palantir Continue Reading

Davos 2023: Pervasive cyber crime and cyber security gaps pose severe risk to organisations

Governments and organisations face tough trade-offs as they balance immediate problems caused by economic recession, energy shortages and rising interest rates with longer-term risks, including the impact of global warming Continue Reading

What’s happening with quantum-safe cryptography?

Chinese researchers claim quantum technology is reaching a point where a quantum device will soon be able to crack RSA 2048 public key encryption Continue Reading

New APT group targets ASEAN governments and militaries

The Dark Pink advanced persistent threat group used custom malware to exfiltrate data from high-profile targets through spear-phishing emails last year, according to Group-IB Continue Reading

Insurer Beazley introduces catastrophe bond to ease cyber risk

Insurance company Beazley says that its $45m cyber catastrophe bond will help to protect its balance sheet and enable it to offer more cyber insurance cover Continue Reading

JPMorgan ordered to face lawsuit over cyber attack on Ray-Ban maker

US banking giant JPMorgan forced to respond to accusations that it failed to inform a business customer about suspicious transactions Continue Reading

Vulnerable organisations to get free Cyber Essentials support

Charities and legal aid firms are among those to be offered free security checks and certifications from the National Cyber Security Centre Continue Reading

Proposed digital fraud refund rules risk excluding many victims

Proposals to establish a fraud refund mechanism in the UK risk excluding many victims of digitally enabled fraud, a major bank has warned Continue Reading

Russia’s Turla falls back on old malware C2 domains to avoid detection

Mandiant says it has observed the Russian APT UNC2410, also known as Turla, re-registering expired or sinkholed domains previously used by financially motivated cyber criminals Continue Reading

Vice Society cyber gang targeted multiple UK schools

The Vice Society ransomware gang has made a habit of attacking educational institutions, and now appears to have struck multiple schools, colleges and universities in the UK Continue Reading

Meta to appeal £345m fine for Facebook and Instagram privacy breaches

Social media company Meta is to appeal after the Irish Data Protection Commission fined the company for breaching GDPR Continue Reading

Cyber gang abused free trials to exploit public cloud CPU resources

A South Africa-based cyber crime gang exploited free trials and introductory offers to run cryptominers via public cloud services, then did a runner without paying Continue Reading

Warning over ransomware attacks spreading via Fortinet kit

Following the disclosure of a critical vulnerability in October 2022, Fortinet VPN devices were exploited in two known ransomware attacks, with access likely sold on the dark web Continue Reading

Fallout from Guardian cyber attack to last at least a month

The Guardian newspaper’s offices remained shut into the New Year following a supposed ransomware attack, with disruption likely to last some time Continue Reading

Cashless Denmark has no bank robberies in a year for first time

Denmark saw no bank robberies in a single year for the first time ever, but online fraud continues to increase Continue Reading

Securing low Earth orbit represents the new space race

The barriers to launching satellites into low Earth orbit are falling fast, and that brings new cyber security challenges Continue Reading

Test of digital ID tech at Surrey nightclub proclaimed success

The majority of visitors to a Camberley venue who piloted a digital identification app developed by 1account said they found it easy to use and preferred it to standard physical ID Continue Reading

China and India governments among top targets for cyber attackers

Chinese and Indian governments targeted by hacktivists and ransomware groups out to make statement or expose flaws in their respective security postures Continue Reading

Cyber security professionals share their biggest lessons of 2022

In the run-up to 2023, cyber security professionals are taking the time to reflect on the past few months and share their biggest lessons of 2022 Continue Reading

Top 10 technology and ethics stories of 2022

Here are Computer Weekly’s top 10 technology and ethics stories of 2022 Continue Reading

How does red teaming test the ultimate limits of cyber security?

