Application security and coding requirements

DocuTrac medical software is a breach risk, warns Rapid7

Security researchers have issued a security warning about medical billing and documentation software they say puts patients at risk of data breach Continue Reading

By

• Warwick Ashford, Senior analyst

Security researchers demonstrate ransomware attack on robots

Researchers have carried out a ransomware attack on robots to show that such attacks are possible and should be guarded against Continue Reading

By

• Warwick Ashford, Senior analyst

Mac malware more than doubled in 2017

Malware targeting Apple Mac computers more than doubled from 2016 to 2017, according to security firm Malwarebytes Continue Reading

By

• Warwick Ashford, Senior analyst

Only half of ransomware payments honoured

Only half of ransomware victims who pay ransoms to cyber criminals recover their data, a report reveals, pointing to a need for more effective strategies to deal with these attacks Continue Reading

By

• Warwick Ashford, Senior analyst

Security remains an afterthought in DevOps

Enterprises in Asia are lapping up DevOps but less than one-third have baked security processes into their developments Continue Reading

By

• Aaron Tan, TechTarget

Spring Break flaw shows cross-industry collaboration

A flaw that was discovered in Pivotal’s Spring Framework in September 2017 has only come to light now that users have had a chance to update Continue Reading

By

• Cliff Saran, Managing Editor

Developers urged to submit apps to NHS Apps Library

NHS Digital and NHS England have further opened up the newly updated NHS Apps Library, and are asking developers to submit their apps for assessment Continue Reading

By

• Lis Evenstad

Google calls out Microsoft for failing to fix reported flaw

Google’s Project Zero has gone public with a Windows 10 flaw that Microsoft claimed to have fixed in its February security update Continue Reading

By

• Warwick Ashford, Senior analyst

Botnets shift focus to credential abuse

Cyber criminals are increasingly using automated attacks that make use of stolen credentials, a security threat report warns Continue Reading

By

• Warwick Ashford, Senior analyst

Tech industry signs cyber security charter

Nine technology organisations have signed a cyber security charter aimed at raising the level of cyber security internationally Continue Reading

By

• Warwick Ashford, Senior analyst

Blockchain to give global LGBT community a louder economic voice

Blockchain will underpin a global platform that aims to give the LGBT community a more powerful economic voice Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Telegram zero-day exploit is a warning

The discovery of an exploit of a zero-day vulnerability in the Telegram messaging app demonstrates that not all “secure” apps are automatically safe, security experts have warned Continue Reading

By

• Warwick Ashford, Senior analyst

Criminals hijack government sites to mine cryptocurrency used to hide wealth

Europol says criminals are hiding billions in cryptocurrencies, as thousands of government and other websites have reportedly been used to hijack computers to mine more Continue Reading

By

• Warwick Ashford, Senior analyst

Norway’s government backs cyber defence mobilisation

Norway has accelerated plans to scale up its national security infrastructure against threats emanating from the cyber domain Continue Reading

By

• Gerard O'Dwyer

Third party cyber breach risk set to rise

Third party cyber security risk should always have been a priority, but this has never been more important than it is now in light of new technology risks and data protection regulations Continue Reading

By

• Warwick Ashford, Senior analyst

How to manage application security risks and shortcomings

A lack of proper testing, communication and insight into best practices all contribute to application security shortcomings. Kevin Beaver explains how to manage the risks. Continue Reading

By

• Kevin Beaver, Principle Logic, LLC

GDPR: Don’t panic, but seize the chance to build trust, says ICO

With the compliance deadline for the EU’s GDPR just 112 days away, the UK’s information commissioner has urged organisations not to panic, but to seize the chance to build trust with customers Continue Reading

By

• Warwick Ashford, Senior analyst

Security Think Tank: Automating basic security tasks

How can organisations evolve their security operations teams to do more automation of basic tasks and cope with dynamic IT environments? Continue Reading

By

• Petra Wenham

Many businesses still using outdated security, says Troy Hunt

Too many businesses are using out-of-date approaches to security, a world-renowned cyber security author and trainer warns Continue Reading

