Hackers and cybercrime prevention

Security Think Tank: Creative thinking key to meeting emerging security challenges

How can organisations combine software-defined networking, containerisation and encryption to prevent rogue code from running freely across a corporate network? Continue Reading

By

• Gareth Haken, ISF

UK firms say £6.6bn annual security testing cost too high

Avord launches platform to reduce the multibillion-pound annual cyber security testing cost that most UK firms say is too high Continue Reading

By

• Warwick Ashford, Senior analyst

Germany races to boost cyber defences after breach

Germany is scrambling to improve its cyber defences before the European parliamentary elections after a student leaked politicians’ personal data Continue Reading

By

• Warwick Ashford, Senior analyst

2FA bypass tool highlights top business security vulnerabilities

CEOs are the most likely target of two-factor authentication phishing bypasses, demonstrated by a security researcher’s proof-of-concept attack Continue Reading

By

• Warwick Ashford, Senior analyst

FireEye gears up email security for emerging threats

Email continues to be a top means of initiating cyber attacks with new detection bypass techniques and executive impersonation capabilities continually emerging, research shows Continue Reading

By

• Warwick Ashford, Senior analyst

NHS Digital chief information security officer resigns

Robert Coles, who joined NHS Digital as its chief information and security officer in October 2018, is stepping down from the role for personal reasons Continue Reading

By

• Lis Evenstad

Security Think Tank: The security role of SDN, containers, encryption and SDP

How can organisations combine software-defined networking, containerisation and encryption to prevent rogue code from running freely across a corporate network? Continue Reading

By

• Paddy Francis

Second Lorca cohort to focus on supply chain security

The second cohort of companies to benefit from the new London cyber innovation centre will focus on user-centric security and securing supply chains Continue Reading

By

• Warwick Ashford, Senior analyst

eIDAS and the EU’s mission to create a truly portable identity

It is important for businesses to work more actively with technology partners, regulators and governments to create more robust identity verification processes  Continue Reading

By

• Zac Cohen, Trulioo

Protego Labs launches serverless app security tool

Security professionals and developers now have a way to assess the security of their serverless applications with a new open source testing tool donated to Owasp Continue Reading

By

• Warwick Ashford, Senior analyst

Security Think Tank: Meeting the security challenge of multiple IT environments

How can organisations combine software defined networking, containerisation and encryption to prevent rogue code from running freely across a corporate network? Continue Reading

By

• Maxine Holt, Omdia

Boards need to be active partners in cyber defence

Board members must be active governance partners in collaborative cyber defence, says US regional information sharing and analysis organisation Continue Reading

By

• Warwick Ashford, Senior analyst

BlackBerry licenses security tech to IoT device makers

BlackBerry is to license its secure software development technology to the makers of internet-connected devices to boost IoT security Continue Reading

By

• Warwick Ashford, Senior analyst

Security Think Tank: Use SDN, containerisation and encryption tools to boost security

How can organisations combine software defined networking, containerisation and encryption to prevent rogue code from running freely across a corporate network? Continue Reading

By

• Simon Persin, Turnkey Consulting

UK contactless card fraud surges

Fraudsters stole £1.18m from contactless users in 2018, with the average theft size also increasing Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Modern IT underlines need for zero-trust security

The increasing complexity of supply chains and interconnectivity of IT systems means the attack surface is widening and security has to evolve accordingly, warns British computer scientist Continue Reading

By

• Warwick Ashford, Senior analyst

Data breaches affected more than a billion people in 2018

The personal information of more than a billion people was compromised in 2018 as companies holding the data failed to keep it safe Continue Reading

By

• Warwick Ashford, Senior analyst

German politicians’ data leak shows need for global action

Hacked data includes contacts’ email addresses, private chats, mobile numbers, photographs and credit card details, which were published on Twitter Continue Reading

By

• Warwick Ashford, Senior analyst

Phishing attacks hidden by custom fonts

Security researchers have uncovered a new way in which phishing attacks are evading detection. Continue Reading

