News

Hackers and cybercrime prevention

December 22, 2022 22 Dec'22
NCA ‘wrong-footed’ defence lawyers after agreeing to take expert evidence on EncroChat ‘as read’

The National Crime Agency argued at the Investigatory Powers Tribunal that expert evidence it agreed to ‘take as read’ is limited, flawed and often based on an incorrect interpretation of the law
December 22, 2022 22 Dec'22
Mitiga researchers disclose AWS Elastic IP hijacking vulnerability

Cloud incident response supplier Mitiga has said a new AWS feature has led to a vulnerability that could allow hackers to access and steal Elastic IP addresses and gain control over AWS accounts
December 22, 2022 22 Dec'22
Top 10 cyber security stories of 2022

The war in Ukraine loomed large over the cyber security news agenda, but 2022 also saw growing awareness of open source security, discussion around cyber insurance, and more besides
December 22, 2022 22 Dec'22
Top 10 crime, national security and law stories of 2022

Here are Computer Weekly’s top 10 crime, national security and law stories of 2022

December 22, 2022 22 Dec'22
Top 10 cyber crime stories of 2022

Cyber crime continued to hit the headlines in 2022, with impactful cyber attacks abounding, digitally enabled fraud ever more widespread and plenty of ransomware incidents
December 21, 2022 21 Dec'22
Top 10 ANZ IT stories of 2022

We recap the top 10 stories in Australia and New Zealand, including the opportunities and challenges that organisations in the region have faced over the past year
December 16, 2022 16 Dec'22
Defence lawyers claim NCA witness gave unreliable evidence on EncroChat hacking operation

National Crime Agency argues that the lawfulness of surveillance warrants issued to hack the EncroChat phone network should only be considered in the light of facts and assessments known at the time
December 16, 2022 16 Dec'22
UK unis implement new IP traffic policies to combat ransomware

Jisc will introduce new measures to protect UK universities and research institutions from ransomware attacks that exploit the Remote Desktop Protocol remote-access feature
December 15, 2022 15 Dec'22
Lego fixes dangerous API vulnerability in BrickLink service

The Lego Group has remediated two potentially serious API vulnerabilities in its BrickLink digital resale platform, just in time for Christmas
December 15, 2022 15 Dec'22
Cops dismantle 48 DDoS-for-hire websites

An operation combining law enforcement from the UK, US, Netherlands and Europol has disrupted 48 of the world’s most popular DDoS booter websites

December 15, 2022 15 Dec'22
NCA officer questioned in Investigatory Powers Tribunal over failure to disclose EncroChat notes

EncroChat hacking warrant was unlawful and in breach of human rights law, the Investigatory Powers Tribunal hears
December 14, 2022 14 Dec'22
Advanced Azov data wiper likely to become active threat

Check Point deep dives into an emergent data wiper strain known as Azov, which is making waves with hundreds of new samples being submitted to VirusTotal daily
December 14, 2022 14 Dec'22
Ethical hackers flex their muscles in 2022

Ethical hackers working through HackerOne programmes found 21% more vulnerabilities in 2022 than in 2021
December 13, 2022 13 Dec'22
Crime Stoppers Tasmania debuts new reporting portal

Reporting tool will enable the public to share crime-related information with law enforcement agencies to support policing in Tasmania
December 13, 2022 13 Dec'22
Finnish government launches information security voucher scheme

Finland’s government is offering businesses financial support to help them improve their cyber security
December 13, 2022 13 Dec'22
More Uber data exposed in possible supply chain attack

A second incident affecting ride-sharing app Uber appears to have originated through a third party in a supply chain attack
December 13, 2022 13 Dec'22
Customer frustrations mount as Rackspace investigation proceeds

Rackspace says it is making progress on restoring services following a ransomware attack on its Hosted Exchange business, but customers are becoming frustrated with a lack of communication
December 12, 2022 12 Dec'22
Top IT predictions in APAC in 2023

Robotics, cross-cloud data mobility and cyber insurance are some of the key trends that will shape Asia-Pacific’s technology landscape in 2023
December 11, 2022 11 Dec'22
How Zscaler is cracking APAC’s cloud security market

Zscaler’s head in Asia-Pacific and Japan talks up the company’s growth momentum in the region and what it is doing to address areas where it can do better
December 09, 2022 09 Dec'22
CIISec, DCMS to fund vocational cyber courses for A-level students

The Chartered Institute of Information Security and the Department for Digital, Culture, Media and Sport plan to fund vocational cyber qualifications for 300 teenagers
December 09, 2022 09 Dec'22
Iranian APT seen exploiting GitHub repository as C2 mechanism

A subgroup of the Iran-linked Cobalt Mirage APT group has been caught taking advantage of the GitHub open source project as a means to operate its latest custom malware
December 08, 2022 08 Dec'22
Apple to tap third party for physical security keys

Apple is launching a number of new security protections, including the addition of third-party-provided hardware security keys
December 08, 2022 08 Dec'22
Australia to develop new cyber security strategy

New strategy to be developed by top cyber security experts aims to turn Australia into a global cyber leader, among other goals
December 07, 2022 07 Dec'22
Rackspace email outage confirmed as ransomware attack

An ongoing outage affecting Rackspace email customers is the result of a ransomware attack
December 07, 2022 07 Dec'22
Google, MS, Oracle vulnerabilities make November ’22 a big month for patching

Vulnerabilities affecting the likes of Google, Microsoft and Oracle proved particularly troublesome in November
December 06, 2022 06 Dec'22
Industrial IoT focus of next NCSC startup challenge