By

• Warwick Ashford, Security Editor

AI is moving towards acceptance in cyber security, says Check Point

Artificial intelligence is well on its way to being a useful tool in the cyber security professional’s kit, but according to Check Point, there are still big challenges to overcome Continue Reading

By

• Alex Scroxton, Security Editor

NHS organisations to get cyber security alerts service

As part of a deal between NHS Digital and Microsoft, NHS organisations will be able to get a threat detection service, alerting them to any cyber security issues Continue Reading

By

• Lis Evenstad

Do website design platforms pose too big a security risk?

Cloud-based website design platforms are booming in popularity because of their simplicity and affordability, but business security should be considered carefully when using such services Continue Reading

By

• Gamil Jassin

China’s Yitu eyes ASEAN market with facial recognition know-how

Facial recognition software specialist Yitu, which recently won a face identification accuracy contest in the US, has already nabbed regional clients such as Singapore’s Certis Cisco Continue Reading

By

• Aaron Tan, TechTarget

Spectre of IT vulnerability looms large

In some ways the Meltdown and Spectre flaws represent a risk that goes to the very heart of computing. This microprocessor flaw has resulted in major network, server, PC and mobile hardware firms ... Continue Reading

By

• Cliff Saran, Managing Editor

Mobile app flaws are a risk to industrial IT systems, says report

Cyber security vulnerabilities in mobile applications could be exploited to compromise industrial network infrastructure, a report warns Continue Reading

By

• Warwick Ashford, Senior analyst

UAE tech growth prompts firms to review internal IT security

As IT becomes more prominent in the UAE economy, more and more internal connections between people and systems are created, all of which need to be secured Continue Reading

By

• Alicia Buller

Cyber attacks in 2017 drive Nordic security efforts

The volume of cyber attacks last year has increased boardroom focus on security in the Nordic region Continue Reading

By

• Eeva Haaramo

Sweden steps up cyber defence measures

Sweden is tightening up its cyber security defences as part of a wider national security strategy Continue Reading

By

• Gerard O'Dwyer

Top IT priorities for Nordic CIOs in 2018

Nordic CIOs tell Computer Weekly about their intentions for the year ahead Continue Reading

By

• Eeva Haaramo

Top 10 IT security stories of 2017

Here are Computer Weekly's top 10 IT security stories of 2017 Continue Reading

By

• Warwick Ashford, Senior analyst

UK government blames North Korea for WannaCry cyber attack

The UK and US governments say a North Korean group was responsible for the ransomware attacks that hit the NHS and other organisations globally this year Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Barclays Bank stops offering Kaspersky software to new users

Bank is no longer offering customers Kaspersky anti-virus software after UK security agency issues warning Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Lauri Love: how reformed hackers halted the WannaCry virus

Lauri Love presents a compelling story of the WannaCry malware that nearly brought down the NHS, and the behind the scenes work of former hackers, and security researchers that helped to prevent lives being lost. Love is facing extradition to the US after allegedly taking part in a hacking protest over the death of internet pioneer Aaron Swartz, who faced jail for using a hidden computer to downloading academic journals at MIT. Continue Reading

By

• Bill Goodwin, Computer Weekly

UK sale of surveillance equipment to Macedonia raises questions over export licence policy

The UK approved an export licence for the sale of surveillance equipment to Macedonia – while the country was engaged in an illegal surveillance programme against its citizens. A senior minister was consulted on the decision Continue Reading

By

• Tena Prelec

How the biggest cyber security disasters could have been avoided

The headline-grabbing breaches that hit Accenture and Equifax in 2017 could have been averted had basic cyber hygiene been in place Continue Reading

By

• Jessica McGreal, Contino

RSA’s Middle East cyber security conference gains its own identity

RSA Abu Dhabi conference focuses on region’s cyber security needs as digital technology deployments expand Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Can DevOps deliver on its productivity promises?