By

• Warwick Ashford, Senior analyst

IT regulators and practitioners need common language

There needs to be greater understanding between lawmakers and technologists to ensure regulations do not have unintended consequences, says a US computer security researcher and bug bounty pioneer Continue Reading

By

• Warwick Ashford, Senior analyst

Fortinet to lead cyber security discussion at WEF annual summit

The head of cyber security firm Fortinet has been named as a discussion leader at the upcoming World Economic Forum annual meeting in Davos, Switzerland Continue Reading

By

• Warwick Ashford, Senior analyst

Kaspersky Lab champions gender equality and digital child safety

Kaspersky Lab report highlights gender equality in the technology industry and child education about digital security Continue Reading

By

• Warwick Ashford, Senior analyst

Can we live without passwords?

Can you imagine a future in which we can be secure online without having to remember an unwieldly list of passwords? Solutions are emerging that could make passwords redundant, but there will be other security problems to resolve Continue Reading

By

• Bruno Halopeau & Adrien Ogee

Security Think Tank: Pay attention to attribute-based system access permissions

At the close of 2018, we asked CW Security Think Tank contributors to name one thing predicted for 2018 that did not happen, one thing that was not predicted and did happen and one thing that should happen in 2019, but probably will not Continue Reading

By

• Simon Persin, Turnkey Consulting

Security Think Tank: Focus on malicious use of AI in 2019

At the close of 2018, we asked CW Security Think Tank contributors to name one thing predicted for 2018 that did not happen, one thing that was not predicted but did happen, and one thing that should happen in 2019 but probably will not Continue Reading

By

• Rob Clyde, Isaca

Top 10 stories on national security in 2018

From Russian disinformation, state surveillance, and police stop and seizure powers, to Facebook and WikiLeaks Continue Reading

By

• Bill Goodwin, Computer Weekly

Security Think Tank: Strong 2FA should be a goal in 2019

At the close of 2018, we asked CW Security Think Tank contributors to name one thing predicted for 2018 that did not happen, one thing that was not predicted but did happen, and one thing that should happen in 2019 but probably will not Continue Reading

By

• Paddy Francis

Top 10 IT security stories of 2018

Here are Computer Weekly’s top 10 IT security stories of 2018 Continue Reading

By

• Warwick Ashford, Senior analyst

Security Think Tank: Let’s hope for treaty on online norms

At the close of 2018, we asked CW Security Think Tank contributors to name one thing predicted for 2018 that did not happen, one thing that was not predicted but did happen, and one thing that should happen in 2019 but probably will not Continue Reading

By

• Stephen Bonner, Deloitte Cyber Risk Services

'Serious' Twitter flaw allows hackers to post on other people's accounts

A vulnerability in Twitter allows hackers to send tweets, private messages, post images or videos, and turn off security features, says British security researcher Continue Reading

By

• Bryan Glick, Editor in chief

Government announces new plans to develop cyber talent

The government has announced plans for a Cyber Security Council to form a strategy for developing future cyber talent Continue Reading

By

• Clare McDonald, Business Editor

Security Think Tank: Put collaboration on 2019 security agenda

At the close of 2018, we asked CW Security Think Tank contributors to name one thing predicted for 2018 that did not happen, one thing that was not predicted but did happen, and one thing that should happen in 2019 but probably will not Continue Reading

By

• Emma Bickerstaffe, Information Security Forum (ISF)

Top 10 cyber crime stories of 2018

Here are Computer Weekly’s top 10 cyber crime stories of 2018 Continue Reading

By

• Warwick Ashford, Senior analyst

Marriott data breach losses could be over half a billion dollars

Direct losses related to a huge data breach at US hotel group could reach $600m Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Top 10 Australia IT stories of 2018

Australia continues to cement its position as a leader in mastering and deploying advanced information and communications technology across a large segment of its economy Continue Reading

By

• Aaron Tan, TechTarget

Lauri Love battles police for return of computers as NCA confirms live investigation