The NCSC for Startups programme is looking for innovative ideas to encrypt and secure the industrial internet of things
December 06, 2022 06 Dec'22
Don’t become an unwitting tool in Russia’s cyber war

Researchers have turned up evidence that enterprise networks are being co-opted by Russian threat actors to launch attacks against targets in Ukraine. How can you avoid becoming an unwitting tool in a state-backed attack?
December 05, 2022 05 Dec'22
Fake investment ads persist on Meta’s social networks

Online adverts for investment scams relating to property and crypto assets are still getting past measures designed to stop them
December 05, 2022 05 Dec'22
Cohesity doubles down on cyber-defence failings via backup

Datahawk service and Data Security Alliance bring clean data restores, ransomware artefact detection, data vaulting and data audit for a clearer understanding of attack impact
December 05, 2022 05 Dec'22
French cyber consultancy Hackuity sets up UK operation

Risk-based vulnerability management company is to establish a UK base of operations in the hope of expanding its enterprise client base
December 02, 2022 02 Dec'22
Twitter ‘replacement’ Hive Social shuts off service in privacy alert

Hive Social, a recently established social media network, has temporarily closed its servers to address deep structural privacy issues identified by ethical hackers
December 01, 2022 01 Dec'22
MI6 chief’s hacked emails attacked MI5 and betrayed British spy operations in China

Former UK spy boss Richard Dearlove leaked names of MI6 secret agent recruiters in China to back an aggressive right-wing US campaign against tech company Huawei. His emails were hacked and then leaked – probably by Russian intelligence
December 01, 2022 01 Dec'22
LastPass probes new cyber incident related to August attack

The August 2022 cyber attack on LastPass seems to have begat another incident, according to company CEO Karim Toubba
November 30, 2022 30 Nov'22
South Staffs Water customer data leaked after ransomware attack

Personal data of water utility’s direct debit customers exposed on the dark web following a Clop ransomware attack
November 30, 2022 30 Nov'22
Latest LockBit ransomware versions have wormable capabilities

Sophos researchers have reverse-engineered the Lockbit 3.0 ransomware, shedding new light on its evolving capabilities and firming up links with BlackMatter
November 29, 2022 29 Nov'22
Cyber criminals exploiting naked TikTok ‘challenge’

Malware operators lured targets by promising them they would be able to view nude videos of TikTok users
November 27, 2022 27 Nov'22
Plexal inducts six into cyber leadership scheme

Tech innovation hub Plexal is expanding its Cyber Runway programme with a new Ignite strand dedicated to supporting high-potential security leaders
November 24, 2022 24 Nov'22
Not-for-profit aims to encourage 1,300 girls into cyber careers

CyNam, a not-for-profit cyber security initiative, is collaborating with industry, education providers and government to encourage young women into cyber
November 23, 2022 23 Nov'22
UK police arrest 120 in largest-ever cyber fraud crackdown

The administrator and more than 100 users of the iSpoof.cc cyber fraud website have been arrested in a major counter-fraud operation led by the Metropolitan Police
November 23, 2022 23 Nov'22
Red team tool developer slams ‘irresponsible’ disclosure

UK security firm MDSec defends its Nighthawk command and control penetration testing framework after suggestions were made that it could be appropriated by threat actors
November 23, 2022 23 Nov'22
Dutch national cyber security strategy aims to protect digital society

Cabinet sets up national cyber security strategy to make the Netherlands digitally secure
November 22, 2022 22 Nov'22
Ducktail spins new tales to hijack Facebook Business accounts

The increasingly active Ducktail cyber crime operation is refining its operations, seeking new methods to compromise its victims’ Facebook Business accounts
November 22, 2022 22 Nov'22
Killnet DDoS hacktivists target Royal Family and others

Russia-aligned hacktivists targeted multiple UK websites, including those of the Royal Family, in a new campaign of DDoS attacks
November 21, 2022 21 Nov'22
Bug Bounty Calculator helps organisations fine-tune their payouts

Newly launched comparison tool will supposedly help operators of vulnerability disclosure or bug bounty programmes to ensure their payments match market rates and expectations, and attract the right sort of attention
November 18, 2022 18 Nov'22
Is Elon Musk’s Twitter safe, and should you stop using it?

With a litany of security and compliance issues exposed and in many cases caused by Elon Musk’s takeover of social media platform Twitter, some may be asking if it’s still safe or appropriate to use
November 18, 2022 18 Nov'22
New gold standard to protect good faith hackers

HackerOne’s new Gold Standard Safe Harbour statement will supposedly act as a guarantee for good faith hacking
November 18, 2022 18 Nov'22
CyberPeace Institute helps NGOs improve their security resilience

Adrien Ogée of the CyberPeace Institute talks about his work supporting NGOs and humanitarian organisations, and how the security community at large can help protect the world’s most vulnerable people
November 17, 2022 17 Nov'22
Another Log4Shell warning after Iranian attack on US government

The breach of a US federal body by an Iranian threat actor exploiting the Adobe Log4j Log4Shell vulnerability has prompted a fresh flurry of patching
November 16, 2022 16 Nov'22
Global network fragmentation a source of increasing risk

Risk consultancy’s report says the weaponisation of cyber space and geopolitical clashes herald a breakdown of global networks into distinct regional or national architectures
November 15, 2022 15 Nov'22
APP fraud volumes expected to double by 2026, says report

Losses to authorised push payment fraud in the UK are expected to climb to over $1.5bn in the next four years. Meanwhile, the NAO accuses the Home Office of lagging on progress to tackle the issue