DevOps and agile working are often cited as key elements of successful digital transformation – in this week’s Computer Weekly, we examine the challenges to delivering on that promise. Many retailers are investing in emerging technologies to gain an edge – but are they getting too far ahead of the curve? And we hear how a new spirit of collaboration could help UK broadband roll-out. Read the issue now. Continue Reading

People with non-IT backgrounds could help fill cyber security skills gap

Organisations should look to fill cyber security roles with people who are curious and have work experience rather than focusing solely on graduates Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

VMware making bigger push into cloud, cyber security

The virtualisation bigwig is making it easier for VMware customers to adopt public cloud services, starting with a partnership with Amazon Web Services Continue Reading

By

• Aaron Tan, TechTarget

Developers lack skills needed for secure DevOps, survey shows

The growing demand for developers with security skills is outpacing supply, but a survey reveals that a lack of formal security education and training by employers is contributing to the growing skills gap Continue Reading

By

• Warwick Ashford, Senior analyst

Gaming apps ‘main source’ of mobile phishing attacks, research shows

Analysis of 100,000 corporate devices shows more than a quarter of traffic going to phishing domains was from gaming apps Continue Reading

By

• Zach Emmanuel, Computer Weekly

CW ANZ: Cyber security plan bears fruit

Australia’s Cyber Security Strategy, aimed at protecting citizens, companies and critical infrastructure, has made significant headway over the past year, but the jury is still out on its long-term impact. In this month’s CW ANZ, we take a look at the progress of Australia’s national cyber security blueprint and what else needs to be done to better protect Australia’s interests in the global cyber security landscape. Also, read about what the Australian government is doing to better guard public sector IT systems against cyber attacks. Continue Reading

CW ASEAN: Stay alert to threats

With cyber threats intensifying in recent years, from the global outbreak of ransomware to intrusions of university networks to access government data, the role of threat intelligence in anticipating and mitigating threats has become more important than ever. In this month’s CW ASEAN, learn how organizations can make the most out of threat data feeds in an intelligence-driven security strategy. Also, find out how companies can navigate the ominous cyber threat landscape by investing in cyber security technology and processes. Continue Reading

Airbus helps secure critical infrastructure

In this week's ezine, Computer Weekly explores how to secure industrial control systems, which have often lagged behind the leading edge of IT security and pose serious risks to critical national infrastructure. Airbus believes that despite the vulnerabilities of individual components, industrial control systems as a whole are quite resilient. We also speak to the head of technology at Centrica about how the utility company is becoming a specialist provider of data lake integration tools, and we explore the 802.11ac Wave 2 standard. Continue Reading

Danish shipping giant Maersk recovering from major Petya cyber attack

Company confirms attack took down its IT system across multiple sites and business units, but has now been contained Continue Reading

By

• Eeva Haaramo

The Macedonian surveillance scandal that brought down a government

Macedonia has been accused of using surveillance technology for covert spying - the subsequent political protests were instrumental in the ruling party losing power after 10 years Continue Reading

By

• Tena Prelec

CW Nordics: The trouble with connected things

In this issue, Finnish cyber security expert Mikko Hyppönen talks about security in the Nordics, Russia and the trouble with connected devices. Also read how Icelandic airline Wow Air averted disaster through the use of application performance monitoring software when it embarked on a major expansion. And find out how, since December 2015, anyone playing popular sandbox game Minecraft has been able to build their worlds on the actual map of Sweden. Continue Reading

Economic and political uncertainty drives organisations to rethink IT strategies

CIO job satisfaction reaches a three-year high as organisations hire more IT staff and invest in innovative digital technology Continue Reading

By

• Bill Goodwin, Computer Weekly

Security as a service on the rise in the UAE

Organisations in the United Arab Emirates are increasingly turning to security services Continue Reading

By

• Alicia Buller

Interview: F-Secure’s Mikko Hyppönen on the Nordics, Russia and the internet of insecure things

Computer Weekly sat down with Finnish cyber security expert Mikko Hyppönen to talk about security in the Nordics, Russia and the trouble with connected devices Continue Reading