The National Crime Agency (NCA) confirms there is a live investigation into Lauri Love in the UK, as Love brings legal action against UK police for the return of seized computer equipment Continue Reading

By

• Bill Goodwin & Julia Gregory

Security Think Tank: Align security strategy to business objectives

At the close of 2018, we asked CW Security Think Tank contributors to name one thing predicted for 2018 that did not happen, one thing that was not predicted and did happen and one thing that should happen in 2019, but probably will not Continue Reading

By

• Mike Gillespie

APAC cyber security landscape to be more tumultuous in 2019

Amid growing cyber threats, the Asia-Pacific cyber security landscape will not get any rosier in 2019 unless organisations start shoring up their cyber hygiene Continue Reading

By

• Aaron Tan, TechTarget

Mobile security needs a rethink for the 5G era

A report released through the government’s 5G Testbeds and Trials programme has recommended the UK rethink its mobile security strategy Continue Reading

By

• Alex Scroxton, Security Editor

Broadband coverage improved through 2018, says Ofcom

Ofcom’s annual Connected Nations report reveals that the number of people who cannot receive a 10Mbps broadband connection has halved Continue Reading

By

• Alex Scroxton, Security Editor

Security Think Tank: Let’s get back to basics in 2019

At the close of 2018, we asked CW Security Think Tank contributors to name one thing predicted for 2018 that did not happen, one thing that was not predicted but did happen, and one thing that should happen in 2019 but probably will not Continue Reading

By

• Mike Sheward

Security Think Tank: Prioritise multifactor authentication in 2019

At the close of 2018, we asked CW Security Think Tank contributors to name one thing predicted for 2018 that did not happen, one thing that was not predicted but did happen, and one thing that should happen in 2019 but probably will not Continue Reading

By

• Corey Nachreiner, Watchguard Technologies

Iranian cyber espionage highlights human element

State-backed hackers in Iran have reportedly upped efforts to compromise US officials’ email accounts using phishing scams Continue Reading

By

• Warwick Ashford, Senior analyst

Australia passes controversial encryption law

Arguments continue over law that requires companies to work with government agencies to ensure that encrypted communications can be read if a crime is suspected Continue Reading

By

• Beverley Head

Security Think Tank: Smart botnets resist attempts to cut comms

As attackers begin to use multiple command and control systems to communicate with backdoors and other malware, how can organisations ensure that they detect such methods and that all C&C systems are removed, including "sleepers" designed to be activated at a future date Continue Reading

By

• Raef Meeuwisse

Security Think Tank: Strategies for blocking malware comms

As attackers begin to use multiple command and control systems to communicate with backdoors and other malware, how can organisations ensure that they detect such methods and that all C&C systems are removed, including “sleepers” designed to be activated at a future date? Continue Reading

By

• Greg Temm

Machine identity protection development gets funding boost

Cyber security firm Venafi has launched a development fund aimed at accelerating the delivery of protection for machine identities Continue Reading

By

• Warwick Ashford, Senior analyst

Detail of Dutch reaction to Russian cyber attack made public deliberately

 Continue Reading

Social engineering at the heart of critical infrastructure attack

Social engineering is the core technique used in a series of cyber attacks targeting government, defence, nuclear, energy and financial organisations around the world, which means people are key to defence Continue Reading

By

• Warwick Ashford, Senior analyst

Most UK retailers plan to up cyber security

The majority of UK retailers are planning to increase cyber security measures during the Christmas season, a survey reveals Continue Reading

By

• Warwick Ashford, Senior analyst

Security Think Tank: Prevention and detection key to disrupting malware comms

As attackers begin to use multiple command and control systems to communicate with backdoors and other malware, how can organisations ensure that they detect such methods and that all C&C systems are removed, including “sleepers” designed to be activated at a future date? Continue Reading

By

• Simon Persin, Turnkey Consulting

Criminals act like nation-state attackers in Russian campaign

Security researchers have uncovered evidence of a sustained effort targeting Russian state-owned critical infrastructure companies by financially motivated non-state actors Continue Reading