An expert ethical hacker reveals how he goes about carrying out a red team exercise Continue Reading

Why the current fraud model is broken, and how to fix it

Scammers and fraudsters are catching up with the good guys; a new technological approach is needed to fight skyrocketing volumes of digital fraud, says Darwinium founder Alisdair Faulkner Continue Reading

Complaints that NCA failed in duty of candour over EncroChat warrants ‘incredible’, court hears

NCA lawyers argue that a decision by an NCA intelligence officer to disclose notes of a key meeting after two-and-a-half years boosts her credibility as a witness Continue Reading

Top 10 ASEAN IT stories of 2022

Despite the challenges over the past year, ASEAN businesses have taken things in stride as they press on with digital transformation, whether it is empowering citizen developers or building cloud-native applications Continue Reading

Top 10 India IT stories of 2022

We recap the top 10 stories in India, including the digitisation work undertaken by global firms in the country and the progress made by local enterprises in harnessing technology Continue Reading

NCA ‘wrong-footed’ defence lawyers after agreeing to take expert evidence on EncroChat ‘as read’

The National Crime Agency argued at the Investigatory Powers Tribunal that expert evidence it agreed to ‘take as read’ is limited, flawed and often based on an incorrect interpretation of the law Continue Reading

Mitiga researchers disclose AWS Elastic IP hijacking vulnerability

Cloud incident response supplier Mitiga has said a new AWS feature has led to a vulnerability that could allow hackers to access and steal Elastic IP addresses and gain control over AWS accounts Continue Reading

Top 10 cyber security stories of 2022

The war in Ukraine loomed large over the cyber security news agenda, but 2022 also saw growing awareness of open source security, discussion around cyber insurance, and more besides Continue Reading

Top 10 crime, national security and law stories of 2022

Here are Computer Weekly’s top 10 crime, national security and law stories of 2022 Continue Reading

Top 10 cyber crime stories of 2022

Cyber crime continued to hit the headlines in 2022, with impactful cyber attacks abounding, digitally enabled fraud ever more widespread and plenty of ransomware incidents Continue Reading

Top 10 ANZ IT stories of 2022

We recap the top 10 stories in Australia and New Zealand, including the opportunities and challenges that organisations in the region have faced over the past year Continue Reading

A sticky story: How, and why, hackers love stickers on laptops

We’ve all seen laptops adorned with security stickers and in-jokes, but how did this cyber community trend get started, what does it signify, and what does it say about the humans behind the screens? Continue Reading

Post-Brexit cyber dynamics in the UK and Europe: diverging paradigms?

The UK faces a choice in terms of its ongoing cyber security relationship with the EU – to preserve its collaboration with the EU by adopting an aligned approach or to adopt a divergent approach Continue Reading

Top 10 software development stories of 2022

We look at how software development has adapted to the changing economic climate over the past 12 months Continue Reading

Security Think Tank: 2022 brought plenty of learning opportunities in cyber

At the end of another busy 12 months, Turnkey Consulting’s Andrew Morris sums up some of the most important takeaways for cyber pros Continue Reading

Shiseido data breach victims plan legal action over fake companies

Employees and former employees of cosmetics firm Shiseido whose data was stolen in a recent breach are planning group legal action after their information was used to establish fraudulent companies in their names Continue Reading

Defence lawyers claim NCA witness gave unreliable evidence on EncroChat hacking operation

National Crime Agency argues that the lawfulness of surveillance warrants issued to hack the EncroChat phone network should only be considered in the light of facts and assessments known at the time Continue Reading

UK unis implement new IP traffic policies to combat ransomware

Jisc will introduce new measures to protect UK universities and research institutions from ransomware attacks that exploit the Remote Desktop Protocol remote-access feature Continue Reading

Lego fixes dangerous API vulnerability in BrickLink service

The Lego Group has remediated two potentially serious API vulnerabilities in its BrickLink digital resale platform, just in time for Christmas Continue Reading

Cops dismantle 48 DDoS-for-hire websites

An operation combining law enforcement from the UK, US, Netherlands and Europol has disrupted 48 of the world’s most popular DDoS booter websites Continue Reading

NCA officer questioned in Investigatory Powers Tribunal over failure to disclose EncroChat notes

EncroChat hacking warrant was unlawful and in breach of human rights law, the Investigatory Powers Tribunal hears Continue Reading

Private health provider data could be shared with NHS England

Plans are advancing to create a single source of healthcare data in England combining both private providers and the NHS to avoid a repeat of the Ian Paterson scandal Continue Reading

Advanced Azov data wiper likely to become active threat

Check Point deep dives into an emergent data wiper strain known as Azov, which is making waves with hundreds of new samples being submitted to VirusTotal daily Continue Reading