By

• Eeva Haaramo

How IT can be more defensible

A renowned Google engineer calls for the IT industry to build devices capable of being defended and for enterprises to take a balance sheet approach in managing risks Continue Reading

By

• Aaron Tan, TechTarget

Threats grow in Saudi Arabia’s cyber sector

Saudi Arabia's wealth makes it an attractive target for cyber criminals, but what have been the recent trends in cyber crime? Continue Reading

By

• Triska Hamid

Making the UK fit for 5G

In this week’s Computer Weekly, we look at the government’s new 5G strategy and assess whether it’s enough to stimulate development of next generation mobile networks. We meet some of the Silicon Valley startups hoping to revolutionise big data analytics. And we examine how to prevent the move to DevOps from harming work-life balance for IT professionals. Read the issue now. Continue Reading

CW ASEAN: Raising national security standards

In this month’s CW ASEAN, we describe how Singapore is improving its cyber security defenses and preparations through a partnership with British security company BAE Systems. We also find out why the Thai military plans to recruit civilian cyber warriors and we take a look at evolving security approaches. Read the issue now. Continue Reading

Citizen Love: the story of an ordinary family's fight with the US government

Finnish documentary makers Raimo Uunila and Lauri Danska tell the behind-the-scenes story of activist Lauri Love’s battle with the US government – and the impact of the case on his family Continue Reading

By

• Bill Goodwin, Computer Weekly

Secure IoT before it kills us

Experts say more must be done to mitigate the potentially catastrophic threats presented by connected devices Continue Reading

By

• Jim Mortleman

Top 10 IT security stories of 2016

Here are Computer Weekly’s top 10 IT security stories of 2016: Continue Reading

By

• Warwick Ashford, Senior analyst

Top 10 ANZ enterprise IT stories of 2016

Here is a rundown of Computer Weekly’s most popular ANZ enterprise IT articles for 2016 Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Russian banks hit by IoT-enabled DDoS attacks

DDoS attacks on Russian banks have been linked to IoT botnets, further confirming this worrying trend and highlighting the need for IoT suppliers to improve security capabilties Continue Reading

By

• Warwick Ashford, Senior analyst

CW ASEAN: SMEs present security weakness

In this month's CW ASEAN, we look at how the cyber security defences at small and medium-sized enterprises in Southeast Asia may have some vulnerabilities, resulting in cyber security attacks on the large corporations they work with. We also consider the need to educate users of smartphones and tablets across the region as card fraud rates rise, with high use of mobile devices considered a contributing factor. Read the issue now. Continue Reading

CW ANZ: Using gamification to build cyber security skills

In this month's CW ANZ, we look at how PwC is using an online game to give its customers first-hand experience of what it means to face a cyber attack. We also look at how identity is gaining greater prominence in the security debate in Australia as the DTO takes the wraps off plans for a national identity system. Read the issue now. Continue Reading

Schneider Electric praised for positive response to ICS security flaw

Schneider Electric has patched a security flaw that highlights the vulnerability of industrial control systems to cyber attack Continue Reading

By

• Warwick Ashford, Senior analyst

Snowden: the IT analyst turned whistleblower who exposed mass surveillance

Oliver Stone's biopic on Edward Snowden reaches the heart of the ethical crisis posed by mass surveillance for the state and ordinary citizens Continue Reading

By

• Fiona O'Cleirigh

Retail websites riddled with security holes, researchers warn

Retailers urged to improve the security of their online stores amid a series of discoveries of cyber criminal campaigns to exploit vulnerabilities in retail websites Continue Reading

By

• Warwick Ashford, Senior analyst

Gary McKinnon: Why Lauri Love should be spared the nightmare of extradition

Computer activist Lauri Love should be spared a life sentence in a US jail, says former hacker Gary McKinnon Continue Reading