By

• Warwick Ashford, Senior analyst

Security Think Tank: Severing C&C comms is key, but complex

As attackers begin to use multiple command and control systems to communicate with backdoors and other malware, how can organisations ensure that they detect such methods and that all C&C systems are removed, including “sleepers” designed to be activated at a future date? Continue Reading

By

• Emma Bickerstaffe, Information Security Forum (ISF)

Mac malware makes debut in top 10 list

Mac malware appears in the WatchGuard top 10 malware list for first time, and 6.8% of major websites still use an insecure SSL protocol, according to the firm’s latest internet security report Continue Reading

By

• Warwick Ashford, Senior analyst

Trusted nodes: The next generation in quantum key distribution

QKD is a form of protection against interception by quantum computers, but cost and technical limitations have made the technology impractical. Could trusted nodes make all the difference? Continue Reading

Large disparity in NHS cyber skills and training spend

Despite government pledges to up cyber security spending across the NHS, there are still huge disparities in cyber security skills and spending on cyber security training, FoI requests reveal Continue Reading

By

• Warwick Ashford, Senior analyst

Security Think Tank: Firms neglect DNS security at their peril

As attackers begin to use multiple command and control systems to communicate with backdoors and other malware, how can organisations ensure that they detect such methods and that all C&C systems are removed, including “sleepers” designed to be activated at a future date? Continue Reading

By

• Simon McCalla, Nominet

UK businesses feel let down by government on cyber security

Government needs to provide more support around cyber security issues in 2019, according to the majority of UK IT leaders polled Continue Reading

By

• Warwick Ashford, Senior analyst

Half of business leaders unaware of BPC cyber attacks

Half of management teams polled in 12 countries, including the UK, are unaware of business process compromise (BPC) attacks Continue Reading

By

• Warwick Ashford, Senior analyst

Security Think Tank: Three steps to detect malware comms

As attackers begin to use multiple command and control systems to communicate with backdoors and other malware, how can organisations ensure that they detect such methods and that all C&C systems are removed, including “sleepers” designed to be activated at a future date? Continue Reading

By

• Bruce Beam , (ISC)²

Security Think Tank: How to tool up to catch evasive malware comms

As attackers begin to use multiple command and control systems to communicate with backdoors and other malware, how can organisations ensure that they detect such methods and that all C&C systems are removed, including “sleepers” designed to be activated at a future date? Continue Reading

By

• Paddy Francis

Fileless malware surge, warns Malwarebytes report 

Data from millions of consumers reveals an uptick in fileless malware and other new-generation malware that calls for a new cyber security approach, report reveals Continue Reading

By

• Warwick Ashford, Senior analyst

China demands release of arrested Huawei CFO

The Chinese government has called for the release of Huawei chief financial officer Meng Wanzhou, who was detained in Canada at the weekend Continue Reading

By

• Alex Scroxton, Security Editor

Adobe releases Flash patch for zero-day exploit

Emergency security update released for zero-day vulnerability that is being exploited in the wild via a Microsoft Office document, according to researchers Continue Reading

By

• Warwick Ashford, Senior analyst

Drawing the line for cyber warfare

With alleged Russian meddling in elections and the state-backed attack on Iran’s nuclear programme, it is becoming difficult to define the boundaries of cyber warfare Continue Reading

By

• Phil Wilcox

Security Think Tank: Situational awareness underpins effective security

As attackers begin to use multiple command and control systems to communicate with backdoors and other malware, how can organisations ensure they detect such methods and that all C&C systems are removed, including ‘sleepers’ designed to be activated at a future date? Continue Reading

By

• Mike Gillespie

Symantec unveils AI-based protection for critical infrastructure

Cyber security firm has unveiled what it claims to be the industry’s first neural network to protect critical infrastructure from USB-borne malware attacks Continue Reading

By

• Warwick Ashford, Senior analyst

Nominet brings security expertise and tech to market

The .uk domain registry is to bring its DNS expertise and technology developed for the NCSC to market to address cyber security ‘blindspot’ Continue Reading

By

• Warwick Ashford, Senior analyst

Phishing at centre of cyber attack on Ukraine infrastructure

Phishing is one of the key tools used by cyber attackers against critical national infrastructure (CNI), as highlighted by attacks on telecommunications in Ukraine Continue Reading

By

• Warwick Ashford, Senior analyst

The future of network-connected device security

The proliferation of poorly secured network-connected devices has prompted the UK government to publish new best practice guidelines. Do these go far enough? Continue Reading

By

• Peter Ray Allison

‘Open-minded’ DVSA cuts cost of MOT testing

Government agency harnesses customised open source platform to ensure data security while cutting costs and plans to extend its MOT testing capability to do the same for drivers’ theory tests Continue Reading

By

• Christian Annesley

Financial institutions’ data at risk despite security spending

Despite increased spending on cyber security, digital transformation and advanced attacks mean financial institutions’ data is still at risk, a report reveals Continue Reading

By

• Warwick Ashford, Senior analyst

Security Think Tank: Basic steps to countering malware comms

As attackers begin to use multiple command and control systems to communicate with backdoors and other malware, how can organisations ensure they detect such methods and that all C&C systems are removed, including "sleepers" designed to be activated at a future date Continue Reading

By

• Petra Wenham

100 million Quora.com user details exposed

Question-and-answer site is the latest organisation to admit a breach of users’ personal data, with industry commentators calling out credential theft as a top cause of such breaches Continue Reading

By

• Warwick Ashford, Senior analyst

Liberty heads for judicial review over Investigatory Powers Act

The UK's powers to conduct supsicionless bulk surveillance on individuals and organisations face a legal challenge in the high court next year Continue Reading

By

• Bill Goodwin, Computer Weekly

Security Think Tank: Combine tech, process and people to block malware comms

As attackers begin to use multiple command and control systems to communicate with backdoors and other malware, how can organisations ensure that they detect such methods and that all C&C systems are removed, including "sleepers" designed to be activated at a future date. Continue Reading

By

• Maxine Holt, Omdia

BT announces new head of security business

BT has appointed a former law enforcement officer and BT investigator as the new head of its security business Continue Reading

By

• Warwick Ashford, Senior analyst

Police investigations into cyber crime up 14% in a year

Officers forced to follow up over 2,500 complaints of Instagram, Facebook, email and website hacking, and Bitcoin ransom, despite a rise in violent crime, report reveals Continue Reading

By

• Warwick Ashford, Senior analyst

Cyber crime most significant harm in UK, says top cyber cop

Cyber crime is the most significant harm in the UK, according to the cyber lead at the City of London Police, which is the national lead for online crime Continue Reading

By

• Warwick Ashford, Senior analyst

Marriott data breach highlights basic failings

A breach of a guest reservation database of the Starwood division of the Marriott International hotel group highlights basic personal data protection failures Continue Reading

By

• Warwick Ashford, Senior analyst

WannaCry borderline national cyber emergency

The May 2017 WannaCry attack, which disrupted services at one-third of NHS trusts and more than 600 primary care organisations is the closest the UK has come to a national cyber emergency, says the NCSC Continue Reading

By

• Warwick Ashford, Senior analyst

E-commerce sites warned of heightened DDoS threat

E-commerce sites are being urged to ensure that they have adequate DDoS protection ahead of the vital holiday trading season after attacks ramped up on Black Friday and Cyber Monday Continue Reading

By

• Warwick Ashford, Senior analyst

UK cyber security strategy making ‘good progress’

The National Cyber Security Strategy is making good progress, but there is much left to be done, according to a Cabinet Office official Continue Reading

By

• Warwick Ashford, Senior analyst

120,000 police officers to receive cyber security training

Cisco is partnering with UK police forces to offer cyber security training through the Cisco Networking Academy Continue Reading