By

• Gary McKinnon

Computer Weekly 50th anniversary special

It’s been 50 years since Computer Weekly's launch on 22 September 1966. To mark this achievement, we have compiled a special edition of the magazine to reflect on how much the British technology industry has contributed over that time – and, of course, to celebrate our role in keeping IT professionals in touch with those developments – week-in, week-out, for half a century. Read this 100-page anniversary special now. Continue Reading

Alleged hacker Lauri Love can be extradited to the US, court rules

Westminster Magistrates’ Court has ruled that alleged hacker, Lauri Love, can be extradited to the US, where he could face a 99-year prison sentence Continue Reading

By

• Fiona O'Cleirigh

Lauri Love: the student accused of hacking the US

How did a brilliant but fragile computer science student from a rural English town end up facing life imprisonment in the US? Computer Weekly speaks to Lauri Love Continue Reading

By

• Bill Goodwin and Niels Ladefoged

IBM sets up security centre in Canberra

IBM leads the charge as large private businesses invest heavily in security resources across Australia in an attempt to close the security gap Continue Reading

By

• Beverley Head

CW ASEAN: July 2016

Lessons from the Philippine government hack: In this issue we ask why a hack on the Philippine Commission on the Elections (Comelec) was allowed to happen and what organisations in Southeast Asia can learn from this breach of security. Retailers in the region are concerned – read how the theft of customer data is their biggest worry. Continue Reading

CW ANZ: July 2016

Australia knows it has a cyber security problem, but not the scale. In this month’s CW ANZ we describe how Australia's $230m security strategy serves as a wake-up call to enterprises. We also reveal the techniques and technologies being used to protect one Australian school, as well as a more general look at the main cyber threats to orgainsations in Australia. Read the issue now. Continue Reading

Lower average cost of Australian data breaches is not a sign of comfort

The average cost of a data breach to Australian organisations dropped in 2015, according to research Continue Reading

By

• Beverley Head

Philippines government data breach is a warning to Asean region

Security is a rising concern in the Asean region, with fears fuelled by incidents such as the recent hacking incident in Manila Continue Reading

By

• Zafar Anjum

Cyber security in Belgium will gain prominence after terror attacks

Belgium’s physical security has been branded inadequate, so how does the country’s cyber security measure up? Continue Reading

By

• Stef Gyssels

NCA attempts 'back door' access to obtain activist Lauri Love’s passwords

Court told that use of civil proceedings to force disclosure of alleged hacker Lauri Love's passwords is disproportionate and would breach human rights law Continue Reading

By

• Bill Goodwin, Computer Weekly

Adwind at centre of cyber attack on Singapore bank

Kaspersky Lab has revealed that the Adwind malware-as-a-service platform was at the centre of an attack on a Singapore bank Continue Reading

By

• Zafar Anjum

Gov.uk Verify not secure enough for NHS, says HSCIC

The government’s Verify identity verification platform isn’t secure enough for the NHS, so Liverpool Clinical Commissioning Group and HSCIC are working to add extra levels of security Continue Reading

By

• Lis Evenstad

The problem with passwords: how to make it easier for employees to stay secure

An organisation’s IT security can be compromised if staff do not follow a strict policy of using strong passwords to access internal systems Continue Reading

By

• Jeremy Bergsman, CEB

HSBC online services hit by DDoS attack

HSBC was hit by a distributed denial of service (DDoS) attack, which targeted its online personal banking services. Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Top 10 IT security stories of 2015

Computer Weekly looks back at the most significant stories on IT security in the past 12 months Continue Reading

By

• Warwick Ashford, Senior analyst

Cyber attacks an increasing concern for Asean countries

Organisations in the Association of Southeast Asian Nations are increasingly the targets for cyber criminals, according to a report focused on the region Continue Reading

By

• Zafar Anjum

Veracode finds most web apps fail Owasp security check list

The findings of a report on critical vulnerabilities in most web applications is raising concerns over potential security vulnerabilities in millions of websites Continue Reading

By

• Warwick Ashford, Senior analyst

The true cost of a cyber security breach in Australia

The costs of cyber security breaches can quickly add up with fines, reputational damage and overhauls to network security all hitting the coffers. The case of one Australian firm shows why paying a ransom to a hacker might be tempting. Continue Reading