By

• Alex Scroxton, Security Editor

Cyber resilience lacking due to apathy of UK leaders

An unwillingness to accept that cyber is a real threat to critical national infrastructure by UK political and business leaders has resulted in a lack of resilience, says security industry veteran Continue Reading

By

• Warwick Ashford, Senior analyst

FCA deeply concerned as no end in sight for IT failures in banking

The FCA has reported a massive increase in the number of banking IT failures in the UK and admitted there is no end in sight Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

York teen crowned 2018 UK cyber security champion

Teenager beat off competition from 41 other cyber security enthusiasts from across the UK, and six from Singapore, in the UK Cyber Security Challenge final Continue Reading

By

• Warwick Ashford, Senior analyst

GDPR is encouraging UK IT directors to pay cyber ransoms

As predicted ahead of the General Data Protection Regulation enforcement deadline, research shows that fear of fines under the new laws is making some firms more likely to pay cyber ransoms Continue Reading

By

• Warwick Ashford, Senior analyst

IBM pushes boundaries of AI, but insists companies take an ethical approach

Researchers at IBM are pushing the boundaries of what artificial intelligence and machine learning can do, but remain wary of the ethical implications that accompany the proliferation of this technology Continue Reading

By

• Sebastian Klovig Skelton, Data & ethics editor

Government lacks cyber resilience leadership, according to MPs

The government lacks political leadership and urgency in dealing with cyber threats, according to Joint Committee on National Security Strategy, calling for a minister in charge of delivering cyber resilience Continue Reading

By

• Lis Evenstad

Credit card fraud in ANZ showing no signs of abating

The value of fraudulent transactions more than doubled that of legitimate purchases during the third quarter this year Continue Reading

By

• Beverley Head

Three factors marginalising the CISO role

Chief information security officers are typically marginalised due to three factors, and de-coupling the technical and managerial aspects of the job will enable empowerment, says consultant Continue Reading

By

• Warwick Ashford, Senior analyst

UK firms in the dark around the impact of cyber attacks

UK firms have a long way to go in building the business resilience required to withstand cyber threats and other major disruptions, a study shows Continue Reading

By

• Warwick Ashford, Senior analyst

CW ASEAN: Blockchain is no ‘magic wand’ for security

Blockchain is all the rage, although the technology is so much more than just about bitcoin and cryptocurrencies. In this issue of CW ASEAN, we examine how blockchain is being applied in cyber security, and whether the technology is really as secure as claimed by its proponents. Read the issue now. Continue Reading

CW ANZ: Exploring blockchain

Blockchain technology has been in the news due to its ability to provide much better security, transparency and efficiency. In this issue of CW ANZ, we look at how enterprises in ANZ are using blockchain technology to improve security and efficiency, and what it takes to spur greater adoption among ANZ enterprises. Read the issue now. Continue Reading

Enterprises lack capability against persistent cyber attacks

A report urges organisations to strengthen their cyber defence capabilities to pre-empt, detect and respond to post-breach attacks Continue Reading

By

• Warwick Ashford, Senior analyst

AI-enhanced security tools necessary for today’s threats

Machine learning-enhanced tools are necessary to keep up with current threats, but are not perfect and will not solve the security skills gap problem, says KuppingerCole Continue Reading

By

• Warwick Ashford, Senior analyst

Zero-trust security not an off-the-shelf product

The zero-trust security model is a business enabler that needs to be supported by a strategy and security architecture, analyst warns cyber security leaders Continue Reading

By

• Warwick Ashford, Senior analyst

Prepare now for quantum computers, QKD and post-quantum encryption

The predicted processing power of quantum computers is likely to make existing encryption algorithms obsolete. Quantum key distribution (QKD) is a possible solution - we investigate whether QKD is viable. Continue Reading

User behaviour analytics adding new insight

User behaviour analytics is helping to add new insights by providing the missing element in security event information management approaches, says Martin Kuppinger Continue Reading

By

• Warwick Ashford, Senior analyst