By

• Beverley Head

Public-private co-operation in the Nordics tackles growing cyber crime threat

Nordic governments and businesses are putting cyber security at the centre of their planning as threats increase Continue Reading

By

• Eeva Haaramo

Security vulnerability management more than patching, warns Secunia

Keeping track of what makes an IT environment vulnerable is an ongoing and complex task, according to Secunia Continue Reading

By

• Warwick Ashford, Senior analyst

Commercial software more secure than open source, finds report

A study has found that commercial code is more compliant than open source code with security compliance standards, such as the Owasp top 10 and the CWE top 25 Continue Reading

By

• Warwick Ashford, Senior analyst

Computer Weekly European User Awards 2015 winners revealed

The winners have been announced for the Computer Weekly European User Awards 2015. See who made the top spots Continue Reading

By

• Kayleigh Bateman, Computer Weekly

IT professionals give Windows 10 Start button the thumbs up

A survey of European and North American IT professionals has found that the return of the Start button is the most enticing feature in Microsoft's latest operating system Continue Reading

By

• Cliff Saran, Managing Editor

Pharmaceutical companies use BPM to cut cost of clinical trial drugs

Pharmaceutical companies have developed an IT system to secure the supply of medicines they need for clinical studies, saving hundreds of thousands on their drugs bill in the process Continue Reading

By

• Bill Goodwin, Computer Weekly

NATS failure down to bug from the 90s and redundant code

A bug present in Nats since 1990s has been identified as the root cause of the five-hour outage of UK air traffic control on 12 December 2014 Continue Reading

By

• Cliff Saran, Managing Editor

Whitehall technology chiefs vetoed new Windows XP support deal

Government technology chiefs vetoed a new deal with Microsoft to continue Windows XP support to force laggards to move off the OS Continue Reading

By

• Bryan Glick, Editor in chief

IoT benefits and privacy not mutually exclusive, says industry expert

It is possible to mitigate the privacy and security risks of the internet of things (IoT) without losing its benefits, according to an industry expert Continue Reading

By

• Warwick Ashford, Senior analyst

Case study: Norwegian insurer invests in Darktrace machine-learning cyber defence

Shipping insurance company DNK hopes to inspire the rest of the shipping industry to adopt Darktrace’s cyber defence system Continue Reading

By

• Jenny Stadigs

PrivDog SSL compromise potentially worse than Superfish

Some versions of PrivDog software designed to block online ads compromise internet security in a similar way to Superfish Continue Reading

By

• Warwick Ashford, Senior analyst

Why we need cyber war games

In this week’s Computer Weekly, the UK and US are starting a cyber war on each other – all in the name of testing each other’s defences. We look at why the cyber war games are needed. We examine what IT managers can learn from the car industry to improve supplier relationship management. And we find out why innovation should be top of the IT agenda in 2015. Read the issue now. Continue Reading

Google under fire over Windows zero-day disclosure

Google has come under fire for publishing a proof-of-concept attack exploiting a flaw in Windows 8.1 before Microsoft had released a security update Continue Reading

By

• Warwick Ashford, Senior analyst

CW Europe – January 2015 Edition

As we start another new year we look back at what technology has been playing a vital role in keeping Europe safe. Headlines are regularly filled with threats about cyber wars and attacks which, although are important to bring to light, can sometimes overshadow the role technology plays in keeping us safe. Continue Reading

Cabinet Office begins procurement for next stage of Gov.uk Verify

The Cabinet Office has submitted a tender notice for a £150m three-year framework for the provision of identity assurance services Continue Reading

By

• Caroline Baldwin, Freelance editor and journalist

US interception in the EU faces new legal challenges

US government orders against Microsoft to hand over email data 'infringes privacy legislation' in other countries Continue Reading

By

• Fiona O’Cleirigh

CGI secures communications between pilots and air traffic control

Satellite communications firm Inmarsat has outsourced the provision of security IT and services to CGI Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA